Exemplo n.º 1
0
class CookieFactoryCBC():
    def __init__(self):
        self.oracle = Oracle(None, prefix, postfix)
        self.sep_field = Message(b';')
        self.sep_key = Message(b'=')
        self.default_keys = [
            Message(b'comment1'),
            Message(b'userdata'),
            Message(b'comment2')
        ]

    def newCookie(self, user_input):
        user_input_msg = Message(user_input, 'ascii')
        return self.oracle.encryptCBC(user_input_msg)

    def isAdminCookie(self, msg):
        decr_msg = self.oracle.decryptCBC(msg)
        try:
            token = Token.fromMsg(decr_msg, Message(b';'), Message(b'='))
        except IndexError:
            raise InvalidToken
        try:
            return token.data[Message(b'admin')] == Message(b'true')
        except KeyError:
            return False
Exemplo n.º 2
0
class Authorizer():
    
    def __init__(self):
        self.oracle = Oracle()
        self.sep_field = Message(b';')
        self.sep_key = Message(b'=')
        self.default_keys = [Message(b'email'), Message(b'uid'), Message(b'role')]

    def newUserProfile(self, email):
        user_data = OrderedDict.fromkeys(self.default_keys)
        user_data[Message(b'email')] = Message(email, 'ascii')
        user_data[Message(b'uid')] = Message(str(randint(uid_min, uid_max)), 'ascii')
        user_data[Message(b'role')] = Message(b'user')
        token = Token(user_data, self.sep_field, self.sep_key)
        encr_token = self.oracle.encryptECB(token.msg)
        return encr_token

    def validateProfile(self, msg):
        decr_msg = self.oracle.decryptECB(msg).stripPad()
        token = Token.fromMsg(decr_msg, Message(b';'), Message(b'='))
        is_admin = False
        try:
            email = token.data[Message(b'email')]
            uid = token.data[Message(b'uid')]
            role = token.data[Message(b'role')]
            if role == Message(b'admin'):
                is_admin = True
            print("Logging in as %s with email %s and UID %s..." % (role.ascii(), email.ascii(), uid.ascii()))
            return is_admin
        except KeyError:
            raise InvalidToken
Exemplo n.º 3
0
class CookieFactoryMACSHA1():
    def __init__(self):
        self.oracle = Oracle(None, prefix, postfix)
        self.sep_field = Message(b';')
        self.sep_key = Message(b'=')
        self.default_keys = [
            Message(b'comment1'),
            Message(b'userdata'),
            Message(b'comment2')
        ]

    def newAuthCookie(self, user_data):
        user_data_msg = Message(user_data, 'ascii')
        return self.oracle.authMACSHA1(user_data_msg)

    def isAdminAuthCookie(self, mac_pair):
        (cookie, mac) = mac_pair
        if not self.oracle.checkMACSHA1(cookie, mac):
            raise BadMAC
        try:
            token = Token.fromMsg(cookie, Message(b';'), Message(b'='))
        except IndexError:
            raise InvalidToken
        try:
            return token.data[Message(b'admin')] == Message(b'true')
        except KeyError:
            return False
Exemplo n.º 4
0
 def __init__(self):
     self.oracle = Oracle(None, prefix, postfix)
     self.sep_field = Message(b';')
     self.sep_key = Message(b'=')
     self.default_keys = [
         Message(b'comment1'),
         Message(b'userdata'),
         Message(b'comment2')
     ]
Exemplo n.º 5
0
def AESOracle(msg, test_mode=False):
    """ An oracle which does the following, given a message:
    chooses an integer m uniformly from [5, 10] and prepends a
    random string of m bytes to a message, then chooses an
    integer n uniformly from [5, 10] and appends a random
    string of n bytes to the message; generates a random
    16-byte key; then flips a fair coin and encrypts the
    enlarged message with either AES-ECB or AES-CBC (using
    another random 16-byte string as the IV) depending on the
    result.

    The oracle can be used in a simple model of a chosen-
    plaintext attack on an unknown cipher. To verify the 
    success of such an attack, the function has an optional
    "test mode" which exposes the mode of AES used for
    each encryption.

    Args:
        msg (string): the message to be affixed-to and
        encrypted.

        msg_format (string): the format in which the bytes
        of 'filename' are encoded. Options are 'ascii'     
        (default), 'hex', and 'base64'.
    
        test_mode (bool): if test_mode=True, the function
        returns a boolean together with each encryption 
        which reveals which mode of AES was used. If
        test_mode=False, encryption mode is not revealed.

    Returns:
        (if test_mode=False) string : the encryption using
        either AES_ECB or AES_CBC, and a random key (and IV,
        if applicable), of the concatenation of 'msg' with 
        random pre/suffixes of small random length.

        (if test_mode=True) tuple (bool, string): string arg
        is as described in the case test_mode=False. bool arg
        is True if AES-ECB was used, False if AES-CBC was used.
    """
    prefix = randMsg(5, 10)
    postfix = randMsg(5, 10)
    oracle = Oracle(None, prefix, postfix)

    coin = randint(0, 1)
    if coin:
        ciphertext = oracle.encryptECB(msg)
    else:
        ciphertext = oracle.encryptCBC(msg)
    if test_mode:
        return (coin, ciphertext)
    else:
        return ciphertext
Exemplo n.º 6
0
class AuthenticatorApp():
    def __init__(self):
        self.oracle = Oracle()

    def checkQuery(self, query):
        query = unquote(query)
        print(query)
        query_msg = Message(query, 'ascii')
        try:
            token = Token.fromMsg(query_msg,
                                  sep_field=Message(b'&'),
                                  sep_key=Message(b'='))
            filename = token.data[Message(b'file')].ascii()
            with open(filename, 'r') as infile:
                file_contents = Message(infile.read(), 'ascii')
            mac = token.data[Message(b'signature')].ascii()
            return self.oracle.checkHMACSHA1_insecure(file_contents, mac)
        except (IndexError, KeyError):
            raise InvalidToken
Exemplo n.º 7
0
from tools.message import Message
from tools.oracle import Oracle
from tools.aesattacks import decryptPostfixECB
from tools.randomdata import randMsg

prefix = randMsg(0, 20)
postfix_str = 'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK'
postfix = Message(postfix_str, 'base64')
oracle = Oracle(None, prefix, postfix)

decryption = decryptPostfixECB(oracle.encryptECB)
print(decryption.ascii())

Exemplo n.º 8
0
 def __init__(self):
     self.oracle = Oracle()
Exemplo n.º 9
0
from tools.message import Message
from tools.oracle import Oracle
from tools.bitops import XOR
from tools.aes import AES_ECB
from tools.aesattacks import crackEditableCTR

with open('data/set1ch7.txt', 'r') as infile:
    ecb_ciphertext = Message(infile.read(), 'base64')
    ecb_key = Message(b'YELLOW SUBMARINE')
    msg = AES_ECB(ecb_ciphertext, ecb_key, fn='decrypt')

oracle = Oracle()
ciphertext = oracle.encryptCTR(msg)
decryption = crackEditableCTR(ciphertext, oracle.editCTR)
print(decryption.ascii())
Exemplo n.º 10
0
 def __init__(self):
     self.oracle = Oracle()
     self.sep_field = Message(b';')
     self.sep_key = Message(b'=')
     self.default_keys = [Message(b'email'), Message(b'uid'), Message(b'role')]