This repository currently is being developed while I work on the cryptopals crypto challenges which are about exploiting cryptographic systems.
While solving the challenges I'm developing the python package 'drvn.cryptography' which contains utility functions for cryptography exploits.
Here is a quick summary of what kind of exploits I have worked on in the challenges:
- A method to decrypt any english text that has been encrypted using repeating-key XOR using an unknown key.
- Detect if ciphertext is AES ECB encrypted.
- Decrypt unknown_plaintext with repeated calls to an API like:
AES_ECB_ENCRYPT(unknown_prefix + attacker_controlled_bytes + unknown_plaintext, unknown_key)
- AES CBC bitflipping attacks: Modifying a byte in AES CBC ciphertext block scrambles the corresponding plaintext block but in the next plaintext block only the byte in the same block position gets modified)
- The CBC padding oracle attack: If a service can tell you if a ciphertext has a valid padding once it has been decrypted, then you can decrypt the ciphertext with repeated calls to that oracle.
- Jan 15, 2018: Challenges started
- Mar 17, 2018: Set 1 finished (2 months)
- Aug 15, 2020: Set 2 finished (2 years + 5 months)
- Sep 27, 2020: Set 3 finished (1.5 months)
- Oct 18, 2020: Set 4 finished (3 weeks)
drvn_cryptography_run_cryptopals_challenge --help
# Installing in editable mode fails for pip version 22, so first upgrade pip
python3 -m pip install --upgrade pip
python3 -m pip install --editable .
python3 -m pip install --user drvn.cryptography
python3 -m pip install --user --upgrade tox
python3 -m pip install --user --upgrade setuptools
Runs unit- and integration tests using multiple python versions (specified by tox.ini's envlist)
tox
To get test coverage report you can try this (you need pytest and pytest-cov installed):
python3 -m pytest --cov=src/drvn --cov-report=html --cov-report=term --no-cov-on-fail tests
tox -e unit
tox -e integration
python3 -m pip install --user -r requirements.txt
./scripts/upload_package.py