Monday 23 May 2016
0 comments

FeatherDuster- An Automated Modular Cryptanalysis Tool

FeatherDuster: An Automated Modular Cryptanalysis Tool

FeatherDuster- An Automated Modular Cryptanalysis Tool

FeatherDuster & Cryptanalib-


FeatherDuster is a tool that is designed by Daniel "unicorn furnace" Crowley of NCC Group for cracking the crypto that tries to make the process of determining as well as utilizing the weak cryptosystems that are as simple as possible.

Cryptanalib is the moving parts following the FeatherDuster as well as it can be used separately of FeatherDuster.

Well, this is a beta version of FeatherDuster, where things may be broken.

FeatherDuster Usage:


python featherduster.py [ciphertext file 1] ... [ciphertext file n] when introducing the samples by the positional arguments in which every file that will be consumed as well as treated as its own ciphertext despite the set-up of the files.

FeatherDuster has the capability to repeatedly identify as well as interpret the similar encodings that’s why it's okay if these files that consists the encrypted samples.

Appealing to the FeatherDuster lacking of positional arguments that will allow for optional methods of introducing the ciphertext. Even particularly it has the capability to insert a file with newline-separated samples where every line will be treated as a distinct sample, like so:

68657920636f6f6c
796f752072656164
74686520726561646d65

As well as it has the capability to identify a single ciphertext in FeatherDuster via the command-line input. Because of this input will conclude on a newline, it is suggested to utilize the some form of encoding in case of the sample that consists a newline.

Cryptanalib Usage:


Cryptanalib that can be used individually of FeatherDuster to make the Python-based crypto attack tools. Certification for the functions of cryptanalib that can be availabled via the Python help() function like so:

>>> import cryptanalib as ca
>>> dir(ca)    # output edited for a cleaner README file
[ ... 'analyze_ciphertext', 'batch_gcd', 'bb98_padding_oracle', 'break_alpha_shift', 'break_ascii_shift', 'break_columnar_transposition', 'break_generic_shift', 'break_many_time_pad', ... ]
>>> help(ca.bb98_padding_oracle)

Help on function bb98_padding_oracle in module cryptanalib:

bb98_padding_oracle(ciphertext, padding_oracle, exponent, modulus, verbose=False, debug=False)
    Bleichenbacher's RSA-PKCS1-v1_5 padding oracle from CRYPTO '98

    Given an RSA-PKCS1-v1.5 padding oracle and a ciphertext,
    decrypt the ciphertext.

    ciphertext - The ciphertext to decrypt
    padding_oracle - A function that communicates with the padding oracle.
       The function should take a single parameter as the ciphertext, and
       should return either True for good padding or False for bad padding.
    exponent - The public exponent of the keypair
    modulus - The modulus of the keypair
    verbose - (bool) Whether to show verbose output
    debug - (bool) Show very verbose output


Installation:

git clone https://github.com/nccgroup/featherduster.git
cd featherduster
python setup.py install
sudo apt-get install libgmp3-dev

Dependencies-

  • Python 2.x
  • GMPy (which itself depends on GMP)
  • PyCrypto


Installation Errors-

Missing GMP-

If you encounter a missing header error such as:

./src/gmpy.h:30:10: fatal error: 'gmp.h' file not found

OSX

Install gmp via brew brew install gmp then retry python setup.py install

Debian

Install gmp via apt-get sudo apt-get install libgmp3-dev

Missing GCC-

If you are having difficulty in the installing PyCrypto on an Ubuntu variant then you may not have GCC installed. It is possible to install PyCrypto through apt with apt-get install python-crypto.

The Cryptanalib Analysis Engine-

The analysis engine in Cryptanalib is used by FeatherDuster that can automatically distinguish the encodings as well as decode the samples. Whereas the engine supposes that all of the samples are created with the similar process (for instance, base64encode(aes_encrypt(datum))). However, it can manage the mixed samples to some degree. Recently, Cryptanalib can detect and decode the following encoding schemes:
\
  • Vanilla Base64
  • ASCII hex-encoding
  • Zlib compression
  • URL encoding
And the analysis engine of Cryptanalib can detect a number of properties in the analysis phase, too:
  • Low entropy ciphertext (Useful for detecting homebrew ciphers)
  • Block cipher usage vs Stream cipher usage
  • ECB mode
  • CBC mode with fixed IV
  • Hash algorithm (engine will note that length extension attacks may apply with Merkle-Daamgard based hash algos)
  • OpenSSL formatted ciphertext
  • Stream cipher key reuse
  • RSA keys with private components
  • Insufficiently large RSA moduli
  • RSA modulus reuse
  • Transposition-only cipher

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top