-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add encryption support #4
Add encryption support #4
Conversation
Added a hacky encryption mode. Duplicated the wrapper and callback functions so they can be modified for encryption mode if needed.
Added a test for the encryption mode
added demonstration of encryption mode to README
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verified encryption feature on one of the services vulnerable to Padding Oracle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️
@@ -63,6 +64,42 @@ plaintext = padding_oracle( | |||
num_threads = 16, | |||
) | |||
``` | |||
### Encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Needs an extra line above and below.
Fixed the print out and other things a while ago but forgot to push changes lol. Will push asap |
Fixed the printout to just update the user on progress (it does still print the final encrypted payload). Added PKCS#7 padding by default to match the default decryption behaviour. Changed mode to accept only a string. I think I have fixed the various nit suggestions but may have missed some (or many tbh) Actually remembered to push changes (wow incredible right)
forgot to check formatting was ok, have fixed some issues with it. flake8 is not happy with the formatting
I think everything mentioned here has been fixed. Would appreciate if someone else could have a quick read through double check that I didn't miss something. |
Adding Encryption Support
As demonstrated by Rizzo and Duong[1] padding oracles in CBC encryption implementations can be used to form an encryption oracle, allowing an attacker to forge valid ciphertexts without knowing the secret key. This PR contains a rather quick implementation of the CBC-R attack, tests for this encryption mode and an updated README file. The changes are not breaking, with the default behaviour remaining the original decryption routine. Wrapping functions have been duplicated for the encryption routine to allow for modification to better suite it in future, but this is beyond what I need right now and as such they have been left unchanged.
The CBC-R attack:
for a padded plaintext we want to encrypt, we divide it into n blocks and n+1 random ciphertext blocks. For each ciphertext block, starting at the (n+1)th block we use the standard padding oracle attack to decrypt that block with an IV of all null bytes, effectively finding the raw decryption of that block. We then xor that decrypted block with the nth plaintext block and set the nth ciphertext block to the result of that operation.
python-esque pseudocode:
[1]: Juliano Rizzo; Thai Duong (25 May 2010). Practical Padding Oracle Attacks (PDF). USENIX WOOT 2010.