def reverse(self, data):
ivec = self.args.iv or urandom(0x10)
if len(ivec) != 0x10:
raise ValueError(self._IVERR)
cipher = AES.new(self.args.key, AES.MODE_CBC, ivec)
data = data.decode('latin-1').encode('utf-16LE')
data = cipher.encrypt(pad(data, block_size=0x10))
data = base64.b16encode(data).lower().decode('ascii')
ivec = base64.b64encode(ivec).decode('ascii')
data = '|'.join(('%d' % self._PSVER, ivec, data)).encode('utf-16LE')
return base64.b64encode(self._MAGIC + data)
def __init__(self, transaction=None, previous_hash=None):
"""
:param transaction: transaction data that is stored in the block chain
:param previous_hash: the hash of the previous block
"""
super(Block, self).__init__()
self.block_id = binascii.hexlify(urandom(24)).decode('utf-8')
self.transaction = transaction
self.previous_hash = previous_hash
self.timestamp = str(
datetime.timestamp(
datetime.now()).as_integer_ratio()[0]).encode('utf-8')
self.hash = self.hash_block()
def __init__(self, hash=DEFAULT_HASH, block_class=Block):
super(BlockChain, self).__init__()
self.chain_id = binascii.hexlify(urandom(24)).decode('utf-8')
self.hash = hash
self.block_class = block_class
self.chain = OrderedDict()
self.timestamp = str(
datetime.timestamp(
datetime.now()).as_integer_ratio()[0]).encode('utf-8')
self.chain_hash = hashlib.new(hash, self.timestamp).hexdigest()
# Add first block
b = self.block_factory()(transaction={
'chain_id': self.chain_id
},
previous_hash=self.chain_hash)
self.chain[b.hash] = b
for i in range(5):
hi = hash_[4*i:4*(i+1)]
hi = int(hexlify(hi),16)
h.append(hi)
length = len(b"0" * keylen + Forged_message) * 8
forged_hash = SHA1_fixed(suffix,h[0],h[1],h[2],h[3],h[4],length).digest()
return forged_hash
def validate_hash(message,hash_):
if MAC_SHA1(key,message) == hash_ :
return True
else :
return False
if __name__ == '__main__':
key = urandom(randint(1,100))
print("length real key = %d " % len(key))
message = b"comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon"
suffix = b";admin=true"
hash_ = MAC_SHA1(key,message)
for keylen in range(100):
print("[*] Try to break with key len : %d" % keylen)
Forged_hash = forged_hash(keylen,message,hash_,suffix)
Forged_message = forged_message(keylen,message,suffix)
if validate_hash(Forged_message,Forged_hash):
print("Log in as Admin!")
print("[*] [*] [*] key len recovery : %d" % keylen)
break
else :
print("Log in as User!")
time.sleep(1) #it will more fun when you wait :v
def __init__(self,nonce,key):
self.nonce = nonce
self.key = key
def encrypt(self,s):
s = split_block(s,16)
encode = b""
count = 0
for s_block in s :
Counter = self.nonce + little_endian(count,8)
cipher = AES.new(self.key,AES.MODE_ECB)
encode += xor(cipher.encrypt(Counter),s_block)
count += 1
return encode
def decrypt(self,s):
s = split_block(s,16)
decode = b""
count = 0
for s_block in s :
Counter = self.nonce + little_endian(count,8)
cipher = AES.new(self.key,AES.MODE_ECB)
decode += xor(cipher.encrypt(Counter),s_block)
count += 1
return decode
if __name__ =='__main__':
nonce = urandom(8)
key = urandom(16)
cipher = CTR_mode(nonce,key)
print(cipher.encrypt(b"kami"))
''' AES.new(key,AES.MODE_CTR) , nonce random '''
''' byte at a time ECB đecryption '''
from Crypto.Cipher import AES
from base64 import b64decode
from challenge_9 import PKCS7
from Crypto.Random import urandom
from random import randint
key = urandom(16)
suffix_r = urandom(randint(3, 40))
def encrypt_oracle(s):
s = PKCS7(s + suffix_r, 16)
cipher = AES.new(key, AES.MODE_ECB)
return cipher.encrypt(s)
def length_detect(encrypt_oracle):
for length in range(2, 41):
s = b'0' * (2 * length)
encode_s = encrypt_oracle(s)
if encode_s[:length] == encode_s[length:2 * length]:
return length
def detect_length_suffix(encrypt_oracle):
s = b""
l1 = len(encrypt_oracle(s))
l2 = l1
i = 0
def decrypt(string):
cipher = AES.new(key, AES.MODE_CBC, iv)
return cipher.decrypt(string)
def check_admin(string):
string = decrypt(string)
if b";admin=true;" in string:
return True
return False
if __name__ == '__main__':
key = urandom(16)
iv = urandom(16)
''' xac dinh len prepend tuong tu nhu trong challenge 14, nhung thay vi \
so sanh doan dang sau ta so sanh phan dang truoc'''
print("[*] Generate string.......")
len_prepend = len(prepend)
string = b"0" * (16 - len_prepend % 16) + b"0admin0true0"
cipher_text = encrypt(string)
i = len_prepend // 16
''' can sua cac ki tu tuong ung voi vi tri so 0 trong string in\
cipher text lien truoc cipher text cua 0admin0true0'''
print("[*] Forged cipher text by bit flipping..........")
c_0 = bytes([cipher_text[i * 16:16 * (i + 1)][0] ^ ord("0") ^ ord(";")])
c_6 = bytes([cipher_text[i * 16:16 * (i + 1)][6] ^ ord("0") ^ ord("=")])
cipher = AES.new(key, AES.MODE_ECB)
return cipher.encrypt(profile)
def check_role(en_profile):
cipher = AES.new(key, AES.MODE_ECB)
text = cipher.decrypt(en_profile)
text = unPad(text)
role = parse_routine(text)[1][2][1]
if role == b"admin":
print("Log in as admin!")
else:
print("Log in as user!")
if __name__ == '__main__':
key = urandom(16)
email = b"0" * 13
profile = profile_for(email)
e_profile = encrypt_profile(profile)
print("[*] Log in with user : %s" % email)
print("[*] Attack to get admin role.......")
fake_email = b"0" * 10 + PKCS7(b"admin", 16)
fake_profile = profile_for(fake_email)
e_profile_f = encrypt_profile(fake_profile)
e_admin = e_profile[:32] + e_profile_f[16:32]
print("[*] Server check role .......")
check_role(e_admin)
return True
else:
return False
def discover_padding_length(r, c_block, padding_validation):
padding = 0
for i in range(15, -1, -1):
r0 = r[:i] + bytes([r[i] ^ 1]) + r[i + 1:]
if padding_validation(r0 + c_block):
return padding
padding += 1
if __name__ == '__main__':
key = urandom(16)
iv = urandom(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
c = cipher.encrypt(PKCS7(b"0" * 31, 16))
''' break D(ci) from c and padding oracle '''
ci = c[:16]
Dci = b""
R0 = urandom(15)
''' choose random R to R+C is valid padding '''
for bytess in range(256):
R = R0 + bytes([bytess])
if padding_validation(R + ci):
break
padding_length = discover_padding_length(R, ci, padding_validation)
print("Padding length for the first R : %d" % padding_length)
''' find Dci'''
self.keystream = b''
def encrypt(self,plaintext):
rand = MT19937(self.seed)
keystream = b""
while len(keystream) < len(plaintext):
randbytes = bytes([rand.uint32() % 256 ])
keystream += randbytes
self.keystream = keystream
return xor(self.keystream,plaintext)
def decrypt(self,cipher):
return xor(self.keystream,cipher)
if __name__ == '__main__':
plaintext = b"0" * 14
seed = urandom(2)
seed = bytes_to_long(seed)
cipher = MT19937_cipher(seed)
cipher_text = cipher.encrypt(plaintext)
print("Real seed : ",seed)
print("[*] Guessing.........")
for seed_guess in range(2**16):
cipher_guess = MT19937_cipher(seed_guess)
cipher_text_guess = cipher_guess.encrypt(plaintext)
if cipher_text_guess == cipher_text :
print("Seed guess = %d" % seed_guess)
break
assert seed == seed_guess
