-
Notifications
You must be signed in to change notification settings - Fork 119
/
Copy pathdeadpool_dfa_experimental.py
91 lines (87 loc) · 3.38 KB
/
deadpool_dfa_experimental.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import deadpool_dfa
import phoenixAES
def AesGetAllRoundKeys(targetbin, targetdata, goldendata,
iblock=0x74657374746573747465737474657374,
processinput=deadpool_dfa.processinput,
processoutput=deadpool_dfa.processoutput,
verbose=1,
maxleaf=256*256,
minleaf=64,
minleafnail=8,
addresses=None,
start_from_left=True,
depth_first_traversal=False,
faults=4,
minfaultspercol=4,
timeoutfactor=2,
savetraces_format='default',
logfile=None,
tolerate_error=False,
lastroundkeys=[],
encrypt=None,
outputbeforelastrounds=False,
shell=False,
debug=False):
engine=deadpool_dfa.Acquisition(
targetbin, targetdata, goldendata, phoenixAES,
iblock, processinput, processoutput,
verbose, maxleaf, minleaf, minleafnail,
addresses, start_from_left, depth_first_traversal,
faults, minfaultspercol, timeoutfactor,
savetraces_format, logfile,
tolerate_error, encrypt,
outputbeforelastrounds, shell, debug)
foundkey=True
while foundkey:
foundkey=False
tracefiles_sets=engine.run(lastroundkeys, encrypt)
if encrypt is not None:
tracefiles = tracefiles_sets[not encrypt]
else:
assert len(tracefiles_sets[0])>0 or len(tracefiles_sets[1])>0
if len(tracefiles_sets[0])>0:
encrypt=True
tracefiles=tracefiles_sets[0]
elif len(tracefiles_sets[1])>0:
encrypt=False
tracefiles=tracefiles_sets[1]
else:
tracefiles=[]
for tracefile in tracefiles:
k=phoenixAES.crack_file(tracefile, lastroundkeys, encrypt, outputbeforelastrounds and len(lastroundkeys)>0, verbose)
if k:
foundkey=True
lastroundkeys.append(bytes.fromhex(k))
open('lastroundkeys.log', 'w').write('\n'.join([l.hex() for l in lastroundkeys]))
break
# Fuzzing directly the input:
# This was only tested on encryption!
foundkey=False
tracefiles_sets=engine.runoninput(lastroundkeys)
if encrypt is not None:
tracefiles = tracefiles_sets[not encrypt]
else:
assert len(tracefiles_sets[0])>0 or len(tracefiles_sets[1])>0
if len(tracefiles_sets[0])>0:
encrypt=True
tracefiles=tracefiles_sets[0]
elif len(tracefiles_sets[1])>0:
encrypt=False
tracefiles=tracefiles_sets[1]
else:
tracefiles=[]
for tracefile in tracefiles:
k=phoenixAES.crack_file(tracefile, lastroundkeys, encrypt, outputbeforelastrounds and len(lastroundkeys)>0, verbose)
if k:
foundkey=True
lastroundkeys.append(bytes.fromhex(k))
open('lastroundkeys.log', 'w').write('\n'.join([l.hex() for l in lastroundkeys]))
break
if foundkey:
p=0 # null plaintext
cint,_,_=engine.doit(engine.goldendata, processinput(p, 16), lastroundkeys=[])
kr0=phoenixAES.rewind(phoenixAES.int2bytes(cint), lastroundkeys, encrypt=encrypt, mimiclastround=False)
# Be cautious, round key could be wrong if there is some external encoding...
print("First round key found?:\n%s" % kr0.hex())
lastroundkeys.append(kr0)
return lastroundkeys