Matasano Crypto Challenges, Set 6

The last of the original crypto challenges… here we go!

Challenge 41 Implement unpadded message recovery oracle

Unpadded RSA is homomorphic, meaning that, if operations like multiplication and addition are carried out on ciphertext, it is as if the same operation were applied to the plaintext.

Read More

Generating and Interpreting Bytecode for MITScript — Using Rust

Well, this was my first foray into the world of Rust, the systems language that is Mozilla’s precious baby. And what better way to learn this hip new language than to write an MITScript bytecode interpreter for Computer Language Engineering?

Rust was not gentle for this first-time developer. It does so much to protect you that my first attempt writing a few hundred lines of code resulted in the same number of compiler errors, and I needed a lot of help from my team to just get anything to compile. For this reason, it’s not great for iterating quickly if you aren’t very experienced already. But, I’m licking my chops at the fact that the end result will be much safer, and hopefully faster, than our classmates’ C++ compilers. This post will be about the struggles I encountered as a Rust newbie, as well as the fun of generating/interpreting MITScript bytecode.

Read More

Matasano Crypto Challenges, Set 5

This set was surprisingly easy, actually. The book Understanding Cryptography by Paar & Pelzl is an excellent intro to the basic maths needed for crypto — namely, the group theory and number theory necessary for RSA and Diffie-Hellman.

Let’s dive in!

Challenge 33 Implement Diffie-Hellman

Diffie-Hellman is a remarkably simple algorithm for two parties to jointly compute a shared secret key that may be used, for example, as a key for symmetric encryption.

Alice and Bob agree on an integer group of prime pp, with a generator gg. gg raised to every power in 0...p1{0...p-1}, taken modp\bmod p, can produce every element of pp. Hence, it is called a “generator” of the group.

Read More

Writing a C++ Interpreter for MITScript

Lab 2 in 6.035 was very satisfying and very fun. After creating the parser/lexer in Lab 1, we got to put our Abstract Syntax Tree to work — we created an interpreter to actually execute valid MITScript! By the end of this lab, we will be able to write arbitrarily complex programs and have them parsed and run.

Read More

Upcoming Blog Posts — Stay Tuned!

I’ve been insanely busy with a bunch of cool things, which means both more blog content, but also quite a large latency before I get around to writing them.

Here’s what I’ve been up to, and what awesome posts/series you can expect in the coming weeks:

  • 6.115 Labs and Final project — Masterlock combo breaker?
  • 6.857 Final project — Boston Symphony Orchestra iPad app pentest
  • CTFs — MITCTF, Cambridge2Cambridge
  • 6.035 MITScript interpreter in Rust

Read More

Starting a New Security Club at MIT

fortenforge, Devin Neal, and I decided that MIT needed more of a student security community on campus. So, we started TechSec in February 2017! We host weekly meetings on Monday nights and try to get students to compete with us in CTFs on weekends.

You can find our meeting/workshop notes, which we laboriously compile for the benefit of our club members, here. So far, we’ve been holding introduction to reverse engineering and binary workshops. We have a lot more planned, including interesting guest speakers.

Matasano Crypto Challenges, Set 4

Challenge 25 Break “random access read/write” AES CTR

Because we can seek into the ciphertext and edit arbitrary characters, we we can simply guess each plaintext character.

For each byte in the ciphertext, I can try all 256 characters by replacing the ciphertext byte with my encrypted guess using the provided edit() function. If the new ciphertext exactly matches the original ciphertext, then I know my guess for the plaintext character is correct, since it encrypted to the same byte.

1
2
3
4
5
6
for i in xrange(len(ciphertext)):
for c in candidates:
new_ciphertext = edit(ciphertext, i, c)
if new_ciphertext[i] == ciphertext[i]:
result += c

Read More

Matasano Crypto Challenges, Set 3

Challenge 17 The CBC padding oracle!!!

The CBC padding oracle is a very famous attack. We have an oracle function that takes in a ciphertext and decrypts it, returning True if the plaintext is padded properly.

The process behind the attack on each block is:

Read More

Matasano Crypto Challenges, Set 1

Challenge 1.1 Convert hex to base64

The first challenge is pretty straightforward, using python’s built-in functions or pwntools, as I use heavily in these challenges.

The functions a2b_hex, unhexlify, and ''.decode("hex") all do the same thing. They take in an ascii string of the form “[0-9a-f]*” and decode it. The string decodes to
I'm killing your brain like a poisonous mushroom. We can then use binascii.b2a_base64() to convert the byte string to a base64 representation.

Read More