crypto modules

Cryptography/Hash_Functions/SHA/sha-256-bruteforce.py

@@ -0,0 +1,11 @@
+'''
+from asis 2013: The last crypto (binary numbers) was very puzzling. We couldn’t decipher it. But a few minutes before the CTF ending, we noticed we could brute-force the 6 missing characters offline, because in each task, there was a client-side verification with a sha-256 hash. For this task, the hash of the flag was 6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba. A quick brute-force in Python revealed us the missing chars, and therefore, the final flag to submit!
+'''
+
+
+import hashlib, itertools
+hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
+ch = 'abcdef0123456789'
+for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
+    if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
+        print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)

Cryptography/Hash_Functions/SHA/sha-256-bruteforce_remove_123456789x.py

@@ -0,0 +1,24 @@
+'''
+from asis 2013
+'''
+
+from itertools import permutations
+from hashlib import sha256
+
+def test(s):
+  e = '9f2a579716af14400c9ba1de8682ca52c17b3ed4235ea17ac12ae78ca24876ef'
+  return sha256('ASIS_' + s).hexdigest() == e
+
+m = '3c6a1c371b381c943065864b95ae5546'
+s = '12456789x'
+for p in permutations(s):
+    def f(sub, c):
+        if c in sub:
+            return sub[c]
+        else:
+            return c
+    sub = {c : d for c, d in zip(s, p)}
+    z = ''.join(f(sub, c) for c in m)
+    if test(z):
+        print z
+        break

Cryptography/Hash_Functions/SHA/sha1.py

@@ -0,0 +1,81 @@
+# SHA1 Python 2 implementation
+# Copyright (C) 2013  Filippo Valsorda
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# Based on a MIT licensed work by Stefano Palazzo (C) 2011
+# https://github.com/sfstpala/SlowSHA/blob/master/slowsha.py
+
+import struct
+import binascii
+
+lrot = lambda x, n: (x << n) | (x >> (32 - n))
+
+
+class SHA1():
+
+    _h0, _h1, _h2, _h3, _h4, = (
+        0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0)
+
+    def __init__(self, message):
+        length = struct.pack('>Q', len(message) * 8)
+        while len(message) > 64:
+            self._handle(message[:64])
+            message = message[64:]
+        message += '\x80'
+        message += '\x00' * ((56 - len(message) % 64) % 64)
+        message += length
+        while len(message):
+            self._handle(message[:64])
+            message = message[64:]
+
+    def _handle(self, chunk):
+        w = list(struct.unpack('>' + 'I' * 16, chunk))
+
+        for i in range(16, 80):
+            w.append(lrot(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1)
+                     & 0xffffffff)
+
+        a = self._h0
+        b = self._h1
+        c = self._h2
+        d = self._h3
+        e = self._h4
+
+        for i in range(80):
+
+            if i <= i <= 19:
+                f, k = d ^ (b & (c ^ d)), 0x5a827999
+            elif 20 <= i <= 39:
+                f, k = b ^ c ^ d, 0x6ed9eba1
+            elif 40 <= i <= 59:
+                f, k = (b & c) | (d & (b | c)), 0x8f1bbcdc
+            elif 60 <= i <= 79:
+                f, k = b ^ c ^ d, 0xca62c1d6
+
+            temp = lrot(a, 5) + f + e + k + w[i] & 0xffffffff
+            a, b, c, d, e = temp, a, lrot(b, 30), c, d
+
+        self._h0 = (self._h0 + a) & 0xffffffff
+        self._h1 = (self._h1 + b) & 0xffffffff
+        self._h2 = (self._h2 + c) & 0xffffffff
+        self._h3 = (self._h3 + d) & 0xffffffff
+        self._h4 = (self._h4 + e) & 0xffffffff
+
+    def digest(self):
+        return struct.pack('>IIIII', self._h0, self._h1,
+                           self._h2, self._h3, self._h4)
+
+    def hexdigest(self):
+        return binascii.hexlify(self.digest()).decode()

Cryptography/Hash_Functions/SHA/sha2.py

@@ -0,0 +1,188 @@
+# SHA2 family Python 2 implementation
+# Copyright (C) 2013  Filippo Valsorda
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import struct
+import binascii
+import math
+
+rrot = lambda x, n: (x >> n) | (x << (32 - n))
+
+from itertools import count, islice
+primes = lambda n: islice((k for k in count(2) if all(k % d for d in range(2, k))), 0, n)
+
+class _SHA2_32():
+
+    # (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
+    _k = [int(math.modf(x ** (1.0/3))[0] * (1 << 32)) for x in primes(64)]
+
+    def __init__(self, message):
+        length = struct.pack('>Q', len(message) * 8)
+        while len(message) > 64:
+            self._handle(message[:64])
+            message = message[64:]
+        message += '\x80'
+        message += '\x00' * ((56 - len(message) % 64) % 64)
+        message += length
+        while len(message):
+            self._handle(message[:64])
+            message = message[64:]
+
+    def _handle(self, chunk):
+        w = list(struct.unpack('>' + 'I' * 16, chunk))
+
+        for i in range(16, 64):
+            s0 = rrot(w[i - 15], 7) ^ rrot(w[i - 15], 18) ^ (w[i - 15] >> 3)
+            s1 = rrot(w[i - 2], 17) ^ rrot(w[i - 2], 19) ^ (w[i - 2] >> 10)
+            w.append((w[i - 16] + s0 + w[i - 7] + s1) & 0xffffffff)
+
+        a = self._h0
+        b = self._h1
+        c = self._h2
+        d = self._h3
+        e = self._h4
+        f = self._h5
+        g = self._h6
+        h = self._h7
+
+        for i in range(64):
+            S1 = rrot(e, 6) ^ rrot(e, 11) ^ rrot(e, 25)
+            ch = (e & f) ^ ((~e) & g)
+            temp = h + S1 + ch + self._k[i] + w[i]
+            d = (d + temp) & 0xffffffff
+            S0 = rrot(a, 2) ^ rrot(a, 13) ^ rrot(a, 22)
+            maj = (a & (b ^ c)) ^ (b & c)
+            temp = (temp + S0 + maj) & 0xffffffff
+
+            h, g, f, e, d, c, b, a = g, f, e, d, c, b, a, temp
+
+        self._h0 = (self._h0 + a) & 0xffffffff
+        self._h1 = (self._h1 + b) & 0xffffffff
+        self._h2 = (self._h2 + c) & 0xffffffff
+        self._h3 = (self._h3 + d) & 0xffffffff
+        self._h4 = (self._h4 + e) & 0xffffffff
+        self._h5 = (self._h5 + f) & 0xffffffff
+        self._h6 = (self._h6 + g) & 0xffffffff
+        self._h7 = (self._h7 + h) & 0xffffffff
+
+    def hexdigest(self):
+        return binascii.hexlify(self.digest()).decode()
+
+
+class SHA2_256(_SHA2_32):
+
+    # (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
+    _h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
+        0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+        0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19)
+
+    def digest(self):
+        return struct.pack('>IIIIIIII', self._h0, self._h1, self._h2,
+                           self._h3, self._h4, self._h5, self._h6, self._h7)
+
+class SHA2_224(_SHA2_32):
+
+    # (second 32 bits of the fractional parts of the square roots of the 9..16 primes 23..53)
+    _h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
+        0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+        0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4)
+
+    def digest(self):
+        return struct.pack('>IIIIIII', self._h0, self._h1, self._h2,
+                           self._h3, self._h4, self._h5, self._h6)
+
+
+class _SHA2_64():
+
+    # (first 64 bits of the fractional parts of the cube roots of the first 80 primes)
+    _k = [int(math.modf(x ** (1.0/3))[0] * (1 << 80)) for x in primes(80)]
+
+    def __init__(self, message):
+        length = struct.pack('>QQ', (len(message) * 8) >> 32, (len(message) * 8) & 0xffffffff)
+        while len(message) > 128:
+            self._handle(message[:128])
+            message = message[128:]
+        message += '\x80'
+        message += '\x00' * ((112 - len(message) % 128) % 128)
+        message += length
+        while len(message):
+            self._handle(message[:128])
+            message = message[128:]
+
+    def _handle(self, chunk):
+        w = list(struct.unpack('>' + 'Q' * 16, chunk))
+
+        for i in range(16, 80):
+            s0 = rrot(w[i - 15], 7) ^ rrot(w[i - 15], 18) ^ (w[i - 15] >> 3)
+            s1 = rrot(w[i - 2], 17) ^ rrot(w[i - 2], 19) ^ (w[i - 2] >> 10)
+            w.append((w[i - 16] + s0 + w[i - 7] + s1) & 0xffffffffffffffff)
+
+        a = self._h0
+        b = self._h1
+        c = self._h2
+        d = self._h3
+        e = self._h4
+        f = self._h5
+        g = self._h6
+        h = self._h7
+
+        for i in range(80):
+            S1 = rrot(e, 6) ^ rrot(e, 11) ^ rrot(e, 25)
+            ch = (e & f) ^ ((~e) & g)
+            temp = h + S1 + ch + self._k[i] + w[i]
+            d = (d + temp) & 0xffffffffffffffff
+            S0 = rrot(a, 2) ^ rrot(a, 13) ^ rrot(a, 22)
+            maj = (a & (b ^ c)) ^ (b & c)
+            temp = (temp + S0 + maj) & 0xffffffffffffffff
+
+            h, g, f, e, d, c, b, a = g, f, e, d, c, b, a, temp
+
+        self._h0 = (self._h0 + a) & 0xffffffffffffffff
+        self._h1 = (self._h1 + b) & 0xffffffffffffffff
+        self._h2 = (self._h2 + c) & 0xffffffffffffffff
+        self._h3 = (self._h3 + d) & 0xffffffffffffffff
+        self._h4 = (self._h4 + e) & 0xffffffffffffffff
+        self._h5 = (self._h5 + f) & 0xffffffffffffffff
+        self._h6 = (self._h6 + g) & 0xffffffffffffffff
+        self._h7 = (self._h7 + h) & 0xffffffffffffffff
+
+    def hexdigest(self):
+        return binascii.hexlify(self.digest()).decode()
+
+
+class SHA2_512(_SHA2_64):
+
+    # (first 64 bits of the fractional parts of the square roots of the first 8 primes 2..19)
+    _h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
+        0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b,
+        0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f,
+        0x1f83d9abfb41bd6b, 0x5be0cd19137e2179)
+
+    def digest(self):
+        return struct.pack('>QQQQQQQQ', self._h0, self._h1, self._h2,
+                           self._h3, self._h4, self._h5, self._h6, self._h7)
+
+
+class SHA2_384(_SHA2_64):
+
+    # (second 64 bits of the fractional parts of the square roots of the 9..16 primes 23..53)
+    _h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
+        0xcbbb9d5dc1059ed8, 0x629a292a367cd507, 0x9159015a3070dd17,
+        0x152fecd8f70e5939, 0x67332667ffc00b31, 0x8eb44a8768581511,
+        0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4)
+
+    def digest(self):
+        return struct.pack('>QQQQQQQ', self._h0, self._h1, self._h2,
+                           self._h3, self._h4, self._h5, self._h6)

Cryptography/Hash_Functions/SHA/sha_simple_example.py

@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+def example_sha():
+    from Crypto.Hash import SHA256
+    hash = SHA256.new()
+    hash.update('message')
+    print hash.digest()
+
+if __name__ == '__main__':
+    example_sha()