def problem4(ct1_b64, ct2_b64, N1, N2):
# def problem4():
# N1 = 87750187518907655534583445808737942078016029371855217057442341331127022016930461105786023716013285380470222803872626192434912740863485532564125627646878636545449869643527771922181597178447982975143657375859594541373428795038041796818858805812228886812351199020336314262507362189851970680226889619203804537151
# N2 = 59077605606399909603607705484000546044333045357566473814158491087439387780574866766800852465743470772146755309189078604396507686696592563062056700875467732286553829707195406383141965288479916793429869646143662227281782900822010619445408818002981548245734527538573941174294649831309213962935858200869524073603
# ct1_b64 = 'Ur/BIau7ZZBdwxD8P3xDJFJGMfkJDXNU5rbY7GlvlRkGae4NEMo3pMq9r8Jk2akGSj47SZ00L+eTmeMIIfis3RoG7jjBdj03p5lLtgrLwnjP0lzr31fasl5+NVZIvmnoEt56Figi54lIAXEj4ig06MHFG2KfotLYJTnwabangS4='
# ct2_b64 = 'CPEXorDgegEqM6UttzFLaccAN/t4QB1FTDS+NL3TSofQlq3Rs/BebbNn4Qj/Vo4FmTwV3P0+n+hlIhjXzOgEgdgV3BmiBE3rIBHqUc+q0FoVvWJU1+jvFpEeellYZMX8vG7O9us5JKfDAHjPaHWZSwv++BSX4rh+5O01flxzlJA='
xy = euclid_etc.extended_euclid(N1, N2)
p = xy[0]
q1 = N1/p
q2 = N2/p
m1 = (p-1)*(q1-1)
m2 = (p-1)*(q2-1)
d1 = modinv(65537, m1)
d2 = modinv(65537, m2)
ct1_as_bits = b64_to_bits(ct1_b64)
ct2_as_bits = b64_to_bits(ct2_b64)
pt1_as_bits = pow(ct1_as_bits, d1, N1)
pt2_as_bits = pow(ct2_as_bits, d2, N2)
h1 = hex(pt1_as_bits)
h2 = hex(pt2_as_bits)
h1 = h1[2:-1]
h2 = h2[2:-1]
answer1 = conversions.hex_to_as(h1)
answer2 = conversions.hex_to_as(h2)
print answer1
print answer2
return 'done'
def problem4(cipher1_b64, cipher2_b64, N1, N2):
cipher1_hex = conversions.b64_to_hex(cipher1_b64)
cipher2_hex = conversions.b64_to_hex(cipher2_b64)
cipher1_b10 = int(cipher1_hex,16)
cipher2_b10 = int(cipher2_hex,16)
common_factor = euclid_etc.euclid(N1, N2)
if (common_factor ==1): #Returning an error as requested if there is no common factor
return "error: there is no common factor"
else:
p1 = N1 / common_factor #N1 = common_factor * p1 N1,N2 are the 2 different moduli
p2 = N2 / common_factor #N2 = common_factor * p2
M1 = (p1 - 1) * (common_factor - 1) #definition of M as in the notes
M2 = (p2 - 1) * (common_factor - 1)
d1 = euclid_etc.extended_euclid(65537, M1)
d2 = euclid_etc.extended_euclid(65537, M2)
d1 = d1[1][0] #Need to access the desired part bc we get a tuple and then a tuple within it in the second (technically [1]) so i need to access the actual wanted part
d2 = d2[1][0] + M2 #Added M2 because I was getting an error bc originally it was negative and we know that a = b(mod n) -> a+n = b(mod n)
plaintext1_b10 = euclid_etc.repeated_squaring(cipher1_b10, d1, N1) #message = c^d(mod n), equation from class and from notes, plug and chug
plaintext2_b10 = euclid_etc.repeated_squaring(cipher2_b10, d2, N2)
plaintext1_hex = hex(plaintext1_b10)
plaintext2_hex = hex(plaintext2_b10)
plaintext1_hex = hex_string_to_hex(plaintext1_hex)
plaintext2_hex = hex_string_to_hex(plaintext2_hex)
plaintext1 = conversions.hex_to_as(plaintext1_hex)
plaintext2 = conversions.hex_to_as(plaintext2_hex)
return (plaintext1, plaintext2) #I returned a tuple of the plaintexts bc I decrypted both of them
def problem5(ctb64, N, e):
# def problem5():
# e = 65537
# N = 104267313539010410259697196441509577894896177181353222939098975044658256653731229369696658803005865075730776171497005390040729021346385892644721558032556950267328480157757202775565554421465561098972037171123794802541382258202303916754661689619425811225128735978214662249095628369305188282273814273882601469489
# ctb64 = 'j/pGAvf886IqKc4IN6TNPTSymwReGjUxUjB7F7r2aEk9bIuZPuRezm3wGCYBifv7u7kDcLQ9k4f/i5luqD/oFGS8PaJljrftLmlpa6hlUm8S/dU8h1tFW884ddtAoGTfZbN5vN4hNcSBGWPQHNzghDgwzNw/4IrqjGL81DckUdY='
i = 0
j = 0
ct_bits = b64_to_bits(ctb64)
lookup_table = {}
isSuccess = 0
for i in range(1, 5000000):
entry = pow(i, e, N)
if entry not in lookup_table:
lookup_table[entry] = i
i += 1
for j in range(1, 5000000):
match = ct_bits * (modinv(pow(j, e, N), N)) % N
if match in lookup_table:
isSuccess += 1
i = lookup_table[match]
break
j += 1
if isSuccess != 1:
return "Error: attack failed"
else:
h = hex(i * j)
# h = h[2:-1]
h = h[2:]
answer = conversions.hex_to_as(h)
return "plaintext is: " + answer
def problem3(ct, d, modulus):
# modulus = 118655596447903224963869613053944974689306948978385022351313547236325408711597515968013120482999812623684614237188826586513936280546323473924322265897469916282911780567243884859836121621708694140679468147474220271417145483116948895892297437839699778114403528270801117190611396069302409336194794071895031049811
# d = 23731119289580644992773922610788994937861389795677004470262709447265081742319503193602624096599962524736922847437765317302787256109264694784864453179493978848181776281125630457673065339633910037899644296946114786385008468034547208885433370715974640426127989454209067113013826578800440508863151210816724921125
# ct = 'LbJFbZa7eoMEQE8uPICTjzxFqvtM2qLPf6OSNOR6bgIJ8IlSWMMIOL4s7qevd77GRtLTz6EgC38EVjbp+ZHKJ5inX582MlxjD6WYcqGEYOnvCFGBpeFJnkAvhFIWxNyIx1tk1xxQgTHU8wMHjq/rMCl6USuZcSH4L1bzUMmgfZE='
a = random.randint(1, modulus-1)
e = 5
k = e * d - 1
while pow(a, k, modulus) == 1 and k % 2 == 0:
k = k / 2
r = pow(a, k, modulus)
if pow(r, 2, modulus) == 1:
xy = euclid_etc.extended_euclid(r-1, modulus)
p = xy[0]
q = modulus/p
m = (p-1)*(q-1)
d_new = modinv(3, m)
decrypt_me = kthroot(3, d_new)
ct_as_bits = b64_to_bits(ct)
convert_me = pow(ct_as_bits, d_new, modulus)
h = hex(convert_me)
h = h[2:-1]
answer = conversions.hex_to_as(h)
print answer
return answer
else:
problem3(ct, d, modulus)
def problem2(ct1, ct2, ct3, mod1, mod2, mod3):
c1 = 'PBq5gXUhUHA9odbER2Oow3aBRX5VzEPPRCPdcFPZisJSDtoDQtCGiDdcD4q5qNWtA7dMRZxktHzO1kQy1HNmgg6jjUnxuXPIihJgTG4rAQaAFVJrj9THVoaNb+QxovCU61c7N49H+tekr6xyGyGSok6wNnLZtE0GQd8p3zbyIAg='
c2 = 'a11Wynb/5BbzR2+gfZ5vgyJvlk0VHAUP08F2tvEZKCsS4Q0zaHok9FBf3QSJxn7X+e9+bADoV0aycZpXh/8hchNE5jER156vamjQm/9cmLwVcQeK/IFJOOmvuFEWYwOg3L8r2Jsii6cn/XrStNZ4JypnOhzbyhR5Jd8hsC2pPIo='
c3 = 'HlPEAzFjvc1ipxHIaig2o6WwpHfsHmIuS07lM0uKmY0VzcxyiOyB8Q0f4yjo8mu5yPYteO5Kiz5W3sk2j/d5ClmU7yUOVRxm5Q8LXymjpkhLK/I+cxO5P3WRjXF6tUiS/7cz+Koox/r1zC0W4BdfCzr3LSjM/khFHyRyxsmW9Ec='
ciphertext1 = b64_to_bits(ct1)
ciphertext2 = b64_to_bits(ct2)
ciphertext3 = b64_to_bits(ct3)
modulus1 = 116352696909960426025864851693810318405618117771451092066454825684677043175680039111752172705287741166921435658711582887107841565748470707915492808066623281928343866378761016071751094691691153177015920723800541267192488702040046723176890027878282090184778778793686252497241689941158021804171328580092708776333
modulus2 = 113159069239053057823530426012762733579195323934158077138440185385412667833688850511263203419882218256057634130377557866771685834979020529147973323837633935391154851580497106210797073916815264166772985134768913514820393183935763151959349642321950865577799563213986693573189083682991881468336071564883866833467
modulus3 = 84645091220488904665996303582605230466879862527671219768265030555132951506114250139685118956675414529710122137796339176130460114790081203074349445462593477716603703644138088562638660083014885373629701703614641595720381677601897924624948376232277832479665238039958287396790532376148968417689500200999461168369
modproduct = mod1 * mod2 * mod3
products1 = modproduct / mod1
products2 = modproduct / mod2
products3 = modproduct / mod3
inverse1 = modinv(products1, mod1)
inverse2 = modinv(products2, mod2)
inverse3 = modinv(products3, mod3)
sum1 = ciphertext1 * products1 * inverse1
sum2 = ciphertext2 * products2 * inverse2
sum3 = ciphertext3 * products3 * inverse3
sumtotal = sum1 + sum2 + sum3
crtoutput = sumtotal % modproduct
M = kthroot(3, crtoutput)
h = hex(M)
h = h[2:-1]
answer = conversions.hex_to_as(h)
print answer
return answer
def birthday2():
random_string = ""
for i in range(100):
random_string = random_string + random.choice(string.hexdigits)
random_string = conversions.hex_to_as(random_string)
h1 = hashnTimes(random_string, 1) #totalHashCount = 1
h2 = hashnTimes(random_string, 2) #totalHashCount = 1 + 2 = 3
totalHashCount = 3
while (h1 != h2):
h1 = hashnTimes(h1, 1)
h2 = hashnTimes(h2, 2)
totalHashCount = totalHashCount + 3
second_stage_h1 = random_string
second_stage_h1 = hashnTimes(second_stage_h1, 1)
second_stage_h2 = h1
second_stage_h2 = hashnTimes(second_stage_h2, 1)
totalHashCount = totalHashCount + 2
while (second_stage_h1 != second_stage_h2):
saved_h1 = second_stage_h1
saved_h2 = second_stage_h2
second_stage_h1 = hashnTimes(second_stage_h1, 1)
second_stage_h2 = hashnTimes(second_stage_h2, 1)
totalHashCount = totalHashCount + 2
s = saved_h1
t = saved_h2
n = totalHashCount
return (s, t, n)
def problem1(cipher_b64, N):
cipher_hex = conversions.b64_to_hex(cipher_b64)
cipher_b10 = int(cipher_hex,16)
plaintext_b10 = kthroot(cipher_b10,3)
plaintext_hex_string = hex(plaintext_b10)
plaintext_hex = hex_string_to_hex(plaintext_hex_string)
plaintext_as = conversions.hex_to_as(plaintext_hex)
return plaintext_as
def problem8(p, g, gx_mod_p, firstComponent, secondComponent, y):
gxy = euclid_etc.repeated_squaring(gx_mod_p, y, p)
plaintext = euclid_etc.extended_euclid(gxy, p)
plaintext_b10 = plaintext[1][0]
plaintext_b10 = (plaintext_b10 * secondComponent) % p
plaintext_hex_string = hex(plaintext_b10)
plaintext_hex = hex_string_to_hex(plaintext_hex_string)
plaintext_as = conversions.hex_to_as(plaintext_hex)
return plaintext_as
def problem6(p, g, gx_mod_p, x, firstComponent, secondComponent):
gxy = euclid_etc.repeated_squaring(firstComponent,x,p) #gxy = g^xy (mod p)
plaintext = euclid_etc.extended_euclid(gxy,p)
plaintext = plaintext[1][0] #Just like problem 4, need to get the desired part
plaintext_b10 = (plaintext * secondComponent) % p
plaintext_hex_string = hex(plaintext_b10)
plaintext_hex = hex_string_to_hex(plaintext_hex_string)
plaintext_as = conversions.hex_to_as(plaintext_hex)
return plaintext_as
def problem1(ciphertext, modulus):
c_as_bits = b64_to_bits(ciphertext)
plaintext = kthroot(3, c_as_bits)
if plaintext**3 == c_as_bits:
# return 'perfect cube'
h = hex(plaintext)
h = h[2:-1]
answer = conversions.hex_to_as(h)
print answer
return answer
else:
print 'not a perfect cube'
def problem7(p, g, gx_mod_p, firstComponent, first_secondComponent, m, second_secondComponent):
m_hex = conversions.as_to_hex(m)
m_b10 = int(m_hex,16)
gxy = euclid_etc.extended_euclid(m_b10,p)
gxy = gxy[1][0]
gxy = (first_secondComponent * gxy) % p
gxy_inverse = euclid_etc.extended_euclid(gxy, p)
gxy_inverse = gxy_inverse[1][0]
plaintext_b10 = (gxy_inverse * second_secondComponent) % p
plaintext_hex_string = hex(plaintext_b10)
plaintext_hex = hex_string_to_hex(plaintext_hex_string)
plaintext_as = conversions.hex_to_as(plaintext_hex)
return plaintext_as
def last_nonpad_byte(ciphertext):
empty = '0000000000000000'
wrong = '<html' #gives wrong padding
if (len(ciphertext) > 48):
start = 32
end = 48
c1 = ciphertext[start:end]
else:
start = 16
end = 32
c1 = ciphertext[start:end]
as_c1 = conversions.hex_to_as(c1)
length = pad_length(ciphertext)
xor_c1 = conversions.xor(chr(length), chr(length + 1))
hex_xor_c1 = conversions.as_to_hex(xor_c1)
xor_c1_final = empty[:-(length * 2)] + (hex_xor_c1 * length)
as_xor_c1 = conversions.hex_to_as(xor_c1_final)
c2 = conversions.xor(as_c1, as_xor_c1)
hex_c2 = conversions.as_to_hex(c2)
oracle = webserver_msgs.post_dictionary_guess(
'', (ciphertext[:start] + hex_c2 + ciphertext[end:]))
if (oracle == wrong):
last_byte = conversions.as_to_hex(chr(length + 1))
else:
for i in range(255):
test_byte = conversions.as_to_hex(chr(i))
test_byte_as = chr(i)
xor_c1 = empty[:-(
(length + 1) * 2)] + test_byte + (hex_xor_c1 * length)
as_xor_c1 = conversions.hex_to_as(xor_c1)
c2 = conversions.xor(as_c1, as_xor_c1)
hex_c2 = conversions.as_to_hex(c2)
oracle = webserver_msgs.post_dictionary_guess(
'', (ciphertext[:start] + hex_c2 + ciphertext[end:]))
oracle = oracle[0:5]
if (oracle == wrong):
last = conversions.xor(test_byte_as, chr(length + 1))
last = conversions.as_to_hex(last)
return last
def problem6(p, g, gxmodp, x, alpha, beta):
# def problem6():
# p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983
# g = 5
# x = 42694797205671621659845608467948077104282354898632405210027867058530843815065930986742716022222447350595400603633273172816767784236961837688169657044396569579700949515830214254992
# alpha = 73982478796308483406582889587923018499575337266536017447507799702797406257043632101045569763590982806403627704785985032506296784648293661856246199184245278019913797261546316759270
# beta = 1227561673735205443986782574414500194775280963876704725208507831364630528829422611287956320336912905023628854115065478249082243473610928313596901712034514819305660036543382454852
# gxmodp = pow(g, x, p)
k_shared = pow(alpha, x, p)
message = (beta * modinv(k_shared, p)) % p
h = hex(message)
h = h[2:-1]
answer = conversions.hex_to_as(h)
return answer
def problem8(p, g, gxmodp, alpha, beta, y):
# def problem8():
secret_exp = 42694797205671621659845608467948077104282354898632405210027867058530843815065930986742716022222447350595400603633273172816767784236961837688169657044396569579700949515830214254992
# p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983
# g = 5
# alpha = 104862672745740711919811315922065122010281934991422240638097533405207971405689057652673577043484488015740722326384001808611695005135028713487234715202873484670021923322009761545457
# beta = 112018886720018236580229932176683955946063514397085867696250318378121351302079624330821244744748925197792097406122146093507280201522804485024833199924734248052247065779216659451112
# y = 138670566126823584879625861326333326312363943825621039220215583346153783336272559955521970357301302912046310782908659450758549108092918331352215751346054755216673005939933186397777
k_public = pow(g, secret_exp, p)
k_shared = pow(k_public, y, p)
output_message = (beta * modinv(k_shared, p)) % p
h = hex(output_message)
h = h[2:-1]
answer = conversions.hex_to_as(h)
return answer
def problem7(p, g, gxmodp, alpha, beta, m, beta2):
# def problem7():
# p = 191147927718986609689229466631454649812986246276667354864188503638807260703436799058776201365135161278134258296128109200046702912984568752800330221777752773957404540495707852046983
# g = 5
# gx = 176478319826764259370406117740489882944142268114222243573886354279989450112247437716236796057251798300509450763347865746885560883563075519833320667906000345397226327059751213369961
# alpha = 104862672745740711919811315922065122010281934991422240638097533405207971405689057652673577043484488015740722326384001808611695005135028713487234715202873484670021923322009761545457
# beta = 17606878671981551311137298337848994393797765223509173646178261989274226953505667592410786573428076963287971811161509360601971410344413313700739795932040261074709506491861567699546
# beta2 = 116115839773157782821329377087409766815814624668492668098672866213651171163182813304753241741593566110843721045751605192482170477996370202802973966889697676265503034822908949368607
# m = "Now my charms are all o'erthrown and what strength I have's mine own."
m_b64 = conversions.as_to_b64(m)
m_bits = b64_to_bits(m_b64)
k_shared = (beta * modinv(m_bits, p)) % p
output_message =(beta2 * modinv(k_shared, p)) % p
h = hex(output_message)
h = h[2:-1]
answer = conversions.hex_to_as(h)
return answer
def problem2(cipher1_b64, cipher2_b64, cipher3_b64, N1, N2, N3):
a1_hex = conversions.b64_to_hex(cipher1_b64)
a2_hex = conversions.b64_to_hex(cipher2_b64)
a3_hex = conversions.b64_to_hex(cipher3_b64)
a1_b10 = int(a1_hex,16)
a2_b10 = int(a2_hex,16)
a3_b10 = int(a3_hex,16)
N2N3inv = euclid_etc.extended_euclid(N2*N3,N1)
N2N3inv = N2N3inv[1][0] #This is all just plug and chug
N1N3inv = euclid_etc.extended_euclid(N1*N3,N2) #into the CRT equation in the
N1N3inv = N1N3inv[1][0] #Lecture notes #7. x = ... see notes for full equation
N1N2inv = euclid_etc.extended_euclid(N1*N2,N3)
N1N2inv = N1N2inv[1][0]
parta = a1_b10 * ((N2N3inv) % N1) * (N3*N2)
partb = a2_b10 * ((N1N3inv) % N2) * (N1*N3)
partc = a3_b10 * ((N1N2inv) % N3) * (N1*N2)
x = (parta + partb + partc) % (N1*N2*N3)
cubeRootx = kthroot(x,3)
x_hex = hex(cubeRootx)
x_hex = hex_string_to_hex(x_hex)
plain = conversions.hex_to_as(x_hex)
return plain
## Alex Karacaoglu
import conversions
import rc4
import time
import string
import javarandom
## Variables to help test
ct_b64 = "qj+QFfumYvjsQDOWWpeJL28JvwfVwwkPd3pEX2v4Cy258HILVldrzCAtEc/aYNivlsERzlbvIJe6QDAwezJkTz+ap1N7r+ya/VCpaS832ZZ3nafoJ1XdjkLx+XofH3Ujrk6W0l+C5rqyTSREEyduXzehYeyhT4HFK1oTLZA/sTet2j3qmI2s9MmfXozqoMAU8+A4X8ng1eauXDbhcjiEM7y8AtWw/JfMiFjaz1IhFOajkaDSmwvEvif4FHrrhoiCp2g37EH0EgmC3l4eS77I0vnGzzGHkF7JYmP3Ln7KmIY3S5aBXpIlyf0Nwee6xSERHzBfBbhHYBgPX+cybeyrQ6omCHWxOAW4XSPIUeqCGufpkugqjebWSf0GRFH1i39BQ9wcU4pdHIc0daKUkcTxV2rU2J3qc7Fk5Hem7ns7pTD6lTpJZ8tCz5PNxDRUpMEflTDuc54rf8Ul1Bkh3J3s9tgop9I2JJGx39+RfWwEjm+jTkKdVnAiTPqVSHDNz89LMRV3DJpwsaAtLZFw47G3kWyiFd3TvQSPf+HXrOArFm324iBnDyW+BBLCw2ED9MQy5A=="
ct_as = conversions.b64_to_as(ct_b64)
og_key_hex = "7f65a580cb"
key = conversions.hex_to_as(og_key_hex)
iv = ct_as[:3]
ct = ct_as[3:]
fullkey = iv + key
##
## 6a
# rc4_iv_decrypt: Takes in the given og key in as and the cipher in ascii,
# does the conversions concerning the iv and does an rc4 decryption and return the pt
def rc4_iv_decrypt(key, ciphertext):
iv = ciphertext[:3]
ct = ciphertext[3:]
fullkey = iv + key
plaintext = rc4.rc4(fullkey, ct)
return plaintext
# repeating_byte_xor: Takes in a string and a key and modifies the key to be repeating and of the same length as the text, then performs an xor
def repeating_byte_xor(text, key):
a = len(text)
b = len(key)
c = (a / b)
d = mod(a, b)
new_key = (key * c) + key[:d]
f = conversions.xor(text, new_key)
return f
# decrypt_msword: Takes in a word file, opens the file, reads the file and extracts the body (ciphertext) then decrypts it using the repating key xor
# The key was given to us, so I will convert it to ascii and use it: hex("b624bd2ab42a39a235a0b4a9b6a734cd")
key_for_number_3_in_hex = "b624bd2ab42a39a235a0b4a9b6a734cd"
key_for_number_3_in_as = conversions.hex_to_as(key_for_number_3_in_hex)
def decrypt_msword(filename, key):
ciphertext = recover(filename)
plaintext = repeating_byte_xor(ciphertext, key)
finaltext = remove(plaintext)
final = finaltext.replace('\r', "")
return final
# Code for Number 4
# timeSingleDecrypt: Returns how long it takes the computer to perform one decryption of key length 16 on 'MSWord1.doc'
def timeSingleDecrypt():
def int_to_as(initNum): hexNum = hex(initNum)[2:-1] final = conversions.hex_to_as(hexNum) return final