Пример #1
0
def p34():
    alice = DiffieHellman()
    bob = DiffieHellman()
    sha1 = SHA1()

    bob.derive_shared_secret(alice.p)
    alice.derive_shared_secret(bob.p)

    a_msg = 'build a protocol and an "echo" bot'
    a_iv = urandom(16)
    a_key = unhexlify(sha1.hash(alice.shared))[:16]
    a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
    print 'Encrypted message "{}"'.format(a_msg)

    e_key = unhexlify(sha1.hash(0))[:16]
    e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
    if e_msg != a_msg:
        return 'Intercepted Traffic Incorrectly Decrypted'

    b_iv = urandom(16)
    b_key = unhexlify(sha1.hash(bob.shared))[:16]
    b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
    b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv

    e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
    if e_msg != b_msg:
        return 'Intercepted Traffic Incorrectly Decrypted'

    return 'Intercepted and decrypted message "{}"'.format(e_msg)
Пример #2
0
def p34() -> str:
    alice = DiffieHellman()
    bob = DiffieHellman()

    bob.derive_shared_secret(alice.p)
    alice.derive_shared_secret(bob.p)

    a_msg = b'build a protocol and an "echo" bot'
    a_iv = urandom(16)
    a_key = sha1(str(alice.shared).encode()).digest()[:16]
    a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
    print(f'Encrypted message "{a_msg.decode()}"')

    e_key = sha1(b'0').digest()[:16]
    e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
    if e_msg != a_msg:
        return 'Intercepted Traffic Incorrectly Decrypted'

    b_iv = urandom(16)
    b_key = sha1(str(bob.shared).encode()).digest()[:16]
    b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
    b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv

    e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
    if e_msg != b_msg:
        return 'Intercepted Traffic Incorrectly Decrypted'

    return f'Intercepted and decrypted message "{e_msg.decode()}"'
Пример #3
0
def _break_cbc(ctxt, key, iv):
    ptxt = ''
    prevblock = iv

    for block in range(len(ctxt) / AES.block_size):
        ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
        cipherout = ''

        for cur_pad_byte in range(1, AES.block_size + 1):
            mask = ''.join([chr(cur_pad_byte ^ ord(s)) for s in cipherout])

            for byt in range(0xff + 1):
                validpad = True
                block = 'A' * (AES.block_size - len(mask) -
                               1) + chr(byt) + mask
                out = aes_cbc_decrypt(ctxtblock, key, block)

                # server would be doing this
                try:
                    validate_pkcs7(out)
                except ValueError:
                    validpad = False

                # back to client now
                if validpad:
                    cipherout = chr(byt ^ cur_pad_byte) + cipherout
                    break

        ptxt += xor(prevblock, cipherout)
        prevblock = ctxtblock

    return ptxt
Пример #4
0
def _decrypt_and_parse(ctxt: bytes, key: bytes, iv: bytes) -> Dict[bytes, bytes]:
    plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
    data = {}

    for pairs in plaintext.split(b';'):
        key, value = pairs.split(b'=')
        data[key] = value

    return data
Пример #5
0
def _decrypt_and_parse(ctxt, key, iv):
    plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
    data = {}

    for pairs in plaintext.split(';'):
        key, value = pairs.split('=')
        data[key] = value

    return data
Пример #6
0
def p35():
    p = DiffieHellman.default_p
    sha1 = SHA1()

    for (g, sk) in [(1, 1), (p, 0), (p - 1, p - 1)]:
        alice = DiffieHellman(g=g)
        bob = DiffieHellman(g=g)

        alice.derive_shared_secret(bob.public)
        bob.derive_shared_secret(alice.public)

        a_msg = 'When does this ever happen?'
        a_iv = urandom(16)
        a_key = unhexlify(sha1.hash(alice.shared))[:16]
        a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv

        e_key = unhexlify(sha1.hash(sk))[:16]
        try:
            e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
        except ValueError:
            sk = pow(p-1, 2, p)
            e_key = unhexlify(sha1.hash(sk))[:16]
            e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))

        if e_msg != a_msg:
            return 'Intercepted Traffic Incorrectly Decrypted'

        b_iv = urandom(16)
        b_key = sha1.hash(bob.shared).decode('hex')[:16]
        b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
        b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv

        e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
        if e_msg != b_msg:
            return 'Intercepted Traffic Incorrectly Decrypted'

    return 'All Traffic Intercepted And Decrypted!'
Пример #7
0
def _break_cbc(ctxt: bytes, key: bytes, iv: bytes) -> bytes:
    ptxt = b''
    prevblock = iv

    for block in range(len(ctxt) // AES.block_size):
        ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
        cipherout = b''

        for cur_pad_byte in range(1, AES.block_size + 1):
            mask = bytes([(cur_pad_byte ^ s) for s in cipherout])

            for byte in range(0xff + 1):
                validpad = True
                byte_str = int.to_bytes(byte, 1, byteorder='little')
                block = b'A' * (AES.block_size - len(mask) -
                                1) + byte_str + mask
                out = aes_cbc_decrypt(ctxtblock, key, block)

                # server would be doing this
                try:
                    validate_pkcs7(out)
                except ValueError:
                    validpad = False

                # back to client now
                if validpad:
                    cipher_byte = int.to_bytes(byte ^ cur_pad_byte,
                                               1,
                                               byteorder='little')
                    cipherout = cipher_byte + cipherout
                    break

        ptxt += xor(prevblock, cipherout)
        prevblock = ctxtblock

    return ptxt
Пример #8
0
def p17() -> bytes:
    strs = [
        'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
        'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB'
        '1bXBpbic=',
        'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
        'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
        'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
        'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
        'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
        'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
        'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
        'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'
    ]

    key, iv = urandom(16), urandom(16)
    ptxt = b64decode(random_choice(strs))

    ctxt = aes_cbc_encrypt(ptxt, key, iv)
    ptxt = _break_cbc(ctxt, key, iv)

    return validate_pkcs7(ptxt)
Пример #9
0
def p15() -> str:
    ice_baby = b'ICE ICE BABY' + b'\x04' * 4
    valid_padding = validate_pkcs7(ice_baby)
    return f'{repr(ice_baby)} has valid PKCS7 padding - {valid_padding}'
Пример #10
0
def p15():
    ice_baby = 'ICE ICE BABY' + '\x04' * 4
    valid_padding = validate_pkcs7(ice_baby)
    return '{} has valid PKCS7 padding - {}'.format(repr(ice_baby), valid_padding)