removed trash and added stub
This commit is contained in:
parent
99981d2eec
commit
81716ed42f
|
@ -70,3 +70,5 @@ docs/_build/
|
|||
|
||||
# Pyenv
|
||||
.python-version
|
||||
plexcryptool/authur1-findings.txt
|
||||
plexcryptool/authurl-values-attack.sh
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
current buffer: 5441
|
||||
loading buffer
|
||||
current in_byte: K
|
||||
current buffer: 544143
|
||||
loading buffer
|
||||
internal state after the bytes were read: c2b50599
|
||||
buffer pre last fill: 5441434b
|
||||
buffer after last fill: 5441434b
|
||||
last internal state: 1b516b3a
|
||||
Hacked MIC: cd255d98
|
||||
current in_byte:
|
||||
current buffer: 4e
|
||||
loading buffer
|
||||
current in_byte: A
|
||||
current buffer: 4e20
|
||||
loading buffer
|
||||
current in_byte: T
|
||||
current buffer: 4e2041
|
||||
loading buffer
|
||||
current in_byte: T
|
||||
current buffer: 4e204154
|
||||
current in_byte: A
|
||||
current buffer: 54
|
||||
loading buffer
|
||||
current in_byte: C
|
||||
current buffer: 5441
|
||||
loading buffer
|
||||
current in_byte: K
|
||||
current buffer: 544143
|
||||
loading buffer
|
||||
internal state after the bytes were read: 0e986369
|
||||
buffer pre last fill: 5441434b
|
||||
buffer after last fill: 5441434b
|
||||
last internal state: 1a9d9590
|
||||
Hacked MIC: 31bda0ab
|
||||
|
||||
|
||||
=========
|
||||
working extension attack against a basic mic:
|
||||
=========
|
||||
|
||||
>>> authur1.authur1(bytearray(4), False, bytearray(0x33a9cfff.to_bytes(4))).hex()
|
||||
'fd0ef003'
|
||||
>>> authur1.keyed_hash(bytearray(8), bytearray(16), False).hex()
|
||||
'fd0ef003'
|
||||
>>>
|
||||
|
||||
|
||||
===========
|
||||
Reversing the exercise
|
||||
===========
|
||||
❯ bash authurl-values-attack.sh
|
||||
bytearray(b'abcdef') has length 6
|
||||
========================================================================================================================
|
||||
extension_msg for bruteforce: bytearray(b'ef\xff\xff')
|
||||
looking for result: 0f6b8802
|
||||
Bruteforcing the internal state, this might take a while
|
||||
========================================================================================================================
|
||||
state 332e2000 | hash 0f6ba002 | search 0f6b88022
|
||||
========================================================================================================================
|
||||
FOUND THE THING
|
||||
IT IS 332e2800
|
||||
========================================================================================================================
|
||||
Trying to forge a mic for an extended version with input:
|
||||
00006566
|
||||
(ef)
|
||||
========================================================================================================================
|
||||
Hacked MIC: 0f6b8802
|
||||
Forged a valid delta:
|
||||
====================BEGIN FORGED AUTHENTICATED TEXT====================
|
||||
bytearray(b'ef')
|
||||
====================END FORGED AUTHENTICATED TEXT======================
|
||||
MIC: bytearray(b'\x0fk\x88\x02')
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
# values from the exercise
|
||||
#./authur1.py -e "abcd:632e4e5c,abcdef:0f6b8802,abcdefghijk:2638a819,foobar:782a826e,barfoo:885dc316"
|
||||
./authur1.py -e "abcdef:0f6b8802"
|
|
@ -0,0 +1,10 @@
|
|||
"""
|
||||
Some basic math functionalities
|
||||
"""
|
||||
def modular_exponentiation(base: int, exp: int, field: int) -> int:
|
||||
"""
|
||||
calculates base^exp in the gallois given gallois field
|
||||
|
||||
Uses iterative squaring to be able to calculate large exponents aswell.
|
||||
"""
|
||||
...
|
Loading…
Reference in New Issue