removed trash and added stub

This commit is contained in:
Christoph J. Scherr 2023-05-06 16:00:21 +02:00
parent 99981d2eec
commit 81716ed42f
Signed by: PlexSheep
GPG Key ID: 25B4ACF7D88186CC
4 changed files with 13 additions and 79 deletions

2
.gitignore vendored
View File

@ -70,3 +70,5 @@ docs/_build/
# Pyenv
.python-version
plexcryptool/authur1-findings.txt
plexcryptool/authurl-values-attack.sh

View File

@ -1,74 +0,0 @@
current buffer: 5441
loading buffer
current in_byte: K
current buffer: 544143
loading buffer
internal state after the bytes were read: c2b50599
buffer pre last fill: 5441434b
buffer after last fill: 5441434b
last internal state: 1b516b3a
Hacked MIC: cd255d98
current in_byte:
current buffer: 4e
loading buffer
current in_byte: A
current buffer: 4e20
loading buffer
current in_byte: T
current buffer: 4e2041
loading buffer
current in_byte: T
current buffer: 4e204154
current in_byte: A
current buffer: 54
loading buffer
current in_byte: C
current buffer: 5441
loading buffer
current in_byte: K
current buffer: 544143
loading buffer
internal state after the bytes were read: 0e986369
buffer pre last fill: 5441434b
buffer after last fill: 5441434b
last internal state: 1a9d9590
Hacked MIC: 31bda0ab
=========
working extension attack against a basic mic:
=========
>>> authur1.authur1(bytearray(4), False, bytearray(0x33a9cfff.to_bytes(4))).hex()
'fd0ef003'
>>> authur1.keyed_hash(bytearray(8), bytearray(16), False).hex()
'fd0ef003'
>>>
===========
Reversing the exercise
===========
bash authurl-values-attack.sh
bytearray(b'abcdef') has length 6
========================================================================================================================
extension_msg for bruteforce: bytearray(b'ef\xff\xff')
looking for result: 0f6b8802
Bruteforcing the internal state, this might take a while
========================================================================================================================
state 332e2000 | hash 0f6ba002 | search 0f6b88022
========================================================================================================================
FOUND THE THING
IT IS 332e2800
========================================================================================================================
Trying to forge a mic for an extended version with input:
00006566
(ef)
========================================================================================================================
Hacked MIC: 0f6b8802
Forged a valid delta:
====================BEGIN FORGED AUTHENTICATED TEXT====================
bytearray(b'ef')
====================END FORGED AUTHENTICATED TEXT======================
MIC: bytearray(b'\x0fk\x88\x02')

View File

@ -1,4 +0,0 @@
#!/bin/bash
# values from the exercise
#./authur1.py -e "abcd:632e4e5c,abcdef:0f6b8802,abcdefghijk:2638a819,foobar:782a826e,barfoo:885dc316"
./authur1.py -e "abcdef:0f6b8802"

View File

@ -0,0 +1,10 @@
"""
Some basic math functionalities
"""
def modular_exponentiation(base: int, exp: int, field: int) -> int:
"""
calculates base^exp in the gallois given gallois field
Uses iterative squaring to be able to calculate large exponents aswell.
"""
...