def fortyone(): """http://cryptopals.com/sets/6/challenges/41/""" oracle = matasano.oracle.OracleUnpaddedRSARecovery() attacker = matasano.attacker.AttackerUnpaddedRSARecovery(oracle) result = attacker.attack() return result
def fortytwo(): """http://cryptopals.com/sets/6/challenges/42/""" oracle = matasano.oracle.OracleRSAPaddedSignatureVerifier(b"hi mom") attacker = matasano.attacker.AttackerRSAPaddedSignatureVerifier(oracle) result = attacker.attack() return result
def twentyseven(): """http://cryptopals.com/sets/4/challenges/27/""" oracle = matasano.oracle.OracleCBCKeyIV() attacker = matasano.attacker.AttackerCBCKeyIV(oracle) result = attacker.attack() return result
def _fixed_nonce_ctr(oracle: matasano.oracle.OracleFixedNonceCTR): attacker = matasano.attacker.AttackerFixedNonceCTR(oracle) result = attacker.attack() print("Discovered strings:\n{}".format( "\n".join(b.decode("ascii") for b in attacker.discovered_strings) )) return result
def thirteen(): """http://cryptopals.com/sets/2/challenges/13/""" oracle = matasano.oracle.OracleProfileForUser() attacker = matasano.attacker.AttackerProfileForUser(oracle) attacker.get_base_user_profile() attacker.get_role_block() result = attacker.attack() return result
def fiftyone(): """http://cryptopals.com/sets/7/challenges/51/""" oracle = matasano.oracle.OracleCompress(b"TmV2ZXIgcmV2ZWFsIHRoZSBXdS1UYW5nIFNlY3JldCE=") attacker = matasano.attacker.AttackerCompress(oracle) result = attacker.attack() print("Discovered session ID: {}.".format(attacker.session_id.decode('ascii'))) return result
def twelve(): """http://cryptopals.com/sets/2/challenges/12/""" oracle = matasano.oracle.OracleByteAtATimeEcb() attacker = matasano.attacker.AttackerByteAtATimeEcb(oracle) result = attacker.attack() print("Guessed hidden string is:\n{}".format( attacker.unhidden_string.decode("ascii") )) return result
def twentysix(): """http://cryptopals.com/sets/4/challenges/26/""" oracle = matasano.oracle.OracleBitflipping( matasano.blocks.aes_ctr ) attacker = matasano.attacker.AttackerBitFlippingCTR(oracle) result = attacker.attack() return result
def twentythree(): """http://cryptopals.com/sets/3/challenges/23/""" oracle = matasano.oracle.OracleMT19937Clone() attacker = matasano.attacker.AttackerMT19937Clone(oracle) result = attacker.attack() print("Discovered next random numbers:\n{}".format( attacker.next_random_numbers )) return result
def sixteen(): """http://cryptopals.com/sets/2/challenges/16/""" oracle = matasano.oracle.OracleBitflipping( matasano.blocks.aes_cbc, needs_padding=True ) attacker = matasano.attacker.AttackerBitFlippingCBC(oracle) result = attacker.attack() return result
def fortythree(): """http://cryptopals.com/sets/6/challenges/43/""" oracle = matasano.oracle.OracleDSAKeyFromNonce( matasano.oracle.OracleDSAKeyFromNonce.public_key ) attacker = matasano.attacker.AttackerDSAKeyFromNonce(oracle) result = attacker.attack() print("Discovered private key: {}.".format(attacker.private_key_x)) return result
def twentyfour(): """http://cryptopals.com/sets/3/challenges/24/""" oracle = matasano.oracle.OracleMT19937Stream() attacker = matasano.attacker.AttackerMT19937Stream(oracle) print("Please wait while brute-forcing the oracle's seed...") result = attacker.attack() print("Discovered seed:\n{}".format( attacker.key )) return result
def twentytwo(): """http://cryptopals.com/sets/3/challenges/22/""" print("Please wait while the oracle does its job...") oracle = matasano.oracle.OracleMT19937Seed() attacker = matasano.attacker.AttackerMT19937Seed(oracle) result = attacker.attack() print("Discovered seed:\n{}".format( attacker.discovered_seed )) return result
def fortynine(): """http://cryptopals.com/sets/7/challenges/49/""" oracle = matasano.oracle.OracleCBCMac() attacker = matasano.attacker.AttackerCBCMacForge(oracle) result = attacker.attack() print("Found message: {}.\nForged MAC: {}.".format( attacker.message, binascii.hexlify(attacker.forged_mac).decode('ascii') )) return result
def fifty(): """http://cryptopals.com/sets/7/challenges/50/""" oracle = matasano.oracle.OracleCBCMacHash() attacker = matasano.attacker.AttackerCBCMacHash(oracle) result = attacker.attack() print("Original message: {}.\nCollision: {}.\nDigest: {}.".format( attacker.message, attacker.collision, binascii.hexlify(attacker.digest).decode('ascii') )) return result
def fiftysix(): """http://cryptopals.com/sets/7/challenges/56/""" oracle = matasano.oracle.OracleRC4Cookie(base64.b64decode(b"QkUgU1VSRSBUTyBEUklOSyBZT1VSIE9WQUxUSU5F")) attacker = matasano.attacker.AttackerRC4Cookie(oracle) print("Please wait while retrieving the hidden cookie...") print("Warning: this attack could take a long time.") result = attacker.attack() print("Discovered cookie: {}.".format(attacker.cookie)) return result
def _b98(): oracle = matasano.oracle.OracleRSAPadding( b"kick it, CC" ) attacker = matasano.attacker.AttackerRSAPadding(oracle) print("Please wait while performing the attack...") print("Warning: this attack could take a long time.") result = attacker.attack() print("Discovered message: {}.".format(attacker.message.decode("ascii"))) return result
def fortyfour(): """http://cryptopals.com/sets/6/challenges/44/""" oracle = matasano.oracle.OracleDSAKeyFromRepeatedNonce( matasano.oracle.OracleDSAKeyFromRepeatedNonce.public_key, pkg_resources.resource_filename(__name__, "input/44.txt") ) attacker = matasano.attacker.AttackerDSAKeyFromRepeatedNonce(oracle) result = attacker.attack() print("Discovered private key: {}.".format(attacker.private_key_x)) return result
def _remote_sha1_hmac(): oracle = matasano.oracle.OracleRemoteSHA1HMac() attacker = matasano.attacker.AttackerRemoteSHA1HMac(oracle) print("Please wait while brute-forcing the MAC...") result = attacker.attack() print( "Forged MAC: {}.".format( binascii.hexlify(attacker.forged_mac).decode("ascii") ) ) return result
def seventeen(): """http://cryptopals.com/sets/3/challenges/17/""" input_path = pkg_resources.resource_filename(__name__, "input/17.txt") oracle = matasano.oracle.OracleCBCPadding(input_path) attacker = matasano.attacker.AttackerCBCPadding(oracle) result = attacker.attack() print("Guessed hidden string is:\n{}".format( attacker.discovered_string.decode("ascii") )) print("Decoding it produces:\n{}".format( base64.b64decode(attacker.discovered_string).decode("ascii") )) return result
def fortysix(): """http://cryptopals.com/sets/6/challenges/46/""" oracle = matasano.oracle.OracleRSAParity( base64.b64decode( b"VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5I" b"GFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ" b"==" ) ) attacker = matasano.attacker.AttackerRSAParity(oracle) result = attacker.attack() print("Discovered message: {}.".format(attacker.message.decode("ascii"))) return result
def twentyfive(): """http://cryptopals.com/sets/4/challenges/25/""" input_path = pkg_resources.resource_filename(__name__, "input/19.txt") with open(input_path, "rb") as inputFile: oracle = matasano.oracle.OracleRandomAccessCTR( inputFile.read() ) attacker = matasano.attacker.AttackerRandomAccessCTR(oracle) print("Please wait while brute-forcing the oracle's plaintext...") result = attacker.attack() print("Discovered plaintext:\n{}".format( attacker.discovered_plaintext.decode("ascii") )) return result
def thirty(): """http://cryptopals.com/sets/4/challenges/30/""" oracle = matasano.oracle.OracleMD4KeyedMac() attacker = matasano.attacker.AttackerMD4KeyedMac(oracle) result = attacker.attack() print( "Forged message: {}.\n" "Forged MAC: {}.".format( attacker.forged_message, binascii.hexlify(attacker.forged_mac).decode("ascii") ) ) return result
def fourteen(): """http://cryptopals.com/sets/2/challenges/14/""" oracle = matasano.oracle.OracleHarderByteAtATimeEcb() attacker = matasano.attacker.AttackerHarderByteAtATimeEcb(oracle) attacker.discover_block_size() print("Prefix len: {}.".format( attacker.discover_fixed_string_len()) ) result = attacker.attack() print("Guessed hidden string is:\n{}".format( attacker.unhidden_string.decode("ascii") )) return result
def forty(): """http://cryptopals.com/sets/5/challenges/40/""" message = b"Secret" ciphers_and_keys = list() for _ in range(3): _, public = matasano.public.rsa_keys(e=3) cipher = matasano.public.rsa_encrypt( public, message ) ciphers_and_keys += [cipher, public] attacker = matasano.attacker.AttackerRSABroadcast( *ciphers_and_keys ) result = attacker.attack() == message return result
def twentyeight(): """http://cryptopals.com/sets/4/challenges/28/""" key = b"SECRET" message = b"MESSAGE" print( "SHA1({} | {}) = {}".format( key.decode("ascii"), message.decode("ascii"), binascii.hexlify( matasano.mac.sha1_secret_prefix(key, message) ).decode("ascii") ) ) oracle = matasano.oracle.OracleCBCKeyIV() attacker = matasano.attacker.AttackerCBCKeyIV(oracle) result = attacker.attack() return result
def thirtyeight(): """http://cryptopals.com/sets/5/challenges/38/""" password = matasano.util.get_random_password() attacker = matasano.attacker.EavesdropperSimplifiedSRPServer() client = matasano.public.SimplifiedSRPClient( password, attacker ) client.srp_protocol() result = attacker.attack() if result: print("Cracked password: {}.".format( attacker.client_password.decode("ascii") )) else: print("Something went wrong during the brute-force.") return result