def process_and_encrypt_string(prepended_text, userdata, appended_text):
block_size = 16
key = '0x71e6efcfb44e362b6e14f7abbecf5503'
key_in_binary = binascii.a2b_hex(key[2:])
iv = '0x29b28d9f2f56c07a8df1778d7408ba79'
iv_in_binary = binascii.a2b_hex(iv[2:])
chars_to_filter = [';', '=']
userdata = block.eat_chars(userdata, chars_to_filter)
final_str = prepended_text + userdata + appended_text
padded_final_str = block.pad_block(final_str, block_size)
encrypted = block.openssl_cbc_encrypt(padded_final_str, block_size,
key_in_binary, iv)
#Try destroying specific bytes here. Since ; and = are both swallowed up you need to corrupt 2 corresponding bytes in the previous block.
encrypted_tampered = {}
'''
#This bit is useful don't delete it. Uncomment it when you still haven't found out which exact character you need for your solution.
for i in range(0,256):
encrypted_tampered[i]= encrypted[0:32]+chr(i)+encrypted[33:38]+chr(i)+encrypted[39:]
'''
encrypted_tampered = encrypted[0:32] + chr(117) + encrypted[33:38] + chr(
116) + encrypted[39:]
return encrypted_tampered
def process_and_encrypt_string(userdata):
block_size = 16
key = '0x71e6efcfb44e362b6e14f7abbecf5503'
key_in_binary = binascii.a2b_hex(key[2:])
#Setting IV=key to introduce the vulnerability
iv = key
iv_in_binary = binascii.a2b_hex(iv[2:])
encrypted = block.openssl_cbc_encrypt(userdata, block_size, key_in_binary,
iv_in_binary)
return encrypted
def dh(g, p):
#These are then sent over to B who simply Acknowledges that he received g and p
print 'User B received g and p. Now continue.'
#Now User A calculates A = g^a mod p and sends it over to User B
a= random.getrandbits(256)
A= pow(g, a, p)
print 'Send A over to User B.'
#Now User B calculates B = g^b mod p and sends it over to User A
b= random.getrandbits(256)
B= pow(g, b, p)
print 'Send B over to User A.'
#Shared secret creation - A
s1= pow(B, a, p)
keyA= hashlib.sha1(str(s1)).hexdigest()[0:16]
print 'Shared secret and key for A is', s1, ',', keyA
#Shared secret creation - B
s2= pow(A, b, p)
keyB= hashlib.sha1(str(s2)).hexdigest()[0:16]
print 'Shared secret and key for B is', s2, ',', keyB
#Once both sides have created the shared secret, they can use it to encrypt traffic
msg_to_B= 'Teddy for B'
msg_to_A= 'Teddy for A'
block_size= 16
#A encrypts traffic and sends it to B
enc_to_B= block.openssl_cbc_encrypt(msg_to_B, block_size, keyA, binascii.a2b_hex(iv_to_B[2:]))
print 'Encrypted text from A to B', repr(enc_to_B)
#B encrypts traffic and sends it to A
enc_to_A= block.openssl_cbc_encrypt(msg_to_A, block_size, keyB, binascii.a2b_hex(iv_to_A[2:]))
print 'Encrypted text from B to A', repr(enc_to_A)
print '*' * 50
return enc_to_A, enc_to_B
print "A received ", B
s1 = pow(B, a, p)
key = hashlib.sha1(str(s1)).hexdigest()[0:16]
print "Key used to decrypt is", key
#Once both sides have created the shared secret, they can use it to encrypt traffic
msg_to_B = 'Teddy for B'
msg_to_A = 'Teddy for A'
block_size = 16
#This is different for both users
iv_to_B = '0x29b28d9f2f56c07a8df1778d7408ba79'
iv_to_A = '0x29c28e9f2556c08a8df1798d7408ba64'
#A encrypts traffic and sends it to B
enc_to_B = block.openssl_cbc_encrypt(msg_to_B, block_size, key,
binascii.a2b_hex(iv_to_B[2:]))
print 'Encrypted text from A to B', repr(enc_to_B)
#B encrypts traffic and sends it to A
enc_to_A = block.openssl_cbc_encrypt(msg_to_A, block_size, key,
binascii.a2b_hex(iv_to_A[2:]))
print 'Encrypted text from B to A', repr(enc_to_A)
print '-' * 50
'''
MITM Attack starts here
'''
print 'This is the MITM case'
#User A sends p, g and A to B but it is intercepted by M who sends p, g, mA instead. B calculates the shared secret using 'mA' instead of A. Meaning there's a connection now between M and B using a shared secret chosen by the attacker
mb = random.getrandbits(256)
mB = pow(g, mb, p)
secretB = pow(mB, b, p)
def process_and_encrypt_string(userdata):
encrypted= block.openssl_cbc_encrypt(userdata, block_size, key_in_binary, iv_in_binary)
return encrypted
return final
if __name__ == "__main__":
input_file = 'c17_strings'
blocklen = 16
#Get list of strings, base64 decode them and add them to an array
list_of_strings = []
t1 = common.openfile(input_file)
for string in t1:
list_of_strings.append(string.decode('base64'))
#Pick a random string
random_index = pick_random_string_index(len(list_of_strings))
input_str = list_of_strings[random_index]
#Generate random key to use for all future encryption
key = '71e6efcfb44e362b6e14f7abbecf5503'
#Generate a random IV to use in CBC
iv = '29b28d9f2f56c08a8df1778d7408ba79'
ivsplit = []
for count in range(0, len(iv), 2):
ivsplit.append((iv[count] + iv[count + 1]).decode("hex"))
#Pad string & encrypt chosen string with key
encrypted = block.openssl_cbc_encrypt(input_str, blocklen, key, ivsplit)
final = padding_oracle(encrypted)
print final
sys.path.insert(0, cmd_folder)
#Importing common crypto module
import sha1
import block
message = 'this is a good teddybear'
key = '0x71e6efcfb44e362b6e14f7abbecf5503'
key_in_binary = binascii.a2b_hex(key[2:])
iv = '0x41e5efcfb64e362b6e54f7abbecf9503'
iv_in_binary = binascii.a2b_hex(key[2:])
block_size = 16
#You need the key to create the MAC. So you can't tamper with the message and tag on a new MAC at the end
secret_prefix_msg = key_in_binary + message
encrypted = block.openssl_cbc_encrypt(secret_prefix_msg, block_size,
key_in_binary, iv_in_binary)
#This is appended to the message right at the end. The receiver who also has the key will compute the MAC, check if it matches and if not, drop the message
mac = sha1.sha1(secret_prefix_msg)
#This is what an attacker on the wire will see
authenticated_msg = encrypted + '^' * 3 + mac
#The attacker then tampers with the message and forwards it over to the receiver
t1 = list(authenticated_msg)
t1[3] = 'Z'
tampered_msg = ''.join(t1)
#The receiver then computes the MAC for the tampered message. It doesn't match.
mac_tamp = sha1.sha1(authenticated_msg.split('^' * 3)[0])
if mac != mac_tamp: