Cryptography on soffensive bloghttps://soffensive.github.io/tags/cryptography/Recent content in Cryptography on soffensive blogHugoenTue, 23 Jan 2018 03:29:00 -0800pwnable.kr: crypto1 challengehttps://soffensive.github.io/posts/ctf/2018-01-23-pwnable-kr-crypto1-challenge/Tue, 23 Jan 2018 03:29:00 -0800https://soffensive.github.io/posts/ctf/2018-01-23-pwnable-kr-crypto1-challenge/<p>In the pwnable.kr challenge <code>crypto1</code> in the rookies section, we are given the following two files <code>client.py</code> and <code>server.py</code>:</p> <h2 id="clientpy">client.py</h2> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span><span class="lnt">42 </span><span class="lnt">43 </span><span class="lnt">44 </span><span class="lnt">45 </span><span class="lnt">46 </span><span class="lnt">47 </span><span class="lnt">48 </span><span class="lnt">49 </span><span class="lnt">50 </span><span class="lnt">51 </span><span class="lnt">52 </span><span class="lnt">53 </span><span class="lnt">54 </span><span class="lnt">55 </span><span class="lnt">56 </span><span class="lnt">57 </span><span class="lnt">58 </span><span class="lnt">59 </span><span class="lnt">60 </span><span class="lnt">61 </span><span class="lnt">62 </span><span class="lnt">63 </span><span class="lnt">64 </span><span class="lnt">65 </span><span class="lnt">66 </span><span class="lnt">67 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="ch">#!/usr/bin/python</span> </span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">Crypto.Cipher</span> <span class="kn">import</span> <span class="n">AES</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">base64</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">os</span><span class="o">,</span> <span class="nn">sys</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">xmlrpclib</span> </span></span><span class="line"><span class="cl"><span class="n">rpc</span> <span class="o">=</span> <span class="n">xmlrpclib</span><span class="o">.</span><span class="n">ServerProxy</span><span class="p">(</span><span class="s2">&#34;http://localhost:9100/&#34;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">BLOCK_SIZE</span> <span class="o">=</span> <span class="mi">16</span> </span></span><span class="line"><span class="cl"><span class="n">PADDING</span> <span class="o">=</span> <span class="s1">&#39;</span><span class="se">\x00</span><span class="s1">&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">pad</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">s</span><span class="p">:</span> <span class="n">s</span> <span class="o">+</span> <span class="p">(</span><span class="n">BLOCK_SIZE</span> <span class="o">-</span> <span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="o">%</span> <span class="n">BLOCK_SIZE</span><span class="p">)</span> <span class="o">*</span> <span class="n">PADDING</span> </span></span><span class="line"><span class="cl"><span class="n">EncodeAES</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">c</span><span class="p">,</span> <span class="n">s</span><span class="p">:</span> <span class="n">c</span><span class="o">.</span><span class="n">encrypt</span><span class="p">(</span><span class="n">pad</span><span class="p">(</span><span class="n">s</span><span class="p">))</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s1">&#39;hex&#39;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">DecodeAES</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">c</span><span class="p">,</span> <span class="n">e</span><span class="p">:</span> <span class="n">c</span><span class="o">.</span><span class="n">decrypt</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">&#39;hex&#39;</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># server&#39;s secrets</span> </span></span><span class="line"><span class="cl"><span class="n">key</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">iv</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">cookie</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># guest / 8b465d23cb778d3636bf6c4c5e30d031675fd95cec7afea497d36146783fd3a1</span> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">sanitize</span><span class="p">(</span><span class="n">arg</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">arg</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">c</span> <span class="ow">not</span> <span class="ow">in</span> <span class="s1">&#39;1234567890abcdefghijklmnopqrstuvwxyz-_&#39;</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">False</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">True</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">AES128_CBC</span><span class="p">(</span><span class="n">msg</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">cipher</span> <span class="o">=</span> <span class="n">AES</span><span class="o">.</span><span class="n">new</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">AES</span><span class="o">.</span><span class="n">MODE_CBC</span><span class="p">,</span> <span class="n">iv</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">EncodeAES</span><span class="p">(</span><span class="n">cipher</span><span class="p">,</span> <span class="n">msg</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">request_auth</span><span class="p">(</span><span class="nb">id</span><span class="p">,</span> <span class="n">pw</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">packet</span> <span class="o">=</span> <span class="s1">&#39;</span><span class="si">{0}</span><span class="s1">-</span><span class="si">{1}</span><span class="s1">-</span><span class="si">{2}</span><span class="s1">&#39;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="nb">id</span><span class="p">,</span> <span class="n">pw</span><span class="p">,</span> <span class="n">cookie</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="n">e_packet</span> <span class="o">=</span> <span class="n">AES128_CBC</span><span class="p">(</span><span class="n">packet</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;sending encrypted data (</span><span class="si">{0}</span><span class="s1">)&#39;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">e_packet</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">rpc</span><span class="o">.</span><span class="n">authenticate</span><span class="p">(</span><span class="n">e_packet</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s1">&#39;__main__&#39;</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;---------------------------------------------------&#39;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;- PWNABLE.KR secure RPC login system -&#39;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;---------------------------------------------------&#39;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;&#39;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;Input your ID&#39;</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="nb">id</span> <span class="o">=</span> <span class="n">raw_input</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;Input your PW&#39;</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="n">pw</span> <span class="o">=</span> <span class="n">raw_input</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">sanitize</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="o">==</span> <span class="kc">False</span> <span class="ow">or</span> <span class="n">sanitize</span><span class="p">(</span><span class="n">pw</span><span class="p">)</span> <span class="o">==</span> <span class="kc">False</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;format error&#39;</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="n">os</span><span class="o">.</span><span class="n">_exit</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="n">cred</span> <span class="o">=</span> <span class="n">request_auth</span><span class="p">(</span><span class="nb">id</span><span class="p">,</span> <span class="n">pw</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">cred</span><span class="o">==</span><span class="mi">0</span> <span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;you are not authenticated user&#39;</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="n">os</span><span class="o">.</span><span class="n">_exit</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">cred</span><span class="o">==</span><span class="mi">1</span> <span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;hi guest, login as admin&#39;</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="n">os</span><span class="o">.</span><span class="n">_exit</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="s1">&#39;hi admin, here is your flag&#39;</span> </span></span><span class="line"><span class="cl"> <span class="nb">print</span> <span class="nb">open</span><span class="p">(</span><span class="s1">&#39;flag&#39;</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="serverpy">server.py</h2> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="ch">#!/usr/bin/python</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">xmlrpclib</span><span class="o">,</span> <span class="nn">hashlib</span> </span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">SimpleXMLRPCServer</span> <span class="kn">import</span> <span class="n">SimpleXMLRPCServer</span> </span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">Crypto.Cipher</span> <span class="kn">import</span> <span class="n">AES</span> </span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">os</span><span class="o">,</span> <span class="nn">sys</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">BLOCK_SIZE</span> <span class="o">=</span> <span class="mi">16</span> </span></span><span class="line"><span class="cl"><span class="n">PADDING</span> <span class="o">=</span> <span class="s1">&#39;</span><span class="se">\x00</span><span class="s1">&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">pad</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">s</span><span class="p">:</span> <span class="n">s</span> <span class="o">+</span> <span class="p">(</span><span class="n">BLOCK_SIZE</span> <span class="o">-</span> <span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="o">%</span> <span class="n">BLOCK_SIZE</span><span class="p">)</span> <span class="o">*</span> <span class="n">PADDING</span> </span></span><span class="line"><span class="cl"><span class="n">EncodeAES</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">c</span><span class="p">,</span> <span class="n">s</span><span class="p">:</span> <span class="n">c</span><span class="o">.</span><span class="n">encrypt</span><span class="p">(</span><span class="n">pad</span><span class="p">(</span><span class="n">s</span><span class="p">))</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s1">&#39;hex&#39;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">DecodeAES</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">c</span><span class="p">,</span> <span class="n">e</span><span class="p">:</span> <span class="n">c</span><span class="o">.</span><span class="n">decrypt</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">&#39;hex&#39;</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># server&#39;s secrets</span> </span></span><span class="line"><span class="cl"><span class="n">key</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">iv</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"><span class="n">cookie</span> <span class="o">=</span> <span class="s1">&#39;erased. but there is something on the real source code&#39;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">AES128_CBC</span><span class="p">(</span><span class="n">msg</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">cipher</span> <span class="o">=</span> <span class="n">AES</span><span class="o">.</span><span class="n">new</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">AES</span><span class="o">.</span><span class="n">MODE_CBC</span><span class="p">,</span> <span class="n">iv</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">DecodeAES</span><span class="p">(</span><span class="n">cipher</span><span class="p">,</span> <span class="n">msg</span><span class="p">)</span><span class="o">.</span><span class="n">rstrip</span><span class="p">(</span><span class="n">PADDING</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">authenticate</span><span class="p">(</span><span class="n">e_packet</span><span class="p">):</span> </span></span><span class="line"><span class="cl"> <span class="n">packet</span> <span class="o">=</span> <span class="n">AES128_CBC</span><span class="p">(</span><span class="n">e_packet</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="nb">id</span> <span class="o">=</span> <span class="n">packet</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;-&#39;</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="n">pw</span> <span class="o">=</span> <span class="n">packet</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;-&#39;</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">packet</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;-&#39;</span><span class="p">)[</span><span class="mi">2</span><span class="p">]</span> <span class="o">!=</span> <span class="n">cookie</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="mi">0</span> <span class="c1"># request is not originated from expected server</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha256</span><span class="p">(</span><span class="nb">id</span><span class="o">+</span><span class="n">cookie</span><span class="p">)</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span> <span class="o">==</span> <span class="n">pw</span> <span class="ow">and</span> <span class="nb">id</span> <span class="o">==</span> <span class="s1">&#39;guest&#39;</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="mi">1</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha256</span><span class="p">(</span><span class="nb">id</span><span class="o">+</span><span class="n">cookie</span><span class="p">)</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span> <span class="o">==</span> <span class="n">pw</span> <span class="ow">and</span> <span class="nb">id</span> <span class="o">==</span> <span class="s1">&#39;admin&#39;</span><span class="p">:</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="mi">2</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="mi">0</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">server</span> <span class="o">=</span> <span class="n">SimpleXMLRPCServer</span><span class="p">((</span><span class="s2">&#34;localhost&#34;</span><span class="p">,</span> <span class="mi">9100</span><span class="p">))</span> </span></span><span class="line"><span class="cl"><span class="nb">print</span> <span class="s2">&#34;Listening on port 9100...&#34;</span> </span></span><span class="line"><span class="cl"><span class="n">server</span><span class="o">.</span><span class="n">register_function</span><span class="p">(</span><span class="n">authenticate</span><span class="p">,</span> <span class="s2">&#34;authenticate&#34;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">server</span><span class="o">.</span><span class="n">serve_forever</span><span class="p">()</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="analysis">Analysis</h2> <p>Furthermore, there is a running instance of <code>client.py</code> at <code>pwnable.kr</code> on port <code>9006</code>. Our goal is to connect to this service and retrieve the flag.</p>