FeatherDuster: An Automated Modular Cryptanalysis Tool
FeatherDuster & Cryptanalib-
FeatherDuster is a tool that is designed by Daniel "unicorn furnace" Crowley of NCC Group for cracking the crypto that tries to make the process of determining as well as utilizing the weak cryptosystems that are as simple as possible. Cryptanalib is the moving parts following the FeatherDuster as well as it can be used separately of FeatherDuster.
Well, this is a beta version of FeatherDuster, where things may be broken.
python featherduster.py [ciphertext file 1] ... [ciphertext file n] when introducing the samples by the positional arguments in which every file that will be consumed as well as treated as its own ciphertext despite the set-up of the files. FeatherDuster has the capability to repeatedly identify as well as interpret the similar encodings that’s why it's okay if these files that consists the encrypted samples.
Appealing to the FeatherDuster lacking of positional arguments that will allow for optional methods of introducing the ciphertext. Even particularly it has the capability to insert a file with newline-separated samples where every line will be treated as a distinct sample, like so:
As well as it has the capability to identify a single ciphertext in FeatherDuster via the command-line input. Because of this input will conclude on a newline, it is suggested to utilize the some form of encoding in case of the sample that consists a newline.
Cryptanalib that can be used individually of FeatherDuster to make the Python-based crypto attack tools. Certification for the functions of cryptanalib that can be availabled via the Python help() function like so:
>>> import cryptanalib as ca
>>> dir(ca) # output edited for a cleaner README file
[ ... 'analyze_ciphertext', 'batch_gcd', 'bb98_padding_oracle', 'break_alpha_shift', 'break_ascii_shift', 'break_columnar_transposition', 'break_generic_shift', 'break_many_time_pad', ... ]
Help on function bb98_padding_oracle in module cryptanalib:
bb98_padding_oracle(ciphertext, padding_oracle, exponent, modulus, verbose=False, debug=False)
Bleichenbacher's RSA-PKCS1-v1_5 padding oracle from CRYPTO '98
Given an RSA-PKCS1-v1.5 padding oracle and a ciphertext,
decrypt the ciphertext.
ciphertext - The ciphertext to decrypt
padding_oracle - A function that communicates with the padding oracle.
The function should take a single parameter as the ciphertext, and
should return either True for good padding or False for bad padding.
exponent - The public exponent of the keypair
modulus - The modulus of the keypair
verbose - (bool) Whether to show verbose output
debug - (bool) Show very verbose output
git clone https://github.com/nccgroup/featherduster.git
python setup.py install
sudo apt-get install libgmp3-dev
GMPy (which itself depends on GMP)
If you encounter a missing header error such as:
./src/gmpy.h:30:10: fatal error: 'gmp.h' file not found
Install gmp via brew brew install gmp then retry python setup.py install
Install gmp via apt-get sudo apt-get install libgmp3-dev
If you are having difficulty in the installing PyCrypto on an Ubuntu variant then you may not have GCC installed. It is possible to install PyCrypto through apt with apt-get install python-crypto.
The Cryptanalib Analysis Engine-
The analysis engine in Cryptanalib is used by FeatherDuster that can automatically distinguish the encodings as well as decode the samples. Whereas the engine supposes that all of the samples are created with the similar process (for instance, base64encode(aes_encrypt(datum))). However, it can manage the mixed samples to some degree. Recently, Cryptanalib can detect and decode the following encoding schemes:
And the analysis engine of Cryptanalib can detect a number of properties in the analysis phase, too:
Low entropy ciphertext (Useful for detecting homebrew ciphers)
Block cipher usage vs Stream cipher usage
CBC mode with fixed IV
Hash algorithm (engine will note that length extension attacks may apply with Merkle-Daamgard based hash algos)
OpenSSL formatted ciphertext
Stream cipher key reuse
RSA keys with private components
Insufficiently large RSA moduli
RSA modulus reuse