crypto-toolbox 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: dff3731a08e88906d365f475991967f6f29800ce
+  data.tar.gz: 622f4078f5a13226208ab4aff323b911bebb9d82
+SHA512:
+  metadata.gz: 6601d0c7bff0a3904557992cefbd36935b103e666f3c7d4616066ce33c6715b17d657b59527ad9e69e5043f09878efe5f19779117cb1f11d7a66b30e420cf609
+  data.tar.gz: af42b570b9ef6eb7240f23134290d4b0854fc4d2c5a03911449bdd7acf22491d570532755501ac0da0a8fab7d89b40c4fa76cce81716909610ef87e0079f9ead

data/lib/crypto-toolbox.rb

@@ -0,0 +1 @@
+require 'crypto-toolbox/crypt_buffer.rb'

data/lib/crypto-toolbox/break_vigenere.rb

@@ -0,0 +1,97 @@
+# coding: utf-8
+require_relative './crypt_buffer.rb'
+require_relative './key_filter.rb'
+require 'shellwords'
+require 'ffi/hunspell'
+
+##
+# http://www.ulduzsoft.com/2015/03/breaking-the-vigenere-cipher/
+# https://github.com/trekawek/vigenere/blob/master/vig.rb
+
+def find_pattern(buf)
+  bitstring = buf.bits.map{|b| b[0]}.join("")
+  1.upto([buf.bytes.length,62].min).map do |ksize|
+    parts = bitstring.scan(/.{#{ksize}}/)
+    if parts.uniq.length == 1
+      parts.first
+    else
+      nil
+    end
+  end.compact.first
+end
+
+input = ARGV[0] || "F96DE8C227A259C87EE1DA2AED57C93FE5DA36ED4EC87EF2C63AAE5B9A7EFFD673BE4ACF7BE8923CAB1ECE7AF2DA3DA44FCF7AE29235A24C963FF0DF3CA3599A70E5DA36BF1ECE77F8DC34BE129A6CF4D126BF5B9A7CFEDF3EB850D37CF0C63AA2509A76FF9227A55B9A6FE3D720A850D97AB1DD35ED5FCE6BF0D138A84CC931B1F121B44ECE70F6C032BD56C33FF9D320ED5CDF7AFF9226BE5BDE3FF7DD21ED56CF71F5C036A94D963FF8D473A351CE3FE5DA3CB84DDB71F5C17FED51DC3FE8D732BF4D963FF3C727ED4AC87EF5DB27A451D47EFD9230BF47CA6BFEC12ABE4ADF72E29224A84CDF3FF5D720A459D47AF59232A35A9A7AE7D33FB85FCE7AF5923AA31EDB3FF7D33ABF52C33FF0D673A551D93FFCD33DA35BC831B1F43CBF1EDF67F0DF23A15B963FE5DA36ED68D378F4DC36BF5B9A7AFFD121B44ECE76FEDC73BE5DD27AFCD773BA5FC93FE5DA3CB859D26BB1C63CED5CDF3FE2D730B84CDF3FF7DD21ED5ADF7CF0D636BE1EDB79E5D721ED57CE3FE6D320ED57D469F4DC27A85A963FF3C727ED49DF3FFFDD24ED55D470E69E73AC50DE3FE5DA3ABE1EDF67F4C030A44DDF3FF5D73EA250C96BE3D327A84D963FE5DA32B91ED36BB1D132A31ED87AB1D021A255DF71B1C436BF479A7AF0C13AA14794"
+
+buf = CryptBuffer.new(input)
+result = find_pattern(buf)
+
+if result.nil?
+  $stderr.puts "failed to find keylength by ASCII-8-Bit anlysis"
+  exit(1)
+end
+
+keylen = result.length
+puts "Found recurring key pattern: #{result}"
+puts "Detected key length: #{keylen}"
+
+candidate_map ={}
+(0..(keylen-1)).each do |key_byte|
+
+  nth_stream = (key_byte).step(buf.bytes.length() -1, keylen).map{|i| buf.bytes[i]}
+  smart_buf = CryptBuffer.new(nth_stream)
+
+  candidate_map[key_byte]=[]
+  1.upto(255).each do |possible_key_value|
+    if smart_buf.xor_all_with(possible_key_value).bytes.all?{|e| e > 31 && e < 123 && e != 60 && e !=64}
+      #puts  "YES: " + smart_buf.xor_all_with(possible_key_value).to_s
+      candidate_map[key_byte] << possible_key_value
+    else
+      #puts  "NO: " + smart_buf.xor_all_with(possible_key_value).to_s
+    end
+  end
+end
+
+
+
+head,*tail = candidate_map.map{|k,v|v}
+
+puts "Amount of candidate keys: #{candidate_map.map{|k,v| v.length}.reduce(&:*)}. Starting Permutation (RAM intensive)"
+
+combinations = head.product(*tail)
+# make sure all permutations are still according to the bytes per position map
+#x = combinations.select do |arr|
+#  #binding.pry
+#  arr.map.with_index{|e,i| candidate_map[i].include?(e)  }.all?{|e| e ==true}
+#end
+
+# printout for debugging. (Manual analysis of the characters)
+puts "======= Candidate decryption result of first #{keylen} bytes ======="
+(0..keylen-1).each do|i|
+  candidate_map[i].each do |byte|
+    print CryptBuffer.new(buf.bytes[i,keylen]).xor(byte).to_s +  " "
+  end
+  print "\n"
+end
+puts "====================================================================="
+
+
+result = KeySearch::Filter::AsciiPlain.new(combinations,buf).filter
+unless result.empty?
+  puts "[Success] Found valid result(s)"
+  result.each do |r|
+    puts r.xor(buf).str
+  end
+end
+
+=begin
+NOTE: we may at digram and trigram support?
+#trigram="the "
+#x = CryptBuffer.new(trigram)
+=end
+
+
+
+
+
+
+

data/lib/crypto-toolbox/crypt_buffer.rb

@@ -0,0 +1,147 @@
+require 'rubygems'
+require 'pry'
+require 'pp'
+require 'aes'
+
+class CryptBuffer
+  attr_accessor :bytes
+
+  include Enumerable
+
+  def initialize(input)
+    @bytes = bytes_from_any(input)
+  end
+
+  def each(&block)
+    @bytes.each(&block)
+  end
+
+  alias_method :b, :bytes
+
+  def hex
+    bytes2hex(bytes).upcase
+  end
+  alias_method :h, :hex
+  
+  def chars
+    map{|b| b.to_i.chr}
+  end
+  alias_method :c, :chars
+
+  def str
+    chars.join
+  end
+  alias_method :s, :str
+
+  def bits
+    map{|b| "%08d" % b.to_s(2) }
+  end
+
+  def xor(input,expand_input: false)
+    if expand_input
+      xor_all_with(input)
+    else
+      xor_bytes(bytes_from_any(input))
+    end
+  end
+
+  def xor_all_with(input)
+    expanded = expand_bytes(bytes_from_any(input),self.bytes.length)
+    xor_bytes(expanded)
+  end
+
+  def pp
+    puts pretty_hexstr
+  end
+
+  def xor_space
+    xor(0x20,expand_input: true)
+  end
+
+  def ==(other)
+    bytes == bytes_from_any(other)
+  end
+
+  def to_s
+    str
+  end
+
+  private
+  def expand_bytes(input,total)
+    if input.length >= total
+      input
+    else
+      n = total / input.length
+      rest = total % input.length
+
+      # expand the input to the full length of the internal data
+      (input * n) + input[0,rest]
+    end
+  end
+  def bytes_from_any(input)
+    case input
+      when Array
+        input
+      when String
+        if input.match(/^(0x)?[0-9a-fA-F]+$/).nil?
+          str2bytes(input)
+        else
+          hex2bytes(normalize_hex(input))
+        end
+      when CryptBuffer
+        input.b
+      when Fixnum
+        # integers as strings dont have a 0x prefix
+        if input.to_s(16).match(/^[0-9a-fA-F]+$/)
+          # assume 0x prefixed integer
+          hex2bytes(normalize_hex(input.to_s(16)))
+        else
+          # regular number
+          [input].pack('C*').bytes
+        end
+      else
+        raise "Unsupported input: #{input.inspect} of class #{input.class}"
+    end
+  end
+
+  def normalize_hex(str)
+    tmp = (str.length == 1) ? "0#{str}" : "#{str}"
+    tmp.gsub(/(^0x|\s)/,"").upcase
+  end
+
+  def strip_hex_prefix(hex)
+    raise "remove 0x from hexinput"
+  end
+
+  def xor_bytes(byt)
+    len = [self.bytes.size,byt.size].min
+    result = self.bytes[0...len].map.with_index{|b,i| b ^ byt[i] } + self.bytes[len,self.bytes.length - len]
+    CryptBuffer.new(result)
+  end
+
+  def xor_hex(hex)
+    x = hex2bytes(hex)
+    xor_bytes(x)
+  end
+
+  def hex2bytes(hexstr)
+    hexstr.scan(/../).map{|h| h.to_i(16) }
+  end
+
+  def str2bytes(str)
+    str.bytes.to_a
+  end
+
+  def bytes2hex(bytes)
+    bytes.map{|b| b.to_s(16)}.map{|hs| hs.length == 1 ? "0#{hs}" : hs  }.join
+  end
+
+  def pretty_hexstr
+    str = h.scan(/.{2}/).to_a.join(" ")
+   "0x#{h.upcase} (#{str.upcase})"
+  end
+end
+
+def CryptBuffer(input)
+  CryptBuffer.new(input)
+end

data/lib/crypto-toolbox/key_filter.rb

@@ -0,0 +1,41 @@
+require_relative './crypt_buffer.rb'
+require_relative './spell_checker.rb'
+require 'pry'
+
+module KeySearch
+  module Filter
+    class AsciiPlain
+      def initialize(keys,ciphertext,dict_lang="en_GB")
+        @keys = keys
+        @c = @ciphertext = ciphertext
+        @keylen = keys.first.length
+        @dict = FFI::Hunspell.dict(dict_lang)
+      end
+
+
+      def filter
+        # how often is the key repeated 
+        reps = @c.bytes.length / @keylen
+        result =[]
+        spell_checker = SpellChecker.new("en_GB")
+        
+        @keys.each_with_index do |key,i| #  i is used as a simple counter only !
+          test = CryptBuffer.new(@c.bytes[0,@keylen]).xor(key).str
+          repkey = CryptBuffer.new((key*reps) + key[0,(@c.bytes.length % reps).to_i])
+          str    = @c.xor(repkey).to_s
+
+          if spell_checker.human_language?(str)
+            result << repkey
+            break
+          else
+            if (i % 50000).zero?
+              puts "[Progress] #{i}/#{@keys.length} (#{(i.to_f/@keys.length*100).round(4)}%)"
+            end
+          end
+        end
+        return result
+      end
+      
+    end
+  end
+end

data/lib/crypto-toolbox/spell_checker.rb

@@ -0,0 +1,48 @@
+require 'ffi/hunspell'
+class SpellChecker
+  def initialize(dict_lang="en_GB")
+    @dict = FFI::Hunspell.dict(dict_lang)
+  end
+=begin
+NOTE: About spelling error rates and language detection:
+
+missing punctuation support may lead to > 2% errors on valid texts, thus we use a high value .
+invalid decryptions tend to have spell error rates > 70
+Some statistics about it:
+> summary(invalids)
+   Min. 1st Qu.  Median    Mean 3rd Qu.    Max. 
+ 0.6000  1.0000  1.0000  0.9878  1.0000  1.0000 
+> summary(cut(invalids,10))
+ (0.6,0.64] (0.64,0.68] (0.68,0.72] (0.72,0.76]  (0.76,0.8]  (0.8,0.84] 
+          8          13           9         534        1319        2809 
+(0.84,0.88] (0.88,0.92] (0.92,0.96]    (0.96,1] 
+      10581       46598      198477     1440651 
+=end
+  def known_words(str)
+    words = str.split(" ").select{|w| @dict.check?(w) }
+  end
+
+  def suggest(str)
+    @dict.suggest(str)
+  end
+                                                        
+  def human_language?(str)
+    words  = str.split(" ").length
+    errors = str.split(" ").map{|e| @dict.check?(e) }.count{|e| e == false}
+    # using shell instead of hunspell ffi causes lots of escaping errors, even with shellwords.escape
+    #errors = Float(`echo '#{Shellwords.escape(str)}' |hunspell -l |wc -l `.split.first)
+
+    error_rate = errors.to_f/words
+          
+    $stderr.puts error_rate.round(4) if ENV["CRYPTO_TOOBOX_PRINT_ERROR_RATES"]
+
+    if error_rate < 0.5
+      puts "[Success] Found valid result (spell error_rate: #{error_rate*100}% is below threshold: 20%)"
+      return true
+    else
+      return false
+    end
+  end
+
+    
+end

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification
+name: crypto-toolbox
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Dennis Sivia
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-04-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: ffi-hunspell
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+description: The Crypto Toolbox offers some tools to easily work with cryptographic
+  primitives like arrays of Bytes or hextrings
+email: dev@d-coded.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/crypto-toolbox.rb
+- lib/crypto-toolbox/break_vigenere.rb
+- lib/crypto-toolbox/crypt_buffer.rb
+- lib/crypto-toolbox/key_filter.rb
+- lib/crypto-toolbox/spell_checker.rb
+homepage: https://github.com/scepticulous/crypto-toolbox
+licenses:
+- GPLv3
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Toolbox for crypto analysis
+test_files: []