def verify(self, signature):
server_sig = hmac.new(my_encode(str(self.K)),
my_encode(str(self.salt)),
hashlib.sha256).hexdigest()
if server_sig == signature:
return "OK"
else:
return "Not-OK"
def get_replacement_byte(orig, new):
h1 = str(binascii.hexlify(my_encode(orig)))[2:-1]
h2 = str(binascii.hexlify(my_encode("x")))[2:-1]
h3 = str(binascii.hexlify(my_encode(new)))[2:-1]
temp = binary_xor(h1, h2)
r_byte = binary_xor(bin2hex(temp), h3)
return r_byte
def checker(m):
# decrypt the input string
p = decrypt_cbc(my_encode(m), key, iv)
print("Altered plaintext: " + p)
test_string = ";admin=true;"
return test_string in p
def checker(m):
# decrypt the input string
p = my_cipher.decrypt(my_encode(m))
print("Altered plaintext: " + p)
test_string = ";admin=true;"
return test_string in p
def sanitizer(p):
# concatenate input string with prepend and append strings
prepend = "comment1=raining%20MCs;userdata="
append = ";comment2=%20like%20a%20sunny%20day%20tomorrow"
s = prepend + p + append
# quote out ";" and "=" characters
s = s.replace(";", "")
s = s.replace("=", "")
print("Sanitized plaintext: " + s)
# return encrypted string
return my_cipher.encrypt(my_encode(s))
def injector(c):
# byte array of ciphertext
b_array = bytearray(my_encode(c))
# start flipping at the 32nd byte (the first byte of a full attacker-controlled block)
starting_byte = 32
# plaintext we want to inject
malicious_chars = ";admin=true;"
for i in range(0, len(malicious_chars)):
target_num = starting_byte + i # index of the target byte
target = c[target_num] # original target byte
m_char = get_replacement_byte(
target,
malicious_chars[i]) # malicious char to replace the target byte
b_array[target_num] = int(m_char,
2) # update b_array with malicious char
return bytes(b_array).decode('latin1')
def get_hex_string(s):
return str(binascii.hexlify(s))[2:-1]
def three_xor(a1, a2, a3):
temp = binary_xor(a1, a2)
return binary_xor(bin2hex(temp), a3)
if __name__ == '__main__':
w = Webapp()
# captured[0] is the ciphertext (string); captured[1] is the iv (bytes)
captured = w.random_encrypt()
ciphertext = my_encode(captured[0]) # convert to bytes
iv = captured[1]
answer = ""
for block_index in range(0, len(ciphertext) // 16):
block = ciphertext[16 * block_index:16 * block_index + 16]
if block_index == 0:
prev_block = bytearray(iv)
else:
# TODO: fix prev_block
prev_block = bytearray(iv)
block_answer = ""
ciphertext = None
with open("w4p2.txt") as f: # inputFile
plaintext = f.read()
# randomly choose ecb or cbc
random_num = os.urandom(1)
mode = random_num[0] % 2 # 0 for ECB, 1 for CBC
# print selected mode
if mode == 0: # randomChoiceofECB-CBC
print("ECB mode selected")
else:
print("CBC mode selected")
b_array = bytearray(my_encode(plaintext))
# randomly prepend 5-10 bytes
random_prepend = os.urandom(1)
num_prepend_bytes = 5 + random_prepend[0] % 6 # noOfPrependBytes
for i in range(0, num_prepend_bytes):
b_array.append(os.urandom(1)[0])
# randomly append 5-10 bytes
random_append = os.urandom(1)
num_append_bytes = 5 + random_append[0] % 6 # noOfAppendBytes
for j in range(0, num_append_bytes):
b_array.insert(0, os.urandom(1)[0])
# create modified plaintext
plaintext = bytes(b_array)
def store_password(self):
self.salt = str(os.urandom(1)[0])
s_xH = hashlib.sha256(my_encode(self.salt + P)).hexdigest()
s_x = int(s_xH, 16)
self.v = quick_exp(g, s_x, N)
s = Server()
# create account
s.store_password()
# login protocol
s.set_I("username")
a = os.urandom(1)[0]
A = quick_exp(g, a, N)
s.set_A(A)
salt = s.get_salt()
B = s.get_B()
s.compute_u()
uH = hashlib.sha256(bytes(str(A) + str(B), 'latin1')).hexdigest()
u = int(uH, 16)
xH = hashlib.sha256(my_encode(salt + "password")).hexdigest()
x = int(xH, 16)
S = quick_exp(B - k * quick_exp(g, x, N), a + u * x, N)
K = hashlib.sha256(bytes(str(S), 'latin1')).hexdigest()
s.create_K()
# authenticate the shared key
my_signature = hmac.new(my_encode(str(K)), my_encode(str(salt)),
hashlib.sha256).hexdigest()
print(s.verify(my_signature))
# create account
s.store_password()
# login protocol
s.set_I("username")
a = os.urandom(1)[0]
A = 0 # A = quick_exp(g, a, N)
s.set_A(A)
salt = s.get_salt()
B = s.get_B()
s.compute_u()
uH = hashlib.sha256(bytes(str(A) + str(B), 'latin1')).hexdigest()
u = int(uH, 16)
xH = hashlib.sha256(
my_encode(salt +
fake_P)).hexdigest() # give the server an invalid password
x = int(xH, 16)
S = 0 # S = quick_exp(B - k * quick_exp(g, x, N), a + u * x, N)
K = hashlib.sha256(bytes(str(S), 'latin1')).hexdigest()
s.create_K()
# authenticate the shared key
my_signature = hmac.new(my_encode(str(K)), my_encode(str(salt)),
hashlib.sha256).hexdigest()
print(s.verify(my_signature))
