def value(self): random_generator = RandomByteGenerator() key = random_generator.value(self.BLOCK_SIZE) iv = random_generator.value(self.BLOCK_SIZE) ciphertext = AES(key).encrypt(self.plaintext, mode=CBC(iv)) oracle = CBCPaddingOracle(key, iv) return CBCPaddingOracleAttack(oracle).value(ciphertext, iv)
class RandomECB_CBCEncrypter(object): def __init__(self, block_size): self.block_size = block_size self.random_generator = RandomByteGenerator() def get_mode(self): # To use after encryption in order to confirm that the oracle works. return self.mode.name() def _prepare_plaintext(self, plaintext): header = self.random_generator.value(random.randint(5,10)) footer = self.random_generator.value(random.randint(5,10)) return '%s%s%s' % (header, plaintext, footer) def _get_random_mode(self): if random.random() >= 0.5: mode = ECB(block_size=self.block_size) else: random_iv = self.random_generator.value(self.block_size) mode = CBC(iv=random_iv, block_size=self.block_size) return mode def encrypt(self, plaintext): plaintext = self._prepare_plaintext(plaintext) key = self.random_generator.value(self.block_size) self.mode = self._get_random_mode() return AES(key).encrypt(plaintext, mode=self.mode)
def validate(self): secret_key = RandomByteGenerator().value(self.BLOCK_SIZE) secret_iv = RandomByteGenerator().value(self.BLOCK_SIZE) mode = CBC(secret_iv) profile_generator = UserProfileGenerator(secret_key, mode) attack = CBCBitFlippingAttack(profile_generator, self.BLOCK_SIZE) encrypted_profile = attack.value() profile = UserProfileParser(secret_key, mode).parse(encrypted_profile) return ';admin=true' in profile
def _init_cipher_from(self, secret, iv=None): secret_bytes = IntToBytes(secret).value() key = SHA1().hash(secret_bytes)[:self.BLOCK_SIZE] self.iv = RandomByteGenerator().value(self.BLOCK_SIZE) if iv is None\ else iv self.cipher = AES(key) self.cipher_mode = CBC(iv=self.iv)
def validate(self): secret_key = RandomByteGenerator().value(self.BLOCK_SIZE) mode = CBC(iv=secret_key) profile_generator = UserProfileGenerator(secret_key, mode) profile_parser = CustomUserProfileParser(secret_key, mode) recovered_key = CBCKeyRecoveryAttack(profile_generator, profile_parser).value() return recovered_key == secret_key
def value(self): secret_key = RandomByteGenerator().value(self.BLOCK_SIZE) profile_generator = UserProfileGenerator(secret_key) # The secret key is not known by the admin profile generator. encrypted_profile = AdminUserProfileGenerator(profile_generator).\ value() profile = UserProfileParser(secret_key).parse(encrypted_profile) return profile['role']
def validate(self): secret_key = RandomByteGenerator().value(self.BLOCK_SIZE) secret_nonce = random.randint(0, 2**64 - 1) mode = CTR(nonce=secret_nonce) profile_generator = UserProfileGenerator(secret_key, mode) attack = CTRBitFlippingAttack(profile_generator, self.BLOCK_SIZE) encrypted_profile = attack.value() profile = UserProfileParser(secret_key, mode).parse(encrypted_profile) return ';admin=true' in profile
def validate(self): key = RandomByteGenerator().value(20) sha1mac = HashBasedMAC(key, SHA1) string_mac = sha1mac.value(self.STRING) message, mac = SHA1BasedMACMessageForger(sha1mac).\ forge(self.STRING, string_mac, self.TARGET_STRING) return message.startswith(self.STRING) and\ message.endswith(self.TARGET_STRING) and\ sha1mac.validate(message, mac)
def validate(self): key = RandomByteGenerator().value(20) md4mac = HashBasedMAC(key, MD4) string_mac = md4mac.value(self.STRING) message, mac = MD4BasedMACMessageForger(md4mac).\ forge(self.STRING, string_mac, self.TARGET_STRING) return message.startswith(self.STRING) and\ message.endswith(self.TARGET_STRING) and\ md4mac.validate(message, mac)
class Set7Challenge54(MatasanoChallenge): LENGTH = 50 BLOCK_SIZE = MDHashFunction.block_size() PREFIX = RandomByteGenerator().value(LENGTH * BLOCK_SIZE) PREDICTION_LENGTH = 150 * BLOCK_SIZE def validate(self): hash_function = BasicHashFunctionFactory.build(16) attack = NostradamusAttack(hash_function, self.PREDICTION_LENGTH, k=5) prediction = attack.prediction() message = attack.for_prefix(self.PREFIX) return message.startswith(self.PREFIX) and\ hash_function().hash(message) == prediction
def validate(self): key = RandomByteGenerator().value(self.BLOCK_SIZE) mac_generator = CBC_MACGenerator(key) mac_validator = CBC_MAC(key) message, mac = mac_generator.get_message_and_mac_for( self.VICTIM_ID, {2: [100]}) # The MAC generator is only meant to be used to generate MACs for # "attacker-controlled" accounts. crafted_message, forged_mac = CBC_MACMessageForger(mac_generator).\ forge_from(message, mac) from_victim = 'from=%d' % self.VICTIM_ID to_attacker = '%d:1000000' % CBC_MACMessageForger.ACCOUNT_ID return from_victim in crafted_message and\ to_attacker in crafted_message and\ mac_validator.validate(crafted_message, forged_mac)
class Set4Challenge32(MatasanoChallenge): STRING = 'foo bar baz' KEY = RandomByteGenerator().value(50) TIMING_LEAK = 0.003 def __init__(self): MatasanoChallenge.__init__(self) self.hmac = HMAC(self.KEY, SHA1).value(self.STRING) def expected_value(self): return self.hmac def value(self): with TimeLeakingWebServer(self.STRING, self.hmac, self.TIMING_LEAK)\ as server: return HMACCrackerForReducedTimeLeak(server).crack()
class Set7Challenge51Base(MatasanoChallenge): # This length corresponds to the length of the cookie used in the challenge. # For greater lengths, the algorithm used here does not seem to work # properly. However, it might be fixed by using symbols of greater size # (e.g., combinations of three characters instead of two) and just keeping # the first character of each candidate symbol on each iteration. The # downside of this is that the running time increases exponentially. COOKIE_SIZE = 32 COOKIE = RandomByteGenerator().value(COOKIE_SIZE) def __init__(self): MatasanoChallenge.__init__(self) self.cookie = Base64Encoder().encode(self.COOKIE) def expected_value(self): return self.cookie def value(self): return self._get_attack().value() def _get_attack(self): raise NotImplementedError
def _init_state(self): self.b = random.randint(1, self.MAX_INT) self.salt = RandomByteGenerator().value() hashed_password = self.sha256.hash(self.salt + self.password) integer = self._to_int(hashed_password) self.v = self.modexp.value(self.G, integer)
def __init__(self, hash_function): self.hash_function = hash_function self.resumable_hash = ResumableMDHash(hash_function).value() self.block_size = self.resumable_hash.block_size() self.byte_generator = RandomByteGenerator()
def _encrypt(self, plaintexts): key = RandomByteGenerator().value(self.BLOCK_SIZE) aes = AES(key) return map(lambda text: aes.encrypt(text, mode=CTR(nonce=0)).bytes(), plaintexts)
def _encrypt(self, message): key = RandomByteGenerator().value(BlockCipherMode.DEFAULT_BLOCK_SIZE) cipher = AES(key) mode = self._get_encryption_mode() return cipher.encrypt(message, mode=mode)
def __init__(self): key = RandomByteGenerator().value(self.BLOCK_SIZE) self.cipher = AES(key) self.trailing_string = self._decode_trailing_string()
def __init__(self): self.key = random.randint(0, 65535) self.cipher = MersenneTwisterCipher(self.key) prefix_size = random.randint(1, 50) self.prefix = RandomByteGenerator().value(prefix_size)
def _get_encryption_mode(self): iv = RandomByteGenerator().value(CBC.DEFAULT_BLOCK_SIZE) return CBC(iv)
def value(self): key = RandomByteGenerator().value(self.BLOCK_SIZE) cipher = RandomAccessAES(key) ciphertext = cipher.encrypt(self.plaintext, nonce=0) return RandomAccessAESDecrypter(cipher).decrypt(ciphertext)
def validate(self): key = RandomByteGenerator().value() sha1mac = HashBasedMAC(key, SHA1) valid_mac_ok = self._check_valid_mac(sha1mac) invalid_mac_ok = self._check_invalid_mac(sha1mac) return valid_mac_ok and invalid_mac_ok
def __init__(self): ECBEncryptionOracle.__init__(self) self.random_prefix = RandomByteGenerator().value()
def _build_padding(self, size): byte_generator = RandomByteGenerator() padding = byte_generator.value(size) return padding.replace('\x00', byte_generator.value(1))
def encrypt(self, message): key = RandomByteGenerator().value(self.RC4_KEY_SIZE) return RC4(key).encrypt(message + self.suffix)
def __init__(self, block_size): self.block_size = block_size self.random_generator = RandomByteGenerator()