SlideShare une entreprise Scribd logo

0xdec0de01 crypto CTF solutions

V
Vlad Garbuz

Walk-through for the tasks of 0xdec0de01 cryptographic CTF.

Logiciels
1  sur  21
Télécharger pour lire hors ligne
Vladimir Garbuz Security Engineer at HP LM Security Center of Excellence Walkthrough 0xDEC0DE01 cryptoCTF
Intro  What this talk is about  What this talk is NOT about  google “vladimir garbuz cryptography” for dec0de01 talk and slides with more technical details  Ok… The cryptoCTF!  solve 5 challenges to win 10000$  well, 100.00$...  Still available at the link: http://goo.gl/tuKku7
Intro  CTF consisted of 5 tasks: 1. Poor AES-CBC cryptolocker (bruteforce) 2. Simple stream cipher (pad reuse) 3. AES-ECB encryption (data leaking) 4. SHA256 MAC (length extension attack) 5. SHA256 proof of work (bruteforce)
AES-CBC cryptolocker  2 files available:  very_bad_encryptor is VERY bad:  Very slow (~1MB/sec)  Can encrypt and decrypt  Uses SHA256 hash as AES encryption key  Hash of a 8 digit numeric user entered code…   Uses CBC encryption mode
AES-CBC cryptolocker
AES-CBC cryptolocker  But how to know when the password is right?..
AES-CBC cryptolocker
AES-ECB encryption
AES-ECB encryption
Simple stream cipher  Stream cipher basics  Sender computes Message ⊕ Keystream and sends the Ciphertext  Receiver computes Ciphertext ⊕ Keystream to get Message  In our case, the key stream was generated via Python random, initialized with constant “0xdec0de01” 
Simple stream cipher Basic vulnerabilities: key reuse What’s so terrible about key reuse?  So we have 2 plaintexts P1 and P2, and we encrypt them separately under the same Key: C1=P1⊕F(Key) C2=P2⊕F(Key) When attacker intercepts them, he can then compute: C1⊕C2=P1⊕P2  “Oh, please! How bad could that possibly be?..”
Simple stream cipher Basic vulnerabilities: key reuse
Simple stream cipher Basic vulnerabilities: key reuse  Case 1: if one of the plaintexts, e.g. P1, is known, restoring the other one is trivial P1⊕P2⊕P1 = P1⊕P1⊕P2 = 0⊕P2 = P2  Case 2: if a portion of Plaintext is known, the Keystream in corresponding position is revealed C = P⊕E(Key)  C⊕P = E(Key)  Now, having the Keystream at some position, we can decrypt data at that position from other ciphertexts
Simple stream cipher
SHA256 MAC – length extension  The task was, quote: d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d77bb5a3 This is a MAC (SHA256) of a secret key concatenated with the e-mail address that you need to send your results to. The length of the key+e-mail is 53 bytes. Your task is to add any message you want to this e-mail and compute a new SHA256 hash of it - all in such a way that your hash is identical to the MAC that I will compute from my key + your message. As a solution for this task I expect 2 things: forged message AND it's SHA256 hash. Yes, it's that simple, but can YOU actually do it?
SHA256 MAC – length extension Breaking “key + message MAC”  What’s vulnerable?  Hash functions with Merkle–Damgård construction, e.g. MD4, MD5, RIPEMD-160, WHIRLPOOL, SHA-0, SHA-1 and even SHA-2  Doesn’t work on other constructions - SHA-3, poly1305,...  In this construction, the resulting hash is the internal state of the function at the end of computation  Which can (and will ) be used as the starting state of the hash function
SHA256 MAC – length extension  Hash of k+m is actually a hash of k+m+p, where p is some necessary, but easily predictable, padding  To illustrate this:  H0(k) = Hk - here, H0 is the initial state of hash function  Hk(m) = Hkm - Hk is its state after processing k  Hkm (p) = Hkmp  Hkmp = H(k+m+p)
SHA256 MAC – length extension  Since p is predictable and end state Hkmp is known  We chose any arbitrary m´  Set the hash function’s initial state to Hkmp  And make it process the bytes of message m´ Hkmp(m´) = Hkmpm´  Curiously, this is EXACTLY what happens when you hash m+p+m´ under a known key!  Now, our hash is forged but will check out as valid!
SHA256 MAC – length extension  Example solution: Using https://github.com/iagox86/hash_extender we can append string '0wn3d', $ hash_extender -d '' -s d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d7 7bb5a3 -a '0wn3d' -f sha256 -l 53 Type: sha256 Secret length: 53 New signature: 787f169dcb032ada7dbdfc7906eeccc6701f7c0cdf4ee1e09da441e93 51d6f53 New string: 80000000000000000001a830776e3364
SHA256 proof of work  The task was to find a string such that it’s SHA256 in hex encoding would start with dec0de01  How to?..  Just bruteforce it!  Example string is “3928979165”  It’s sha256 in hex encoding is:  dec0de01646730a1e0f2d6d34a0833be52df6e055 2fe16f04ab66610b70321f1
Questions and Discussion

Recommandé

Password policy template
Password policy templatePassword policy template
Password policy templateJayaramachandran Rajendran
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Membuat aplikasi-sederhana-menggunakan-java
Membuat aplikasi-sederhana-menggunakan-javaMembuat aplikasi-sederhana-menggunakan-java
Membuat aplikasi-sederhana-menggunakan-javaFarichah Riha
 
SQL Injection INSERT ON DUPLICATE KEY trick
SQL Injection INSERT ON DUPLICATE KEY trickSQL Injection INSERT ON DUPLICATE KEY trick
SQL Injection INSERT ON DUPLICATE KEY trickMathias Karlsson
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
Capital One Data Breach
Capital One Data BreachCapital One Data Breach
Capital One Data BreachObika Gellineau
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 

Recommandé

Password policy template
Password policy templatePassword policy template
Password policy templateJayaramachandran Rajendran
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Membuat aplikasi-sederhana-menggunakan-java
Membuat aplikasi-sederhana-menggunakan-javaMembuat aplikasi-sederhana-menggunakan-java
Membuat aplikasi-sederhana-menggunakan-javaFarichah Riha
 
SQL Injection INSERT ON DUPLICATE KEY trick
SQL Injection INSERT ON DUPLICATE KEY trickSQL Injection INSERT ON DUPLICATE KEY trick
SQL Injection INSERT ON DUPLICATE KEY trickMathias Karlsson
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
Capital One Data Breach
Capital One Data BreachCapital One Data Breach
Capital One Data BreachObika Gellineau
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies Moksha Kalyan Ram Abhiramula
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixJorge Orchilles
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Wannacry
WannacryWannacry
WannacryAravindVV
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
File upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationFile upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationOnwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 

Contenu connexe

Tendances

Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixJorge Orchilles
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 

Tendances (20)

Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies
 
Ransomware
RansomwareRansomware
Ransomware
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Wannacry
WannacryWannacry
Wannacry
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
File upload vulnerabilities & mitigation
File upload vulnerabilities & mitigationFile upload vulnerabilities & mitigation
File upload vulnerabilities & mitigation
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MAC
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Network
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
Social engineering
Social engineering Social engineering
Social engineering
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 

Similaire à 0xdec0de01 crypto CTF solutions

Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)NYversity
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5志璿 楊
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryptionfaffyman
 
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET Journal
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Data streaming algorithms
Data streaming algorithmsData streaming algorithms
Data streaming algorithmsHridyesh Bisht
 
Securing Syslog On FreeBSD
Securing Syslog On FreeBSDSecuring Syslog On FreeBSD
Securing Syslog On FreeBSDAlbert Mietus
 

Similaire à 0xdec0de01 crypto CTF solutions (20)

Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithm
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
Ch12
Ch12Ch12
Ch12
 
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
IRJET- Low Power and Simple Implementation of Secure Hashing Algorithm (SHA-2...
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Macs course
Macs courseMacs course
Macs course
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Data streaming algorithms
Data streaming algorithmsData streaming algorithms
Data streaming algorithms
 
Securing Syslog On FreeBSD
Securing Syslog On FreeBSDSecuring Syslog On FreeBSD
Securing Syslog On FreeBSD
 

Dernier

KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachNeo4j
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1KnowledgeSeed
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Andrea Goulet
 
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityAPVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityamy56318795
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionMohammed Fazuluddin
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdfkalichargn70th171
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionWave PLM
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...naitiksharma1124
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabbereGrabber
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfDeskTrack
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesNeo4j
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationWave PLM
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024vaibhav130304
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakówbim.edu.pl
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfQ-Advise
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfmbmh111980
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAlluxio, Inc.
 

Dernier (20)

KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityAPVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
 
AI Hackathon.pptx
AI Hackathon.pptxAI Hackathon.pptx
AI Hackathon.pptx
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and Prevention
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion Production
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 

0xdec0de01 crypto CTF solutions

  • 1. Vladimir Garbuz Security Engineer at HP LM Security Center of Excellence Walkthrough 0xDEC0DE01 cryptoCTF
  • 2. Intro  What this talk is about  What this talk is NOT about  google “vladimir garbuz cryptography” for dec0de01 talk and slides with more technical details  Ok… The cryptoCTF!  solve 5 challenges to win 10000$  well, 100.00$...  Still available at the link: http://goo.gl/tuKku7
  • 3. Intro  CTF consisted of 5 tasks: 1. Poor AES-CBC cryptolocker (bruteforce) 2. Simple stream cipher (pad reuse) 3. AES-ECB encryption (data leaking) 4. SHA256 MAC (length extension attack) 5. SHA256 proof of work (bruteforce)
  • 4. AES-CBC cryptolocker  2 files available:  very_bad_encryptor is VERY bad:  Very slow (~1MB/sec)  Can encrypt and decrypt  Uses SHA256 hash as AES encryption key  Hash of a 8 digit numeric user entered code…   Uses CBC encryption mode
  • 6. AES-CBC cryptolocker  But how to know when the password is right?..
  • 10. Simple stream cipher  Stream cipher basics  Sender computes Message ⊕ Keystream and sends the Ciphertext  Receiver computes Ciphertext ⊕ Keystream to get Message  In our case, the key stream was generated via Python random, initialized with constant “0xdec0de01” 
  • 11. Simple stream cipher Basic vulnerabilities: key reuse What’s so terrible about key reuse?  So we have 2 plaintexts P1 and P2, and we encrypt them separately under the same Key: C1=P1⊕F(Key) C2=P2⊕F(Key) When attacker intercepts them, he can then compute: C1⊕C2=P1⊕P2  “Oh, please! How bad could that possibly be?..”
  • 12. Simple stream cipher Basic vulnerabilities: key reuse
  • 13. Simple stream cipher Basic vulnerabilities: key reuse  Case 1: if one of the plaintexts, e.g. P1, is known, restoring the other one is trivial P1⊕P2⊕P1 = P1⊕P1⊕P2 = 0⊕P2 = P2  Case 2: if a portion of Plaintext is known, the Keystream in corresponding position is revealed C = P⊕E(Key)  C⊕P = E(Key)  Now, having the Keystream at some position, we can decrypt data at that position from other ciphertexts
  • 15. SHA256 MAC – length extension  The task was, quote: d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d77bb5a3 This is a MAC (SHA256) of a secret key concatenated with the e-mail address that you need to send your results to. The length of the key+e-mail is 53 bytes. Your task is to add any message you want to this e-mail and compute a new SHA256 hash of it - all in such a way that your hash is identical to the MAC that I will compute from my key + your message. As a solution for this task I expect 2 things: forged message AND it's SHA256 hash. Yes, it's that simple, but can YOU actually do it?
  • 16. SHA256 MAC – length extension Breaking “key + message MAC”  What’s vulnerable?  Hash functions with Merkle–Damgård construction, e.g. MD4, MD5, RIPEMD-160, WHIRLPOOL, SHA-0, SHA-1 and even SHA-2  Doesn’t work on other constructions - SHA-3, poly1305,...  In this construction, the resulting hash is the internal state of the function at the end of computation  Which can (and will ) be used as the starting state of the hash function
  • 17. SHA256 MAC – length extension  Hash of k+m is actually a hash of k+m+p, where p is some necessary, but easily predictable, padding  To illustrate this:  H0(k) = Hk - here, H0 is the initial state of hash function  Hk(m) = Hkm - Hk is its state after processing k  Hkm (p) = Hkmp  Hkmp = H(k+m+p)
  • 18. SHA256 MAC – length extension  Since p is predictable and end state Hkmp is known  We chose any arbitrary m´  Set the hash function’s initial state to Hkmp  And make it process the bytes of message m´ Hkmp(m´) = Hkmpm´  Curiously, this is EXACTLY what happens when you hash m+p+m´ under a known key!  Now, our hash is forged but will check out as valid!
  • 19. SHA256 MAC – length extension  Example solution: Using https://github.com/iagox86/hash_extender we can append string '0wn3d', $ hash_extender -d '' -s d60d6d39c50b85f8a080ab510c2f3402c34ffc8cf09f9f3bfc7fc218d7 7bb5a3 -a '0wn3d' -f sha256 -l 53 Type: sha256 Secret length: 53 New signature: 787f169dcb032ada7dbdfc7906eeccc6701f7c0cdf4ee1e09da441e93 51d6f53 New string: 80000000000000000001a830776e3364
  • 20. SHA256 proof of work  The task was to find a string such that it’s SHA256 in hex encoding would start with dec0de01  How to?..  Just bruteforce it!  Example string is “3928979165”  It’s sha256 in hex encoding is:  dec0de01646730a1e0f2d6d34a0833be52df6e055 2fe16f04ab66610b70321f1