Differences
This shows you the differences between two versions of the page.
|
isc:labs:02 [2023/10/15 21:00] florin.stancu |
isc:labs:02 [2024/03/03 13:03] (current) vlad_iulius.nastase [05 [20p] We want Jokes instead of Nukes] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Objectives ===== | ===== Objectives ===== | ||
| * Basic Cryptography | * Basic Cryptography | ||
| - | * Block Cipher Modes | + | * Symmetric Cryptography: AES |
| - | * RSA | + | * Block Cipher Modes |
| + | * Asymmetric Cryptography: RSA | ||
| ===== Resources ===== | ===== Resources ===== | ||
| Line 19: | Line 20: | ||
| ===== Overview ===== | ===== Overview ===== | ||
| + | |||
| + | Cryptography refers to the technique of securing information and communications through use of codes, especially to prevent unauthorised access. | ||
| + | |||
| + | There are two main types: | ||
| + | * Symmetric | ||
| + | * Asymmetric | ||
| ==== Symmetric Key Encryption ==== | ==== Symmetric Key Encryption ==== | ||
| Line 146: | Line 153: | ||
| {{:isc:labs:isc-lab02-secret.zip|This file (compressed as .zip)}} was encrypted using the following code. Can you decrypt it? | {{:isc:labs:isc-lab02-secret.zip|This file (compressed as .zip)}} was encrypted using the following code. Can you decrypt it? | ||
| - | <code> | + | <code python> |
| from Crypto.Cipher import AES | from Crypto.Cipher import AES | ||
| from Crypto import Random | from Crypto import Random | ||
| Line 175: | Line 181: | ||
| f_out.write(enc) | f_out.write(enc) | ||
| f_out.close() | f_out.close() | ||
| + | </code> | ||
| + | <note info> | ||
| + | You might need to install ''pycryptodome'':<code> | ||
| + | pip3 install pycryptodome | ||
| </code> | </code> | ||
| + | </note> | ||
| <solution -hidden> | <solution -hidden> | ||
| - | <code> | + | <code python> |
| from Crypto.Cipher import AES | from Crypto.Cipher import AES | ||
| Line 185: | Line 196: | ||
| BLOCK_SIZE = 32 | BLOCK_SIZE = 32 | ||
| - | PADDING = '#' | + | PADDING = b'#' |
| - | iv = "\x00" * 16 | + | iv = b'\x00' * 16 |
| def decrypt(key, iv, data): | def decrypt(key, iv, data): | ||
| Line 193: | Line 204: | ||
| return data | return data | ||
| - | with open('secret.enc', 'rb') as f: | + | with open('isc-lab02-secret.enc', 'rb') as f: |
| data = f.read() | data = f.read() | ||
| extr_key = data[:32] | extr_key = data[:32] | ||
| extr_data = data[32:] | extr_data = data[32:] | ||
| - | f_dec = open("decr.jpg", 'wb') | + | f_dec = open('plain.jgp', 'wb') |
| f_dec.write(decrypt(extr_key, iv, extr_data).rstrip(PADDING)) | f_dec.write(decrypt(extr_key, iv, extr_data).rstrip(PADDING)) | ||
| f_dec.close() | f_dec.close() | ||
| Line 219: | Line 230: | ||
| </code> | </code> | ||
| * **Note**: the result is a decimal number, you need to convert it to an ASCII text using the snippet below: | * **Note**: the result is a decimal number, you need to convert it to an ASCII text using the snippet below: | ||
| - | <code> | + | <code python> |
| print(hex(message)[2:].decode("hex")) # python 2 | print(hex(message)[2:].decode("hex")) # python 2 | ||
| print(bytearray.fromhex(hex(message)[2:])) # python 3 | print(bytearray.fromhex(hex(message)[2:])) # python 3 | ||
| Line 228: | Line 239: | ||
| <solution -hidden> | <solution -hidden> | ||
| - | <code> | + | <code python> |
| - | #!/usr/bin/env python | + | |
| import gmpy2 | import gmpy2 | ||
| - | c = 48150432592505707552503950434421170873397025541574547497460326222962564730297 | + | c = 28822365203577929536184039125870638440692316100772583657817939349051546473185 |
| n = 70736025239265239976315088690174594021646654881626421461009089480870633400973 | n = 70736025239265239976315088690174594021646654881626421461009089480870633400973 | ||
| e = 3 | e = 3 | ||
| Line 238: | Line 249: | ||
| q = 238324208831434331628131715304428889871 | q = 238324208831434331628131715304428889871 | ||
| - | phi = (p-1)*(q-1) | + | phi = (p - 1) * (q - 1) |
| d = gmpy2.invert(e, phi) | d = gmpy2.invert(e, phi) | ||
| pt = pow(c, d, n) | pt = pow(c, d, n) | ||
| - | print( "plaintext: " + hex(pt)[2:].decode("hex")) | + | print( "plaintext: " + bytearray.fromhex(hex(pt)[2:]).decode('utf-8')) |
| </code> | </code> | ||
| </solution> | </solution> | ||
| - | |||
| - | <note warning>Please download {{:isc:labs:isc-lab02-crypto-extra.zip|Task Archive}} for the following tasks. </note> | ||
| ==== 03 [15p] Is this even OTP? ==== | ==== 03 [15p] Is this even OTP? ==== | ||
| Line 253: | Line 263: | ||
| * However, he failed to understand that you should not use the same byte for the entire key. | * However, he failed to understand that you should not use the same byte for the entire key. | ||
| * **Hint:** bruteforce | * **Hint:** bruteforce | ||
| + | |||
| + | <solution -hidden> | ||
| + | <code python> | ||
| + | |||
| + | # Key = 1e: i_guess_it_kinda_is_otp | ||
| + | |||
| + | from itertools import cycle | ||
| + | |||
| + | c = 'wAyk{mmAwjAuwpzAwmAqjn' | ||
| + | |||
| + | for i in range(0,256): | ||
| + | print("".join([chr(x[0] ^ ord(x[1])) for x in zip(cycle([i]), c)])) | ||
| + | |||
| + | </code> | ||
| + | </solution> | ||
| ==== 04 [20p] Many Time Pad ==== | ==== 04 [20p] Many Time Pad ==== | ||
| Line 259: | Line 284: | ||
| * Knowing that the key starts with "ALEXCTF{", can you determine the rest? | * Knowing that the key starts with "ALEXCTF{", can you determine the rest? | ||
| * **Hint:** take a close look at the folder for this task. | * **Hint:** take a close look at the folder for this task. | ||
| + | |||
| + | <solution -hidden> | ||
| + | <code> | ||
| + | |||
| + | ALEXCTF{HERE_GOES_THE_KEY} | ||
| + | |||
| + | </code> | ||
| + | </solution> | ||
| ==== 05 [20p] We want Jokes instead of Nukes ==== | ==== 05 [20p] We want Jokes instead of Nukes ==== | ||
| Line 269: | Line 302: | ||
| * **Hint 3:** Run the given oracle with the altered IV (hex encoded) to check that the message was modified correctly. | * **Hint 3:** Run the given oracle with the altered IV (hex encoded) to check that the message was modified correctly. | ||
| - | <note warning> | + | <note important> |
| - | If this looks cringy to you, wait until you see the assignments ;)) | + | If you find this cringe, just wait until you see the assignments! ;) |
| </note> | </note> | ||
| + | |||
| + | <solution -hidden> | ||
| + | <code python> | ||
| + | |||
| + | original_iv = bytes.fromhex('7ec00bc6fd663984c1b6c6fd95ceeef1') | ||
| + | original_plaintext = b'FIRE_NUKES_MELA!' | ||
| + | new_plaintext = b'SEND_NUDES_MELA!' | ||
| + | |||
| + | xor_result = bytes(a ^ b for a, b in zip(original_plaintext, new_plaintext)) | ||
| + | new_iv_bytes = bytes(a ^ b for a, b in zip(original_iv, xor_result)) | ||
| + | |||
| + | print("New IV in hexadecimal:", new_iv_bytes.hex()) | ||
| + | |||
| + | </code> | ||
| + | </solution> | ||
| + | |||
| ==== 6. [10p] Feedback ==== | ==== 6. [10p] Feedback ==== | ||
| Please take a minute to fill in the [[https://docs.google.com/forms/d/e/1FAIpQLSeMrKoWY6UKe1N_BASUARA-HixTuvSfrEnx_FKstT-RW464NQ/viewform |feedback form]] for this lab. | Please take a minute to fill in the [[https://docs.google.com/forms/d/e/1FAIpQLSeMrKoWY6UKe1N_BASUARA-HixTuvSfrEnx_FKstT-RW464NQ/viewform |feedback form]] for this lab. | ||
| - | |||
