wl = int(sys.argv[1])
n = int(sys.argv[2])
systems = [''] * n
systems[0] = bp.get_string('./structures/sha_1.txt')
system = bp.get_string('./structures/sha_1_handy.txt')
for i in range(1, n):
systems[i] = system.replace('H_', 'Z' + bp.fi(i - 1))
systems[i] = systems[i].replace('_', bp.fi(i))
sha_1 = '\n'.join(systems)
bp.store_string('./structures/sha_1_' + str(n) + '_blocks.txt', sha_1)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
sha_1 = sha_1.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)))
test_check = input('Do you want to test it? [y/n] ')
if test_check == 'y':
low = 56 + (n - 2) * 64
high = 119 + (n - 2) * 64
string = input('Type a string (escapes not allowed) with a x number of ' +\
'chars such that ' + str(low) + ' ≤ x ≤ ' + str(high) + '.\n')
W = bp.words_from_string(32, string)
for i in range(n):
for j in range(16):
for k in range(wl):
sha_1 = sha_1.replace(bp.bit('W' + bp.fi(i) + bp.fi(j), k),\
str(bool(W[i * 16 + j] >> k & 1)))
import sys
import bitpy as bp
wl = int(sys.argv[1])
system = bp.get_string('./structures/sha_1.txt')
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_no_assignments.txt', system)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_first_block.txt', system)
W = bp.words_from_string(wl, "Chiara")
system = bp.xor_in_standard_syntax(system)
system = bp.not_in_python_syntax(system)
for i in range(len(W)):
for j in range(wl):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
W = bp.get_words(string)
system = bp.get_string('./structures/sha_1.txt')
system = bp.xor_in_standard_syntax(system)
system = bp.not_in_python_syntax(system)
#K = bp.get_words('K.txt')
H = bp.get_words('H.txt')
#for i in range(len(K)):
# for j in range(wl):
# system = system.replace(bp.bit('K' + bp.fi(i), j),\
# str(bool(K[i] >> j & 1)))
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)))
for i in range(len(W)):
for j in range(wl):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
W += [0] * 64
for i in range(16, 80):
for j in range(wl):
W[i] ^= eval(bp.bit('W' + bp.fi(0) + bp.fi(i), j)) << j
bp.store_words('./maps/block_' + file_id + '.txt', wl, W)
states = [0] * 82
for i in range(40, min(rounds, 60)):
system += [f_ind(f2, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K2, addition, wl, rotation_A, i)]
for i in range(60, min(rounds, 80)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K3, addition, wl, rotation_A, i)]
if rounds == 80:
system += [final_addition_ind(addition)]
for i in range(len(system)):
bits = re.findall(r'[A-Za-z][0-9]{4}', system[i])
for b in bits:
system[i] = system[i].replace(b, b[0] + '_' + b[1:])
system = '\n'.join(system)
system = system.replace('_', bp.fi(0))
reassignments = reassignments.split('\n')[::-1]
for r in reassignments:
system = system.replace(r[0:7], r[8:])
system = system.replace('~~', '')
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.cnf_simplify_across(system)
bp.store_string('./structures/sha_1_cnf_opt.txt', system)
import sys
import re
import bitpy as bp
system_path = sys.argv[1]
system = bp.get_string(system_path)
system = system.replace('*', '&')
system = system.replace('+', '^')
string = sys.argv[2]
W = bp.words_from_string(32, string)
for i in range(len(W)):
for j in range(32):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
digest = 0
for j in range(32):
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(0), j)) << j + 128
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(1), j)) << j + 96
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(2), j)) << j + 64
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(3), j)) << j + 32
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(4), j)) << j
print(f'{digest:040x}')
cnf = sys.argv[5]
system = bp.get_string(cnf)
clauses = system.split('\n')
last_carry = 'g' + bp.fi(0) + bp.fi(round_to_attack - 1) + bp.fi(wl - 2)
last_clause = list(filter(lambda x: last_carry in x, clauses))[-1]
system = '\n'.join(clauses[0:clauses.index(last_clause) + 1])
states = bp.get_words('./maps/states_' + file_id + '.txt')
for i in range(5):
states[i] = states[round_to_attack - 4 + i] >> (wl * 4)
for i in range(5):
for j in range(wl):
system = system.replace(\
bp.bit('T' + bp.fi(0) + bp.fi(round_to_attack - 5 + i), j),\
str(bool(states[i] >> j & 1)).lower())
fixed, system = bp.fix_bits(wl, system, preimage_length)
system = bp.cnf_simplify_across(system)
system = system.replace('~', '-')
system = system.replace('|', ' ')
system = system.replace('Xor(', 'x')
system = system.replace(')', '')
system = system.replace(',', ' ')
system = system.replace('\n', ' 0\n') + ' 0'
clauses = system.split('\n')
variables = []
for i in range(len(clauses)):
vars_temp = re.findall(r'[A-Za-z][0-9]{6}', clauses[i])
for v in vars_temp:
X[i], '&', Y[i], ')'))
carries = bp.wequal(C, carries)
results = [''] * wl
results[0] = ''.join(('Xor(', X[0], ',', Y[0], ')'))
for i in range(1, wl):
results[i] = ''.join(('Xor(', X[i], ',', Y[i], ',', C[i - 1], ')'))
results = bp.wequal(Z, results)
bp.store_string('./models/equations/addition.txt',\
'\n'.join(carries + results))
# Addition modulo 2 ^ wl with the first part of the K constant
K = bp.get_words('K.txt')
K_additions = [''] * len(K)
for i in range(len(K)):
new_addition = '\n'.join(carries + results)
for j in range(wl):
new_addition = new_addition.replace(bp.bit('y', j),\
str(bool(K[i] >> j & 1)).lower())
new_addition = new_addition.split('\n')
for j in range(wl - 1):
new_addition[j] = ''.join((new_addition[j][0: 4],\
str(sympy.to_cnf(new_addition[j][4:], True))))
for j in range(wl - 1, 2 * wl - 1):
new_addition[j] = ''.join((new_addition[j][0: 4],\
bp.reduce_xor(new_addition[j][4:], r'~?[xyc][0-9]{2}')))
K_additions[i] = '\n'.join(new_addition).replace(' ', '')
for i in range(len(K)):
bp.store_string('./models/equations/addition_K' + str(i) + '.txt',\
K_additions[i])
import re
import sys
import bitpy as bp
## data retrieve
wl = int(sys.argv[1])
value = sys.argv[2]
key_string = sys.argv[3]
key_length = len(key_string)
system = bp.get_string('./structures/sha_1_handy.txt')
system0 = system1 = system2 = system3 = system
H = bp.get_words('H.txt')
key = [bp.bit('K' + bp.fi(0) + bp.fi(i // wl), wl - 1 - i % wl)\
for i in range(wl * 16)]
## system0
ipad = [0x36363636] * 16
k = 0
for i in range(key_length):
k = k << 8 ^ ord(key_string[i])
k <<= (512 - 8 * key_length)
W = [(k >> (15 - i) * 32 ^ ipad[i]) & 0xffffffff for i in range(16)]
for i in range(len(H)):
for j in range(wl):
system0 = system0.replace(bp.bit('H_' + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
sol_bits = sol_bits.split()
var_lines = bp.get_string('./temp/variables_' + file_id + '.txt').split('\n')
fin_dict = {}
for i in range(len(sol_bits)):
if var_lines[i][0] == 'W':
fin_dict[var_lines[i]] = sol_bits[i]
var_lines = bp.get_string('./temp/fixed_' + file_id + '.txt').split('\n')
for i in range(len(var_lines)):
if var_lines[i][0] == '0':
fin_dict[var_lines[i][1:]] = '-1'
else:
fin_dict[var_lines[i][1:]] = '1'
preimage = ''
for i in range(wl * 16):
if fin_dict[bp.bit('W' + bp.fi(0) + bp.fi(i // wl),\
(wl - 1) - i % wl)][0] == '-':
preimage += '0'
else:
preimage += '1'
M1 = int(preimage, base = 2)
W = [0] * 16
for i in range(16):
W[i] = (M1 >> (15 - i) * wl) & 0xFFFFFFFF
W[i] = f'{W[i]:08x}'
bp.store_string('./temp/preimage_' + file_id + '.txt', '\n'.join(W))