plexcryptool/src-py/trash-hash.py

#!/usr/bin/env python3
"""
Dirty hash we covered in an excercise for Week 16 of 2023 in cryptography

@author: Christoph J. Scherr <software@cscherr.de>
@source: https://git.cscherr.de/PlexSheep/python-dhbw/src/branch/master/src/trash-hash.py
@license: MIT
"""
import math
import argparse
import random

DEFINED_INITIAL =   bytearray(b'\xa5\xa5\xa5\xa5\x5a\x5a\x5a\x5a\x55\x55\x55\x55\xaa\xaa\xaa\xaa')

def trash_hash(input: bytearray) -> bytearray:
    #print("original len is %s" % len(input))
    # extend with 0xff if length is not multiple of 16
    while len(input) % 16 != 0:
        input.append(0xff)

    # set n
    n: int = math.ceil(len(input)/16)
    #print("len is %s" % len(input))
    #print("n is %s" % n)

    # cut input into blocks with size 16
    blocks = [bytearray(16)] * n  # initializes with 0x00s
    # print the empty blocks
    #for block in blocks:
    #    print("block: %s" % block.hex())
    #print('='*80)

    for i in range(0, n):
        blocks[i] = input[i*16:i*16 + 16]

    # print the filled blocks
    #for block in blocks:
    #    print("block: %s" % block.hex())

    # initilaize accumulator A_0 with the following constant values:
    A = DEFINED_INITIAL

    # iterate over blocks
    for index, block in enumerate(blocks):
        if index == 0:
            pass
        thing = bytes(by0 ^ by1 for by0, by1 in zip(A, block))
        A = bytearray(thing)

    return A

def test_collision(a: bytearray, b: bytearray) -> bool:
    return trash_hash(a) == trash_hash(b)

def test_against_hash(input: bytearray, target_hash: bytearray) -> bool:
    print("given input:\t%s" % input.hex())
    print("given input (repr):\t%s" % input.decode(errors="ignore"))
    hashed = trash_hash(input)
    print("hashed variant:\t%s" % hashed.hex())
    print("should be:\t%s" % THE_HASH.hex())
    return trash_hash(input) == target_hash

# the hash we want to find in the preimage attacks
# comes from 'AAAA'
#THE_HASH_ORIGIN = bytearray(b'AAAA')
#THE_HASH = bytearray(b'\xe4\xe4\xe4\xe4\xa5\xa5\xa5\xa5\xaa\xaa\xaa\xaa\x55\x55\x55\x55')
# any custom hash you want to find a collision for:
# needs to be 16 bytes long
# TODO fill with padding if not long enough
THE_HASH_ORIGIN = bytearray(b'1249239473289754927513214 21421 4124 214 21')
THE_HASH = trash_hash(THE_HASH_ORIGIN)

def first_preimage():
    print("Trying to find a message that produces %s" % THE_HASH.hex())
    target = bytearray(b'\00' * 16)
    input = bytearray(b'\00' * 16)
    between = bytearray(16)
    # this is an arbituary target
    # should work for anything
    target[0] = ord('A')

    for i in range(0, 16):
        
        between[i] = THE_HASH[i] ^ DEFINED_INITIAL[i]
        #print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))
        input[i] = target[i] ^ between[i]
        #print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))
        assert THE_HASH[i] == DEFINED_INITIAL[i] ^ between[i], "xor circle is broken: %s vs %s" % (hex(THE_HASH[i]), hex(input[i] ^ between[i]))
    
    input: bytearray = bytearray(bytes(a ^ b for a, b in zip(input, target)))
    print("for input '%s':\n %s" % (input, test_against_hash(input, THE_HASH)))

    assert test_collision(input, THE_HASH_ORIGIN), "not the same thing: %s and %s" % (
            trash_hash(input).hex(), trash_hash(THE_HASH_ORIGIN).hex())

def main():
    parser = argparse.ArgumentParser(prog="trash hash", description='implements a bad hash and shows how to break it. No option for preimage attack, --hash to get a hash.')
    parser.add_argument('--hash', type=str,
                    help='an input that should be hashed')
    args = parser.parse_args()

    if args.hash:
        my_bytes: bytearray = bytearray(str.encode(args.hash))
        hashed = trash_hash(my_bytes)
        print("hash for \"%s\" is:\n%s" % (args.hash, hashed.hex()))
    else:
        first_preimage()

"""
Don't use this, too inefficient
"""
def bruteForce() -> bool:
    payload_a = bytearray(b"AAAA")
    foundCollision = False
    while not foundCollision:
        current = bytearray(random.randbytes(16))
        foundCollision = test_collision(payload_a, current)
        if random.randint(1, 65535) % 65535 == 0:
            print(current)
    print("found one!") 
    print(current)
    return True

if __name__ == "__main__":
    main()
trash hash seems to work 2023-04-21 22:54:21 +02:00			`#!/usr/bin/env python3`
			`"""`
typo 2023-04-22 10:46:45 +02:00			`Dirty hash we covered in an excercise for Week 16 of 2023 in cryptography`
finalizing 2023-04-22 10:42:29 +02:00
md5-analyzer init 2023-04-24 08:29:10 +02:00			`@author: Christoph J. Scherr <software@cscherr.de>`
			`@source: https://git.cscherr.de/PlexSheep/python-dhbw/src/branch/master/src/trash-hash.py`
			`@license: MIT`
trash hash seems to work 2023-04-21 22:54:21 +02:00			`"""`
			`import math`
decrypted the cyphertext, basic-decrypt is a mess 2023-04-22 12:08:57 +02:00			`import argparse`
trash hash seems to work 2023-04-21 22:54:21 +02:00			`import random`

trying for preimage attack 2023-04-22 00:48:06 +02:00			`DEFINED_INITIAL = bytearray(b'\xa5\xa5\xa5\xa5\x5a\x5a\x5a\x5a\x55\x55\x55\x55\xaa\xaa\xaa\xaa')`
trash hash seems to work 2023-04-21 22:54:21 +02:00
			`def trash_hash(input: bytearray) -> bytearray:`
trying to find collisions 2023-04-21 23:48:36 +02:00			`#print("original len is %s" % len(input))`
trash hash seems to work 2023-04-21 22:54:21 +02:00			`# extend with 0xff if length is not multiple of 16`
			`while len(input) % 16 != 0:`
			`input.append(0xff)`

			`# set n`
			`n: int = math.ceil(len(input)/16)`
trying to find collisions 2023-04-21 23:48:36 +02:00			`#print("len is %s" % len(input))`
			`#print("n is %s" % n)`
trash hash seems to work 2023-04-21 22:54:21 +02:00
			`# cut input into blocks with size 16`
			`blocks = [bytearray(16)] * n # initializes with 0x00s`
			`# print the empty blocks`
			`#for block in blocks:`
			`# print("block: %s" % block.hex())`
			`#print('='*80)`

			`for i in range(0, n):`
			`blocks[i] = input[i16:i16 + 16]`

			`# print the filled blocks`
			`#for block in blocks:`
			`# print("block: %s" % block.hex())`

			`# initilaize accumulator A_0 with the following constant values:`
trash hash works now 2023-04-21 23:13:04 +02:00			`A = DEFINED_INITIAL`
trash hash seems to work 2023-04-21 22:54:21 +02:00
			`# iterate over blocks`
			`for index, block in enumerate(blocks):`
			`if index == 0:`
			`pass`
trash hash works now 2023-04-21 23:13:04 +02:00			`thing = bytes(by0 ^ by1 for by0, by1 in zip(A, block))`
			`A = bytearray(thing)`
trash hash seems to work 2023-04-21 22:54:21 +02:00
trash hash works now 2023-04-21 23:13:04 +02:00			`return A`
trash hash seems to work 2023-04-21 22:54:21 +02:00
trying for preimage attack 2023-04-22 00:48:06 +02:00			`def test_collision(a: bytearray, b: bytearray) -> bool:`
			`return trash_hash(a) == trash_hash(b)`

			`def test_against_hash(input: bytearray, target_hash: bytearray) -> bool:`
working automated weaponized first preimage attack 2023-04-22 10:20:13 +02:00			`print("given input:\t%s" % input.hex())`
			`print("given input (repr):\t%s" % input.decode(errors="ignore"))`
trying for preimage attack 2023-04-22 00:48:06 +02:00			`hashed = trash_hash(input)`
			`print("hashed variant:\t%s" % hashed.hex())`
			`print("should be:\t%s" % THE_HASH.hex())`
			`return trash_hash(input) == target_hash`

automated collision finding 2023-04-22 10:28:18 +02:00			`# the hash we want to find in the preimage attacks`
			`# comes from 'AAAA'`
finalizing 2023-04-22 10:42:29 +02:00			`#THE_HASH_ORIGIN = bytearray(b'AAAA')`
automated collision finding 2023-04-22 10:28:18 +02:00			`#THE_HASH = bytearray(b'\xe4\xe4\xe4\xe4\xa5\xa5\xa5\xa5\xaa\xaa\xaa\xaa\x55\x55\x55\x55')`
			`# any custom hash you want to find a collision for:`
			`# needs to be 16 bytes long`
			`# TODO fill with padding if not long enough`
finalizing 2023-04-22 10:42:29 +02:00			`THE_HASH_ORIGIN = bytearray(b'1249239473289754927513214 21421 4124 214 21')`
automated collision finding 2023-04-22 10:28:18 +02:00			`THE_HASH = trash_hash(THE_HASH_ORIGIN)`

trying for preimage attack 2023-04-22 00:48:06 +02:00			`def first_preimage():`
			`print("Trying to find a message that produces %s" % THE_HASH.hex())`
preimage attack progress 2023-04-22 01:05:00 +02:00			`target = bytearray(b'\00' * 16)`
trying for preimage attack 2023-04-22 00:48:06 +02:00			`input = bytearray(b'\00' * 16)`
			`between = bytearray(16)`
			`# this is an arbituary target`
			`# should work for anything`
			`target[0] = ord('A')`

			`for i in range(0, 16):`
preimage attack progress 2023-04-22 01:05:00 +02:00
working automated weaponized first preimage attack 2023-04-22 10:20:13 +02:00			`between[i] = THE_HASH[i] ^ DEFINED_INITIAL[i]`
finalizing 2023-04-22 10:42:29 +02:00			`#print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))`
working automated weaponized first preimage attack 2023-04-22 10:20:13 +02:00			`input[i] = target[i] ^ between[i]`
finalizing 2023-04-22 10:42:29 +02:00			`#print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))`
working automated weaponized first preimage attack 2023-04-22 10:20:13 +02:00			`assert THE_HASH[i] == DEFINED_INITIAL[i] ^ between[i], "xor circle is broken: %s vs %s" % (hex(THE_HASH[i]), hex(input[i] ^ between[i]))`
trying for preimage attack 2023-04-22 00:48:06 +02:00
working automated weaponized first preimage attack 2023-04-22 10:20:13 +02:00			`input: bytearray = bytearray(bytes(a ^ b for a, b in zip(input, target)))`
			`print("for input '%s':\n %s" % (input, test_against_hash(input, THE_HASH)))`
trying for preimage attack 2023-04-22 00:48:06 +02:00
automated collision finding 2023-04-22 10:28:18 +02:00			`assert test_collision(input, THE_HASH_ORIGIN), "not the same thing: %s and %s" % (`
			`trash_hash(input).hex(), trash_hash(THE_HASH_ORIGIN).hex())`

trying for preimage attack 2023-04-22 00:48:06 +02:00			`def main():`
decrypted the cyphertext, basic-decrypt is a mess 2023-04-22 12:08:57 +02:00			`parser = argparse.ArgumentParser(prog="trash hash", description='implements a bad hash and shows how to break it. No option for preimage attack, --hash to get a hash.')`
			`parser.add_argument('--hash', type=str,`
			`help='an input that should be hashed')`
			`args = parser.parse_args()`

			`if args.hash:`
			`my_bytes: bytearray = bytearray(str.encode(args.hash))`
			`hashed = trash_hash(my_bytes)`
			`print("hash for \"%s\" is:\n%s" % (args.hash, hashed.hex()))`
			`else:`
			`first_preimage()`
trying for preimage attack 2023-04-22 00:48:06 +02:00
decrypted the cyphertext, basic-decrypt is a mess 2023-04-22 12:08:57 +02:00			`"""`
			`Don't use this, too inefficient`
			`"""`
trying to find collisions 2023-04-21 23:48:36 +02:00			`def bruteForce() -> bool:`
			`payload_a = bytearray(b"AAAA")`
			`foundCollision = False`
			`while not foundCollision:`
			`current = bytearray(random.randbytes(16))`
			`foundCollision = test_collision(payload_a, current)`
			`if random.randint(1, 65535) % 65535 == 0:`
			`print(current)`
			`print("found one!")`
			`print(current)`
			`return True`
trash hash works now 2023-04-21 23:13:04 +02:00
trash hash seems to work 2023-04-21 22:54:21 +02:00			`if __name__ == "__main__":`
			`main()`