コード例 #1
0
    def test_challenge2(self):
        hex_input1 = '1c0111001f010100061a024b53535009181c'
        hex_input2 = '686974207468652062756c6c277320657965'

        xor_result = xor(hex_to_bytes(hex_input1), hex_to_bytes(hex_input2))
        self.assertEquals(
            '746865206b696420646f6e277420706c6179',
            bytes_to_hex(xor_result)
        )
コード例 #2
0
 def test_challenge1(self):
     hex_input = '49276d206b696c6c696e6720796f757220627261696e206c696b65206120706f69736f6e6f7573206d757368726f6f6d'
     rawbytes = hex_to_bytes(hex_input)
     b64 = bytes_to_base64(rawbytes)
     self.assertEqual(
         'SSdtIGtpbGxpbmcgeW91ciBicmFpbiBsaWtlIGEgcG9pc29ub3VzIG11c2hyb29t',
         b64
     )
コード例 #3
0
    def test_challenge3(self):
        hex_input1 = '1b37373331363f78151b7f2b783431333d78397828372d363c78373e783a393b3736'
        rawbytes = hex_to_bytes(hex_input1)

        score, translation, _ = find_best_single_byte_key(rawbytes)
        self.assertEquals(
            'Cooking MC\'s like a pound of bacon',
            translation
        )
コード例 #4
0
    def test_challenge8(self):
        ecb_line_number = -1
        for line_number, line in enumerate(readlines('8.txt')):
            ciphertext = hex_to_bytes(line)
            blocks = [ciphertext[s:s+16] for s in range(0, len(ciphertext), 16)]
            counts = Counter(blocks)
            histogram = [c for _, c in counts.most_common()]
            if any(c > 2 for c in histogram):
                ecb_line_number = line_number
                # print counts
                # print ciphertext
                break

        self.assertEqual(132, ecb_line_number)
コード例 #5
0
    def GET(self):
        qs = web.input()

        with open(qs.file, 'r') as f:
            contents = f.read()
        expected = crypto.hmac(key, contents)
        # print 'expected: {}'.format(convert.bytes_to_hex(expected))

        actual = convert.hex_to_bytes(qs.signature)

        is_mac_valid = self._insecure_compare(expected, actual)
        if not is_mac_valid:
            raise web.InternalError('Invalid MAC')

        return 'Valid MAC'
コード例 #6
0
    def test_challenge29(self):
        secret_key = os.urandom(random.randint(1, 20))

        # Server returns the message and mac to the attacker
        message = 'comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon'
        mac = crypto.sha1_keyed_mac(secret_key, message)

        raw = convert.hex_to_bytes(mac)
        state = (
            bitops.from_bytes_be(raw[0:4]),
            bitops.from_bytes_be(raw[4:8]),
            bitops.from_bytes_be(raw[8:12]),
            bitops.from_bytes_be(raw[12:16]),
            bitops.from_bytes_be(raw[16:20]),
        )

        for guessed_key_length in xrange(1, 100):
            orig_message_length = guessed_key_length + len(message)
            padding = crack.sha1_padding(orig_message_length)

            # Attacker sets up a sha1 hash that is in the same state after
            # hashing secret_key + message + padding

            hasher = sha1.Sha1Hash()
            hasher._h = state
            hasher._message_byte_length = orig_message_length + len(padding)

            suffix = ';user=admin'
            falsified_mac = hasher.update(suffix).hexdigest()
            falsified_data = message + padding + suffix

            try:
                # Check to see if the server accepts the falsified data and MAC
                validate_mac(secret_key, falsified_data, falsified_mac,
                             crypto.sha1_keyed_mac)
                break
            except ValueError:
                # Guessed key length was wrong. Keep going...
                pass

        self.assertEqual(len(secret_key), guessed_key_length)
コード例 #7
0
    def test_challenge4(self):
        best_score = -1.0
        best_translation = None
        best_encrypted = None
        for encrypted in readlines('4.txt'):
            rawbytes = hex_to_bytes(encrypted)
            score, translation, _ = find_best_single_byte_key(rawbytes)
            if score > best_score:
                best_score = score
                best_encrypted = encrypted
                best_translation = translation

        # print 'Best score is: {}. Original cipher text: {}'.format(
        #     best_score,
        #     best_encrypted
        # )

        self.assertEquals(
            'Now that the party is jumping\n',
            best_translation
        )
コード例 #8
0
    def test_challenge30(self):
        secret_key = os.urandom(random.randint(1, 20))

        # Server returns the message and mac to the attacker
        message = 'comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon'
        mac = crypto.md4_keyed_mac(secret_key, message)

        raw = convert.hex_to_bytes(mac)
        state = [
            bitops.from_bytes_le(raw[0:4]),
            bitops.from_bytes_le(raw[4:8]),
            bitops.from_bytes_le(raw[8:12]),
            bitops.from_bytes_le(raw[12:16]),
        ]

        for guessed_key_length in xrange(1, 100):
            orig_message_length = guessed_key_length + len(message)
            padding = crack.md4_padding(orig_message_length)

            # Attacker sets up a md4 hash that is in the same state after
            # hashing secret_key + message + padding

            hasher = md4.MD4()
            hasher.h = list(state)
            hasher.count = (orig_message_length + len(padding)) / 64

            suffix = ';user=admin'
            falsified_mac = convert.bytes_to_hex(hasher.add(suffix).finish())
            falsified_data = message + padding + suffix

            try:
                # Check to see if the server accepts the falsified data and MAC
                validate_mac(secret_key, falsified_data, falsified_mac,
                             crypto.md4_keyed_mac)
                break
            except ValueError:
                # Guessed key length was wrong. Keep going...
                pass

        self.assertEqual(len(secret_key), guessed_key_length)