def p34():
alice = DiffieHellman()
bob = DiffieHellman()
sha1 = SHA1()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = 'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print 'Encrypted message "{}"'.format(a_msg)
e_key = unhexlify(sha1.hash(0))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = unhexlify(sha1.hash(bob.shared))[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'Intercepted and decrypted message "{}"'.format(e_msg)
def p34() -> str:
alice = DiffieHellman()
bob = DiffieHellman()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = b'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = sha1(str(alice.shared).encode()).digest()[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print(f'Encrypted message "{a_msg.decode()}"')
e_key = sha1(b'0').digest()[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1(str(bob.shared).encode()).digest()[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return f'Intercepted and decrypted message "{e_msg.decode()}"'
def _detect_compressed_size(ptxt):
key, iv = urandom(16), urandom(16)
request = 'POST / HTTP/1.1\n' \
'Host: hapless.com\n' \
'Cookie: sessionid=TmV2ZXIgcmV2ZWFsIHRoZSBXdS1UYW5nIFNlY3JldCE=\n' \
'Content-Length: {}\n{}'.format(len(ptxt), ptxt)
ctxt = aes_cbc_encrypt(compress(request), key, iv)
return len(ctxt)
def _detect_compressed_size(ptxt: bytes) -> int:
key, iv = urandom(16), urandom(16)
request = f'POST / HTTP/1.1\n' \
f'Host: hapless.com\n' \
f'Cookie: sessionid=TmV2ZXIgcmV2ZWFsIHRoZSBXdS1UYW5nIFNlY3JldCE=\n' \
f'Content-Length: {len(ptxt)}\n'
request = request.encode() + ptxt
ctxt = aes_cbc_encrypt(compress(request), key, iv)
return len(ctxt)
def p35():
p = DiffieHellman.default_p
sha1 = SHA1()
for (g, sk) in [(1, 1), (p, 0), (p - 1, p - 1)]:
alice = DiffieHellman(g=g)
bob = DiffieHellman(g=g)
alice.derive_shared_secret(bob.public)
bob.derive_shared_secret(alice.public)
a_msg = 'When does this ever happen?'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
e_key = unhexlify(sha1.hash(sk))[:16]
try:
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
except ValueError:
sk = pow(p-1, 2, p)
e_key = unhexlify(sha1.hash(sk))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1.hash(bob.shared).decode('hex')[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'All Traffic Intercepted And Decrypted!'
def p27() -> bytes:
key = urandom(16)
print(f'The key is {hexlify(key).decode()}')
msg = b'Super secret message unfortunately encrypted in a bad manner'
ctxt = aes_cbc_encrypt(msg, key, key)
c1 = ctxt[:AES.block_size]
zeros = b'\x00' * AES.block_size
ctxt = c1 + zeros + c1 + ctxt[3 * AES.block_size:]
try:
plaintext = aes_cbc_decrypt(ctxt, key, key)
return _check_ascii_compliant(plaintext)
except ValueError as e:
ptxt = e.args[0]
p1, p3 = ptxt[:AES.block_size], ptxt[2 * AES.block_size:3 *
AES.block_size]
return b'Recovered ' + hexlify(xor(p1, p3))
def p27():
key = urandom(16)
print 'The key is {}'.format(hexlify(key))
msg = 'Super secret message unfortunately encrypted in a bad manner'
ctxt = aes_cbc_encrypt(msg, key, key)
c1 = ctxt[:AES.block_size]
zeros = '\x00' * AES.block_size
ctxt = c1 + zeros + c1 + ctxt[3 * AES.block_size:]
try:
plaintext = aes_cbc_decrypt(ctxt, key, key)
return _check_ascii_compliant(plaintext)
except ValueError as e:
start = len('Invalid ASCII - ')
ptxt = str(e)[start:]
p1, p3 = ptxt[:AES.block_size], ptxt[2 * AES.block_size:3 *
AES.block_size]
return 'Recovered ' + hexlify(xor(p1, p3))
def p17() -> bytes:
strs = [
'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB'
'1bXBpbic=',
'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'
]
key, iv = urandom(16), urandom(16)
ptxt = b64decode(random_choice(strs))
ctxt = aes_cbc_encrypt(ptxt, key, iv)
ptxt = _break_cbc(ctxt, key, iv)
return validate_pkcs7(ptxt)
def _generate_encrypted_data(user_data: str, key: bytes, iv: bytes) -> bytes:
s1 = 'comment1=cooking%20MCs;userdata='
s2 = ';comment2=%20like%20a%20pound%20of%20bacon'
ptxt = s1 + user_data.replace(';', '%3B').replace('=', '%3D') + s2
return aes_cbc_encrypt(ptxt.encode(), key, iv)
def cbcmac(msg: bytes,
iv: bytes = (b'\x00' * AES.block_size),
key: bytes = master_key) -> bytes:
ctxt = aes_cbc_encrypt(msg, key, iv)
return ctxt[-AES.block_size:]
def _generate_encrypted_data(user_data, key, iv):
s1 = 'comment1=cooking%20MCs;userdata='
s2 = ';comment2=%20like%20a%20pound%20of%20bacon'
ptxt = s1 + user_data.replace(';', '').replace('=', '') + s2
return aes_cbc_encrypt(ptxt, key, iv)
def cbcmac(msg, iv=('\x00' * AES.block_size), key=master_key):
ctxt = aes_cbc_encrypt(msg, key, iv)
return ctxt[-AES.block_size:]