def encryption_oracle_ecb_cbc(bt):
    key = crypto_random_bytes(16)
    iv = crypto_random_bytes(16)
    mode = choice(['ecb', 'cbc'])

    begin_pad = crypto_random_bytes(random_integer(5, 10))
    end_pad = crypto_random_bytes(random_integer(5, 10))
    to_encrypt = pad_to_mod_16(begin_pad + bt + end_pad)

    if mode == 'ecb':
        ciphertext = encrypt_aes_128_ecb(to_encrypt, key)
    else:
        ciphertext = encrypt_aes_cbc(to_encrypt, key, iv)

    # do not cheat, use mode for validation only
    return ciphertext, mode
def encryption_oracle():
    key = random_integer(0, 2**16 - 1)
    prefix = crypto_random_bytes(random_integer(0, 200))
    message = prefix + b"A" * 14

    ciphertext = cipher_encrypt(message, key)
    return key, ciphertext
Example #3
0
def main():
    key = crypto_random_bytes(16)
    message = string_to_bytearray("Commitment")

    h1 = sha1_keyed_mac(key, message)
    h2 = sha1_keyed_mac(key, message + b"X")

    if h1 and h2 and h1 != h2:
        print("challenge 4.28 completed.")
    else:
        print("challenge 4.28 failed.")
import sys
import web
sys.path.insert(0, '../set_1_basics')
sys.path.insert(0, '../set_2_block_crypto')
sys.path.insert(0, '../set_3_block_stream_crypto')
from utils import crypto_random_bytes, random_integer, chunks_of_bytearray
import hashed_mac
import time
import threading
import requests
from collections import Counter
from break_hmac_sha1_artificial_timing_leak import sign, verify, default_timing, time_signature, test_signature, MyWebserver
from operator import itemgetter

ARTIFICIAL_TIMING = 0.005
KEY = crypto_random_bytes(64)


def break_byte(signature_to_break, so_far, nr_traces=25):
    overhead = default_timing()

    results = []
    for byte_candidate in range(256):
        signature_to_break[so_far] = byte_candidate

        exps = []
        for i in range(nr_traces):
            t = time_signature(signature_to_break)
            exps.append(t)

        results.append((byte_candidate, sum(exps) / len(exps)))
Example #5
0
import sys

sys.path.insert(0, '../set_1_basics')
from utils import crypto_random_bytes, base64_to_bytearray, string_to_bytearray, random_integer
from pkcs7_padding import pad_to_mod_16, unpad_pkcs7
from aes_cbc_mode import decrypt_aes_cbc, encrypt_aes_cbc
from utils import str2bin, bin2str

oracle_key = crypto_random_bytes(16)
iv = crypto_random_bytes(16)


def encrypt_user_data_cbc(user_data):
    user_data = user_data.replace(";", "")
    user_data = user_data.replace("=", "")
    plaintext = "comment1=cooking%20MCs;userdata=" + user_data + ";comment2=%20like%20a%20pound%20of%20bacon"

    to_encrypt = pad_to_mod_16(string_to_bytearray(plaintext))
    return encrypt_aes_cbc(to_encrypt, oracle_key, iv)


def decrypt_and_check_admin(ciphertext):
    plaintext = decrypt_aes_cbc(ciphertext, oracle_key, iv)
    plaintext = unpad_pkcs7(plaintext)
    return b';admin=true;' in plaintext


def flip_bit(ciphertext, ix):
    assert type(ciphertext) is bytearray

    ciphertext_copy = bytearray(ciphertext)
import sys
sys.path.insert(0, '../set_1_basics')
from utils import crypto_random_bytes, base64_to_bytearray, string_to_bytearray, random_integer
from aes_ecb_mode import encrypt_aes_128_ecb
from pkcs7_padding import pad_to_mod_16
from ecb_cbc_detection_oracle import detection_oracle
import byte_at_a_time_ecb_decryption_simple as byte_at_a_time_simple
from utils import chunks_of_bytearray
from itertools import groupby

oracle_key = crypto_random_bytes(16)
secret_b64_string = '''
Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg
aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq
dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg
YnkK
'''

secret = base64_to_bytearray(secret_b64_string)
padding = crypto_random_bytes(random_integer(1, 30))


def encryption_oracle_ecb(plaintext):
    to_encrypt = pad_to_mod_16(padding + plaintext + secret)
    return encrypt_aes_128_ecb(to_encrypt, oracle_key)


def _check_magic_blocks_number(magic, ct, block_size):
    blocks = chunks_of_bytearray(ct, block_size)
    repeating_blocks_grouped = [list(j) for i, j in groupby(blocks)]
    repeating_blocks_sizes = [len(i) for i in repeating_blocks_grouped]
import sys
sys.path.insert(0, '../set_1_basics')
sys.path.insert(0, '../set_2_block_crypto')
sys.path.insert(0, '../set_3_block_stream_crypto')
from utils import crypto_random_bytes, random_integer, chunks_of, string_to_bytearray
import sha1_keyed_mac as sha1_km
import struct

key = crypto_random_bytes(random_integer(8, 64))


def sign(message):
    return sha1_km.sha1_keyed_mac(key, message)


def verify_signature(sig, message):
    return sig == sha1_km.sha1_keyed_mac(key, message)


def verify_signature_admin(sig, message):
    return verify_signature(sig, message) and b"admin=true" in message


def get_sha_registers_from_signature(signature_hex):
    ch = list(chunks_of(signature_hex, 8))

    h0 = int("".join(ch[0]), 16)
    h1 = int("".join(ch[1]), 16)
    h2 = int("".join(ch[2]), 16)
    h3 = int("".join(ch[3]), 16)
    h4 = int("".join(ch[4]), 16)
Example #8
0
    def send_encrypted_message(self, message):
        key = self.hkdf()
        iv = crypto_random_bytes(16)

        ciphertext = encrypt_aes_cbc(message, key, iv)
        return ciphertext, iv
Example #9
0
messages = [
    "MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=",
    "MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=",
    "MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==",
    "MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==",
    "MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl",
    "MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==",
    "MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==",
    "MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=",
    "MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=",
    "MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93"
]

BLOCK_SIZE = 16
ORACLE_KEY = crypto_random_bytes(BLOCK_SIZE)
ORACLE_IV = crypto_random_bytes(BLOCK_SIZE)

def cbc_encryption_oracle():
    messages_encrypted = []
    for message in messages:
        message_to_encrypt = base64_to_bytearray(message)
        message_to_encrypt_padded = pad_to_mod_16(message_to_encrypt)

        ciphertext = encrypt_aes_cbc(message_to_encrypt_padded, ORACLE_KEY, ORACLE_IV)
        messages_encrypted.append(ciphertext)

    return messages_encrypted

def cbc_padding_oracle(ciphertext):
    plaintext_padded = decrypt_aes_cbc(ciphertext, ORACLE_KEY, ORACLE_IV)
    key_length, ciphertext = create_repeating_key_ciphertext(ciphertexts)

    chunks = unequal_chunks(ciphertext, key_length)
    xor_ciphers = transpose_chunks(chunks)

    key_used = []
    for xor_cipher in xor_ciphers:
        score, message, key = break_xor_cipher(xor_cipher,
                                               alpha_and_printable_heuristic)
        key_used.append(key)

    return key_used


BLOCK_SIZE = 16
KEY = crypto_random_bytes(BLOCK_SIZE)
NONCE = bytearray([0] * 8)

with open('20.txt', 'r') as f:
    lines = f.readlines()
messages_b64 = [line.replace("\n", "") for line in lines]
messages = [base64_to_bytearray(i) for i in messages_b64]

ciphertexts = [encrypt_aes_ctr(i, KEY, NONCE) for i in messages]

key_stream_length = max([len(i) for i in ciphertexts])
key_stream = [0] * key_stream_length


def main():
    key_stream = break_ctr(ciphertexts)