From 723222e769785563babdda5f78a0ce21a276cb9f Mon Sep 17 00:00:00 2001
From: Benedict <benedict@0xb8000.de>
Date: Fri, 23 Sep 2016 11:36:08 +0200
Subject: completed set 4, task 31

---
 lib/lib3.c     | 43 +++++++++++++++++++---------
 set4/task28.c  | 49 ++++++++++++++++++--------------
 set4/task31.c  | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 set4/webapp.py | 46 ++++++++++++++++++++++++++++++
 4 files changed, 192 insertions(+), 34 deletions(-)
 create mode 100644 set4/task31.c
 create mode 100644 set4/webapp.py

diff --git a/lib/lib3.c b/lib/lib3.c
index 150c6ea..149d3a3 100644
--- a/lib/lib3.c
+++ b/lib/lib3.c
@@ -8,36 +8,46 @@
 char *challenge17_encrypt(int *length)
 {
 	int i, t;
-	char **string;
-	char **decoded;
-	string = malloc(sizeof(char *)*NR_STIRNGS_CHALLENGE17);
-	decoded = malloc(sizeof(char *)*NR_STIRNGS_CHALLENGE17);
+	char *string[NR_STIRNGS_CHALLENGE17];
+	char *decoded[NR_STIRNGS_CHALLENGE17];
 	char filename[] = "task17_0";	
 
-	for(i=0;i<10;i++) {
+	for(i=0;i<NR_STIRNGS_CHALLENGE17;i++) {
 		filename[strlen(filename)-1] = (char) (i+'0');
 		t = read_base64_file(filename, &string[i]);
 		decoded[i] = malloc(t);
-		length[i] = decode_base64(string[i], decoded[i]);
-		printf("read: %s\n", string[i]);
+		*length = decode_base64(string[i], decoded[i]);
+		printf("read: %s\n", decoded[i]);
 	}
+	
 	// choose one randomly
 	int random = rand() % NR_STIRNGS_CHALLENGE17;
 	int padding;
-	printf("plaintext: %s\n", string[random]);
+
+	//random = 1;
 	*length = strlen(string[random]);
-	char *padded_string = __pkcs7_padding(string[random], *length, 16, &padding);
+	char *padded_string = __pkcs7_padding(decoded[random], *length, 16, &padding);
+	char *hex_tmp = malloc((padding+strlen(decoded[random]))*2);
+	hex_binary_to_string(padded_string, hex_tmp, padding+strlen(decoded[random]));
+	printf("plaintext: %s\n", decoded[random]);
+	printf("plaintext: %s\n", hex_tmp);
 	char *encrypted = malloc(strlen(padded_string));
 	*length += padding;
 	aes_cbc(padded_string, strlen(padded_string), encrypted, key, iv, 1);
+	for(i=0;i<NR_STIRNGS_CHALLENGE17;i++)
+		free(decoded[i]);
 	return encrypted;	
+
 }
 
 int cbc_padding_oracle(char *encrypted, int length)
 {
 	char *decrypted = malloc(length);
 	char *unpadded= malloc(length);
-	
+
+	if(!decrypted || !unpadded)
+		return -1;
+
 	aes_cbc(encrypted, length, decrypted, key, iv, 0);
 
 	int valid = valid_pkcs7_padding(decrypted, length, unpadded, 16);
@@ -184,9 +194,6 @@ int unshift_right_xor(int number, int shifts)
 	return restore;
 }
 
-/***
-  * why the fuck is the reverse AND working?
-  **/
 int unshift_left_xor(int number, int shifts, unsigned int mask)
 {
 	int rounds = 0;
@@ -281,3 +288,13 @@ int mt_19937_password_token_time_based(unsigned int password_token, int time_win
 	}
 	return 0;
 }
+/**
+  * Given the actual state, restore the previous state of the MT
+  * This is useful, when you want to determine the previous random numbers
+  * you may not have observed.
+  *
+  **/
+int mt_19937_restore_previous_state(struct mt_19937_state *mt_state)
+{
+
+}
diff --git a/set4/task28.c b/set4/task28.c
index 993d5a3..02ab0f0 100644
--- a/set4/task28.c
+++ b/set4/task28.c
@@ -9,34 +9,46 @@ int main(int argc, char **argv)
 {
 	if(argc  != 2)
 		printf("Please provide ONE key as argument!\n");
-	unsigned int hex[5];
-	unsigned int hex2[5];
+	unsigned int hmac[5];
+	unsigned int hmac2[5];
 	int i;
-	char *text = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon";
-	char *append = ";admin=true";
-	char *key = argv[1];
-
+	unsigned char *text = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon";
+	unsigned char *append = ";admin=true";
+	unsigned char *key = argv[1];
 	printf("Using secret key: %s\n", key);
 
-	char *padded;
-	int padding_len = sha1_padding(strlen(text), &padded);
+	unsigned char *padded;
+	int padding_len = sha1_padding(strlen(key)+strlen(text), &padded);
 
-	sha1_hmac(hex, text, strlen(text), key, strlen(key));
+	sha1_hmac(hmac, text, strlen(text), key, strlen(key));
 	printf("MAC of original message:\n");
 	for(i=0;i<5;i++)
-		printf("%02x", hex[i]);
+		printf("%02x", hmac[i]);
 
 	printf("\n");
 	
 	/*
 	 * We are appending a text to the original message without knowign the
-	 * key. Actually we don't know the message here, just the length of
-	 * the message.
+	 * key. Actually we don't know the message here, just the hash of the orginal 
+	 * message. We have to append the right padding here, e.g. the size of the
+	 * *complete* message, not only append
 	 */
-	sha1_hmac_forge(hex2, append, strlen(append), hex);
+	unsigned int new_msg_len = strlen(text)+strlen(append)+padding_len;
+	unsigned char *new_msg = malloc(new_msg_len);
+	memcpy(new_msg, text, strlen(text));
+	memcpy(&new_msg[strlen(text)], padded, padding_len);
+	memcpy(&new_msg[strlen(text)+padding_len], append, strlen(append));
+	
+	unsigned char *padding2;
+	// mesage + padding + append + padding
+	int padding2_len = sha1_padding(new_msg_len+strlen(key), &padding2);
+	unsigned char *tmp2 = malloc(strlen(append)+padding2_len);
+	memcpy(tmp2, append, strlen(append));
+	memcpy(&tmp2[strlen(append)], padding2, padding2_len);
+	sha1_hmac_forge(hmac2, tmp2, (strlen(append)+padding2_len), hmac);
 	printf("MAC of forged message:\n");
 	for(i=0;i<5;i++)
-		printf("%02x", hex2[i]);
+		printf("%02x", hmac2[i]);
 
 	printf("\n");
 	
@@ -45,12 +57,7 @@ int main(int argc, char **argv)
 	 * victim. He knows the secret and test and will think that
 	 * this is a message from Alice
 	 */
-	unsigned int new_msg_len = strlen(text)+strlen(append)+padding_len;
-	char *new_msg = malloc(new_msg_len);
-	memcpy(new_msg, text, strlen(text));
-	memcpy(&new_msg[strlen(text)], padded, padding_len);
-	memcpy(&new_msg[strlen(text)+padding_len], append, strlen(append));
-
-	if(!sha1_hmac_verify(hex2, new_msg, new_msg_len, key, strlen(key)))
+	printf("Verifying...\n");
+	if(sha1_hmac_verify(hmac2, new_msg, new_msg_len, key, strlen(key)))
 			printf("Forged MAC got accepted!\n");
 }
diff --git a/set4/task31.c b/set4/task31.c
new file mode 100644
index 0000000..1c613dd
--- /dev/null
+++ b/set4/task31.c
@@ -0,0 +1,88 @@
+#include "../lib/lib.h"
+#include "../lib/lib2.h"
+#include "../lib/lib3.h"
+#include "../lib/lib4.h"
+#include <time.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+#include <math.h>
+
+int get_max(long *numbers, int length)
+{
+	long max;
+	int ret;
+	int i;
+
+	for(i=0;i<length;i++) {
+		if(numbers[i] > max) {
+			max = numbers[i];
+			ret = i;
+		}
+	}
+
+	return ret;
+}
+
+int main(int argc, char **argv)
+{
+	int socket_fd;
+	struct sockaddr_in serv_addr;
+	char *server_addr = "127.0.0.1";
+	char *http_request_template = "GET /?file=neu&signature=%s HTTP/1.1\r\n\r\n";
+	// sha1 is 20 bytes, in hex 40
+	char *signature = malloc(40+1);
+	char *http_request = malloc(strlen(http_request_template) + 20);
+	memset(signature, '0', 40+1);
+	signature[40] = '\0';
+	struct timespec time;
+	int i, j;
+	char c;
+	long response_times[16];
+	char *response = malloc(2000);
+
+
+	for(i=0;i<40;i++) {
+		for(j=0;j<16;j++) {
+			// connect to localhost:80
+			socket_fd = socket(AF_INET, SOCK_STREAM, 0);
+
+			if (socket_fd == -1)
+				perror("Can not create socket");
+
+			serv_addr.sin_family = AF_INET;
+			serv_addr.sin_port = htons(8080);
+			serv_addr.sin_addr.s_addr = inet_addr(server_addr);
+
+			if(connect(socket_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
+				perror("Can not connect");
+			}
+			// send http request
+			// brute force every byte of the signature
+			c = j > 9 ? 'a' + (j-10) : '0' + j;
+			signature[i] = c;
+			sprintf(http_request, http_request_template, signature);
+			//printf("request: %s\n", http_request);
+			clock_gettime(CLOCK_MONOTONIC, &time);
+			long start_time = (time.tv_sec * 1000000 + time.tv_nsec/1000);
+
+			write(socket_fd, http_request, strlen(http_request));
+
+
+			read(socket_fd, response, 2000);
+
+			clock_gettime(CLOCK_REALTIME, &time);
+
+			long stop_time = time.tv_sec * 1000000 + time.tv_nsec/1000;
+
+			memset(response, 0, 2000);
+			response_times[j] = (stop_time) - (start_time);
+
+			close(socket_fd);
+		}
+		// ok now choose the right one (the one where the latency is max
+		int index = get_max(response_times, 16);
+		signature[i] = index > 9 ? 'a' + (index-10) : '0' + index;
+		printf("signature so far: %s\n", signature);
+	}
+}
diff --git a/set4/webapp.py b/set4/webapp.py
new file mode 100644
index 0000000..4437744
--- /dev/null
+++ b/set4/webapp.py
@@ -0,0 +1,46 @@
+#!/bin/python2
+
+import web
+from time import sleep
+import hashlib
+import hmac
+
+urls = (
+    '/', 'index'
+)
+
+class crypto:
+	def __init__(self):
+		self.key = "bummbamm"
+
+	def insecure_compare(self, hmac_arg, filename, key):
+		print hmac_arg
+		print filename
+		com_hmac = hmac.new(key, filename, hashlib.sha1).digest()
+
+		com_hmac = com_hmac.encode("hex")
+		print com_hmac
+
+		for i in range(len(hmac_arg)):
+			if hmac_arg[i] == com_hmac[i]:
+				sleep(0.05)
+			else:
+				break
+
+		return 200
+
+
+class index():
+	def GET(self):
+		cry = crypto()
+		print cry.key
+		f = web.input()
+		back = f["file"] + " : " + f["signature"]
+		cry.insecure_compare(f["signature"], f["file"], cry.key)
+		print f
+		return back
+
+if __name__ == "__main__":
+	app = web.application(urls, globals())
+	app.run()
+
-- 
cgit v1.2.3-70-g09d2