def problem4(ct1_b64, ct2_b64, N1, N2): # def problem4(): # N1 = 87750187518907655534583445808737942078016029371855217057442341331127022016930461105786023716013285380470222803872626192434912740863485532564125627646878636545449869643527771922181597178447982975143657375859594541373428795038041796818858805812228886812351199020336314262507362189851970680226889619203804537151 # N2 = 59077605606399909603607705484000546044333045357566473814158491087439387780574866766800852465743470772146755309189078604396507686696592563062056700875467732286553829707195406383141965288479916793429869646143662227281782900822010619445408818002981548245734527538573941174294649831309213962935858200869524073603 # ct1_b64 = 'Ur/BIau7ZZBdwxD8P3xDJFJGMfkJDXNU5rbY7GlvlRkGae4NEMo3pMq9r8Jk2akGSj47SZ00L+eTmeMIIfis3RoG7jjBdj03p5lLtgrLwnjP0lzr31fasl5+NVZIvmnoEt56Figi54lIAXEj4ig06MHFG2KfotLYJTnwabangS4=' # ct2_b64 = 'CPEXorDgegEqM6UttzFLaccAN/t4QB1FTDS+NL3TSofQlq3Rs/BebbNn4Qj/Vo4FmTwV3P0+n+hlIhjXzOgEgdgV3BmiBE3rIBHqUc+q0FoVvWJU1+jvFpEeellYZMX8vG7O9us5JKfDAHjPaHWZSwv++BSX4rh+5O01flxzlJA=' xy = euclid_etc.extended_euclid(N1, N2) p = xy[0] q1 = N1/p q2 = N2/p m1 = (p-1)*(q1-1) m2 = (p-1)*(q2-1) d1 = modinv(65537, m1) d2 = modinv(65537, m2) ct1_as_bits = b64_to_bits(ct1_b64) ct2_as_bits = b64_to_bits(ct2_b64) pt1_as_bits = pow(ct1_as_bits, d1, N1) pt2_as_bits = pow(ct2_as_bits, d2, N2) h1 = hex(pt1_as_bits) h2 = hex(pt2_as_bits) h1 = h1[2:-1] h2 = h2[2:-1] answer1 = conversions.hex_to_as(h1) answer2 = conversions.hex_to_as(h2) print answer1 print answer2 return 'done'
def problem4(cipher1_b64, cipher2_b64, N1, N2): cipher1_hex = conversions.b64_to_hex(cipher1_b64) cipher2_hex = conversions.b64_to_hex(cipher2_b64) cipher1_b10 = int(cipher1_hex,16) cipher2_b10 = int(cipher2_hex,16) common_factor = euclid_etc.euclid(N1, N2) if (common_factor ==1): #Returning an error as requested if there is no common factor return "error: there is no common factor" else: p1 = N1 / common_factor #N1 = common_factor * p1 N1,N2 are the 2 different moduli p2 = N2 / common_factor #N2 = common_factor * p2 M1 = (p1 - 1) * (common_factor - 1) #definition of M as in the notes M2 = (p2 - 1) * (common_factor - 1) d1 = euclid_etc.extended_euclid(65537, M1) d2 = euclid_etc.extended_euclid(65537, M2) d1 = d1[1][0] #Need to access the desired part bc we get a tuple and then a tuple within it in the second (technically [1]) so i need to access the actual wanted part d2 = d2[1][0] + M2 #Added M2 because I was getting an error bc originally it was negative and we know that a = b(mod n) -> a+n = b(mod n) plaintext1_b10 = euclid_etc.repeated_squaring(cipher1_b10, d1, N1) #message = c^d(mod n), equation from class and from notes, plug and chug plaintext2_b10 = euclid_etc.repeated_squaring(cipher2_b10, d2, N2) plaintext1_hex = hex(plaintext1_b10) plaintext2_hex = hex(plaintext2_b10) plaintext1_hex = hex_string_to_hex(plaintext1_hex) plaintext2_hex = hex_string_to_hex(plaintext2_hex) plaintext1 = conversions.hex_to_as(plaintext1_hex) plaintext2 = conversions.hex_to_as(plaintext2_hex) return (plaintext1, plaintext2) #I returned a tuple of the plaintexts bc I decrypted both of them
def problem5(ctb64, N, e): # def problem5(): # e = 65537 # N = 104267313539010410259697196441509577894896177181353222939098975044658256653731229369696658803005865075730776171497005390040729021346385892644721558032556950267328480157757202775565554421465561098972037171123794802541382258202303916754661689619425811225128735978214662249095628369305188282273814273882601469489 # ctb64 = 'j/pGAvf886IqKc4IN6TNPTSymwReGjUxUjB7F7r2aEk9bIuZPuRezm3wGCYBifv7u7kDcLQ9k4f/i5luqD/oFGS8PaJljrftLmlpa6hlUm8S/dU8h1tFW884ddtAoGTfZbN5vN4hNcSBGWPQHNzghDgwzNw/4IrqjGL81DckUdY=' i = 0 j = 0 ct_bits = b64_to_bits(ctb64) lookup_table = {} isSuccess = 0 for i in range(1, 5000000): entry = pow(i, e, N) if entry not in lookup_table: lookup_table[entry] = i i += 1 for j in range(1, 5000000): match = ct_bits * (modinv(pow(j, e, N), N)) % N if match in lookup_table: isSuccess += 1 i = lookup_table[match] break j += 1 if isSuccess != 1: return "Error: attack failed" else: h = hex(i * j) # h = h[2:-1] h = h[2:] answer = conversions.hex_to_as(h) return "plaintext is: " + answer
def problem3(ct, d, modulus): # modulus = 118655596447903224963869613053944974689306948978385022351313547236325408711597515968013120482999812623684614237188826586513936280546323473924322265897469916282911780567243884859836121621708694140679468147474220271417145483116948895892297437839699778114403528270801117190611396069302409336194794071895031049811 # d = 23731119289580644992773922610788994937861389795677004470262709447265081742319503193602624096599962524736922847437765317302787256109264694784864453179493978848181776281125630457673065339633910037899644296946114786385008468034547208885433370715974640426127989454209067113013826578800440508863151210816724921125 # ct = 'LbJFbZa7eoMEQE8uPICTjzxFqvtM2qLPf6OSNOR6bgIJ8IlSWMMIOL4s7qevd77GRtLTz6EgC38EVjbp+ZHKJ5inX582MlxjD6WYcqGEYOnvCFGBpeFJnkAvhFIWxNyIx1tk1xxQgTHU8wMHjq/rMCl6USuZcSH4L1bzUMmgfZE=' a = random.randint(1, modulus-1) e = 5 k = e * d - 1 while pow(a, k, modulus) == 1 and k % 2 == 0: k = k / 2 r = pow(a, k, modulus) if pow(r, 2, modulus) == 1: xy = euclid_etc.extended_euclid(r-1, modulus) p = xy[0] q = modulus/p m = (p-1)*(q-1) d_new = modinv(3, m) decrypt_me = kthroot(3, d_new) ct_as_bits = b64_to_bits(ct) convert_me = pow(ct_as_bits, d_new, modulus) h = hex(convert_me) h = h[2:-1] answer = conversions.hex_to_as(h) print answer return answer else: problem3(ct, d, modulus)
def problem2(ct1, ct2, ct3, mod1, mod2, mod3): c1 = 'PBq5gXUhUHA9odbER2Oow3aBRX5VzEPPRCPdcFPZisJSDtoDQtCGiDdcD4q5qNWtA7dMRZxktHzO1kQy1HNmgg6jjUnxuXPIihJgTG4rAQaAFVJrj9THVoaNb+QxovCU61c7N49H+tekr6xyGyGSok6wNnLZtE0GQd8p3zbyIAg=' c2 = 'a11Wynb/5BbzR2+gfZ5vgyJvlk0VHAUP08F2tvEZKCsS4Q0zaHok9FBf3QSJxn7X+e9+bADoV0aycZpXh/8hchNE5jER156vamjQm/9cmLwVcQeK/IFJOOmvuFEWYwOg3L8r2Jsii6cn/XrStNZ4JypnOhzbyhR5Jd8hsC2pPIo=' c3 = 'HlPEAzFjvc1ipxHIaig2o6WwpHfsHmIuS07lM0uKmY0VzcxyiOyB8Q0f4yjo8mu5yPYteO5Kiz5W3sk2j/d5ClmU7yUOVRxm5Q8LXymjpkhLK/I+cxO5P3WRjXF6tUiS/7cz+Koox/r1zC0W4BdfCzr3LSjM/khFHyRyxsmW9Ec=' ciphertext1 = b64_to_bits(ct1) ciphertext2 = b64_to_bits(ct2) ciphertext3 = b64_to_bits(ct3) modulus1 = 116352696909960426025864851693810318405618117771451092066454825684677043175680039111752172705287741166921435658711582887107841565748470707915492808066623281928343866378761016071751094691691153177015920723800541267192488702040046723176890027878282090184778778793686252497241689941158021804171328580092708776333 modulus2 = 113159069239053057823530426012762733579195323934158077138440185385412667833688850511263203419882218256057634130377557866771685834979020529147973323837633935391154851580497106210797073916815264166772985134768913514820393183935763151959349642321950865577799563213986693573189083682991881468336071564883866833467 modulus3 = 84645091220488904665996303582605230466879862527671219768265030555132951506114250139685118956675414529710122137796339176130460114790081203074349445462593477716603703644138088562638660083014885373629701703614641595720381677601897924624948376232277832479665238039958287396790532376148968417689500200999461168369 modproduct = mod1 * mod2 * mod3 products1 = modproduct / mod1 products2 = modproduct / mod2 products3 = modproduct / mod3 inverse1 = modinv(products1, mod1) inverse2 = modinv(products2, mod2) inverse3 = modinv(products3, mod3) sum1 = ciphertext1 * products1 * inverse1 sum2 = ciphertext2 * products2 * inverse2 sum3 = ciphertext3 * products3 * inverse3 sumtotal = sum1 + sum2 + sum3 crtoutput = sumtotal % modproduct M = kthroot(3, crtoutput) h = hex(M) h = h[2:-1] answer = conversions.hex_to_as(h) print answer return answer
def birthday2(): random_string = "" for i in range(100): random_string = random_string + random.choice(string.hexdigits) random_string = conversions.hex_to_as(random_string) h1 = hashnTimes(random_string, 1) #totalHashCount = 1 h2 = hashnTimes(random_string, 2) #totalHashCount = 1 + 2 = 3 totalHashCount = 3 while (h1 != h2): h1 = hashnTimes(h1, 1) h2 = hashnTimes(h2, 2) totalHashCount = totalHashCount + 3 second_stage_h1 = random_string second_stage_h1 = hashnTimes(second_stage_h1, 1) second_stage_h2 = h1 second_stage_h2 = hashnTimes(second_stage_h2, 1) totalHashCount = totalHashCount + 2 while (second_stage_h1 != second_stage_h2): saved_h1 = second_stage_h1 saved_h2 = second_stage_h2 second_stage_h1 = hashnTimes(second_stage_h1, 1) second_stage_h2 = hashnTimes(second_stage_h2, 1) totalHashCount = totalHashCount + 2 s = saved_h1 t = saved_h2 n = totalHashCount return (s, t, n)
def problem1(cipher_b64, N): cipher_hex = conversions.b64_to_hex(cipher_b64) cipher_b10 = int(cipher_hex,16) plaintext_b10 = kthroot(cipher_b10,3) plaintext_hex_string = hex(plaintext_b10) plaintext_hex = hex_string_to_hex(plaintext_hex_string) plaintext_as = conversions.hex_to_as(plaintext_hex) return plaintext_as
def problem8(p, g, gx_mod_p, firstComponent, secondComponent, y): gxy = euclid_etc.repeated_squaring(gx_mod_p, y, p) plaintext = euclid_etc.extended_euclid(gxy, p) plaintext_b10 = plaintext[1][0] plaintext_b10 = (plaintext_b10 * secondComponent) % p plaintext_hex_string = hex(plaintext_b10) plaintext_hex = hex_string_to_hex(plaintext_hex_string) plaintext_as = conversions.hex_to_as(plaintext_hex) return plaintext_as
def problem6(p, g, gx_mod_p, x, firstComponent, secondComponent): gxy = euclid_etc.repeated_squaring(firstComponent,x,p) #gxy = g^xy (mod p) plaintext = euclid_etc.extended_euclid(gxy,p) plaintext = plaintext[1][0] #Just like problem 4, need to get the desired part plaintext_b10 = (plaintext * secondComponent) % p plaintext_hex_string = hex(plaintext_b10) plaintext_hex = hex_string_to_hex(plaintext_hex_string) plaintext_as = conversions.hex_to_as(plaintext_hex) return plaintext_as
def problem1(ciphertext, modulus): c_as_bits = b64_to_bits(ciphertext) plaintext = kthroot(3, c_as_bits) if plaintext**3 == c_as_bits: # return 'perfect cube' h = hex(plaintext) h = h[2:-1] answer = conversions.hex_to_as(h) print answer return answer else: print 'not a perfect cube'
def problem7(p, g, gx_mod_p, firstComponent, first_secondComponent, m, second_secondComponent): m_hex = conversions.as_to_hex(m) m_b10 = int(m_hex,16) gxy = euclid_etc.extended_euclid(m_b10,p) gxy = gxy[1][0] gxy = (first_secondComponent * gxy) % p gxy_inverse = euclid_etc.extended_euclid(gxy, p) gxy_inverse = gxy_inverse[1][0] plaintext_b10 = (gxy_inverse * second_secondComponent) % p plaintext_hex_string = hex(plaintext_b10) plaintext_hex = hex_string_to_hex(plaintext_hex_string) plaintext_as = conversions.hex_to_as(plaintext_hex) return plaintext_as
def last_nonpad_byte(ciphertext): empty = '0000000000000000' wrong = '<html' #gives wrong padding if (len(ciphertext) > 48): start = 32 end = 48 c1 = ciphertext[start:end] else: start = 16 end = 32 c1 = ciphertext[start:end] as_c1 = conversions.hex_to_as(c1) length = pad_length(ciphertext) xor_c1 = conversions.xor(chr(length), chr(length + 1)) hex_xor_c1 = conversions.as_to_hex(xor_c1) xor_c1_final = empty[:-(length * 2)] + (hex_xor_c1 * length) as_xor_c1 = conversions.hex_to_as(xor_c1_final) c2 = conversions.xor(as_c1, as_xor_c1) hex_c2 = conversions.as_to_hex(c2) oracle = webserver_msgs.post_dictionary_guess( '', (ciphertext[:start] + hex_c2 + ciphertext[end:])) if (oracle == wrong): last_byte = conversions.as_to_hex(chr(length + 1)) else: for i in range(255): test_byte = conversions.as_to_hex(chr(i)) test_byte_as = chr(i) xor_c1 = empty[:-( (length + 1) * 2)] + test_byte + (hex_xor_c1 * length) as_xor_c1 = conversions.hex_to_as(xor_c1) c2 = conversions.xor(as_c1, as_xor_c1) hex_c2 = conversions.as_to_hex(c2) oracle = webserver_msgs.post_dictionary_guess( '', (ciphertext[:start] + hex_c2 + ciphertext[end:])) oracle = oracle[0:5] if (oracle == wrong): last = conversions.xor(test_byte_as, chr(length + 1)) last = conversions.as_to_hex(last) return last
def problem6(p, g, gxmodp, x, alpha, beta): # def problem6(): # p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983 # g = 5 # x = 42694797205671621659845608467948077104282354898632405210027867058530843815065930986742716022222447350595400603633273172816767784236961837688169657044396569579700949515830214254992 # alpha = 73982478796308483406582889587923018499575337266536017447507799702797406257043632101045569763590982806403627704785985032506296784648293661856246199184245278019913797261546316759270 # beta = 1227561673735205443986782574414500194775280963876704725208507831364630528829422611287956320336912905023628854115065478249082243473610928313596901712034514819305660036543382454852 # gxmodp = pow(g, x, p) k_shared = pow(alpha, x, p) message = (beta * modinv(k_shared, p)) % p h = hex(message) h = h[2:-1] answer = conversions.hex_to_as(h) return answer
def problem8(p, g, gxmodp, alpha, beta, y): # def problem8(): secret_exp = 42694797205671621659845608467948077104282354898632405210027867058530843815065930986742716022222447350595400603633273172816767784236961837688169657044396569579700949515830214254992 # p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983 # g = 5 # alpha = 104862672745740711919811315922065122010281934991422240638097533405207971405689057652673577043484488015740722326384001808611695005135028713487234715202873484670021923322009761545457 # beta = 112018886720018236580229932176683955946063514397085867696250318378121351302079624330821244744748925197792097406122146093507280201522804485024833199924734248052247065779216659451112 # y = 138670566126823584879625861326333326312363943825621039220215583346153783336272559955521970357301302912046310782908659450758549108092918331352215751346054755216673005939933186397777 k_public = pow(g, secret_exp, p) k_shared = pow(k_public, y, p) output_message = (beta * modinv(k_shared, p)) % p h = hex(output_message) h = h[2:-1] answer = conversions.hex_to_as(h) return answer
def problem7(p, g, gxmodp, alpha, beta, m, beta2): # def problem7(): # p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983 # g = 5 # gx = 176478319826764259370406117740489882944142268114222243573886354279989450112247437716236796057251798300509450763347865746885560883563075519833320667906000345397226327059751213369961 # alpha = 104862672745740711919811315922065122010281934991422240638097533405207971405689057652673577043484488015740722326384001808611695005135028713487234715202873484670021923322009761545457 # beta = 17606878671981551311137298337848994393797765223509173646178261989274226953505667592410786573428076963287971811161509360601971410344413313700739795932040261074709506491861567699546 # beta2 = 116115839773157782821329377087409766815814624668492668098672866213651171163182813304753241741593566110843721045751605192482170477996370202802973966889697676265503034822908949368607 # m = "Now my charms are all o'erthrown and what strength I have's mine own." m_b64 = conversions.as_to_b64(m) m_bits = b64_to_bits(m_b64) k_shared = (beta * modinv(m_bits, p)) % p output_message =(beta2 * modinv(k_shared, p)) % p h = hex(output_message) h = h[2:-1] answer = conversions.hex_to_as(h) return answer
def problem2(cipher1_b64, cipher2_b64, cipher3_b64, N1, N2, N3): a1_hex = conversions.b64_to_hex(cipher1_b64) a2_hex = conversions.b64_to_hex(cipher2_b64) a3_hex = conversions.b64_to_hex(cipher3_b64) a1_b10 = int(a1_hex,16) a2_b10 = int(a2_hex,16) a3_b10 = int(a3_hex,16) N2N3inv = euclid_etc.extended_euclid(N2*N3,N1) N2N3inv = N2N3inv[1][0] #This is all just plug and chug N1N3inv = euclid_etc.extended_euclid(N1*N3,N2) #into the CRT equation in the N1N3inv = N1N3inv[1][0] #Lecture notes #7. x = ... see notes for full equation N1N2inv = euclid_etc.extended_euclid(N1*N2,N3) N1N2inv = N1N2inv[1][0] parta = a1_b10 * ((N2N3inv) % N1) * (N3*N2) partb = a2_b10 * ((N1N3inv) % N2) * (N1*N3) partc = a3_b10 * ((N1N2inv) % N3) * (N1*N2) x = (parta + partb + partc) % (N1*N2*N3) cubeRootx = kthroot(x,3) x_hex = hex(cubeRootx) x_hex = hex_string_to_hex(x_hex) plain = conversions.hex_to_as(x_hex) return plain
## Alex Karacaoglu import conversions import rc4 import time import string import javarandom ## Variables to help test ct_b64 = "qj+QFfumYvjsQDOWWpeJL28JvwfVwwkPd3pEX2v4Cy258HILVldrzCAtEc/aYNivlsERzlbvIJe6QDAwezJkTz+ap1N7r+ya/VCpaS832ZZ3nafoJ1XdjkLx+XofH3Ujrk6W0l+C5rqyTSREEyduXzehYeyhT4HFK1oTLZA/sTet2j3qmI2s9MmfXozqoMAU8+A4X8ng1eauXDbhcjiEM7y8AtWw/JfMiFjaz1IhFOajkaDSmwvEvif4FHrrhoiCp2g37EH0EgmC3l4eS77I0vnGzzGHkF7JYmP3Ln7KmIY3S5aBXpIlyf0Nwee6xSERHzBfBbhHYBgPX+cybeyrQ6omCHWxOAW4XSPIUeqCGufpkugqjebWSf0GRFH1i39BQ9wcU4pdHIc0daKUkcTxV2rU2J3qc7Fk5Hem7ns7pTD6lTpJZ8tCz5PNxDRUpMEflTDuc54rf8Ul1Bkh3J3s9tgop9I2JJGx39+RfWwEjm+jTkKdVnAiTPqVSHDNz89LMRV3DJpwsaAtLZFw47G3kWyiFd3TvQSPf+HXrOArFm324iBnDyW+BBLCw2ED9MQy5A==" ct_as = conversions.b64_to_as(ct_b64) og_key_hex = "7f65a580cb" key = conversions.hex_to_as(og_key_hex) iv = ct_as[:3] ct = ct_as[3:] fullkey = iv + key ## ## 6a # rc4_iv_decrypt: Takes in the given og key in as and the cipher in ascii, # does the conversions concerning the iv and does an rc4 decryption and return the pt def rc4_iv_decrypt(key, ciphertext): iv = ciphertext[:3] ct = ciphertext[3:] fullkey = iv + key plaintext = rc4.rc4(fullkey, ct) return plaintext
# repeating_byte_xor: Takes in a string and a key and modifies the key to be repeating and of the same length as the text, then performs an xor def repeating_byte_xor(text, key): a = len(text) b = len(key) c = (a / b) d = mod(a, b) new_key = (key * c) + key[:d] f = conversions.xor(text, new_key) return f # decrypt_msword: Takes in a word file, opens the file, reads the file and extracts the body (ciphertext) then decrypts it using the repating key xor # The key was given to us, so I will convert it to ascii and use it: hex("b624bd2ab42a39a235a0b4a9b6a734cd") key_for_number_3_in_hex = "b624bd2ab42a39a235a0b4a9b6a734cd" key_for_number_3_in_as = conversions.hex_to_as(key_for_number_3_in_hex) def decrypt_msword(filename, key): ciphertext = recover(filename) plaintext = repeating_byte_xor(ciphertext, key) finaltext = remove(plaintext) final = finaltext.replace('\r', "") return final # Code for Number 4 # timeSingleDecrypt: Returns how long it takes the computer to perform one decryption of key length 16 on 'MSWord1.doc' def timeSingleDecrypt():
def int_to_as(initNum): hexNum = hex(initNum)[2:-1] final = conversions.hex_to_as(hexNum) return final