aliencaocao/timing side channel attack.py

## timing side channel attack.py
import time
import subprocess

possible_chars = ['1', '2', '3', '4', '5', '6', '7', '8', '9', '0']  # possible characters in the password
length_of_password = 8
max_or_min = max  # choose if guessing the 'correct' answer result in longest (use max) or shortest (use min) execution time
path_to_executable = 'path to password checking executable'
error_msg = 'Last row of output you get for entering a wrong password'  # the last row of output you get for a wrong password


for i in range(length_of_password):
    print(f'Determining {i+1}th character of password...')
    if i == 0:  # first run
        candidates_results = {c*length_of_password: None for c in possible_chars}
    for candidate in candidates_results.keys():
        print('Trying: ' + candidate)
        start_time = time.time()
        p = subprocess.Popen([path_to_executable], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
        out, err = p.communicate(input=candidate.encode())
        time_taken = time.time() - start_time
        if list(filter(None, out.decode().split('\n')))[-1] != error_msg:  # terminate program once gotten correct answer
            print()
            print('Password is:', candidate)
            print()
            print('Final output:')
            print(out.decode())
            exit(0)
        candidates_results[candidate] = time_taken
    optimal_candidate = max_or_min(candidates_results, key=candidates_results.get)[:i+1]
    print('Optimal candidate: ' + optimal_candidate)
    print()
    print('Advancing to next character...')
    candidates_results = {optimal_candidate + c * (length_of_password-len(optimal_candidate)): None for c in possible_chars}
	import time
	import subprocess

	possible_chars = ['1', '2', '3', '4', '5', '6', '7', '8', '9', '0'] # possible characters in the password
	length_of_password = 8
	max_or_min = max # choose if guessing the 'correct' answer result in longest (use max) or shortest (use min) execution time
	path_to_executable = 'path to password checking executable'
	error_msg = 'Last row of output you get for entering a wrong password' # the last row of output you get for a wrong password


	for i in range(length_of_password):
	print(f'Determining {i+1}th character of password...')
	if i == 0: # first run
	candidates_results = {c*length_of_password: None for c in possible_chars}
	for candidate in candidates_results.keys():
	print('Trying: ' + candidate)
	start_time = time.time()
	p = subprocess.Popen([path_to_executable], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
	out, err = p.communicate(input=candidate.encode())
	time_taken = time.time() - start_time
	if list(filter(None, out.decode().split('\n')))[-1] != error_msg: # terminate program once gotten correct answer
	print()
	print('Password is:', candidate)
	print()
	print('Final output:')
	print(out.decode())
	exit(0)
	candidates_results[candidate] = time_taken
	optimal_candidate = max_or_min(candidates_results, key=candidates_results.get)[:i+1]
	print('Optimal candidate: ' + optimal_candidate)
	print()
	print('Advancing to next character...')
	candidates_results = {optimal_candidate + c * (length_of_password-len(optimal_candidate)): None for c in possible_chars}