diff options
| -rw-r--r-- | lib/lib3.c | 43 | ||||
| -rw-r--r-- | set4/task28.c | 49 | ||||
| -rw-r--r-- | set4/task31.c | 88 | ||||
| -rw-r--r-- | set4/webapp.py | 46 |
4 files changed, 192 insertions, 34 deletions
@@ -8,36 +8,46 @@ char *challenge17_encrypt(int *length) { int i, t; - char **string; - char **decoded; - string = malloc(sizeof(char *)*NR_STIRNGS_CHALLENGE17); - decoded = malloc(sizeof(char *)*NR_STIRNGS_CHALLENGE17); + char *string[NR_STIRNGS_CHALLENGE17]; + char *decoded[NR_STIRNGS_CHALLENGE17]; char filename[] = "task17_0"; - for(i=0;i<10;i++) { + for(i=0;i<NR_STIRNGS_CHALLENGE17;i++) { filename[strlen(filename)-1] = (char) (i+'0'); t = read_base64_file(filename, &string[i]); decoded[i] = malloc(t); - length[i] = decode_base64(string[i], decoded[i]); - printf("read: %s\n", string[i]); + *length = decode_base64(string[i], decoded[i]); + printf("read: %s\n", decoded[i]); } + // choose one randomly int random = rand() % NR_STIRNGS_CHALLENGE17; int padding; - printf("plaintext: %s\n", string[random]); + + //random = 1; *length = strlen(string[random]); - char *padded_string = __pkcs7_padding(string[random], *length, 16, &padding); + char *padded_string = __pkcs7_padding(decoded[random], *length, 16, &padding); + char *hex_tmp = malloc((padding+strlen(decoded[random]))*2); + hex_binary_to_string(padded_string, hex_tmp, padding+strlen(decoded[random])); + printf("plaintext: %s\n", decoded[random]); + printf("plaintext: %s\n", hex_tmp); char *encrypted = malloc(strlen(padded_string)); *length += padding; aes_cbc(padded_string, strlen(padded_string), encrypted, key, iv, 1); + for(i=0;i<NR_STIRNGS_CHALLENGE17;i++) + free(decoded[i]); return encrypted; + } int cbc_padding_oracle(char *encrypted, int length) { char *decrypted = malloc(length); char *unpadded= malloc(length); - + + if(!decrypted || !unpadded) + return -1; + aes_cbc(encrypted, length, decrypted, key, iv, 0); int valid = valid_pkcs7_padding(decrypted, length, unpadded, 16); @@ -184,9 +194,6 @@ int unshift_right_xor(int number, int shifts) return restore; } -/*** - * why the fuck is the reverse AND working? - **/ int unshift_left_xor(int number, int shifts, unsigned int mask) { int rounds = 0; @@ -281,3 +288,13 @@ int mt_19937_password_token_time_based(unsigned int password_token, int time_win } return 0; } +/** + * Given the actual state, restore the previous state of the MT + * This is useful, when you want to determine the previous random numbers + * you may not have observed. + * + **/ +int mt_19937_restore_previous_state(struct mt_19937_state *mt_state) +{ + +} diff --git a/set4/task28.c b/set4/task28.c index 993d5a3..02ab0f0 100644 --- a/set4/task28.c +++ b/set4/task28.c @@ -9,34 +9,46 @@ int main(int argc, char **argv) { if(argc != 2) printf("Please provide ONE key as argument!\n"); - unsigned int hex[5]; - unsigned int hex2[5]; + unsigned int hmac[5]; + unsigned int hmac2[5]; int i; - char *text = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon"; - char *append = ";admin=true"; - char *key = argv[1]; - + unsigned char *text = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon"; + unsigned char *append = ";admin=true"; + unsigned char *key = argv[1]; printf("Using secret key: %s\n", key); - char *padded; - int padding_len = sha1_padding(strlen(text), &padded); + unsigned char *padded; + int padding_len = sha1_padding(strlen(key)+strlen(text), &padded); - sha1_hmac(hex, text, strlen(text), key, strlen(key)); + sha1_hmac(hmac, text, strlen(text), key, strlen(key)); printf("MAC of original message:\n"); for(i=0;i<5;i++) - printf("%02x", hex[i]); + printf("%02x", hmac[i]); printf("\n"); /* * We are appending a text to the original message without knowign the - * key. Actually we don't know the message here, just the length of - * the message. + * key. Actually we don't know the message here, just the hash of the orginal + * message. We have to append the right padding here, e.g. the size of the + * *complete* message, not only append */ - sha1_hmac_forge(hex2, append, strlen(append), hex); + unsigned int new_msg_len = strlen(text)+strlen(append)+padding_len; + unsigned char *new_msg = malloc(new_msg_len); + memcpy(new_msg, text, strlen(text)); + memcpy(&new_msg[strlen(text)], padded, padding_len); + memcpy(&new_msg[strlen(text)+padding_len], append, strlen(append)); + + unsigned char *padding2; + // mesage + padding + append + padding + int padding2_len = sha1_padding(new_msg_len+strlen(key), &padding2); + unsigned char *tmp2 = malloc(strlen(append)+padding2_len); + memcpy(tmp2, append, strlen(append)); + memcpy(&tmp2[strlen(append)], padding2, padding2_len); + sha1_hmac_forge(hmac2, tmp2, (strlen(append)+padding2_len), hmac); printf("MAC of forged message:\n"); for(i=0;i<5;i++) - printf("%02x", hex2[i]); + printf("%02x", hmac2[i]); printf("\n"); @@ -45,12 +57,7 @@ int main(int argc, char **argv) * victim. He knows the secret and test and will think that * this is a message from Alice */ - unsigned int new_msg_len = strlen(text)+strlen(append)+padding_len; - char *new_msg = malloc(new_msg_len); - memcpy(new_msg, text, strlen(text)); - memcpy(&new_msg[strlen(text)], padded, padding_len); - memcpy(&new_msg[strlen(text)+padding_len], append, strlen(append)); - - if(!sha1_hmac_verify(hex2, new_msg, new_msg_len, key, strlen(key))) + printf("Verifying...\n"); + if(sha1_hmac_verify(hmac2, new_msg, new_msg_len, key, strlen(key))) printf("Forged MAC got accepted!\n"); } diff --git a/set4/task31.c b/set4/task31.c new file mode 100644 index 0000000..1c613dd --- /dev/null +++ b/set4/task31.c @@ -0,0 +1,88 @@ +#include "../lib/lib.h" +#include "../lib/lib2.h" +#include "../lib/lib3.h" +#include "../lib/lib4.h" +#include <time.h> +#include <sys/socket.h> +#include <netdb.h> +#include <arpa/inet.h> +#include <math.h> + +int get_max(long *numbers, int length) +{ + long max; + int ret; + int i; + + for(i=0;i<length;i++) { + if(numbers[i] > max) { + max = numbers[i]; + ret = i; + } + } + + return ret; +} + +int main(int argc, char **argv) +{ + int socket_fd; + struct sockaddr_in serv_addr; + char *server_addr = "127.0.0.1"; + char *http_request_template = "GET /?file=neu&signature=%s HTTP/1.1\r\n\r\n"; + // sha1 is 20 bytes, in hex 40 + char *signature = malloc(40+1); + char *http_request = malloc(strlen(http_request_template) + 20); + memset(signature, '0', 40+1); + signature[40] = '\0'; + struct timespec time; + int i, j; + char c; + long response_times[16]; + char *response = malloc(2000); + + + for(i=0;i<40;i++) { + for(j=0;j<16;j++) { + // connect to localhost:80 + socket_fd = socket(AF_INET, SOCK_STREAM, 0); + + if (socket_fd == -1) + perror("Can not create socket"); + + serv_addr.sin_family = AF_INET; + serv_addr.sin_port = htons(8080); + serv_addr.sin_addr.s_addr = inet_addr(server_addr); + + if(connect(socket_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) { + perror("Can not connect"); + } + // send http request + // brute force every byte of the signature + c = j > 9 ? 'a' + (j-10) : '0' + j; + signature[i] = c; + sprintf(http_request, http_request_template, signature); + //printf("request: %s\n", http_request); + clock_gettime(CLOCK_MONOTONIC, &time); + long start_time = (time.tv_sec * 1000000 + time.tv_nsec/1000); + + write(socket_fd, http_request, strlen(http_request)); + + + read(socket_fd, response, 2000); + + clock_gettime(CLOCK_REALTIME, &time); + + long stop_time = time.tv_sec * 1000000 + time.tv_nsec/1000; + + memset(response, 0, 2000); + response_times[j] = (stop_time) - (start_time); + + close(socket_fd); + } + // ok now choose the right one (the one where the latency is max + int index = get_max(response_times, 16); + signature[i] = index > 9 ? 'a' + (index-10) : '0' + index; + printf("signature so far: %s\n", signature); + } +} diff --git a/set4/webapp.py b/set4/webapp.py new file mode 100644 index 0000000..4437744 --- /dev/null +++ b/set4/webapp.py @@ -0,0 +1,46 @@ +#!/bin/python2 + +import web +from time import sleep +import hashlib +import hmac + +urls = ( + '/', 'index' +) + +class crypto: + def __init__(self): + self.key = "bummbamm" + + def insecure_compare(self, hmac_arg, filename, key): + print hmac_arg + print filename + com_hmac = hmac.new(key, filename, hashlib.sha1).digest() + + com_hmac = com_hmac.encode("hex") + print com_hmac + + for i in range(len(hmac_arg)): + if hmac_arg[i] == com_hmac[i]: + sleep(0.05) + else: + break + + return 200 + + +class index(): + def GET(self): + cry = crypto() + print cry.key + f = web.input() + back = f["file"] + " : " + f["signature"] + cry.insecure_compare(f["signature"], f["file"], cry.key) + print f + return back + +if __name__ == "__main__": + app = web.application(urls, globals()) + app.run() + |