crypto_toolchain 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5c925134cae022ff1f352dd99a514ed156af2b24
+  data.tar.gz: 6da3e5de58817cc75ea75cb0463ccb2230dee7b9
+SHA512:
+  metadata.gz: 0dac92e2f29f7c800a15f0e8af6ef46581b9c23564fd73aa90fd80a90239ee67c59f21b8f94c2b588f8533ff9222ecd868e6b3b7ff3e34beab0b45d35044c274
+  data.tar.gz: ff82e12216383e5732637bc50fd93a34363972b119f2a9d3094a49076abd1737f025d0dfc48bfefba4941b2d88cd185f5a6fcaeff380a8c817221773aad60121

data/.gitignore

@@ -0,0 +1,51 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+Gemfile.lock
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.3
+before_install: gem install bundler -v 1.13.6

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Guardfile

@@ -0,0 +1,15 @@
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Forrest Fleming
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+# CryptoToolchain
+
+This is a suite of tools for ruining the blue team's day with respect to crypto.
+
+It is mostly based on the Matasano/Cryptopals challenges, because they lead you
+by the hand down the garden path to breaking a good number of common
+cryptographic vulnerabilities.
+
+NB: These will probably never be finished
+
+## Cryptopals progress
+
+### Set 1: Basics
+* [x] Convert hex to base64
+* [x] Fixed XOR
+* [x] Single-byte XOR cipher
+* [x] Detect single-character XOR
+* [x] Implement repeating-key XOR
+* [x] Break repeating-key XOR
+* [x] AES in ECB mode
+* [x] Detect AES in ECB mode
+
+### Set 2: Block crypto
+* [x] Implement PKCS#7 padding
+* [x] Implement CBC mode
+* [x] An ECB/CBC detection oracle
+* [x] Byte-at-a-time ECB decryption (Simple)
+* [x] ECB cut-and-paste
+* [x] Byte-at-a-time ECB decryption (Harder)
+* [x] PKCS#7 padding validation
+* [x] CBC bitflipping attacks
+
+### Set 3: Block & stream crypto
+* [x] The CBC padding oracle
+* [x] Implement CTR, the stream cipher mode
+* [x] Break fixed-nonce CTR mode using substitutions
+* [x] Break fixed-nonce CTR statistically
+* [x] Implement the MT19937 Mersenne Twister RNG
+* [x] Crack an MT19937 seed
+* [x] Clone an MT19937 RNG from its output
+* [x] Create the MT19937 stream cipher and break it
+
+### Set 4: Stream crypto & randomness
+* [x] Break "random access read/write" AES CTR
+* [x] CTR bitflipping
+* [x] Recover the key from CBC with IV=Key
+* [x] Implement a SHA-1 keyed MAC
+* [x] Break a SHA-1 keyed MAC using length extension
+* [x] Break an MD4 keyed MAC using length extension
+* [x] Implement and break HMAC-SHA1 with an artificial timing leak
+    * See [timing_attack](https://github.com/ffleming/timing_attack) for a timing attack tool
+    * See [camelflage](https://github.com/ffleming/camelflage) for the vulnerable server
+* [x] Break HMAC-SHA1 with a slightly less artificial timing leak
+    * See [timing_attack](https://github.com/ffleming/timing_attack) for a timing attack tool
+    * See [camelflage](https://github.com/ffleming/camelflage) for the vulnerable server
+
+### Set 5: Diffie-Hellman & friends
+* [x] Implement Diffie-Hellman
+* [x] Implement a MITM key-fixing attack on Diffie-Hellman with parameter injection
+* [x] Implement DH with negotiated groups, and break with malicious "g" parameters
+* [x] Implement Secure Remote Password (SRP)
+* [x] Break SRP with a zero key
+* [x] Offline dictionary attack on simplified SRP
+* [x] Implement RSA
+* [x] Implement an E=3 RSA Broadcast attack
+
+### Set 6: RSA & DSA
+* [x] Implement unpadded message recovery oracle
+* [x] Bleichenbacher's e=3 RSA Attack
+* [x] DSA key recovery from nonce
+* [x] DSA nonce recovery from repeated nonce
+* [x] DSA parameter tampering
+* [x] RSA parity oracle
+* [ ] Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case)
+* [ ] Bleichenbacher's PKCS 1.5 Padding Oracle (Complete Case)
+
+### Set 7: Hashes
+* [ ] CBC-MAC Message Forgery
+* [ ] Hashing with CBC-MAC
+* [ ] Compression Ratio Side-Channel Attacks
+* [ ] Iterated Hash Function Multicollisions
+* [ ] Kelsey and Schneier's Expandable Messages
+* [ ] Kelsey and Kohno's Nostradamus Attack
+* [ ] MD4 Collisions
+* [ ] RC4 Single-Byte Biases
+
+### Set 8: Abstract Algebra
+* [ ] Diffie-Hellman Revisited: Small Subgroup Confinement
+* [ ] Pollard's Method for Catching Kangaroos
+* [ ] Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
+* [ ] Single-Coordinate Ladders and Insecure Twists
+* [ ] Duplicate-Signature Key Selection in ECDSA (and RSA)
+* [ ] Key-Recovery Attacks on ECDSA with Biased Nonces
+* [ ] Key-Recovery Attacks on GCM with Repeated Nonces
+* [ ] Key-Recovery Attacks on GCM with a Truncated MAC

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "crypto_toolchain"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require "pry"
+Pry.start
+
+# require "irb"
+# IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/crypto_toolchain.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'crypto_toolchain/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "crypto_toolchain"
+  spec.version       = CryptoToolchain::VERSION
+  spec.authors       = ["Forrest Fleming"]
+  spec.email         = ["ffleming@gmail.com"]
+
+  spec.summary       = "Crypto toolchain for CTFs and so on"
+  spec.description   = "A toolchain for manipulating data in a variety of cryptographic " <<
+                       "and quasi-cryptographic ways."
+  spec.homepage      = "https://github.com/ffleming/crypto_toolchain"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.licenses      = ["MIT"]
+
+  spec.add_runtime_dependency "pry-byebug", "3.4"
+  spec.add_runtime_dependency "openssl", "~> 2.0"
+  spec.add_runtime_dependency "bigdecimal", "~> 1.2"
+  spec.add_development_dependency "bundler", "~> 1.13"
+  spec.add_development_dependency "guard-rspec", "~> 4.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "simplecov", "~> 0.15"
+end

data/exe/crypto

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "crypto_toolchain"
+
+require "pry"
+Pry.start

data/lib/crypto_toolchain/black_boxes/aes_ctr_editor.rb

@@ -0,0 +1,25 @@
+module CryptoToolchain
+  module BlackBoxes
+    class AesCtrEditor
+      def initialize(plaintext, key: Random.new.bytes(16), nonce: rand(0..0x0000FF))
+        @plaintext = plaintext
+        @key = key
+        @nonce = nonce
+        @ciphertext = plaintext.encrypt_ctr(key: key, nonce: nonce)
+      end
+
+      # Offset is in bytes
+      # Does not mutate @ciphetext or @plaintext
+      def edit(offset: ,with: )
+        previous = ciphertext[0...offset]
+        after = ciphertext[(offset + with.bytesize)..-1]
+        edited = with.encrypt_ctr(nonce: nonce,
+                                  key: key,
+                                  start_counter: offset)
+        previous + edited + after
+      end
+
+      attr_reader :plaintext, :key, :nonce, :ciphertext
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/cbc_bitflip_target.rb

@@ -0,0 +1,33 @@
+# encoding; ASCII-8BIT
+module CryptoToolchain
+  module BlackBoxes
+    class CbcBitflipTarget
+      def initialize(key: Random.new.bytes(16), iv: Random.new.bytes(16))
+        @key = key
+        @iv = iv
+      end
+
+      def encrypt(input)
+        str = prefix + input.gsub(/;|=/, "") + suffix
+        str.encrypt_cbc(key: key, blocksize: 16, iv: iv)
+      end
+
+      def is_admin?(crypted)
+        dec = crypted.decrypt_cbc(key: key, blocksize: 16, iv: iv)
+        dec.include?(";admin=true;")
+      end
+
+      private
+
+      attr_reader :key, :iv
+
+      def prefix
+        "comment1=cooking%20MCs;userdata="
+      end
+
+      def suffix
+        ";comment2=%20like%20a%20pound%20of%20bacon"
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/cbc_iv_equals_key_target.rb

@@ -0,0 +1,35 @@
+# encoding; ASCII-8BIT
+module CryptoToolchain
+  module BlackBoxes
+    class CbcIvEqualsKeyTarget
+      def initialize(key: Random.new.bytes(16))
+        @key = key
+      end
+
+      def encrypt(input)
+        str = prefix + input.gsub(/;|=/, "") + suffix
+        str.encrypt_cbc(key: key, blocksize: 16, iv: key)
+      end
+
+      def is_admin?(crypted)
+        dec = crypted.decrypt_cbc(key: key, blocksize: 16, iv: key)
+        dec.each_byte do |byte|
+          raise RuntimeError.new("Invalid byte in #{dec}") if byte > '~'.ord
+        end
+        dec.include?(";admin=true;")
+      end
+
+      private
+
+      attr_reader :key
+
+      def prefix
+        "comment1=cooking%20MCs;userdata="
+      end
+
+      def suffix
+        ";comment2=%20like%20a%20pound%20of%20bacon"
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/cbc_padding_oracle.rb

@@ -0,0 +1,44 @@
+module CryptoToolchain
+  module BlackBoxes
+    class CbcPaddingOracle
+
+      attr_reader :ciphertext, :plaintext
+
+      def initialize(key: Random.new.bytes(16), iv: Random.new.bytes(16))
+        @key = key
+        @iv = iv
+        @ciphertext = text.encrypt_cbc(key: key, iv: iv, blocksize: 16)
+        @plaintext = text
+      end
+
+      def execute(str)
+        begin
+          !!str.
+            decrypt_cbc(key: key, iv: iv, blocksize: 16, strip_padding: false).
+            without_pkcs7_padding(16, raise_error: true)
+        rescue ArgumentError
+          false
+        end
+      end
+
+      private
+
+      attr_reader :key, :iv
+
+      def text
+        @text ||= %w(
+          MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=
+          MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=
+          MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==
+          MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==
+          MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl
+          MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==
+          MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==
+          MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=
+          MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=
+          MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93
+        ).map(&:from_base64).sample
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/ctr_bitflip_target.rb

@@ -0,0 +1,32 @@
+# encoding; ASCII-8BIT
+module CryptoToolchain
+  module BlackBoxes
+    class CtrBitflipTarget
+      def initialize(key: Random.new.bytes(16), nonce: rand(0..0x0000FFFF))
+        @key = key
+        @nonce = nonce
+      end
+
+      def encrypt(input)
+        str = prefix + input.gsub(/;|=/, "") + suffix
+        str.encrypt_ctr(key: key,  nonce: nonce)
+      end
+
+      def is_admin?(crypted)
+        crypted.decrypt_ctr(key: key, nonce: nonce).include?(";admin=true;")
+      end
+
+      private
+
+      attr_reader :key, :nonce
+
+      def prefix
+        "comment1=cooking%20MCs;userdata="
+      end
+
+      def suffix
+        ";comment2=%20like%20a%20pound%20of%20bacon"
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/dsa_keypair.rb

@@ -0,0 +1,50 @@
+module CryptoToolchain
+  module BlackBoxes
+    class DSAKeypair
+      def initialize(p: DSA_P, q: DSA_Q, g: DSA_G, private_key: nil, dangerous: false)
+        @p = p
+        @q = q
+        @g = g
+        @private_key = numberize(private_key) unless private_key.nil?
+        @safe = !dangerous
+      end
+
+      attr_reader :p, :q, :g, :safe
+
+      def sign(m, k: nil)
+        r = s = 0
+        k ||= rand(2...q)
+        loop do
+          r = g.modpow(k, p) % q
+          next if safe && r == 0
+          digest = CryptoToolchain::Utilities::SHA1.digest(m).to_number
+          s = k.modinv(q) * ( digest + (private_key * r)) % q
+          next if safe && s == 0
+          return [r.to_bin_string, s.to_bin_string]
+        end
+      end
+
+      def verify(m, r: , s: , public_key: self.public_key)
+        s = s.to_number
+        r = r.to_number
+        if safe && !(0 < r && r < q) && (0 < s && s < q)
+          return false
+        end
+        w = s.invmod(q)
+        u_1 = (CryptoToolchain::Utilities::SHA1.digest(m).to_number * w) % q
+        u_2 = (r * w) % q
+        # a*b % n = [(a % n) * (b % n)] % m
+        v = ((g.modpow(u_1, p) * public_key.modpow(u_2, p)) % p) % q
+        v == r
+      end
+
+      def private_key
+        @private_key ||= rand(1..DSA_Q)
+      end
+
+      def public_key
+        @public_key ||= g.modpow(private_key, p)
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/ecb_cut_and_paste_target.rb

@@ -0,0 +1,50 @@
+# encoding: ASCII-8BIT
+class Hash
+  def symbolize_keys
+    map do |k, v|
+      [k.to_sym, v]
+    end.to_h
+  end
+end
+
+module CryptoToolchain
+  module BlackBoxes
+    class EcbCutAndPasteTarget
+      def initialize(key: String.random_bytes(16))
+        @key = key
+      end
+
+      def cookie_for(email)
+        {
+          email: email.gsub(/&|=/, ""),
+          uid: 10,
+          role: "user"
+        }.each_with_object([]) do |(k, v), memo|
+          memo << "#{k}=#{v}"
+        end.join("&")
+      end
+      alias_method :profile_for, :cookie_for
+
+      def encrypted_profile_for(email)
+        profile_for(email).encrypt_ecb(key: key, blocksize: 16)
+      end
+      alias_method :encrypt, :encrypted_profile_for
+
+      def decrypt(enc)
+        enc.
+          decrypt_ecb(key: key, blocksize: 16).
+          split("&").
+          map do |str|
+            k, v = str.split("=")
+            [k, v || ""]
+          end.
+          to_h.
+          symbolize_keys
+      end
+
+      private
+
+      attr_reader :key
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/ecb_interpolate_chosen_plaintext_oracle.rb

@@ -0,0 +1,28 @@
+# encoding: ASCII-8BIT
+module CryptoToolchain
+  module BlackBoxes
+    class EcbInterpolateChosenPlaintextOracle
+      MYSTERY_TEXT = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK"
+
+      def initialize(key: String.random_bytes(16))
+        @key = key
+      end
+
+      def encrypt(plaintext)
+        obfuscate(plaintext).encrypt_ecb(key: key, blocksize: 16)
+      end
+
+      private
+
+      attr_reader :key
+
+      def obfuscate(str)
+        "#{prefix}#{str}#{MYSTERY_TEXT.from_base64}"
+      end
+
+      def prefix
+        @prefix ||= String.random_bytes(rand(1..64))
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/ecb_or_cbc_encryptor.rb

@@ -0,0 +1,47 @@
+module CryptoToolchain
+  module BlackBoxes
+    class EcbOrCbcEncryptor
+      ENCRYPTION_ALGORITHMS = %i(ebc cbc).freeze
+      attr_reader :key, :plaintext
+
+      def initialize(plaintext, algorithm: random_algorithm)
+        raise ArgumentError.new("Unsupported algorithm #{algorithm}") unless ENCRYPTION_ALGORITHMS.include? algorithm
+        @plaintext = plaintext
+        @key = String.random_bytes(16)
+        @algorithm = algorithm
+      end
+
+      def encrypt(_algo = algorithm)
+        case _algo
+        when :ecb
+          encrypt_ecb
+        when :cbc
+          encrypt_cbc
+        end
+      end
+
+      private
+
+      def obfuscate(text)
+        append_len = (rand(5..10))
+        prepend_len = (rand(5..10))
+        "#{String.random_bytes(append_len)}#{text}#{String.random_bytes(prepend_len)}"
+      end
+
+      def encrypt_ecb
+        obfuscate(plaintext).encrypt_ecb(key: key, blocksize: 16)
+      end
+
+      def encrypt_cbc
+        obfuscate(plaintext).encrypt_cbc(key: key,
+                              iv: String.random_bytes(16),
+                              blocksize: 16)
+      end
+
+      def random_algorithm
+        ENCRYPTION_ALGORITHMS[rand(2)]
+      end
+    end
+
+  end
+end

data/lib/crypto_toolchain/black_boxes/ecb_prepend_chosen_plaintext_oracle.rb

@@ -0,0 +1,23 @@
+# encoding: ASCII-8BIT
+module CryptoToolchain
+  module BlackBoxes
+    class EcbPrependChosenPlaintextOracle
+      MYSTERY_TEXT = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK"
+      def initialize(key: String.random_bytes(16))
+        @key = key
+      end
+
+      def encrypt(plaintext)
+        obfuscate(plaintext).encrypt_ecb(key: key, blocksize: 16)
+      end
+
+      private
+
+      attr_reader :key
+
+      def obfuscate(str)
+        "#{str}#{MYSTERY_TEXT.from_base64}"
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/black_boxes/md4_mac.rb

@@ -0,0 +1,20 @@
+module CryptoToolchain
+  module BlackBoxes
+    class MD4Mac
+      attr_reader :key
+
+      def initialize(key: Random.new.bytes(16))
+        @key = key
+      end
+
+      def mac(str)
+        concat = key + str
+        CryptoToolchain::Utilities::MD4.hexdigest(concat)
+      end
+
+      def valid?(message: , mac: )
+        self.mac(message) == mac
+      end
+    end
+  end
+end