Giter Club home page Giter Club logo

cryptography_exploits's Introduction

Cryptography Exploits

This repository currently is being developed while I work on the cryptopals crypto challenges which are about exploiting cryptographic systems.

While solving the challenges I'm developing the python package 'drvn.cryptography' which contains utility functions for cryptography exploits.

Here is a quick summary of what kind of exploits I have worked on in the challenges:

  1. A method to decrypt any english text that has been encrypted using repeating-key XOR using an unknown key.
  2. Detect if ciphertext is AES ECB encrypted.
  3. Decrypt unknown_plaintext with repeated calls to an API like:
    • AES_ECB_ENCRYPT(unknown_prefix + attacker_controlled_bytes + unknown_plaintext, unknown_key)
  4. AES CBC bitflipping attacks: Modifying a byte in AES CBC ciphertext block scrambles the corresponding plaintext block but in the next plaintext block only the byte in the same block position gets modified)
  5. The CBC padding oracle attack: If a service can tell you if a ciphertext has a valid padding once it has been decrypted, then you can decrypt the ciphertext with repeated calls to that oracle.

History

  • Jan 15, 2018: Challenges started
  • Mar 17, 2018: Set 1 finished (2 months)
  • Aug 15, 2020: Set 2 finished (2 years + 5 months)
  • Sep 27, 2020: Set 3 finished (1.5 months)
  • Oct 18, 2020: Set 4 finished (3 weeks)

Usage

drvn_cryptography_run_cryptopals_challenge --help

Installing

Installing in editable-mode

# Installing in editable mode fails for pip version 22, so first upgrade pip
python3 -m pip install --upgrade pip

python3 -m pip install --editable .

Installing in the usual, non-editable mode

python3 -m pip install --user drvn.cryptography

Testing

Testing prerequisites

python3 -m pip install --user --upgrade tox
python3 -m pip install --user --upgrade setuptools

Running all tests

Runs unit- and integration tests using multiple python versions (specified by tox.ini's envlist)

tox

To get test coverage report you can try this (you need pytest and pytest-cov installed):

python3 -m pytest --cov=src/drvn --cov-report=html --cov-report=term --no-cov-on-fail tests

Running unit tests

tox -e unit

Running integration tests

tox -e integration

Uploading

Uploading prerequsites

python3 -m pip install --user -r requirements.txt

Uploading to PyPi

./scripts/upload_package.py

cryptography_exploits's People

Contributors

hallgrimur1471 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.