Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add basics and the beggining of the attack #53

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

add basics and the beggining of the attack #53

wants to merge 15 commits into from

Conversation

0xnibbles
Copy link
Collaborator

Before Creating a Pull Request

  • Before creating a pull request make sure you read our CODE_OF_CONDUCT, available in the root dir of the repo.
  • Make sure you are creating a pull request for an existing and approved issue

How to

  • Link the relevant issues for this pull request.
  • Explain the changes introduced by the pull request

@0xnibbles
Copy link
Collaborator Author

Check if the basics are okay before going in-depth to explain the attack

s1nj0r0
s1nj0r0 requested changes May 19, 2020
View reviewed changes
Copy link
Collaborator

@s1nj0r0 s1nj0r0 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go after luis review is added.
The basics are good :)

luisfontes19
luisfontes19 requested changes May 24, 2020
View reviewed changes
Copy link
Member

@luisfontes19 luisfontes19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you agree with the image part, and if you want I can help with that part

backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
luisfontes19
luisfontes19 requested changes May 24, 2020
View reviewed changes
backend/src/documentation/padding-oracle.md

Look for the example below, where the ciphertext is divided through the different blocks.

![Ciphertext Block Division](img/cipher_padding_oracle.png "Ciphertext Block Division")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, since you are encrypting content in hex in the example, remember that every 2 chars represent a byte, which means that each block you representad, has only 4bytes instead of 8.

Also, if you want to use AES schema as an example, AES smaller block size is 16bytes

@luisfontes19 luisfontes19 linked an issue May 25, 2020 that may be closed by this pull request
Documentation for Padding oracle #10
Open
luisfontes19
luisfontes19 requested changes Jul 28, 2020
View reviewed changes
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md

At this time, the last byte of C3 is known; to find the rest of it, we can work backward through the entire block until every byte of X function is cracked, thus letting us decrypt the C3 plaintext one byte at a time. For the other blocks, it is just applying the same method to crack the full message.

## Put the attack in practice
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you skipped a step here.
First you decrypt the ciphertext to know what's the content, and see if you can manipulate.

Also make sure to explain what is the payload received/manipulated, and how you found it in the app

backend/src/documentation/padding-oracle.md Outdated Show resolved Hide resolved
backend/src/documentation/padding-oracle.md Show resolved Hide resolved
backend/src/documentation/padding-oracle.md

* In the context of an application, it depends on how the user implementation of CBC mode because, if an attacker can modify the ciphertext or can trigger an error, there are high chances he can break the encrypted message.

* [Encrypt and MAC your data](https://security.stackexchange.com/questions/38942/how-to-protect-against-padding-oracle-attacks).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets try to use more 'trustworthy' sources like owasp...
Also, you can add other encryption schemas like GCM that handle the MAC behind scenes.
Finally may also be worth it to explain that before decrypting mac should be validated

@luisfontes19
Copy link
Member

@s4nkx0k also, sorry about this one... I changed again the docs structure (#63 )
So now all docs are in the root of the project (/docs) and challenge specific docs in /docs/app

0xnibbles and others added 6 commits July 29, 2020 11:26
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
0981312 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
56bd272 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
b379fbc 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
c688463 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
aacaae3 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@0xnibbles @luisfontes19
Update backend/src/documentation/padding-oracle.md
c5a6185 
Co-authored-by: Luis Fontes <luisfontes19@users.noreply.github.com>
@sonarcloud
Copy link

sonarcloud bot commented Apr 12, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luisfontes19 luisfontes19 luisfontes19 requested changes

@s1nj0r0 s1nj0r0 s1nj0r0 requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Documentation for Padding oracle
3 participants
@0xnibbles @luisfontes19 @s1nj0r0