class CookieFactoryCBC():
def __init__(self):
self.oracle = Oracle(None, prefix, postfix)
self.sep_field = Message(b';')
self.sep_key = Message(b'=')
self.default_keys = [
Message(b'comment1'),
Message(b'userdata'),
Message(b'comment2')
]
def newCookie(self, user_input):
user_input_msg = Message(user_input, 'ascii')
return self.oracle.encryptCBC(user_input_msg)
def isAdminCookie(self, msg):
decr_msg = self.oracle.decryptCBC(msg)
try:
token = Token.fromMsg(decr_msg, Message(b';'), Message(b'='))
except IndexError:
raise InvalidToken
try:
return token.data[Message(b'admin')] == Message(b'true')
except KeyError:
return False
class Authorizer():
def __init__(self):
self.oracle = Oracle()
self.sep_field = Message(b';')
self.sep_key = Message(b'=')
self.default_keys = [Message(b'email'), Message(b'uid'), Message(b'role')]
def newUserProfile(self, email):
user_data = OrderedDict.fromkeys(self.default_keys)
user_data[Message(b'email')] = Message(email, 'ascii')
user_data[Message(b'uid')] = Message(str(randint(uid_min, uid_max)), 'ascii')
user_data[Message(b'role')] = Message(b'user')
token = Token(user_data, self.sep_field, self.sep_key)
encr_token = self.oracle.encryptECB(token.msg)
return encr_token
def validateProfile(self, msg):
decr_msg = self.oracle.decryptECB(msg).stripPad()
token = Token.fromMsg(decr_msg, Message(b';'), Message(b'='))
is_admin = False
try:
email = token.data[Message(b'email')]
uid = token.data[Message(b'uid')]
role = token.data[Message(b'role')]
if role == Message(b'admin'):
is_admin = True
print("Logging in as %s with email %s and UID %s..." % (role.ascii(), email.ascii(), uid.ascii()))
return is_admin
except KeyError:
raise InvalidToken
class CookieFactoryMACSHA1():
def __init__(self):
self.oracle = Oracle(None, prefix, postfix)
self.sep_field = Message(b';')
self.sep_key = Message(b'=')
self.default_keys = [
Message(b'comment1'),
Message(b'userdata'),
Message(b'comment2')
]
def newAuthCookie(self, user_data):
user_data_msg = Message(user_data, 'ascii')
return self.oracle.authMACSHA1(user_data_msg)
def isAdminAuthCookie(self, mac_pair):
(cookie, mac) = mac_pair
if not self.oracle.checkMACSHA1(cookie, mac):
raise BadMAC
try:
token = Token.fromMsg(cookie, Message(b';'), Message(b'='))
except IndexError:
raise InvalidToken
try:
return token.data[Message(b'admin')] == Message(b'true')
except KeyError:
return False
def __init__(self):
self.oracle = Oracle(None, prefix, postfix)
self.sep_field = Message(b';')
self.sep_key = Message(b'=')
self.default_keys = [
Message(b'comment1'),
Message(b'userdata'),
Message(b'comment2')
]
def AESOracle(msg, test_mode=False):
""" An oracle which does the following, given a message:
chooses an integer m uniformly from [5, 10] and prepends a
random string of m bytes to a message, then chooses an
integer n uniformly from [5, 10] and appends a random
string of n bytes to the message; generates a random
16-byte key; then flips a fair coin and encrypts the
enlarged message with either AES-ECB or AES-CBC (using
another random 16-byte string as the IV) depending on the
result.
The oracle can be used in a simple model of a chosen-
plaintext attack on an unknown cipher. To verify the
success of such an attack, the function has an optional
"test mode" which exposes the mode of AES used for
each encryption.
Args:
msg (string): the message to be affixed-to and
encrypted.
msg_format (string): the format in which the bytes
of 'filename' are encoded. Options are 'ascii'
(default), 'hex', and 'base64'.
test_mode (bool): if test_mode=True, the function
returns a boolean together with each encryption
which reveals which mode of AES was used. If
test_mode=False, encryption mode is not revealed.
Returns:
(if test_mode=False) string : the encryption using
either AES_ECB or AES_CBC, and a random key (and IV,
if applicable), of the concatenation of 'msg' with
random pre/suffixes of small random length.
(if test_mode=True) tuple (bool, string): string arg
is as described in the case test_mode=False. bool arg
is True if AES-ECB was used, False if AES-CBC was used.
"""
prefix = randMsg(5, 10)
postfix = randMsg(5, 10)
oracle = Oracle(None, prefix, postfix)
coin = randint(0, 1)
if coin:
ciphertext = oracle.encryptECB(msg)
else:
ciphertext = oracle.encryptCBC(msg)
if test_mode:
return (coin, ciphertext)
else:
return ciphertext
class AuthenticatorApp():
def __init__(self):
self.oracle = Oracle()
def checkQuery(self, query):
query = unquote(query)
print(query)
query_msg = Message(query, 'ascii')
try:
token = Token.fromMsg(query_msg,
sep_field=Message(b'&'),
sep_key=Message(b'='))
filename = token.data[Message(b'file')].ascii()
with open(filename, 'r') as infile:
file_contents = Message(infile.read(), 'ascii')
mac = token.data[Message(b'signature')].ascii()
return self.oracle.checkHMACSHA1_insecure(file_contents, mac)
except (IndexError, KeyError):
raise InvalidToken
from tools.message import Message from tools.oracle import Oracle from tools.aesattacks import decryptPostfixECB from tools.randomdata import randMsg prefix = randMsg(0, 20) postfix_str = 'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK' postfix = Message(postfix_str, 'base64') oracle = Oracle(None, prefix, postfix) decryption = decryptPostfixECB(oracle.encryptECB) print(decryption.ascii())
def __init__(self):
self.oracle = Oracle()
from tools.message import Message
from tools.oracle import Oracle
from tools.bitops import XOR
from tools.aes import AES_ECB
from tools.aesattacks import crackEditableCTR
with open('data/set1ch7.txt', 'r') as infile:
ecb_ciphertext = Message(infile.read(), 'base64')
ecb_key = Message(b'YELLOW SUBMARINE')
msg = AES_ECB(ecb_ciphertext, ecb_key, fn='decrypt')
oracle = Oracle()
ciphertext = oracle.encryptCTR(msg)
decryption = crackEditableCTR(ciphertext, oracle.editCTR)
print(decryption.ascii())
def __init__(self):
self.oracle = Oracle()
self.sep_field = Message(b';')
self.sep_key = Message(b'=')
self.default_keys = [Message(b'email'), Message(b'uid'), Message(b'role')]