Show page

Differences

This shows you the differences between two versions of the page.

--- isc:labs:02 [2022/03/14 09:34]
florin.stancu fix AES for python3
+++ isc:labs:02 [2024/03/03 13:03] (current)
vlad_iulius.nastase [05 [20p] We want Jokes instead of Nukes]
@@ Line 3: / Line 3: @@
 ===== Objectives =====
   * Basic Cryptography
-  * Block Cipher Modes
+  * Symmetric Cryptography: AES
-  * RSA
+    * Block Cipher Modes
+  * Asymmetric Cryptography: RSA
 ===== Resources =====
@@ Line 12: / Line 13: @@
   *[[https://en.wikipedia.org/wiki/Fermat%27s_factorization_method|Fermat factorisation]]
   *[[http://factordb.com/|Factor DB]]
+===== Preparation =====
+You may use the UPB's [[https://cloud.grid.pub.ro|OpenStack cloud to instantiate a Virtual Machine]] to be used for this lab!
+[[:isc:info:virtualmachine|Read these instructions if you wanna know how!]].
 ===== Overview =====
+Cryptography refers to the technique of securing information and communications through use of codes, especially to prevent unauthorised access.
+There are two main types:
+  * Symmetric
+  * Asymmetric
 ==== Symmetric Key Encryption ====
@@ Line 122: / Line 134: @@
   * **Hint:** The image seems corrupted. Why? The header is encrypted, of course! Fix this and you can see how an encrypted image looks like!
-  * You can use your favorite hex editor for modifying the binary file (bless. Try [[http://www.devdungeon.com/content/working-binary-data-python|Python]] or [[http://stackoverflow.com/questions/4411014/how-to-get-only-the-first-ten-bytes-of-a-binary-file|Basic shell scripting]] if you don't have any!
+  * You can use your favorite hex editor for modifying the binary file (Try [[http://www.devdungeon.com/content/working-binary-data-python|Python]] or [[http://stackoverflow.com/questions/4411014/how-to-get-only-the-first-ten-bytes-of-a-binary-file|Basic shell scripting]] if you don't have any!
-  * You can use bless editor <code>sudo apt-get install bless</code>
+  * You can use hexedit terminal editor <code>sudo apt-get install hexedit</code>
 <solution -hidden>
@@ Line 139: / Line 151: @@
 === 1. [20p] AES ===
  {{:isc:labs:isc-lab02-secret.zip|This file (compressed as .zip)}} was encrypted using the following code. Can you decrypt it?
-<code>
+<code python>
 from Crypto.Cipher import AES
 from Crypto import Random
@@ Line 169: / Line 181: @@
 f_out.write(enc)
 f_out.close()
+</code>
+<note info>
+You might need to install ''pycryptodome'':<code>
+pip3 install pycryptodome
 </code>
+</note>
 <solution -hidden>
-<code>
+<code python>
 from Crypto.Cipher import AES
@@ Line 179: / Line 196: @@
 BLOCK_SIZE = 32
-PADDING = '#'
+PADDING = b'#'
-iv = "\x00" * 16
+iv = b'\x00' * 16
 def decrypt(key, iv, data):
@@ Line 187: / Line 204: @@
     return data
-with open('secret.enc', 'rb') as f:
+with open('isc-lab02-secret.enc', 'rb') as f:
     data = f.read()
 extr_key = data[:32]
 extr_data = data[32:]
-f_dec = open("decr.jpg", 'wb')
+f_dec = open('plain.jgp', 'wb')
 f_dec.write(decrypt(extr_key, iv, extr_data).rstrip(PADDING))
 f_dec.close()
@@ Line 198: / Line 215: @@
 </code>
 </solution>
 === 2. [20p] RSA - Known factorisation ===
@@ Line 214: / Line 230: @@
 </code>
   * **Note**: the result is a decimal number, you need to convert it to an ASCII text using the snippet below:
-    <code>
+    <code python>
 print(hex(message)[2:].decode("hex"))  # python 2
 print(bytearray.fromhex(hex(message)[2:]))  # python 3
@@ Line 223: / Line 239: @@
 <solution -hidden>
-<code>
+<code python>
-#!/usr/bin/env python
 import gmpy2
-c = 48150432592505707552503950434421170873397025541574547497460326222962564730297
+c = 28822365203577929536184039125870638440692316100772583657817939349051546473185
 n = 70736025239265239976315088690174594021646654881626421461009089480870633400973
 e = 3
@@ Line 233: / Line 249: @@
 q = 238324208831434331628131715304428889871
-phi = (p-1)*(q-1)
+phi = (p - 1) * (q - 1)
 d = gmpy2.invert(e, phi)
 pt = pow(c, d, n)
-print( "plaintext: " + hex(pt)[2:].decode("hex"))
+print( "plaintext: " + bytearray.fromhex(hex(pt)[2:]).decode('utf-8'))
 </code>
 </solution>
-<note warning>Please download {{:isc:labs:isc-lab02-crypto-extra.zip|Task Archive}} for the following tasks. </note>
 ==== 03 [15p] Is this even OTP? ====
-  * Someone applied [[https://en.wikipedia.org/wiki/One-time_pad|one time pad]] on a text.
+  * Someone applied [[https://en.wikipedia.org/wiki/One-time_pad|one time pad]] on {{:isc:labs:isc-lab02-otp.txt|this text}}.
   * However, he failed to understand that you should not use the same byte for the entire key.
     * **Hint:** bruteforce
-==== 04 [20p] Many Time Pad ====
+<solution -hidden>
-  * This time, he did use a proper key. Unfortunately for him, he used it for multiple encryptions.
+<code python>
-  * Knowing that the key starts with "ALEXCTF{", can you determine the rest?
-    * **Hint:** take a close look at the folder for this task.
-==== 05 [20p] We want Nudes instead of Nukes  ====
-  * Donald has gone completely crazy. To prevent world chaos, you kidnapped him. Right before the kidnapping he tried to send one encrypted message to his wife Melania. Luckily you intercepted the message. Donald admits that he used AES256-CBC encryption - a block cipher operating with a block length of 16 bytes.
-  * The IV that he used is "7ec00bc6fd663984c1b6c6fd95ceeef1" (hex encoded). After torturing him by stealing his hairpiece, he tells you the plain text of the message is: "FIRE_NUKES_MELA!".
-  * As a passionate hacker you of course try to take advantage of this message. To get the flag alter the IV such that Melania will read: "SEND_NUDES_MELA!".
-    * **Hint 1:** The encrypted message and the key are not relevant. You will not break AES today. Look at the IV and the plaintext.
-    * **Hint 2:** How does [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_(CBC)|CBC]] work exactly? Take a look at the decryption process and remember that the message is only one block in length.
-    * **Hint 3:** Run the given oracle with the altered IV (hex encoded) to check that the message was modified correctly.
-==== 6. [10p] Feedback ====
+# Key = 1e: i_guess_it_kinda_is_otp
-Please take a minute to fill in the [[https://docs.google.com/forms/d/e/1FAIpQLSeMrKoWY6UKe1N_BASUARA-HixTuvSfrEnx_FKstT-RW464NQ/viewform |feedback form]] for this lab.
+from itertools import cycle
+c = 'wAyk{mmAwjAuwpzAwmAqjn'
+for i in range(0,256):
+    print("".join([chr(x[0] ^ ord(x[1])) for x in zip(cycle([i]), c)]))
+</code>
+</solution>
-<hidden>
+==== 04 [20p] Many Time Pad ====
-old feedback form [[https://forms.gle/5Lu1mFa63zptk2ox9|feedback form]]
-O sa las vechiile exercitii aici momentan (Mugur)
-=== 4. [20p] RSA - Fermat Factorization ===
-Implement and try out [[https://en.wikipedia.org/wiki/Fermat%27s_factorization_method|Fermat's Factorization Algorithm]]!
+  * This time, {{:isc:labs:isc-lab02-many_time_pad.zip|he did use a proper key}}. Unfortunately for him, he used it for multiple encryptions.
-Then try to break this RSA key:
+  * Knowing that the key starts with "ALEXCTF{", can you determine the rest?
+    * **Hint:** take a close look at the folder for this task.
-<code>
-c = 654564125967811572957608485461509223541781197895608920296825435452302563551217882689453762450350456257099687251554693360645992257362168460115089842875072530869254099617858153458510730488327127628978127748004507636893613507344065845140647694349616219705757465949239924311260160127009283418952554522720051840260714703523494071411559772701875928237248989122625648657235677768486515417771976078417365256201505968603934443986411140514722785883888625061210731765750448
-n = 1209143407476550975641959824312993703149920344437422193042293131572745298662696284279928622412441255652391493241414170537319784298367821654726781089600780498369402167443363862621886943970468819656731959468058528787895569936536904387979815183897568006750131879851263753496120098205966442010445601534305483783759226510120860633770814540166419495817666312474484061885435295870436055727722073738662516644186716532891328742452198364825809508602208516407566578212780807
-e = 65537
-</code>
-Useful gmpy2 functions:
-  * //is_square(x)// returns True if x is a perfect square, False otherwise.
-  * //isqrt(x)// returns the integer square root of an integer x. x must be >= 0.
 <solution -hidden>
 <code>
-#!/usr/bin/env python
-import gmpy2
-from math import ceil
-from decimal import Decimal
-def fermat(n):
+ALEXCTF{HERE_GOES_THE_KEY}
-	a = gmpy2.isqrt(n) + 1
-	b2 = a * a - n
-	while not gmpy2.is_square(b2):
-	    a = a + 1
-	    b2 = a * a - n
-	b = gmpy2.isqrt(b2)
-	return (a+b, a-b)
-c = 654564125967811572957608485461509223541781197895608920296825435452302563551217882689453762450350456257099687251554693360645992257362168460115089842875072530869254099617858153458510730488327127628978127748004507636893613507344065845140647694349616219705757465949239924311260160127009283418952554522720051840260714703523494071411559772701875928237248989122625648657235677768486515417771976078417365256201505968603934443986411140514722785883888625061210731765750448
-n = 1209143407476550975641959824312993703149920344437422193042293131572745298662696284279928622412441255652391493241414170537319784298367821654726781089600780498369402167443363862621886943970468819656731959468058528787895569936536904387979815183897568006750131879851263753496120098205966442010445601534305483783759226510120860633770814540166419495817666312474484061885435295870436055727722073738662516644186716532891328742452198364825809508602208516407566578212780807
-e = 65537
-p, q = fermat(n)
-phi = (p-1)*(q-1)
-d = gmpy2.invert(e, phi)
-pt = pow(c, d, n)
-print( "plaintext: " + hex(pt)[2:].decode("hex"))
 </code>
 </solution>
-=== 5. [20p] RSA - Broadcast Attack ===
+==== 05 [20p] We want Jokes instead of Nukes  ====
-Beware! If you use a small exponent and you encrypt the same message using three different keys, the message can be recovered!
+  * {{:isc:labs:isc-lab02-oracle.zip|Donald has gone completely crazy}}. To prevent world chaos, you kidnapped him. Right before the kidnapping he tried to send one encrypted message to his wife Melania. Luckily you intercepted the message. Donald admits that he used AES256-CBC encryption - a block cipher operating with a block length of 16 bytes.
+  * The IV that he used is "7ec00bc6fd663984c1b6c6fd95ceeef1" (hex encoded). After torturing him by stealing his hairpiece, he tells you the plain text of the message is: "FIRE_NUKES_MELA!".
+  * As a passionate hacker you of course try to take advantage of this message. To get the flag alter the IV such that Melania will read: "SEND_NUDES_MELA!".
+    * **Hint 1:** The encrypted message and the key are not relevant. You will not break AES today. Look at the IV and the plaintext.
+    * **Hint 2:** How does [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_(CBC)|CBC]] work exactly? Take a look at the decryption process and remember that the message is only one block in length.
+    * **Hint 3:** Run the given oracle with the altered IV (hex encoded) to check that the message was modified correctly.
-<code>
+<note important>
-  n1 = 0xa8688af04ce3d0b93d04219391054740f10272ab96706cb98f852d8123e93853dfa4c4cf1fbb61cd632a2dad437e25003d545cded563e20581b6738a8080ac23
+If you find this cringe, just wait until you see the assignments! ;)
-  n2 = 0x70b2de4871351f2736f6f98eaed99ae6a68dd02954c536ebefdd553e7c7cf3003991bad6081061d04a6513e3d0db8be164f8e2e8e51deb1469832600957b7fe9
+</note>
-  n3 = 0x586b8bccfa79b1a4e1332bccb897df08ad8e1867cee01ba003c74d861fd84ffe3cef3b652d45282bc18a6a11ca001f06500b78763932ae8044dfc21b6288fc91
-  c1 = 0x352cf1b545414223ce9ef6897258be836a282b5bf5d9050a7329bc0cabf8c700fbe2f4fef2a2d936eb08961406b1a2d6f288d18892e851ebe5afddb48723e89d
-  c2 = 0x1701b013a055ae8843ccfabceb1b29f79e676e2add6ca8256d893c754c1269820024ccd897d56f16d51f71023294d6d0ec30aaf1f9b07739bb9dfb7e3cb5ddb
-  c3 = 0x46f96866b9751c6492fe72f0169421e906915aab1065bc89d1712b086392f31585f4b409f645f968c918a1b16863bfadf95298f932ed30e52089a536146aae82
-  e = 3
-</code>
-  * Example [[http://www.di-mgt.com.au/crt.html|Broadcast attack]]
+<solution -hidden>
-  * Check out [[https://en.wikipedia.org/wiki/Chinese_remainder_theorem|Chinese Remainder Theorem]] ;)
+<code python>
-  * **Hint:** Use the [[https://en.wikipedia.org/wiki/Chinese_remainder_theorem#Existence_.28direct_construction.29|proof by direct construction]]
-Useful gmpy2 functions:
+original_iv = bytes.fromhex('7ec00bc6fd663984c1b6c6fd95ceeef1')
-  * //iroot(x,n)// returns a 2-element tuple (y, b) such that y is the integer n-th root of x and b is True if the root is exact. x must be >= 0 and n must be > 0
+original_plaintext = b'FIRE_NUKES_MELA!'
+new_plaintext = b'SEND_NUDES_MELA!'
-<solution -hidden>
+xor_result = bytes(a ^ b for a, b in zip(original_plaintext, new_plaintext))
-<code>
+new_iv_bytes = bytes(a ^ b for a, b in zip(original_iv, xor_result))
-#!/usr/bin/python
-import gmpy2
-n1 = 0xa8688af04ce3d0b93d04219391054740f10272ab96706cb98f852d8123e93853dfa4c4cf1fbb61cd632a2dad437e25003d545cded563e20581b6738a8080ac23
+print("New IV in hexadecimal:", new_iv_bytes.hex())
-n2 = 0x70b2de4871351f2736f6f98eaed99ae6a68dd02954c536ebefdd553e7c7cf3003991bad6081061d04a6513e3d0db8be164f8e2e8e51deb1469832600957b7fe9
-n3 = 0x586b8bccfa79b1a4e1332bccb897df08ad8e1867cee01ba003c74d861fd84ffe3cef3b652d45282bc18a6a11ca001f06500b78763932ae8044dfc21b6288fc91
-c1 = 0x352cf1b545414223ce9ef6897258be836a282b5bf5d9050a7329bc0cabf8c700fbe2f4fef2a2d936eb08961406b1a2d6f288d18892e851ebe5afddb48723e89d
-c2 = 0x1701b013a055ae8843ccfabceb1b29f79e676e2add6ca8256d893c754c1269820024ccd897d56f16d51f71023294d6d0ec30aaf1f9b07739bb9dfb7e3cb5ddb
-c3 = 0x46f96866b9751c6492fe72f0169421e906915aab1065bc89d1712b086392f31585f4b409f645f968c918a1b16863bfadf95298f932ed30e52089a536146aae82
-e = 3
-N = n1*n2*n3
-N1 = n2*n3
-N2 = n1*n3
-N3 = n1*n2
-d1 = gmpy2.invert(N1, n1)
-d2 = gmpy2.invert(N2, n2)
-d3 = gmpy2.invert(N3, n3)
-res = c1*N1*d1 + c2*N2*d2 + c3*N3*d3
-s = int(res % N)
-pt, perf = gmpy2.iroot(s, e)
-print( "plaintext: " + hex(pt)[2:].decode("hex"))
 </code>
 </solution>
-</hidden>
+==== 6. [10p] Feedback ====
+Please take a minute to fill in the [[https://docs.google.com/forms/d/e/1FAIpQLSeMrKoWY6UKe1N_BASUARA-HixTuvSfrEnx_FKstT-RW464NQ/viewform |feedback form]] for this lab.

isc/labs/02.1647243278.txt.gz · Last modified: 2022/03/14 09:34 by florin.stancu

Show page Old revisions

Media Manager Back to top

Differences

Lectures

Labs

Support