kodamap/aes_cfb8.ipynb

## aes_cfb8.ipynb
{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# Zerologon (CVE-2020-1472) PoC code\n",
    "Implementation AES-CFB8 using PyCryptodome"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "metadata": {},
   "outputs": [],
   "source": [
    "# This code is based on\n",
    "# https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/\n",
    "# https://github.com/kurenaif/aes_cfb8\n",
    "\n",
    "import os\n",
    "from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes\n",
    "from Crypto.Random import get_random_bytes\n",
    "from cryptography.hazmat.backends import default_backend\n",
    "\n",
    "def encrypt(key, iv, plaintext):\n",
    "    #iv = b\"\\x00\" * 16\n",
    "    # Set random IV\n",
    "    ##iv = os.urandom(16)\n",
    "    encryptor = Cipher(algorithms.AES(key), modes.CFB8(iv), default_backend()).encryptor()\n",
    "    ciphertext = encryptor.update(plaintext) + encryptor.finalize()\n",
    "    return ciphertext\n",
    "\n",
    "def decrypt(key, iv, ciphertext):\n",
    "    decryptor = Cipher(algorithms.AES(key), modes.CFB8(iv), default_backend()).decryptor()\n",
    "    return decryptor.update(ciphertext) + decryptor.finalize()\n",
    "\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n",
      "b'U}\\x1dE\\x03\\x91\\x8c\\x8e\\xaf\\xfa\\xdc\\xb7c\\xcfP'\n",
      "b'secret message!'\n"
     ]
    }
   ],
   "source": [
    "# Test\n",
    "##key = os.urandom(32)\n",
    "key = get_random_bytes(32)\n",
    "iv = b\"\\x00\" * 16\n",
    "##iv = os.urandom(16)\n",
    "message = b'secret message!'\n",
    "##iv, ciphertext = encrypt(key, message)\n",
    "ciphertext = encrypt(key, iv, message)\n",
    "decyrypted = decrypt(key, iv, ciphertext)\n",
    "\n",
    "print(iv)\n",
    "print(ciphertext)\n",
    "print(decyrypted)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "score: 396\n",
      "probability(score/MAX_ATTEMPTS): 0.00396 (1/256 = 0.00390625)\n"
     ]
    }
   ],
   "source": [
    "# Zerologon (CVE-2020-1472) \n",
    "MAX_ATTEMPTS = 100000\n",
    "cnt = 0\n",
    "iv = b\"\\x00\" * 16\n",
    "##iv = os.urandom(16)\n",
    "##iv = get_random_bytes(16)\n",
    "message = b\"\\x00\" * 8\n",
    "for i in range(MAX_ATTEMPTS):\n",
    "    # Only 128, 192, and 256 bit keys are allowed for this AES mode\n",
    "    ##key = os.urandom(32)\n",
    "    key = get_random_bytes(32)\n",
    "    ciphertext = encrypt(key, iv, message)\n",
    "    if ciphertext == message:\n",
    "        cnt += 1\n",
    "        #print(f\"ciphertext: {ciphertext} decrypted:{decrypt(key, iv, ciphertext)}\")\n",
    "        #print(f\"ciphertext: {ciphertext} decrypted:{decrypt(key, iv, ciphertext)}\")\n",
    "\n",
    "print(f\"score: {cnt}\")\n",
    "print(f\"probability(score/MAX_ATTEMPTS): {cnt/MAX_ATTEMPTS} (1/256 = {1/256})\")\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": []
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.8.5"
  },
  "toc-autonumbering": true
 },
 "nbformat": 4,
 "nbformat_minor": 4
}
	{
	"cells": [
	{
	"cell_type": "markdown",
	"metadata": {},
	"source": [
	"# Zerologon (CVE-2020-1472) PoC code\n",
	"Implementation AES-CFB8 using PyCryptodome"
	]
	},
	{
	"cell_type": "code",
	"execution_count": 1,
	"metadata": {},
	"outputs": [],
	"source": [
	"# This code is based on\n",
	"# https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/\n",
	"# https://github.com/kurenaif/aes_cfb8\n",
	"\n",
	"import os\n",
	"from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes\n",
	"from Crypto.Random import get_random_bytes\n",
	"from cryptography.hazmat.backends import default_backend\n",
	"\n",
	"def encrypt(key, iv, plaintext):\n",
	" #iv = b\"\\x00\" * 16\n",
	" # Set random IV\n",
	" ##iv = os.urandom(16)\n",
	" encryptor = Cipher(algorithms.AES(key), modes.CFB8(iv), default_backend()).encryptor()\n",
	" ciphertext = encryptor.update(plaintext) + encryptor.finalize()\n",
	" return ciphertext\n",
	"\n",
	"def decrypt(key, iv, ciphertext):\n",
	" decryptor = Cipher(algorithms.AES(key), modes.CFB8(iv), default_backend()).decryptor()\n",
	" return decryptor.update(ciphertext) + decryptor.finalize()\n",
	"\n"
	]
	},
	{
	"cell_type": "code",
	"execution_count": 2,
	"metadata": {},
	"outputs": [
	{
	"name": "stdout",
	"output_type": "stream",
	"text": [
	"b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n",
	"b'U}\\x1dE\\x03\\x91\\x8c\\x8e\\xaf\\xfa\\xdc\\xb7c\\xcfP'\n",
	"b'secret message!'\n"
	]
	}
	],
	"source": [
	"# Test\n",
	"##key = os.urandom(32)\n",
	"key = get_random_bytes(32)\n",
	"iv = b\"\\x00\" * 16\n",
	"##iv = os.urandom(16)\n",
	"message = b'secret message!'\n",
	"##iv, ciphertext = encrypt(key, message)\n",
	"ciphertext = encrypt(key, iv, message)\n",
	"decyrypted = decrypt(key, iv, ciphertext)\n",
	"\n",
	"print(iv)\n",
	"print(ciphertext)\n",
	"print(decyrypted)"
	]
	},
	{
	"cell_type": "code",
	"execution_count": 3,
	"metadata": {},
	"outputs": [
	{
	"name": "stdout",
	"output_type": "stream",
	"text": [
	"score: 396\n",
	"probability(score/MAX_ATTEMPTS): 0.00396 (1/256 = 0.00390625)\n"
	]
	}
	],
	"source": [
	"# Zerologon (CVE-2020-1472) \n",
	"MAX_ATTEMPTS = 100000\n",
	"cnt = 0\n",
	"iv = b\"\\x00\" * 16\n",
	"##iv = os.urandom(16)\n",
	"##iv = get_random_bytes(16)\n",
	"message = b\"\\x00\" * 8\n",
	"for i in range(MAX_ATTEMPTS):\n",
	" # Only 128, 192, and 256 bit keys are allowed for this AES mode\n",
	" ##key = os.urandom(32)\n",
	" key = get_random_bytes(32)\n",
	" ciphertext = encrypt(key, iv, message)\n",
	" if ciphertext == message:\n",
	" cnt += 1\n",
	" #print(f\"ciphertext: {ciphertext} decrypted:{decrypt(key, iv, ciphertext)}\")\n",
	" #print(f\"ciphertext: {ciphertext} decrypted:{decrypt(key, iv, ciphertext)}\")\n",
	"\n",
	"print(f\"score: {cnt}\")\n",
	"print(f\"probability(score/MAX_ATTEMPTS): {cnt/MAX_ATTEMPTS} (1/256 = {1/256})\")\n"
	]
	},
	{
	"cell_type": "code",
	"execution_count": null,
	"metadata": {},
	"outputs": [],
	"source": []
	}
	],
	"metadata": {
	"kernelspec": {
	"display_name": "Python 3",
	"language": "python",
	"name": "python3"
	},
	"language_info": {
	"codemirror_mode": {
	"name": "ipython",
	"version": 3
	},
	"file_extension": ".py",
	"mimetype": "text/x-python",
	"name": "python",
	"nbconvert_exporter": "python",
	"pygments_lexer": "ipython3",
	"version": "3.8.5"
	},
	"toc-autonumbering": true
	},
	"nbformat": 4,
	"nbformat_minor": 4
	}