Exemple #1
0
def fortyone():
    """http://cryptopals.com/sets/6/challenges/41/"""
    oracle = matasano.oracle.OracleUnpaddedRSARecovery()
    attacker = matasano.attacker.AttackerUnpaddedRSARecovery(oracle)

    result = attacker.attack()
    return result
Exemple #2
0
def fortytwo():
    """http://cryptopals.com/sets/6/challenges/42/"""
    oracle = matasano.oracle.OracleRSAPaddedSignatureVerifier(b"hi mom")
    attacker = matasano.attacker.AttackerRSAPaddedSignatureVerifier(oracle)

    result = attacker.attack()
    return result
Exemple #3
0
def twentyseven():
    """http://cryptopals.com/sets/4/challenges/27/"""
    oracle = matasano.oracle.OracleCBCKeyIV()
    attacker = matasano.attacker.AttackerCBCKeyIV(oracle)

    result = attacker.attack()
    return result
Exemple #4
0
def _fixed_nonce_ctr(oracle: matasano.oracle.OracleFixedNonceCTR):
    attacker = matasano.attacker.AttackerFixedNonceCTR(oracle)

    result = attacker.attack()
    print("Discovered strings:\n{}".format(
        "\n".join(b.decode("ascii") for b in attacker.discovered_strings)
    ))
    return result
Exemple #5
0
def thirteen():
    """http://cryptopals.com/sets/2/challenges/13/"""
    oracle = matasano.oracle.OracleProfileForUser()
    attacker = matasano.attacker.AttackerProfileForUser(oracle)
    attacker.get_base_user_profile()
    attacker.get_role_block()
    result = attacker.attack()
    return result
Exemple #6
0
def fiftyone():
    """http://cryptopals.com/sets/7/challenges/51/"""
    oracle = matasano.oracle.OracleCompress(b"TmV2ZXIgcmV2ZWFsIHRoZSBXdS1UYW5nIFNlY3JldCE=")
    attacker = matasano.attacker.AttackerCompress(oracle)

    result = attacker.attack()
    print("Discovered session ID: {}.".format(attacker.session_id.decode('ascii')))
    return result
Exemple #7
0
def twelve():
    """http://cryptopals.com/sets/2/challenges/12/"""
    oracle = matasano.oracle.OracleByteAtATimeEcb()
    attacker = matasano.attacker.AttackerByteAtATimeEcb(oracle)
    result = attacker.attack()
    print("Guessed hidden string is:\n{}".format(
        attacker.unhidden_string.decode("ascii")
    ))
    return result
Exemple #8
0
def twentysix():
    """http://cryptopals.com/sets/4/challenges/26/"""
    oracle = matasano.oracle.OracleBitflipping(
        matasano.blocks.aes_ctr
    )
    attacker = matasano.attacker.AttackerBitFlippingCTR(oracle)

    result = attacker.attack()
    return result
Exemple #9
0
def twentythree():
    """http://cryptopals.com/sets/3/challenges/23/"""
    oracle = matasano.oracle.OracleMT19937Clone()
    attacker = matasano.attacker.AttackerMT19937Clone(oracle)
    result = attacker.attack()
    print("Discovered next random numbers:\n{}".format(
        attacker.next_random_numbers
    ))
    return result
Exemple #10
0
def sixteen():
    """http://cryptopals.com/sets/2/challenges/16/"""
    oracle = matasano.oracle.OracleBitflipping(
        matasano.blocks.aes_cbc, needs_padding=True
    )
    attacker = matasano.attacker.AttackerBitFlippingCBC(oracle)

    result = attacker.attack()
    return result
Exemple #11
0
def fortythree():
    """http://cryptopals.com/sets/6/challenges/43/"""
    oracle = matasano.oracle.OracleDSAKeyFromNonce(
        matasano.oracle.OracleDSAKeyFromNonce.public_key
    )
    attacker = matasano.attacker.AttackerDSAKeyFromNonce(oracle)

    result = attacker.attack()
    print("Discovered private key: {}.".format(attacker.private_key_x))
    return result
Exemple #12
0
def twentyfour():
    """http://cryptopals.com/sets/3/challenges/24/"""
    oracle = matasano.oracle.OracleMT19937Stream()
    attacker = matasano.attacker.AttackerMT19937Stream(oracle)
    print("Please wait while brute-forcing the oracle's seed...")
    result = attacker.attack()
    print("Discovered seed:\n{}".format(
        attacker.key
    ))
    return result
Exemple #13
0
def twentytwo():
    """http://cryptopals.com/sets/3/challenges/22/"""
    print("Please wait while the oracle does its job...")
    oracle = matasano.oracle.OracleMT19937Seed()
    attacker = matasano.attacker.AttackerMT19937Seed(oracle)
    result = attacker.attack()
    print("Discovered seed:\n{}".format(
        attacker.discovered_seed
    ))
    return result
Exemple #14
0
def fortynine():
    """http://cryptopals.com/sets/7/challenges/49/"""
    oracle = matasano.oracle.OracleCBCMac()
    attacker = matasano.attacker.AttackerCBCMacForge(oracle)

    result = attacker.attack()
    print("Found message: {}.\nForged MAC: {}.".format(
        attacker.message, binascii.hexlify(attacker.forged_mac).decode('ascii')
    ))
    return result
Exemple #15
0
def fifty():
    """http://cryptopals.com/sets/7/challenges/50/"""
    oracle = matasano.oracle.OracleCBCMacHash()
    attacker = matasano.attacker.AttackerCBCMacHash(oracle)

    result = attacker.attack()
    print("Original message: {}.\nCollision: {}.\nDigest: {}.".format(
        attacker.message, attacker.collision, binascii.hexlify(attacker.digest).decode('ascii')
    ))
    return result
Exemple #16
0
def fiftysix():
    """http://cryptopals.com/sets/7/challenges/56/"""
    oracle = matasano.oracle.OracleRC4Cookie(base64.b64decode(b"QkUgU1VSRSBUTyBEUklOSyBZT1VSIE9WQUxUSU5F"))
    attacker = matasano.attacker.AttackerRC4Cookie(oracle)

    print("Please wait while retrieving the hidden cookie...")
    print("Warning: this attack could take a long time.")

    result = attacker.attack()
    print("Discovered cookie: {}.".format(attacker.cookie))
    return result
Exemple #17
0
def _b98():
    oracle = matasano.oracle.OracleRSAPadding(
        b"kick it, CC"
    )
    attacker = matasano.attacker.AttackerRSAPadding(oracle)

    print("Please wait while performing the attack...")
    print("Warning: this attack could take a long time.")
    result = attacker.attack()
    print("Discovered message: {}.".format(attacker.message.decode("ascii")))
    return result
Exemple #18
0
def fortyfour():
    """http://cryptopals.com/sets/6/challenges/44/"""
    oracle = matasano.oracle.OracleDSAKeyFromRepeatedNonce(
        matasano.oracle.OracleDSAKeyFromRepeatedNonce.public_key,
        pkg_resources.resource_filename(__name__, "input/44.txt")
    )
    attacker = matasano.attacker.AttackerDSAKeyFromRepeatedNonce(oracle)

    result = attacker.attack()
    print("Discovered private key: {}.".format(attacker.private_key_x))
    return result
Exemple #19
0
def _remote_sha1_hmac():
    oracle = matasano.oracle.OracleRemoteSHA1HMac()
    attacker = matasano.attacker.AttackerRemoteSHA1HMac(oracle)

    print("Please wait while brute-forcing the MAC...")
    result = attacker.attack()
    print(
        "Forged MAC: {}.".format(
            binascii.hexlify(attacker.forged_mac).decode("ascii")
        )
    )
    return result
Exemple #20
0
def seventeen():
    """http://cryptopals.com/sets/3/challenges/17/"""
    input_path = pkg_resources.resource_filename(__name__, "input/17.txt")
    oracle = matasano.oracle.OracleCBCPadding(input_path)
    attacker = matasano.attacker.AttackerCBCPadding(oracle)

    result = attacker.attack()
    print("Guessed hidden string is:\n{}".format(
        attacker.discovered_string.decode("ascii")
    ))
    print("Decoding it produces:\n{}".format(
        base64.b64decode(attacker.discovered_string).decode("ascii")
    ))
    return result
Exemple #21
0
def fortysix():
    """http://cryptopals.com/sets/6/challenges/46/"""
    oracle = matasano.oracle.OracleRSAParity(
        base64.b64decode(
            b"VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5I"
            b"GFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ"
            b"=="
        )
    )
    attacker = matasano.attacker.AttackerRSAParity(oracle)

    result = attacker.attack()
    print("Discovered message: {}.".format(attacker.message.decode("ascii")))
    return result
Exemple #22
0
def twentyfive():
    """http://cryptopals.com/sets/4/challenges/25/"""
    input_path = pkg_resources.resource_filename(__name__, "input/19.txt")
    with open(input_path, "rb") as inputFile:
        oracle = matasano.oracle.OracleRandomAccessCTR(
            inputFile.read()
        )
        attacker = matasano.attacker.AttackerRandomAccessCTR(oracle)
        print("Please wait while brute-forcing the oracle's plaintext...")
        result = attacker.attack()
        print("Discovered plaintext:\n{}".format(
            attacker.discovered_plaintext.decode("ascii")
        ))
        return result
Exemple #23
0
def thirty():
    """http://cryptopals.com/sets/4/challenges/30/"""
    oracle = matasano.oracle.OracleMD4KeyedMac()
    attacker = matasano.attacker.AttackerMD4KeyedMac(oracle)

    result = attacker.attack()
    print(
        "Forged message: {}.\n"
        "Forged MAC: {}.".format(
            attacker.forged_message,
            binascii.hexlify(attacker.forged_mac).decode("ascii")
        )
    )
    return result
Exemple #24
0
def fourteen():
    """http://cryptopals.com/sets/2/challenges/14/"""
    oracle = matasano.oracle.OracleHarderByteAtATimeEcb()
    attacker = matasano.attacker.AttackerHarderByteAtATimeEcb(oracle)
    attacker.discover_block_size()

    print("Prefix len: {}.".format(
        attacker.discover_fixed_string_len())
    )

    result = attacker.attack()
    print("Guessed hidden string is:\n{}".format(
        attacker.unhidden_string.decode("ascii")
    ))
    return result
Exemple #25
0
def forty():
    """http://cryptopals.com/sets/5/challenges/40/"""
    message = b"Secret"

    ciphers_and_keys = list()
    for _ in range(3):
        _, public = matasano.public.rsa_keys(e=3)
        cipher = matasano.public.rsa_encrypt(
            public, message
        )
        ciphers_and_keys += [cipher, public]

    attacker = matasano.attacker.AttackerRSABroadcast(
        *ciphers_and_keys
    )

    result = attacker.attack() == message
    return result
Exemple #26
0
def twentyeight():
    """http://cryptopals.com/sets/4/challenges/28/"""
    key = b"SECRET"
    message = b"MESSAGE"

    print(
        "SHA1({} | {}) = {}".format(
            key.decode("ascii"),
            message.decode("ascii"),
            binascii.hexlify(
                matasano.mac.sha1_secret_prefix(key, message)
            ).decode("ascii")
        )
    )
    oracle = matasano.oracle.OracleCBCKeyIV()
    attacker = matasano.attacker.AttackerCBCKeyIV(oracle)

    result = attacker.attack()
    return result
Exemple #27
0
def thirtyeight():
    """http://cryptopals.com/sets/5/challenges/38/"""
    password = matasano.util.get_random_password()
    attacker = matasano.attacker.EavesdropperSimplifiedSRPServer()
    client = matasano.public.SimplifiedSRPClient(
        password,
        attacker
    )

    client.srp_protocol()
    result = attacker.attack()
    if result:
        print("Cracked password: {}.".format(
            attacker.client_password.decode("ascii")
        ))
    else:
        print("Something went wrong during the brute-force.")

    return result