Class: Analyzers::EcbStringAppender

Inherits:
Object
  • Object
show all
Includes:
Utils::Reporting::Console
Defined in:
lib/crypto-toolbox/analyzers/ecb_string_appender.rb

Overview

Public: This analyzer attacks oracles that append any unknown string to its input messages and decrypts the appended string. In practice Email autoresponders sometimes append a data to a given input. Thus this analyzer can break any ecb encryption that works this way

it is also capable of detecting prefixes created by the oracle and pad them to correctly analyze the target message

Defined Under Namespace

Classes: DuplicateDecryptionDictionaryEntry

Constant Summary collapse

DUMMY = 
"A".freeze
PREFIX_PAD_DUMMY = 
"P".freeze
MAX_KNOWN_BLOCK_LENGTH =

512 Bit block length

64

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utils::Reporting::Console

#jot, #print_delimiter_line, #print_nice, #print_raw

Constructor Details

#initialize(oracle) ⇒ EcbStringAppender

Returns a new instance of EcbStringAppender.



23
24
25
26
27
 
# File 'lib/crypto-toolbox/analyzers/ecb_string_appender.rb', line 23

def initialize(oracle)
  @oracle    = oracle
  detect_block_size!
  raise "None-ECB oracle" unless ::Utils::EcbDetector.new.is_ecb?(@oracle.encipher(DUMMY * (block_size * 6)))
end

Instance Attribute Details

#oracleObject (readonly)

Returns the value of attribute oracle.



19
20
21
 
# File 'lib/crypto-toolbox/analyzers/ecb_string_appender.rb', line 19

def oracle
  @oracle
end

Instance Method Details

#analyzeObject 



30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/crypto-toolbox/analyzers/ecb_string_appender.rb', line 30

def analyze
  analyze_oracle!
  
  suffix_block_ids.with_object("") do |block_id, hits|
    each_block_position do |pos|
      # stop as soon as we have all the bytes that are appended ( without and ciphermode padding )
      break if hits.length >= real_suffix_length
      hits << attempt_match(hits, block_id, pos)
    end
  end
end