def collide54(hleft, hright):
while True:
sample0 = rand(16)
sample1 = rand(16)
if sample0 == sample1:
continue
if f(sample0, hleft) == f(sample1, hright):
return sample0, sample1
def collide53(M_chain = None, i = None):
H_0_def = AES.new(b'YELLOW SUBMARINE', AES.MODE_ECB).encrypt(b'\x34\x12\x80' + (b'\x00' * 13))[:2] + (b'\x80' + b'\x00' * 13)
dummy = (2 ** i) * b'A' * 16
if M_chain is not None:
dummychain = f(dummy, M_chain)
else:
M_chain = H_0_def
dummychain = f(dummy)
while True:
sample0 = rand(16)
sample1 = rand(16)
H_0 = f(sample0, M_chain)
H_1 = f(sample1, dummychain)
if H_0 == H_1:
return [sample0, sample1, H_0, dummychain]
def mine_block(new_block, max_attempts=10000000):
'''
continuously add random bytes to the block, then hash and look for a successful hash
max_attempts limits the total number of guesses
'''
done = False
attempts = 0
biggest_chain = 0
while not done:
attempts += 1
# a guess is just a random string
guess = str(rand(20))
# update_work() just stores the guess string, which ultimately changes how it is pickled
new_block.update_work(guess)
# convert the block into bytes with pickle
block_bytes = pickle.dumps(new_block)
# hash the pickled block
sha_obj = sha.new(data=block_bytes)
guess_hash = sha_obj.hexdigest()
solved = is_hashed(guess_hash)
done = solved or (attempts > max_attempts)
lz = leading_zeroes(guess_hash)
if lz > biggest_chain:
biggest_chain = lz
print('guess: ', guess)
print('biggest chain: ', biggest_chain)
print('number of guesses: ', attempts)
print('leading zeroes: ', leading_zeroes(guess_hash))
print('hash[0]: ', guess_hash[0] == '0')
print('hash: ', guess_hash)
return new_block, solved
def layercreate(lastlayer):
hashset = set()
for hi in lastlayer:
hashset.add(f(lastlayer[hi], hi))
h0i = iterhash(hashset)
li = {}
length = len(hashset)
count = 1
print('\ncolliding layer' + str(8 - int(log(len(hashset), 2))) + ' of 7' +
'...')
while True:
try:
hleft = next(h0i)
try:
hright = next(h0i)
except StopIteration:
## ADD SENTINEL IN CASE OF 4-COLLISION
print('MULTICOLLISION ON PREV. LAYER')
while True:
hleft = rand(2)
if hleft not in li:
break
mleft, mright = collide54(hleft, hright)
li[hleft] = mleft
li[hright] = mright
print(str(count) + '/' + str(length // 2), end='; ', flush=True)
count += 1
except StopIteration:
break
return li
def collide(M_chain=None):
while True:
sample0 = rand(16)
sample1 = rand(16)
if sample1 == sample0:
continue
if M_chain is not None:
H_0 = f(sample0, M_chain)
H_1 = f(sample1, M_chain)
if H_0 == H_1:
return [sample0, sample1, f(sample0, M_chain)]
else:
H_0 = f(sample0)
H_1 = f(sample1)
if H_0 == H_1:
return [sample0, sample1, f(sample0)]
def initialize():
init = []
while len(init) < (1 << K):
h0i = f(rand(16))
if h0i in init:
continue
init.append(h0i)
return init
def _encrypt(self, data):
"""
:param str data: Data to encrypt
:return: Encrypted data with hash inside and IV outside
:rtype: str
"""
iv = rand(self.iv_size)
cipher = AES.new(self.key, self.mode, iv)
edata, tag = cipher.encrypt_and_digest(data)
return iv + tag + edata
def _encrypt(self, data):
"""
:param str data: Data to encrypt
:return: Encrypted data with hash inside and IV outside
:rtype: str
"""
iv = rand(self.iv_size)
cipher = AES.new(self.key, self.mode, iv)
edata, tag = cipher.encrypt_and_digest(data)
return iv + tag + edata
def _encrypt(self, data):
"""
:param str data: Data to encrypt
:return: Encrypted data with hash inside and IV outside
:rtype: str
"""
iv = rand(self.iv_size)
if self.use_sodium:
edata, tag = self._box.encrypt_and_mac(data, iv)
else:
cipher = AES.new(self.key, MODE, iv)
edata, tag = cipher.encrypt_and_digest(data)
return iv + bytes(tag) + bytes(edata)
def _encrypt(self, data):
"""
:param str data: Data to encrypt
:return: Encrypted data with hash inside and IV outside
:rtype: str
"""
iv = rand(self.iv_size)
if self.use_sodium:
edata, tag = self._box.encrypt_and_mac(data, iv)
else:
cipher = AES.new(self.key, MODE, iv)
edata, tag = cipher.encrypt_and_digest(data)
return iv + tag + edata
def encrypt(self, password):
if not self.pk_data:
return print("Load the pickled data into data")
self.pk_data = pickle.dumps(self.keys)
salt = rand(self.salt_len)
key = PBKDF2(password, salt, dkLen = self.key_len)
cip = chacipher.new(key = key)
ct, tag = cip.encrypt_and_digest(self.pk_data)
nonce = cip.nonce
nonce = pad(nonce, self.nonce_len)
tag = pad(tag, self.tag_len)
self.enc_data = salt + nonce + tag + ct
def encrypt(self):
"""Encrypts the file Saves into lckd file and returns the key"""
data = pad(self.file.read(), self.block_size)
key = rand(self.key_size)
enc = AES.new(key, AES.MODE_GCM)
ct, tag = enc.encrypt_and_digest(data)
del data # Saves memory
nonce = pad(enc.nonce, self.nonce_pad)
body = nonce + pad(tag, self.tag_pad) + ct
hsh, bsh = self.shahash(body)
with open(hsh + '.lckd', 'wb') as wir:
wir.write(bsh + body)
del body
# Creating the key object, doesn't save data to file
key_obj = keys.Key()
key_obj.fix(key, bsh, hsh, self.file_name)
return key_obj
def main():
H_0_def = AES.new(b'YELLOW SUBMARINE', AES.MODE_ECB).encrypt(b'\x34\x12\x80' + (b'\x00' * 13))[:2] + (b'\x80' + b'\x00' * 13)
challengeM = rand(randint(420, 780))
challengeH = f(pad53(challengeM))
print('message:\n', challengeM, end='\n\n')
print('len:', len(challengeM), '\npadded:', len(pad53(challengeM)), '\nblocks', len(pad53(challengeM))/16, end='\n\n')
print('hash:\n', challengeH, end='\n\n')
k = ceil(log(len(pad53(challengeM)) // 16, 2))
print(k, 'blocks k')
dummy = b'A' * 16
pool = []
print('i', k-1)
pool.append([k-1, collide53(None, k-1)])
for i in range(k - 2, -1, -1):
print('i', i)
pool.append([i, collide53(pool[-1][1][2], i)])
for collision in pool:
print(collision)
H_i_map = {}
# H_i_map[H_0_def[:2]] = 0
genblocks = blockgenerator(pad53(challengeM))
count = 1
H_i = H_0_def[:2]
for block in genblocks:
H_i = f(block, H_i)
if count > k + 1:
H_i_map[H_i] = count
count += 1
print('\nintermediates map', H_i_map)
preimage = preimageinterm(pool[-1][1][2], H_i_map)
resume = H_i_map[f(preimage, pool[-1][1][2])]
print('\nfound preimage', preimage)
print('from final expandable state', pool[-1][1][2])
print('upon entry into block', resume, '(', f(preimage, pool[-1][1][2]), ')')
representation = resume - 1 - len(pool)
response = b''
level = 0
for i in bin(representation)[2:].zfill(len(pool)):
if int(i) == 1:
response += dummy * (2 ** pool[level][0]) + pool[level][1][1]
else:
response += pool[level][1][0]
level += 1
print('\n\nraw response', response, '\nwith hash', f(response))
response += preimage + challengeM[(resume * 16):]
print('\n\nfinal crash', response)
print('\nresponse hash', f(pad53(response)), end='\n\n')
if (f(pad53(response)) == f(pad53(challengeM))) and (response != challengeM):
print('huzzah')
else:
print('kaboom')
def encrypt(self, creq):
# ctr = Counter.new(64, prefix = rand(8), little_endian=True, initial_value = randint(0, (2 << 31) - 1))
return AES.new(rand(16), AES.MODE_CBC,
rand(16)).encrypt(pad(creq, 16, 'pkcs7'))
def find_m_link(h2, l0):
while True:
m2 = rand(16)
if f(m2, h2) in l0:
return m2
def preimageinterm(H, Hmap):
while True:
preimage = rand(16)
if f(preimage, H) in Hmap:
return preimage
def encrypt(self, creq):
ctr = Counter.new(64,
prefix=rand(8),
little_endian=True,
initial_value=randint(0, (2 << 31) - 1))
return AES.new(rand(16), AES.MODE_CTR, counter=ctr).encrypt(creq)
