SlideShare une entreprise Scribd logo

0xdec0de01 crypto CTF solutions

V
Vlad Garbuz

Walk-through for the tasks of 0xdec0de01 cryptographic CTF.

Logiciels
1  sur  21
Télécharger pour lire hors ligne
Vladimir Garbuz Security Engineer at HP LM Security Center of Excellence Walkthrough 0xDEC0DE01 cryptoCTF
Intro  What this talk is about  What this talk is NOT about  google “vladimir garbuz cryptography” for dec0de01 talk and slides with more technical details  Ok… The cryptoCTF!  solve 5 challenges to win 10000$  well, 100.00$...  Still available at the link: http://goo.gl/tuKku7
Intro  CTF consisted of 5 tasks: 1. Poor AES-CBC cryptolocker (bruteforce) 2. Simple stream cipher (pad reuse) 3. AES-ECB encryption (data leaking) 4. SHA256 MAC (length extension attack) 5. SHA256 proof of work (bruteforce)
AES-CBC cryptolocker  2 files available:  very_bad_encryptor is VERY bad:  Very slow (~1MB/sec)  Can encrypt and decrypt  Uses SHA256 hash as AES encryption key  Hash of a 8 digit numeric user entered code…   Uses CBC encryption mode
AES-CBC cryptolocker
AES-CBC cryptolocker  But how to know when the password is right?..
AES-CBC cryptolocker
AES-ECB encryption
AES-ECB encryption
Simple stream cipher  Stream cipher basics  Sender computes Message ⊕ Keystream and sends the Ciphertext  Receiver computes Ciphertext ⊕ Keystream to get Message  In our case, the key stream was generated via Python random, initialized with constant “0xdec0de01” 
Simple stream cipher Basic vulnerabilities: key reuse What’s so terrible about key reuse?  So we have 2 plaintexts P1 and P2, and we encrypt them separately under the same Key: C1=P1⊕F(Key) C2=P2⊕F(Key) When attacker intercepts them, he can then compute: C1⊕C2=P1⊕P2  “Oh, please! How bad could that possibly be?..”
Simple stream cipher Basic vulnerabilities: key reuse
Simple stream cipher Basic vulnerabilities: key reuse  Case 1: if one of the plaintexts, e.g. P1, is known, restoring the other one is trivial P1⊕P2⊕P1 = P1⊕P1⊕P2 = 0⊕P2 = P2  Case 2: if a portion of Plaintext is known, the Keystream in corresponding position is revealed C = P⊕E(Key)  C⊕P = E(Key)  Now, having the Keystream at some position, we can decrypt data at that position from other ciphertexts
Simple stream cipher
SHA256 MAC – length extension  The task was, quote: d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d77bb5a3 This is a MAC (SHA256) of a secret key concatenated with the e-mail address that you need to send your results to. The length of the key+e-mail is 53 bytes. Your task is to add any message you want to this e-mail and compute a new SHA256 hash of it - all in such a way that your hash is identical to the MAC that I will compute from my key + your message. As a solution for this task I expect 2 things: forged message AND it's SHA256 hash. Yes, it's that simple, but can YOU actually do it?
SHA256 MAC – length extension Breaking “key + message MAC”  What’s vulnerable?  Hash functions with Merkle–Damgård construction, e.g. MD4, MD5, RIPEMD-160, WHIRLPOOL, SHA-0, SHA-1 and even SHA-2  Doesn’t work on other constructions - SHA-3, poly1305,...  In this construction, the resulting hash is the internal state of the function at the end of computation  Which can (and will ) be used as the starting state of the hash function
SHA256 MAC – length extension  Hash of k+m is actually a hash of k+m+p, where p is some necessary, but easily predictable, padding  To illustrate this:  H0(k) = Hk - here, H0 is the initial state of hash function  Hk(m) = Hkm - Hk is its state after processing k  Hkm (p) = Hkmp  Hkmp = H(k+m+p)
SHA256 MAC – length extension  Since p is predictable and end state Hkmp is known  We chose any arbitrary m´  Set the hash function’s initial state to Hkmp  And make it process the bytes of message m´ Hkmp(m´) = Hkmpm´  Curiously, this is EXACTLY what happens when you hash m+p+m´ under a known key!  Now, our hash is forged but will check out as valid!
SHA256 MAC – length extension  Example solution: Using https://github.com/iagox86/hash_extender we can append string '0wn3d', $ hash_extender -d '' -s d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d7 7bb5a3 -a '0wn3d' -f sha256 -l 53 Type: sha256 Secret length: 53 New signature: 787f169dcb032ada7dbdfc7906eeccc6701f7c0cdf4ee1e09da441e93 51d6f53 New string: 80000000000000000001a830776e3364
SHA256 proof of work  The task was to find a string such that it’s SHA256 in hex encoding would start with dec0de01  How to?..  Just bruteforce it!  Example string is “3928979165”  It’s sha256 in hex encoding is:  dec0de01646730a1e0f2d6d34a0833be52df6e055 2fe16f04ab66610b70321f1
Questions and Discussion

Recommandé

LLM App Hacking (AVTOKYO2023)
LLM App Hacking (AVTOKYO2023)LLM App Hacking (AVTOKYO2023)
LLM App Hacking (AVTOKYO2023)Shota Shinogi
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & SecurityUday Bhaskarwar
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerQuantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerGokul Alex
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?inaz2
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 

Recommandé

LLM App Hacking (AVTOKYO2023)
LLM App Hacking (AVTOKYO2023)LLM App Hacking (AVTOKYO2023)
LLM App Hacking (AVTOKYO2023)Shota Shinogi
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & SecurityUday Bhaskarwar
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerQuantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerGokul Alex
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?inaz2
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Cyber crime report
Cyber crime reportCyber crime report
Cyber crime reportRonson Calvin Fernandes
 
Naman quantum cryptography
Naman quantum cryptographyNaman quantum cryptography
Naman quantum cryptographynamanthakur
 
AI in Cybersecurity | 2023
AI in Cybersecurity | 2023AI in Cybersecurity | 2023
AI in Cybersecurity | 2023KharimMchatta
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingJakub Ruzicka
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack amiteshg
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedInfoSec Institute
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018Allen Chou
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Asma Hossain
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
case study on cyber crime
case study on cyber crimecase study on cyber crime
case study on cyber crimeParas Kansagara
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 

Contenu connexe

Tendances

Naman quantum cryptography
Naman quantum cryptographyNaman quantum cryptography
Naman quantum cryptographynamanthakur
 
AI in Cybersecurity | 2023
AI in Cybersecurity | 2023AI in Cybersecurity | 2023
AI in Cybersecurity | 2023KharimMchatta
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack amiteshg
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedInfoSec Institute
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018Allen Chou
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Asma Hossain
 
case study on cyber crime
case study on cyber crimecase study on cyber crime
case study on cyber crimeParas Kansagara
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 

Tendances (20)

Cyber crime report
Cyber crime reportCyber crime report
Cyber crime report
 
Naman quantum cryptography
Naman quantum cryptographyNaman quantum cryptography
Naman quantum cryptography
 
AI in Cybersecurity | 2023
AI in Cybersecurity | 2023AI in Cybersecurity | 2023
AI in Cybersecurity | 2023
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking Illustrated
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018應用密碼學入門 - HITCON CMT 2018
應用密碼學入門 - HITCON CMT 2018
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
case study on cyber crime
case study on cyber crimecase study on cyber crime
case study on cyber crime
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
 

Similaire à 0xdec0de01 crypto CTF solutions

Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)NYversity
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5志璿 楊
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryptionfaffyman
 
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET Journal
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Data streaming algorithms
Data streaming algorithmsData streaming algorithms
Data streaming algorithmsHridyesh Bisht
 
Securing Syslog On FreeBSD
Securing Syslog On FreeBSDSecuring Syslog On FreeBSD
Securing Syslog On FreeBSDAlbert Mietus
 

Similaire à 0xdec0de01 crypto CTF solutions (20)

Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithm
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
Ch12
Ch12Ch12
Ch12
 
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Macs course
Macs courseMacs course
Macs course
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Data streaming algorithms
Data streaming algorithmsData streaming algorithms
Data streaming algorithms
 
Securing Syslog On FreeBSD
Securing Syslog On FreeBSDSecuring Syslog On FreeBSD
Securing Syslog On FreeBSD
 

Dernier

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 

Dernier (20)

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 

0xdec0de01 crypto CTF solutions

  • 1. Vladimir Garbuz Security Engineer at HP LM Security Center of Excellence Walkthrough 0xDEC0DE01 cryptoCTF
  • 2. Intro  What this talk is about  What this talk is NOT about  google “vladimir garbuz cryptography” for dec0de01 talk and slides with more technical details  Ok… The cryptoCTF!  solve 5 challenges to win 10000$  well, 100.00$...  Still available at the link: http://goo.gl/tuKku7
  • 3. Intro  CTF consisted of 5 tasks: 1. Poor AES-CBC cryptolocker (bruteforce) 2. Simple stream cipher (pad reuse) 3. AES-ECB encryption (data leaking) 4. SHA256 MAC (length extension attack) 5. SHA256 proof of work (bruteforce)
  • 4. AES-CBC cryptolocker  2 files available:  very_bad_encryptor is VERY bad:  Very slow (~1MB/sec)  Can encrypt and decrypt  Uses SHA256 hash as AES encryption key  Hash of a 8 digit numeric user entered code…   Uses CBC encryption mode
  • 6. AES-CBC cryptolocker  But how to know when the password is right?..
  • 10. Simple stream cipher  Stream cipher basics  Sender computes Message ⊕ Keystream and sends the Ciphertext  Receiver computes Ciphertext ⊕ Keystream to get Message  In our case, the key stream was generated via Python random, initialized with constant “0xdec0de01” 
  • 11. Simple stream cipher Basic vulnerabilities: key reuse What’s so terrible about key reuse?  So we have 2 plaintexts P1 and P2, and we encrypt them separately under the same Key: C1=P1⊕F(Key) C2=P2⊕F(Key) When attacker intercepts them, he can then compute: C1⊕C2=P1⊕P2  “Oh, please! How bad could that possibly be?..”
  • 12. Simple stream cipher Basic vulnerabilities: key reuse
  • 13. Simple stream cipher Basic vulnerabilities: key reuse  Case 1: if one of the plaintexts, e.g. P1, is known, restoring the other one is trivial P1⊕P2⊕P1 = P1⊕P1⊕P2 = 0⊕P2 = P2  Case 2: if a portion of Plaintext is known, the Keystream in corresponding position is revealed C = P⊕E(Key)  C⊕P = E(Key)  Now, having the Keystream at some position, we can decrypt data at that position from other ciphertexts
  • 15. SHA256 MAC – length extension  The task was, quote: d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d77bb5a3 This is a MAC (SHA256) of a secret key concatenated with the e-mail address that you need to send your results to. The length of the key+e-mail is 53 bytes. Your task is to add any message you want to this e-mail and compute a new SHA256 hash of it - all in such a way that your hash is identical to the MAC that I will compute from my key + your message. As a solution for this task I expect 2 things: forged message AND it's SHA256 hash. Yes, it's that simple, but can YOU actually do it?
  • 16. SHA256 MAC – length extension Breaking “key + message MAC”  What’s vulnerable?  Hash functions with Merkle–Damgård construction, e.g. MD4, MD5, RIPEMD-160, WHIRLPOOL, SHA-0, SHA-1 and even SHA-2  Doesn’t work on other constructions - SHA-3, poly1305,...  In this construction, the resulting hash is the internal state of the function at the end of computation  Which can (and will ) be used as the starting state of the hash function
  • 17. SHA256 MAC – length extension  Hash of k+m is actually a hash of k+m+p, where p is some necessary, but easily predictable, padding  To illustrate this:  H0(k) = Hk - here, H0 is the initial state of hash function  Hk(m) = Hkm - Hk is its state after processing k  Hkm (p) = Hkmp  Hkmp = H(k+m+p)
  • 18. SHA256 MAC – length extension  Since p is predictable and end state Hkmp is known  We chose any arbitrary m´  Set the hash function’s initial state to Hkmp  And make it process the bytes of message m´ Hkmp(m´) = Hkmpm´  Curiously, this is EXACTLY what happens when you hash m+p+m´ under a known key!  Now, our hash is forged but will check out as valid!
  • 19. SHA256 MAC – length extension  Example solution: Using https://github.com/iagox86/hash_extender we can append string '0wn3d', $ hash_extender -d '' -s d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d7 7bb5a3 -a '0wn3d' -f sha256 -l 53 Type: sha256 Secret length: 53 New signature: 787f169dcb032ada7dbdfc7906eeccc6701f7c0cdf4ee1e09da441e93 51d6f53 New string: 80000000000000000001a830776e3364
  • 20. SHA256 proof of work  The task was to find a string such that it’s SHA256 in hex encoding would start with dec0de01  How to?..  Just bruteforce it!  Example string is “3928979165”  It’s sha256 in hex encoding is:  dec0de01646730a1e0f2d6d34a0833be52df6e055 2fe16f04ab66610b70321f1