def Handshake(password, reader, writer): myPrivateKey = Private() myNonce = os.urandom(32) WriteBin(writer, myPrivateKey.get_public().serialize()) WriteBin(writer, myNonce) theirPublicKey = ReadBin(reader) theirNonce = ReadBin(reader) if myNonce == theirNonce: return None if theirPublicKey in (b'\x00' * 32, b'\x01' + (b'\x00' * 31)): return None theirPublicKey = Public(theirPublicKey) sharedKey = myPrivateKey.get_shared_key(theirPublicKey) myProof = ComputeProof(sharedKey, theirNonce + password) WriteBin(writer, myProof) theirProof = ReadBin(reader) if not VerifyProof(sharedKey, myNonce + password, theirProof): return None return sharedKey
def test_basic(self): secret1 = b"abcdefghijklmnopqrstuvwxyz123456" self.assertEqual(len(secret1), 32) secret2 = b"654321zyxwvutsrqponmlkjihgfedcba" self.assertEqual(len(secret2), 32) priv1 = Private(secret=secret1) pub1 = priv1.get_public() priv2 = Private(secret=secret2) pub2 = priv2.get_public() shared12 = priv1.get_shared_key(pub2) e = b"b0818125eab42a8ac1af5e8b9b9c15ed2605c2bbe9675de89e5e6e7f442b9598" self.assertEqual(hexlify(shared12), e) shared21 = priv2.get_shared_key(pub1) self.assertEqual(shared12, shared21) pub2a = Public(pub2.serialize()) shared12a = priv1.get_shared_key(pub2a) self.assertEqual(hexlify(shared12a), e)
#!/usr/bin/env python3 from curve25519 import Private, Public from binascii import hexlify keys = set() for i in range(30): myPrivate = Private() val = int.to_bytes( 325606250916557431795983626356110631294008115727848805560023387167927233504, 32, 'little') theirPublic = Public(val) shared = myPrivate.get_shared_key(theirPublic) print(hexlify(shared)) keys.add(shared) print("[~] Num of different keys: {}".format(len(keys)))
#!/usr/bin/env python3 from curve25519 import Public import nacl.secret import socket import binascii socket_server = ("mitm.ctfcompetition.com", 1337) public_key_val = Public(int.to_bytes(325606250916557431795983626356110631294008115727848805560023387167927233504, 32, 'little')) shared_key = binascii.unhexlify(b'68b59f127c671255346e099c3b9ea067a5595ba2adf26daa5e69d6a8a29d191a') def make_sockets(): server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.connect(socket_server) client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect(socket_server) return server, client def attack(): s, c = make_sockets() s.send(b's\n') c.send(b'c\n') server_pub = s.recv(4096)[:-1] print(server_pub.decode()) server_nonce = s.recv(4096)[:-1] print(server_nonce.decode())
import logging import sys import os from curve25519 import Private, Public import nacl.secret import hmac import hashlib from pwn import * context.log_level = 'debug' sk = Private() mypk = b'\xed\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f' pk = Public(mypk) myshare = sk.get_shared_key(pk) def getmac(myn): c = remote('mitm.ctfcompetition.com', 1337) c.sendline('c') pk = c.recvline() n0 = c.recvline() c.sendline(hexlify(mypk)) c.sendline(myn) mac = c.recvline() c.close() return mac