Skip to content

Instantly share code, notes, and snippets.

View Hartimer's full-sized avatar

Joao Peixoto Hartimer

5 followers · 1 following
View GitHub Profile
@Hartimer
Hartimer / hack_results.txt
Created March 14, 2019 04:55
Tested 100 possibilities
Timer: 3753.662109375ms
Tested 200 possibilities
Timer: 7538.422119140625ms
...
Tested 1000 possibilities
Timer: 37140.455078125ms
...
Tested 5000 possibilities
Timer: 185439.37817382812ms
@Hartimer
Hartimer / hack.js
Last active March 19, 2019 05:11
function hack(keyID) {
// Getting a key from the store directly.
// Simulates an attacker that has access to the value returned from
// this function.
chrome.storage.sync.get(keyID, async (resp) => {
const raw = resp[keyID];
console.time();
const enc = new TextEncoder();
const payload = Uint8Array.from(atob(raw), (c) => c.charCodeAt(0));
const saltByteLength = payload[0];
@Hartimer
Hartimer / storage.ts
Created March 14, 2019 04:30
export const saveKey = (key: string, privateKey: CryptoKey, pin: string): Promise<void> => {
return new Promise<void>(async (res, rej) => {
const salt = generateSalt(16);
const iv = generateInitVector(12);
const wrappingKey = await getWrappingKey(pin, salt);
const wrapAlgorithm: AesGcmParams = {
iv,
name: 'AES-GCM',
};
@Hartimer
Hartimer / storage.ts
Created March 14, 2019 04:21
export const getWrappingKey = async (pin: string, salt: Uint8Array): Promise<CryptoKey> => {
const enc = new TextEncoder();
const derivationKey = await window.crypto.subtle.importKey(
'raw',
enc.encode(pin),
{ name: 'PBKDF2', length: 256 },
false,
['deriveBits', 'deriveKey'],
);
const pbkdf2Params: Pbkdf2Params = {
@Hartimer
Hartimer / storage.ts
Created March 14, 2019 04:09
function generateSalt(saltLength: int): Uint8Array {
return window.crypto.getRandomValues(new Uint8Array(saltLength));
}
function generateInitVector(ivLength: int): Uint8Array {
return window.crypto.getRandomValues(new Uint8Array(ivLength));
}
@Hartimer
Hartimer / caeser.txt
Created March 14, 2019 03:55
Caeser Cypher
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW // Shift by 3
Plaintext: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
@Hartimer
Hartimer / background.ts
Last active February 25, 2019 00:31
import { generateKey } from './crypto.ts';
import { getDomainFromOrigin } from './utils';
import { generateAuthenticatorData, generateSignature } from './webauthn';
export const createCredentials(publicKeyCreationOptions: PublicKeyCredentialCreationOptions,
sender): Uint8Array {
// "origin" is a browser readonly global variable
const rpId = publicKeyCreationOptions.rpId || getDomainFromOrigin(origin);
const keyPair = generateKey(rpId);
@Hartimer
Hartimer / crypto.ts
Last active February 25, 2019 15:54
import * as CBOR from 'cbor';
export encodeKey(rpID: string, key: CryptoKey): Uint8Array {
const jwk = await window.crypto.subtle.exportKey('jwk', key);
// Official examples can be found at
// https://www.w3.org/TR/webauthn/#sctn-encoded-credPubKey-examples
const attData = new Map();
// 2 means EC2 key type. https://tools.ietf.org/html/rfc8152#section-13
attData.set(1, 2);
@Hartimer
Hartimer / crypto.ts
Last active February 25, 2019 00:08
export encodeKey(rpID: string, key: CryptoKey): Uint8Array {
const jwk = await window.crypto.subtle.exportKey('jwk', key);
// ...
}
@Hartimer
Hartimer / utils.ts
Last active February 25, 2019 00:36
// Copyright 2014 Google Inc. All rights reserved
//
// Use of this source code is governed by a BSD-style
// license that can be found at
// https://developers.google.com/open-source/licenses/bsd
/**
* Gets the scheme + origin from a web url.
* @param {string} url Input url
* @return {?string} Scheme and origin part if url parses
*/