From fa39147c7daa3822fcf446e083047767172def2f Mon Sep 17 00:00:00 2001 From: Yan Date: Mon, 30 Sep 2024 00:03:55 -0700 Subject: [PATCH] dhke-aes! --- cryptography/dhke-aes/DESCRIPTION.md | 3 ++ cryptography/dhke-aes/run | 50 ++++++++++++++++++++++++++++ cryptography/module.yml | 2 ++ 3 files changed, 55 insertions(+) create mode 100644 cryptography/dhke-aes/DESCRIPTION.md create mode 100755 cryptography/dhke-aes/run diff --git a/cryptography/dhke-aes/DESCRIPTION.md b/cryptography/dhke-aes/DESCRIPTION.md new file mode 100644 index 0000000..6ec3a8c --- /dev/null +++ b/cryptography/dhke-aes/DESCRIPTION.md @@ -0,0 +1,3 @@ +Armed with your knowledge of DHKE, you will now build your first cryptosystem that resembles something real! +You'll use DHKE to negotiate an AES key, and the challenge will use that key to encrypt the flag. +Decrypt it, and win! diff --git a/cryptography/dhke-aes/run b/cryptography/dhke-aes/run new file mode 100755 index 0000000..ac5f1c9 --- /dev/null +++ b/cryptography/dhke-aes/run @@ -0,0 +1,50 @@ +#!/opt/pwn.college/python + +import sys +from base64 import b64encode +from Crypto.Cipher import AES +from Crypto.Util.Padding import pad +from Crypto.Random.random import getrandbits + +flag = open("/flag", "rb").read() +assert len(flag) <= 256 + +# 2048-bit MODP Group from RFC3526 +p = int.from_bytes(bytes.fromhex( + "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " + "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " + "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " + "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " + "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D " + "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F " + "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D " + "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B " + "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 " + "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 " + "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF" +), "big") +g = 2 +print(f"p = {p:#x}") +print(f"g = {g:#x}") + +a = getrandbits(2048) +A = pow(g, a, p) +print(f"A = {A:#x}") + +try: + B = int(input("B? "), 16) +except ValueError: + print("Invalid B value (not a hex number)", file=sys.stderr) + sys.exit(1) +if B <= 2**1024: + print("Invalid B value (B <= 2**1024)", file=sys.stderr) + sys.exit(1) + +s = pow(B, a, p) +key = s.to_bytes(256, "little")[:16] + +# friendship ended with DHKE, AES is my new best friend +cipher = AES.new(key=key, mode=AES.MODE_CBC) +flag = open("/flag", "rb").read() +ciphertext = cipher.iv + cipher.encrypt(pad(flag, cipher.block_size)) +print(f"Flag Ciphertext (b64): {b64encode(ciphertext).decode()}") diff --git a/cryptography/module.yml b/cryptography/module.yml index 04c429f..5e61129 100644 --- a/cryptography/module.yml +++ b/cryptography/module.yml @@ -43,6 +43,8 @@ challenges: name: "AES-CBC-POA-Encrypt" - id: level-6 name: DHKE +- id: dhke-aes + name: "DHKE-to-AES" - id: level-7 name: RSA 1 - id: level-8