working automated weaponized first preimage attack
This commit is contained in:
parent
3cd27dab04
commit
c3f71b9596
|
@ -1,3 +1,4 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
# this is literal garbage
|
# this is literal garbage
|
||||||
# does not even work for the bad hash
|
# does not even work for the bad hash
|
||||||
def calcHash():
|
def calcHash():
|
||||||
|
|
|
@ -8,7 +8,8 @@ import random
|
||||||
DEFINED_INITIAL = bytearray(b'\xa5\xa5\xa5\xa5\x5a\x5a\x5a\x5a\x55\x55\x55\x55\xaa\xaa\xaa\xaa')
|
DEFINED_INITIAL = bytearray(b'\xa5\xa5\xa5\xa5\x5a\x5a\x5a\x5a\x55\x55\x55\x55\xaa\xaa\xaa\xaa')
|
||||||
# the hash we want to find in the preimage attacks
|
# the hash we want to find in the preimage attacks
|
||||||
# comes from 'AAAA'
|
# comes from 'AAAA'
|
||||||
THE_HASH = bytearray(b'\xe4\xe4\xe4\xe4\xa5\xa5\xa5\xa5\xaa\xaa\xaa\xaa\x55\x55\x55\x55')
|
#THE_HASH = bytearray(b'\xe4\xe4\xe4\xe4\xa5\xa5\xa5\xa5\xaa\xaa\xaa\xaa\x55\x55\x55\x55')
|
||||||
|
THE_HASH = bytearray(b'\xa4\xf4\xea\xee\xa5\xa5\xa5\xa5\xaa\xaa\xaa\xaa\x55\x55\x55\x55')
|
||||||
|
|
||||||
def trash_hash(input: bytearray) -> bytearray:
|
def trash_hash(input: bytearray) -> bytearray:
|
||||||
#print("original len is %s" % len(input))
|
#print("original len is %s" % len(input))
|
||||||
|
@ -59,6 +60,8 @@ def test_collision(a: bytearray, b: bytearray) -> bool:
|
||||||
return trash_hash(a) == trash_hash(b)
|
return trash_hash(a) == trash_hash(b)
|
||||||
|
|
||||||
def test_against_hash(input: bytearray, target_hash: bytearray) -> bool:
|
def test_against_hash(input: bytearray, target_hash: bytearray) -> bool:
|
||||||
|
print("given input:\t%s" % input.hex())
|
||||||
|
print("given input (repr):\t%s" % input.decode(errors="ignore"))
|
||||||
hashed = trash_hash(input)
|
hashed = trash_hash(input)
|
||||||
print("hashed variant:\t%s" % hashed.hex())
|
print("hashed variant:\t%s" % hashed.hex())
|
||||||
print("should be:\t%s" % THE_HASH.hex())
|
print("should be:\t%s" % THE_HASH.hex())
|
||||||
|
@ -75,13 +78,14 @@ def first_preimage():
|
||||||
|
|
||||||
for i in range(0, 16):
|
for i in range(0, 16):
|
||||||
|
|
||||||
between[i] = target[i] ^ DEFINED_INITIAL[i]
|
between[i] = THE_HASH[i] ^ DEFINED_INITIAL[i]
|
||||||
print("%d:\tbtw %s\ttar %s\thash %s" % (i, between.hex(), target.hex(), THE_HASH.hex()))
|
print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))
|
||||||
input[i] = between[i] ^ THE_HASH[i]
|
input[i] = target[i] ^ between[i]
|
||||||
print("%d:\tbtw %s\ttar %s\thash %s" % (i, between.hex(), target.hex(), THE_HASH.hex()))
|
print("%d:\tbtw %s\ttar %s\thash %s\n\tini %s\tinp %s" % (i, between.hex(), target.hex(), THE_HASH.hex(), DEFINED_INITIAL.hex(), input.hex()))
|
||||||
assert THE_HASH[i] == input[i] ^ target[i], "xor circle is broken"
|
assert THE_HASH[i] == DEFINED_INITIAL[i] ^ between[i], "xor circle is broken: %s vs %s" % (hex(THE_HASH[i]), hex(input[i] ^ between[i]))
|
||||||
|
|
||||||
print(test_against_hash(input, THE_HASH))
|
input: bytearray = bytearray(bytes(a ^ b for a, b in zip(input, target)))
|
||||||
|
print("for input '%s':\n %s" % (input, test_against_hash(input, THE_HASH)))
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
first_preimage()
|
first_preimage()
|
||||||
|
|
Loading…
Reference in New Issue