Lab 2 in 6.035 was very satisfying and very fun. After creating the parser/lexer in Lab 1, we got to put our Abstract Syntax Tree to work — we created an interpreter to actually execute valid MITScript! By the end of this lab, we will be able to write arbitrarily complex programs and have them parsed and run.
Upcoming Blog Posts — Stay Tuned!
I’ve been insanely busy with a bunch of cool things, which means both more blog content, but also quite a large latency before I get around to writing them.
Here’s what I’ve been up to, and what awesome posts/series you can expect in the coming weeks:
- 6.115 Labs and Final project — Masterlock combo breaker?
- 6.857 Final project — Boston Symphony Orchestra iPad app pentest
- CTFs — MITCTF, Cambridge2Cambridge
- 6.035 MITScript interpreter in Rust
Starting a New Security Club at MIT
fortenforge, Devin Neal, and I decided that MIT needed more of a student security community on campus. So, we started TechSec in February 2017! We host weekly meetings on Monday nights and try to get students to compete with us in CTFs on weekends.
You can find our meeting/workshop notes, which we laboriously compile for the benefit of our club members, here. So far, we’ve been holding introduction to reverse engineering and binary workshops. We have a lot more planned, including interesting guest speakers.
Flex and Bison for a Simple Language, MITScript
For the first lab in 6.035, Computer Language Engineering, in Spring 2017, we use Flex, a lexical analyzer library, and Bison, a parser generator, to create a parser for a simple scripting language.
The grammar for the language is shown below.
Matasano Crypto Challenges, Set 1
Challenge 1.1 Convert hex to base64
The first challenge is pretty straightforward, using python’s built-in functions or pwntools, as I use heavily in these challenges.
The functions a2b_hex
, unhexlify
, and ''.decode("hex")
all do the same thing. They take in an ascii string of the form “[0-9a-f]*” and decode it. The string decodes to
I'm killing your brain like a poisonous mushroom
. We can then use binascii.b2a_base64()
to convert the byte string to a base64 representation.
Matasano Crypto Challenges, Set 2
Challenge 9 Implement PKCS#7 padding
As the challenge states, “A block cipher transforms a fixed-sized block (usually 8 or 16 bytes) of plaintext into ciphertext. But we almost never want to transform a single block; we encrypt irregularly-sized messages.”
The PKCS#7 padding scheme will append the number of bytes of padding to the end of the block. I use the pwntools pack()
function to pack the number of padding bytes.
Matasano Crypto Challenges, Set 3
Matasano Crypto Challenges, Set 4
Challenge 25 Break “random access read/write” AES CTR
Because we can seek into the ciphertext and edit arbitrary characters, we we can simply guess each plaintext character.
For each byte in the ciphertext, I can try all 256 characters by replacing the ciphertext byte with my encrypted guess using the provided edit()
function. If the new ciphertext exactly matches the original ciphertext, then I know my guess for the plaintext character is correct, since it encrypted to the same byte.
1 | for i in xrange(len(ciphertext)): |
NSA Cybersprint 2015
This is my first writeup, written in 2015 in Word and back-dated
Last weekend, I took to some haxxoring in the NSA Cybersprint Competition, a Capture-The-Flag that took place on a simulated corporate network infrastructure.
Here’s what it was like.