def reverse(self, data): ivec = self.args.iv or urandom(0x10) if len(ivec) != 0x10: raise ValueError(self._IVERR) cipher = AES.new(self.args.key, AES.MODE_CBC, ivec) data = data.decode('latin-1').encode('utf-16LE') data = cipher.encrypt(pad(data, block_size=0x10)) data = base64.b16encode(data).lower().decode('ascii') ivec = base64.b64encode(ivec).decode('ascii') data = '|'.join(('%d' % self._PSVER, ivec, data)).encode('utf-16LE') return base64.b64encode(self._MAGIC + data)
def __init__(self, transaction=None, previous_hash=None): """ :param transaction: transaction data that is stored in the block chain :param previous_hash: the hash of the previous block """ super(Block, self).__init__() self.block_id = binascii.hexlify(urandom(24)).decode('utf-8') self.transaction = transaction self.previous_hash = previous_hash self.timestamp = str( datetime.timestamp( datetime.now()).as_integer_ratio()[0]).encode('utf-8') self.hash = self.hash_block()
def __init__(self, hash=DEFAULT_HASH, block_class=Block): super(BlockChain, self).__init__() self.chain_id = binascii.hexlify(urandom(24)).decode('utf-8') self.hash = hash self.block_class = block_class self.chain = OrderedDict() self.timestamp = str( datetime.timestamp( datetime.now()).as_integer_ratio()[0]).encode('utf-8') self.chain_hash = hashlib.new(hash, self.timestamp).hexdigest() # Add first block b = self.block_factory()(transaction={ 'chain_id': self.chain_id }, previous_hash=self.chain_hash) self.chain[b.hash] = b
for i in range(5): hi = hash_[4*i:4*(i+1)] hi = int(hexlify(hi),16) h.append(hi) length = len(b"0" * keylen + Forged_message) * 8 forged_hash = SHA1_fixed(suffix,h[0],h[1],h[2],h[3],h[4],length).digest() return forged_hash def validate_hash(message,hash_): if MAC_SHA1(key,message) == hash_ : return True else : return False if __name__ == '__main__': key = urandom(randint(1,100)) print("length real key = %d " % len(key)) message = b"comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon" suffix = b";admin=true" hash_ = MAC_SHA1(key,message) for keylen in range(100): print("[*] Try to break with key len : %d" % keylen) Forged_hash = forged_hash(keylen,message,hash_,suffix) Forged_message = forged_message(keylen,message,suffix) if validate_hash(Forged_message,Forged_hash): print("Log in as Admin!") print("[*] [*] [*] key len recovery : %d" % keylen) break else : print("Log in as User!") time.sleep(1) #it will more fun when you wait :v
def __init__(self,nonce,key): self.nonce = nonce self.key = key def encrypt(self,s): s = split_block(s,16) encode = b"" count = 0 for s_block in s : Counter = self.nonce + little_endian(count,8) cipher = AES.new(self.key,AES.MODE_ECB) encode += xor(cipher.encrypt(Counter),s_block) count += 1 return encode def decrypt(self,s): s = split_block(s,16) decode = b"" count = 0 for s_block in s : Counter = self.nonce + little_endian(count,8) cipher = AES.new(self.key,AES.MODE_ECB) decode += xor(cipher.encrypt(Counter),s_block) count += 1 return decode if __name__ =='__main__': nonce = urandom(8) key = urandom(16) cipher = CTR_mode(nonce,key) print(cipher.encrypt(b"kami")) ''' AES.new(key,AES.MODE_CTR) , nonce random '''
''' byte at a time ECB Ä‘ecryption ''' from Crypto.Cipher import AES from base64 import b64decode from challenge_9 import PKCS7 from Crypto.Random import urandom from random import randint key = urandom(16) suffix_r = urandom(randint(3, 40)) def encrypt_oracle(s): s = PKCS7(s + suffix_r, 16) cipher = AES.new(key, AES.MODE_ECB) return cipher.encrypt(s) def length_detect(encrypt_oracle): for length in range(2, 41): s = b'0' * (2 * length) encode_s = encrypt_oracle(s) if encode_s[:length] == encode_s[length:2 * length]: return length def detect_length_suffix(encrypt_oracle): s = b"" l1 = len(encrypt_oracle(s)) l2 = l1 i = 0
def decrypt(string): cipher = AES.new(key, AES.MODE_CBC, iv) return cipher.decrypt(string) def check_admin(string): string = decrypt(string) if b";admin=true;" in string: return True return False if __name__ == '__main__': key = urandom(16) iv = urandom(16) ''' xac dinh len prepend tuong tu nhu trong challenge 14, nhung thay vi \ so sanh doan dang sau ta so sanh phan dang truoc''' print("[*] Generate string.......") len_prepend = len(prepend) string = b"0" * (16 - len_prepend % 16) + b"0admin0true0" cipher_text = encrypt(string) i = len_prepend // 16 ''' can sua cac ki tu tuong ung voi vi tri so 0 trong string in\ cipher text lien truoc cipher text cua 0admin0true0''' print("[*] Forged cipher text by bit flipping..........") c_0 = bytes([cipher_text[i * 16:16 * (i + 1)][0] ^ ord("0") ^ ord(";")]) c_6 = bytes([cipher_text[i * 16:16 * (i + 1)][6] ^ ord("0") ^ ord("=")])
cipher = AES.new(key, AES.MODE_ECB) return cipher.encrypt(profile) def check_role(en_profile): cipher = AES.new(key, AES.MODE_ECB) text = cipher.decrypt(en_profile) text = unPad(text) role = parse_routine(text)[1][2][1] if role == b"admin": print("Log in as admin!") else: print("Log in as user!") if __name__ == '__main__': key = urandom(16) email = b"0" * 13 profile = profile_for(email) e_profile = encrypt_profile(profile) print("[*] Log in with user : %s" % email) print("[*] Attack to get admin role.......") fake_email = b"0" * 10 + PKCS7(b"admin", 16) fake_profile = profile_for(fake_email) e_profile_f = encrypt_profile(fake_profile) e_admin = e_profile[:32] + e_profile_f[16:32] print("[*] Server check role .......") check_role(e_admin)
return True else: return False def discover_padding_length(r, c_block, padding_validation): padding = 0 for i in range(15, -1, -1): r0 = r[:i] + bytes([r[i] ^ 1]) + r[i + 1:] if padding_validation(r0 + c_block): return padding padding += 1 if __name__ == '__main__': key = urandom(16) iv = urandom(16) cipher = AES.new(key, AES.MODE_CBC, iv) c = cipher.encrypt(PKCS7(b"0" * 31, 16)) ''' break D(ci) from c and padding oracle ''' ci = c[:16] Dci = b"" R0 = urandom(15) ''' choose random R to R+C is valid padding ''' for bytess in range(256): R = R0 + bytes([bytess]) if padding_validation(R + ci): break padding_length = discover_padding_length(R, ci, padding_validation) print("Padding length for the first R : %d" % padding_length) ''' find Dci'''
self.keystream = b'' def encrypt(self,plaintext): rand = MT19937(self.seed) keystream = b"" while len(keystream) < len(plaintext): randbytes = bytes([rand.uint32() % 256 ]) keystream += randbytes self.keystream = keystream return xor(self.keystream,plaintext) def decrypt(self,cipher): return xor(self.keystream,cipher) if __name__ == '__main__': plaintext = b"0" * 14 seed = urandom(2) seed = bytes_to_long(seed) cipher = MT19937_cipher(seed) cipher_text = cipher.encrypt(plaintext) print("Real seed : ",seed) print("[*] Guessing.........") for seed_guess in range(2**16): cipher_guess = MT19937_cipher(seed_guess) cipher_text_guess = cipher_guess.encrypt(plaintext) if cipher_text_guess == cipher_text : print("Seed guess = %d" % seed_guess) break assert seed == seed_guess