removed trash and added stub
This commit is contained in:
parent
99981d2eec
commit
81716ed42f
|
@ -70,3 +70,5 @@ docs/_build/
|
||||||
|
|
||||||
# Pyenv
|
# Pyenv
|
||||||
.python-version
|
.python-version
|
||||||
|
plexcryptool/authur1-findings.txt
|
||||||
|
plexcryptool/authurl-values-attack.sh
|
||||||
|
|
|
@ -1,74 +0,0 @@
|
||||||
current buffer: 5441
|
|
||||||
loading buffer
|
|
||||||
current in_byte: K
|
|
||||||
current buffer: 544143
|
|
||||||
loading buffer
|
|
||||||
internal state after the bytes were read: c2b50599
|
|
||||||
buffer pre last fill: 5441434b
|
|
||||||
buffer after last fill: 5441434b
|
|
||||||
last internal state: 1b516b3a
|
|
||||||
Hacked MIC: cd255d98
|
|
||||||
current in_byte:
|
|
||||||
current buffer: 4e
|
|
||||||
loading buffer
|
|
||||||
current in_byte: A
|
|
||||||
current buffer: 4e20
|
|
||||||
loading buffer
|
|
||||||
current in_byte: T
|
|
||||||
current buffer: 4e2041
|
|
||||||
loading buffer
|
|
||||||
current in_byte: T
|
|
||||||
current buffer: 4e204154
|
|
||||||
current in_byte: A
|
|
||||||
current buffer: 54
|
|
||||||
loading buffer
|
|
||||||
current in_byte: C
|
|
||||||
current buffer: 5441
|
|
||||||
loading buffer
|
|
||||||
current in_byte: K
|
|
||||||
current buffer: 544143
|
|
||||||
loading buffer
|
|
||||||
internal state after the bytes were read: 0e986369
|
|
||||||
buffer pre last fill: 5441434b
|
|
||||||
buffer after last fill: 5441434b
|
|
||||||
last internal state: 1a9d9590
|
|
||||||
Hacked MIC: 31bda0ab
|
|
||||||
|
|
||||||
|
|
||||||
=========
|
|
||||||
working extension attack against a basic mic:
|
|
||||||
=========
|
|
||||||
|
|
||||||
>>> authur1.authur1(bytearray(4), False, bytearray(0x33a9cfff.to_bytes(4))).hex()
|
|
||||||
'fd0ef003'
|
|
||||||
>>> authur1.keyed_hash(bytearray(8), bytearray(16), False).hex()
|
|
||||||
'fd0ef003'
|
|
||||||
>>>
|
|
||||||
|
|
||||||
|
|
||||||
===========
|
|
||||||
Reversing the exercise
|
|
||||||
===========
|
|
||||||
❯ bash authurl-values-attack.sh
|
|
||||||
bytearray(b'abcdef') has length 6
|
|
||||||
========================================================================================================================
|
|
||||||
extension_msg for bruteforce: bytearray(b'ef\xff\xff')
|
|
||||||
looking for result: 0f6b8802
|
|
||||||
Bruteforcing the internal state, this might take a while
|
|
||||||
========================================================================================================================
|
|
||||||
state 332e2000 | hash 0f6ba002 | search 0f6b88022
|
|
||||||
========================================================================================================================
|
|
||||||
FOUND THE THING
|
|
||||||
IT IS 332e2800
|
|
||||||
========================================================================================================================
|
|
||||||
Trying to forge a mic for an extended version with input:
|
|
||||||
00006566
|
|
||||||
(ef)
|
|
||||||
========================================================================================================================
|
|
||||||
Hacked MIC: 0f6b8802
|
|
||||||
Forged a valid delta:
|
|
||||||
====================BEGIN FORGED AUTHENTICATED TEXT====================
|
|
||||||
bytearray(b'ef')
|
|
||||||
====================END FORGED AUTHENTICATED TEXT======================
|
|
||||||
MIC: bytearray(b'\x0fk\x88\x02')
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# values from the exercise
|
|
||||||
#./authur1.py -e "abcd:632e4e5c,abcdef:0f6b8802,abcdefghijk:2638a819,foobar:782a826e,barfoo:885dc316"
|
|
||||||
./authur1.py -e "abcdef:0f6b8802"
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
"""
|
||||||
|
Some basic math functionalities
|
||||||
|
"""
|
||||||
|
def modular_exponentiation(base: int, exp: int, field: int) -> int:
|
||||||
|
"""
|
||||||
|
calculates base^exp in the gallois given gallois field
|
||||||
|
|
||||||
|
Uses iterative squaring to be able to calculate large exponents aswell.
|
||||||
|
"""
|
||||||
|
...
|
Loading…
Reference in New Issue