Solutions for cryptoBreaker part 1

Author: paul-ion

trainingportal/qna.js

@@ -217,9 +217,9 @@ let analysisEnc = (mes) => {
   }
   let keyInfoB64 = util.btoa(JSON.stringify(keyInfo));
   let postData = `kmb64=${keyInfoB64}`;
-  let post = `POST / HTTP/1.1\n`;
-  post+=`Host: finance.biznis\n`;
-  post+=`Content-length: ${postData.length}\n\n`;
+  let post = `POST / HTTP/1.1\r\n`;
+  post+=`Host: finance.biznis\r\n`;
+  post+=`Content-length: ${postData.length}\r\n\r\n`;
   post+= postData;
 
   let mesKey = crypto.randomBytes(16);

trainingportal/static/lessons/cryptoBreaker/crypto_analysis.md

@@ -22,7 +22,7 @@ In this challenge you will have to leverage all the basic data transformation me
 
 You are given an intercepted cipher text for a client/server application. The intercepted message is an `indicator` which contains information about the golden key. It is being sent periodically to transmit a new the golden key which is then used to digitally sign transactions. The developers of the application have decided to implement a lightweigh message encryption algorithm because the application is used in financial transactions and has to have minimum latency.
 
-**NOTE: Writing your own encryption algorithm or using known weak ciphers to improve performance is a known fallacy. Cryptographic algorithms such as AES 256, at this point in time, have a very strong mathematic foundation and have evolved over multiple iterations to optimize performance and resilience to attacks.**
+**NOTE: Writing your own encryption algorithm or using known weak ciphers to improve performance is a known fallacy. Cryptographic algorithms such as AES, at this point in time, have a very strong mathematic foundation and have evolved over multiple iterations to optimize performance and resilience to attacks.**
 
 You know that the application uses HTTP for communication. Having this insight you must determine the key and extract a randomly generated golden key from the message. 
 
@@ -31,32 +31,13 @@ The golden key is wrapped in several layers of encoding so you will need to reco
 #### Challenge Tips
 
 - Go back and read some of the previous lessons. They contain information that will help with this challenge.
-- HTTP is a well known communication protocol, there are many common words. Keep trying until you reconstruct most of the key.
-- If you recover part of the encryption key, pad the missing bytes with 0x0. This way when the key repeats you can uncover more of the message.
+- HTTP is a well known communication protocol, there are many common words. Request lines for HTTP messages that send data often look like this: `POST / HTTP/1.1\r\n`
 - In one of the previous lessons you've decrypted a key using the plain text and the cipher. That should point you to what algorithm is being used.
-- Once you uncover more of the message, or you are able to infer the text, add the correct bytes to the key. Then copy the resulting longer key to a file and identify the repeating bytes.
-
-Example:
-
-     //You uncovered the following key bytes: `1 2 3 4`. Now the message looks like this
-     "PLAIJ#UB]S"
-     //Add a 0 to the key: `1 2 3 4 0`. Now the message looks like this
-     "PLAIK TEXQ"
-     //Now you can probably guess the message but let's assume for the sake of the example that you only know 'TEXT' which gives you the last byte in the sequence `5`. Write all the bytes together
-     `1 2 3 4 0 1 2 3 4 5`
-     //Now identify the repeating bytes
-     `1 2 3 4 0`
-     `1 2 3 4 5`
-     //Replace `0` with `5` and apply the new key below to the cipher.
-     `1 2 3 4 5 1 2 3 4 5`
-     //Now you are able to decrypt the message
-     "PLAIN TEXT"
-     //Note that you don't need to repeat the byte sequence. You can simply use `1 2 3 4 5` as the key.
-    
-In our example we used a 5 byte key, however key sizes are usually multiples of 2: 16 bytes, 32 bytes, 64 bytes. Start with 16 and go to higher lengths if needed.
 
+**NOTE: If you decide to use the Solution, open the Solution as a new tab or Window so you don't reset the cipher.**
 
 #### References
 
 - [Wikipedia: Cryptanalysis](https://en.wikipedia.org/wiki/Cryptanalysis)
-- [Wikipedia: Cryptanalysis of the Enigma](https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma)
+- [Wikipedia: Cryptanalysis of the Enigma](https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma)
+

trainingportal/static/lessons/cryptoBreaker/crypto_analysis.sol.md

@@ -0,0 +1,118 @@
+### Solution for "Cryptanalysis" challenge
+
+This challenge puts together all types of text transformation techniques encountered so far.
+
+You will leverage the fact that you are able to guess the starting line in the message. 
+
+The HTTP protocol defines messages that follow the format below:
+
+      {HTTP METHOD} {PATH} {PROTOCOL}\r\n
+      {HEADER 1}:{VALUE 1}\r\n
+      ...
+      {HEADER N}:{VALUE N}\r\n
+      \r\n
+      {OPTIONAL BODY}
+      \r\n
+
+
+{HTTP METHOD} can be any of the following: GET, POST, HEAD, OPTIONS, PUT, DELETE, but most commonly GET and POST are used.
+
+POST in particular is used to transmit data in the request body.
+
+A typical request will look like this:
+      
+      POST /{path} HTTP/{version}
+
+
+Path can be anything
+Version can be 1.0, 1.1, 2 or more. However versions 2 and above are binary protocols so they are a bit more complicated for cryptanalysis.
+
+HTTP/1.1 was the protocol of choice for a very long time so it's a good guess.
+
+You could start with POST / and build up from it, but for the purpose of this challenge let's assume we can guess the entire request line from the start:
+
+      POST / HTTP/1.1
+
+Now you can remember the XOR challenge and the property of XOR below:
+
+    A ^ B = C
+    B ^ C = A
+    A ^ C = B
+
+
+##### Step 1 - Recover the key
+
+Use a online tool to get the ASCII code for `POST / HTTP/1.1` **in hexadecimal**.
+
+
+You will get something like this:
+      
+      50 4F 53 54 20 2F 20 48 54 54 50 2F 31 2E 31
+
+This is only 15 bytes. Add `0D` (CR) to make it 16 bytes, which is a multiple of 2 and likely the length of the key.
+
+      50 4F 53 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D
+
+Now **XOR** the assumed plain text with the cipher **as a hexadecimal key** and copy down the resulting first 16 bytes.
+
+      41 35 BA 75 45 C3 A0 80 53 0E 5F 54 0A 05 13 CD
+
+
+##### Step 2 - Recover the HTTP message
+
+
+Now **XOR** the recovered key bytes with the cipher. Display the result as printable characters:
+
+You will get something like the below.
+
+       POST / HTTP/1.1
+       Host: finance.biznis
+       Content-length: 326
+       
+       kmb64=eyJrZXlNYXRlcmlhbFNoaWZ0ZWQiOiJHV01FWUZHIENTRFBBIFVNT0VJRCBFR1JJViBHR0NHTFcgUUNDSiBRQUNQWiBYQUNIRlYgWFRQVlZBIFdXU0lEWiIsImdvbGRlbktleVNoaWZ0SGFzaCI6ImE1MTZmZjc0ZTIyMmMzYmJkM2FiOTI0ZTk2ZmVmZTBjIiwiZ29sZGVuS2V5U2FsdEhhc2giOiJhOGQzMTM5ZTAwNzUyZjg4NzZlNDdiMmZiZGNlMDc0ZCIsImhhc2hpbmdGdW5jdGlvbiI6IlNIQTI1NiIsIml0ZXIiOjEwMDB9
+
+
+##### Step 3 - Decode the kmb64 parameter
+
+Decode the kmb64 parameter using an online base64 decoder.
+
+Now we can see a JSON message similar to the example below:
+
+       {
+            "keyMaterialShifted":"GWMEYFG CSDPA UMOEID EGRIV GGCGLW QCCJ QACPZ XACHFV XTPVVA WWSIDZ",
+            "goldenKeyShiftHash":"a516ff74e222c3bbd3ab924e96fefe0c",
+            "goldenKeySaltHash":"a8d3139e00752f8876e47b2fbdce074d",
+            "hashingFunction":"SHA256",
+            "iter":1000
+       }
+
+##### Step 4 - Look-up the hashes
+
+Using your online rainbow table of choice identify the Shift and the Salt hashes.
+
+For the given example:
+
+       a516ff74e222c3bbd3ab924e96fefe0c - LOREM
+       a8d3139e00752f8876e47b2fbdce074d - VIVAMUS
+
+##### Step 5 - Unscramble the key material using Vigenère
+
+Using an online tool unscramble the text using the value associated with `goldenKeyShiftHash` as a key:
+
+       GWMEYFG CSDPA UMOEID EGRIV GGCGLW QCCJ QACPZ XACHFV XTPVVA WWSIDZ
+       VIVAMUS LOREM DICTUM AUGUE CURSUS EROS MORBI TORTOR LIBERO LIBERO
+
+
+##### Step 6 - Generate the PBKDF2
+
+Using an online tool generate a PBKDF2 key using the parameters associated with the JSON. 
+
+For our example:
+
+       Password:   VIVAMUS LOREM DICTUM AUGUE CURSUS EROS MORBI TORTOR LIBERO LIBERO
+       Algortithm: SHA256
+       Salt:       VIVAMUS
+       Iterations: 1000
+
+The solution is the resulting hex value.
+

trainingportal/static/lessons/cryptoBreaker/crypto_ascii.sol.md

@@ -0,0 +1,3 @@
+### Solution for "ASCII" challenge
+
+Use an online ASCII decoder tool to convert the ASCII codes into characters.

trainingportal/static/lessons/cryptoBreaker/crypto_base64.sol.md

@@ -0,0 +1,3 @@
+### Solution for "Base64" challenge
+
+Use an online Base64 decoder tool to convert the base64 encoding into characters.

trainingportal/static/lessons/cryptoBreaker/crypto_caesar.md

@@ -14,11 +14,14 @@ Here are a few recommendations:
 
 You may also use your programming/scripting language of choice.
 
+**NOTE: If you decide to view the Solution, open the Solution as a new tab or Window so you don't reset the cipher.**
+
 `Important Note: You're allowed to conduct offline brute force attacks, however trying answer combinations in an automatic fashion using the portal is strictly forbidden.` 
 
 We begin with one of the oldest methods used to hide a message, known to be used by Julius Caesar.
 
 #### Algorithm
+
 Shift letters by a number of positions. The number of positions is the key. 
 
 ##### Example

trainingportal/static/lessons/cryptoBreaker/crypto_caesar.sol.md

@@ -0,0 +1,9 @@
+### Solution for "Caesar" challenge
+
+Use an online tool to unscramble the text.
+
+If you need a challenge you could also try shifting the letters like in the example below, until they make sense. The words are from the well known Lorem Ipsum text used in printing and typsetting.
+      
+       NQTGO 
+    <- MPSFN 
+    <- LOREM 

trainingportal/static/lessons/cryptoBreaker/crypto_hash.md

@@ -28,7 +28,7 @@ Most algorithms leverage the characteristics of the data to arrive at a unique v
 
 ##### Weaknesses
 
-Digests can be pre-calculated making them as easy to reverse as an ASCII code. Indeed websites like `crackstation.net` or `hashes.com` contain large databases of pre-calculated digests also known as rainbow tables. The best way to prevent reversing hashed words is to concatenate a random string to the text. This is known as adding a salt. Another mitigation involves hashing the message several times (adding iterations). This increases the amount of computations necessary to calculate the hash.
+Digests can be pre-calculated making them as easy to reverse as an ASCII code. Indeed websites like `dCode.fr`, `crackstation.net` or `hashes.com` contain large databases of pre-calculated digests also known as rainbow tables. The best way to prevent reversing hashed words is to concatenate a random string to the text. This is known as adding a salt. Another mitigation involves hashing the message several times (adding iterations). This increases the amount of computations necessary to calculate the hash.
 
 Hashing algorithms are also vulnerable to collision attacks. Such attacks involve altering the input to arrive at the same digest. This is particularly dangerous when using hashing functions to ensure the integrity of executable files. Both MD5 and SHA1 algorithms are vulnerable to collision attacks.
 

trainingportal/static/lessons/cryptoBreaker/crypto_hash.sol.md

@@ -0,0 +1,8 @@
+### Solution for "One Way Hash" challenge
+
+Use an online rainbow table tool to identify the words corresponding to each hash. 
+
+It's a good idea to write down the hashes and then reconstruct the text in order as some of the tools remove hashes or change the order when using bulk look-ups.
+
+        a516ff74e222c3bbd3ab924e96fefe0c -> LOREM
+        e17acb30902a2d91764780ec14400766 -> IPSUM

trainingportal/static/lessons/cryptoBreaker/crypto_pbk.sol.md

@@ -0,0 +1,5 @@
+### Solution for "Password Based Key" challenge
+
+Use an online tool to generate a PBKDF key with the provided parameters.
+
+Once you have the key, copy the hexadecimal value and use an online tool to decrypt the XOR cipher.