Ejemplo n.º 1
0
def process():
    I = request.args.get('email')
    A = int(request.args.get('A'))

    b = randint(0, N)
    B = k * d[I]['v'] + pow(g, b, N)

    # Response
    r = str(d[I]['salt']) + ';' + str(B)

    # Doing the next steps
    uH = sha256(int_to_bytes(A) + int_to_bytes(B)).hexdigest()
    u = int(uH, 16)

    temp = pow(d[I]['v'], u, N)
    S = pow(A * temp, b, N)
    K = sha256(int_to_bytes(S)).digest()
    salt = struct.pack('<I', d[I]['salt'])
    hmac = HMAC_SHA256(K, salt)
    d[I]['hmac'] = hmac

    return r
Ejemplo n.º 2
0
def fake_verify():
    I = request.args.get('email')
    hmac = request.args.get('hmac')

    A = d[I]['A']
    b = d[I]['b']
    u = d[I]['u']
    salt = struct.pack('<I', d[I]['salt'])
    wordlist = "/usr/share/wordlists/dirb/others/best1050.txt"
    with open(wordlist, 'r') as f:
        w = f.read().splitlines()

    for P in w:
        xH = sha256(salt + bytearray(P, "ascii")).hexdigest()
        x = int(xH, 16)
        v = pow(g, x, N)
        temp = pow(v, u, N)
        S = pow(A * temp, b, N)
        K = sha256(int_to_bytes(S)).digest()

        if HMAC_SHA256(K, salt) == hmac:
            print("CRACKED!!!!")
            print(P)
            return P
Ejemplo n.º 3
0
#Generating RSA public and private keys
p = generate_rsa_prime()
q = generate_rsa_prime()

while (test_primes(p, q, e) != True):
    p = generate_rsa_prime()
    q = generate_rsa_prime()

pub_key, priv_key = rsa_key_gen(p, q, e)

#Encrypting message
e = pub_key[0]
n = pub_key[1]
c = rsa_encrypt(m, e, n)

print("Original message:", int_to_bytes(decryption(c, priv_key), order="big"))
print(decryption(c, priv_key))  #Showing that it can't be done twice

# Attacker:
captured_cipher = c
captured_e = pub_key[0]
captured_n = pub_key[1]

S = randint(2, 0xFFFFFFFF)

attacker_c = (pow(S, captured_e, captured_n) * captured_cipher) % captured_n

attacker_p = decryption(attacker_c, priv_key)

s_inv = modinv(S, captured_n)
recovered_p = attacker_p * s_inv % captured_n
Ejemplo n.º 4
0
def main():

    p = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
    g = 2

    ################################################################################
    ###### MITM attack - Scenario 01: g = 1
    ################################################################################

    #User A generates A
    a = randint(0, p)
    A = pow(g, a, p)

    #User A sends (p,g,A) to M
    m_data = (p, g, A)

    #Use M send (p,g,A) to M
    g_m = 1
    b_data = (p, g_m, A)
    #User B generates B
    b = randint(0, b_data[0])
    B = pow(b_data[1], b, b_data[0])  #the result will be 1

    #User B sends B to M
    m_data2 = B
    a_data = m_data2  #let's send this 1 forward

    #User A calculates s, iv, key and encrypt a message
    #print a_data
    s_a = pow(a_data, a, p)  #s_a = 1
    #print s_a
    iv_a = random_aes_key(16)
    msg_a = bytearray("Super Secret Stuff123", "ascii")
    #print hex(s_a)
    key_a = sha1(int_to_bytes(s_a))[:16]
    aes_ecb_a = AES.new(key_a, AES.MODE_ECB)
    enc_a = cbc_encrypt(aes_ecb_a, msg_a, iv_a)
    #test = cbc_decrypt(aes_ecb_a, enc_a, iv_a)
    #print test

    #User A sends encrypted message and iv to M
    m_data3 = enc_a + iv_a

    #M can recalculate the key and decrypt the message:
    key_m = sha1(b"\x01")[:16]
    #print key_m
    aes_ecb_m = AES.new(key_m, AES.MODE_ECB)
    msg_m = cbc_decrypt(aes_ecb_m,
                        m_data3[:-16],
                        m_data3[-16:],
                        validation=True)  #M knows the message (DONE)
    print("Retrieved by M (scenario 1):", msg_m)

    ################################################################################
    ###### MITM attack - Scenario 02: g = p
    ################################################################################

    #User A generates A
    a = randint(0, p)
    A = pow(g, a, p)

    #User A sends (p,g,A) to M
    m_data = (p, g, A)

    #Use M send (p,g,A) to M
    g_m = p
    b_data = (p, g_m, A)

    #User B generates B
    b = randint(0, b_data[0])
    B = pow(b_data[1], b, b_data[0])  #the result will be 0

    #User B sends B to M
    m_data2 = B
    a_data = m_data2  #let's send this 0 forward

    #User A calculates s, iv, key and encrypt a message
    #print a_data
    s_a = pow(a_data, a, p)  #s_a = 0
    #print s_a

    iv_a = random_aes_key(16)
    msg_a = bytearray("Super Secret Stuff123", "ascii")
    #print hex(s_a)
    key_a = sha1(int_to_bytes(s_a))[:16]
    aes_ecb_a = AES.new(key_a, AES.MODE_ECB)
    enc_a = cbc_encrypt(aes_ecb_a, msg_a, iv_a)
    #test = cbc_decrypt(aes_ecb_a, enc_a, iv_a)
    #print test

    #User A sends encrypted message and iv to M
    m_data3 = enc_a + iv_a

    #M can recalculate the key and decrypt the message:
    key_m = sha1(b'\x00')[:16]
    #print key_m
    aes_ecb_m = AES.new(key_m, AES.MODE_ECB)
    msg_m = cbc_decrypt(aes_ecb_m,
                        m_data3[:-16],
                        m_data3[-16:],
                        validation=True)  #M knows the message (DONE)
    print("Retrieved by M (scenario 2):", msg_m)

    ################################################################################
    ###### MITM attack - Scenario 03: g = p-1
    ################################################################################

    #User A generates A
    a = randint(0, p)
    A = pow(g, a, p)

    #User A sends (p,g,A) to M
    m_data = (p, g, A)

    #Use M send (p,g,A) to M
    g_m = p - 1
    b_data = (p, g_m, A)

    #User B generates B
    b = randint(0, b_data[0])
    B = pow(b_data[1], b, b_data[0])  #(p-1)^x % p == (-1)^x % p
    # if x is even: 1, if x is odd, p-1

    #User B sends B to M
    m_data2 = B
    a_data = m_data2  #sending the information forward

    #User A calculates s, iv, key and encrypt a message
    #print a_data
    s_a = pow(a_data, a, p)  #s_a is either p-1 or 1
    #print s_a

    iv_a = random_aes_key(16)
    msg_a = bytearray("Super Secret Stuff123", "ascii")
    #print hex(s_a)
    key_a = sha1(int_to_bytes(s_a))[:16]
    aes_ecb_a = AES.new(key_a, AES.MODE_ECB)
    enc_a = cbc_encrypt(aes_ecb_a, msg_a, iv_a)

    #User A sends encrypted message and iv to M
    m_data3 = enc_a + iv_a

    #M can calculate both possible keys and decrypt the message:
    key_m1 = sha1(b'\x01')[:16]
    key_m2 = sha1(int_to_bytes(g_m))[:16]

    for key_m in (key_m1, key_m2):
        aes_ecb_m = AES.new(key_m, AES.MODE_ECB)
        try:
            msg_m = cbc_decrypt(aes_ecb_m,
                                m_data3[:-16],
                                m_data3[-16:],
                                validation=True)  #M knows the message (DONE)
        except:  #this is me being lazy. Note that it might break if the wrong key decrypts some garbage with the right padding
            pass
    print("Retrieved by M (scenario 3):", msg_m)
Ejemplo n.º 5
0
pub_key, priv_key = rsa_key_gen(p, q, e)

e = pub_key[0]
n = pub_key[1]
d = priv_key[0]
m = 42
print(rsa_decrypt(rsa_encrypt(m, e, n), d, n))

# "Serious stuff"
e = 3
p = generate_rsa_prime()
q = generate_rsa_prime()

while (test_primes(p, q, e) != True):
    p = generate_rsa_prime()
    q = generate_rsa_prime()

pub_key, priv_key = rsa_key_gen(p, q, e)

message = b"This is a super S3cr3t message!!!!"

m = int.from_bytes(message, byteorder='big')
e = pub_key[0]
n = pub_key[1]
d = priv_key[0]

c = rsa_encrypt(m, e, n)
decrypted_int = rsa_decrypt(c, d, n)
decrypted = int_to_bytes(decrypted_int, order="big")
print(decrypted)
Ejemplo n.º 6
0
# Legitimate server
a = randint(0,N)
A = pow(g,a,N)
query = f"http://127.0.0.1:5000/process?email={I}&A={A}"
r = requests.get(query)
temp = r.text.split(';')

salt = int(temp[0])
B = int(temp[1])
u = int(temp[2])

xH = sha256(struct.pack('<I',salt)+bytearray(P, "ascii")).hexdigest()
x = int(xH,16)

S = pow(B,a+(u*x),N)
K = sha256(int_to_bytes(S)).digest()
hmac = HMAC_SHA256(K,struct.pack('<I',salt))

query = f"http://127.0.0.1:5000/verify?email={I}&hmac={hmac}"
r = requests.get(query)
print ("Response from legitimate server:",r.text)


# Fake server
query = f"http://127.0.0.1:6666/process?email={I}&A={A}"
r = requests.get(query)
temp = r.text.split(';')

salt = int(temp[0])
B = int(temp[1])
u = int(temp[2])
Ejemplo n.º 7
0
#Encrypted the message using 3 different public keys
encrypted = []
for i in range(3):
    pub_key = keys[i][0]
    e = pub_key[0]
    n = pub_key[1]
    c = rsa_encrypt(m,e,n)
    encrypted.append(c)

n_0 = keys[0][0][1]
n_1 = keys[1][0][1]
n_2 = keys[2][0][1]

c_0 = encrypted[0] % n_0
c_1 = encrypted[1] % n_1
c_2 = encrypted[2] % n_2

m_s_0 = n_1 * n_2
m_s_1 = n_0 * n_2
m_s_2 = n_0 * n_1

N_012 = n_0 * n_1 * n_2

result = ((c_0 * m_s_0 * modinv(m_s_0, n_0)) +  (c_1 * m_s_1 * modinv(m_s_1, n_1)) + (c_2 * m_s_2 * modinv(m_s_2, n_2))) % N_012

a = precise_cube_root(result)

print(int_to_bytes(int(a),order="big"))

Ejemplo n.º 8
0
    print("Something went wrong!!!")
    exit()

requests.get("http://127.0.0.1:5000/query")

a = randint(0,N)
A = pow(g,a,N)
query = f"http://127.0.0.1:5000/process?email={I}&A={A}"
r = requests.get(query)
print (r.text)
temp = r.text.split(';')

salt = int(temp[0])
B = int(temp[1])

uH = sha256(int_to_bytes(A)+int_to_bytes(B)).hexdigest()
u = int(uH,16)

xH = sha256(struct.pack('<I',salt)+bytearray(P, "ascii")).hexdigest()
x = int(xH,16)

temp = pow(g,x,N)
S = pow(B-(k*temp),a+(u*x),N)
K = sha256(int_to_bytes(S)).digest()
hmac = HMAC_SHA256(K,struct.pack('<I',salt))

query = f"http://127.0.0.1:5000/verify?email={I}&hmac={hmac}"
r = requests.get(query)
print (r.text)