Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add custom entry in step2.py #14

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

add custom entry in step2.py #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2be59bb
add custom entry in step2.py
gogo2464 Aug 24, 2024
22a4147
run custom payload
gogo2464 Aug 24, 2024
271d2e0
stucks since dozen of hours
gogo2464 Aug 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions step2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,24 @@ def no_structure(self):
random.choices(range(1, 256), k=self.key_size-2)
return self.encrypt_plaintext(plaintext)

types["no_structure_with_chosen_plaintext"] = 1

def no_structure_with_chosen_plaintext(self, chosen_plaintext):
"""
Create a plaintext that can't be mistaken for PKCS#1 v1.5 padding.
Has incorrect header and no separator between PS and M.

Makes sure to also not suggest a PKCS#1 v1.5 signature padding.

arguments:
- chosen_plaintext: a int array of bytes for both the start of the file and his content. Bytes must be of number between 0 and 255
"""

plaintext = chosen_plaintext + \
random.choices(range(1, 256), k=self.key_size-2)

return self.encrypt_plaintext(plaintext)

types["no_header_with_payload"] = 1

def no_header_with_payload(self, m_length):
Expand Down Expand Up @@ -336,12 +354,16 @@ def single_shot(out_dir, pub, args):

for arg in args:
ret = arg.split('=')

print(arg)
print(ret)
if len(ret) == 1:
name = ret[0]
params = []
elif len(ret) == 2:
name, params = ret
ret = params.split(' ')

params = [int(i, 16) if i[:2] == '0x' else int(i) for i in ret]
else:
print("ERROR: Incorrect formatting of option: {0}".format(arg))
Expand All @@ -353,6 +375,9 @@ def single_shot(out_dir, pub, args):
file=sys.stderr)
sys.exit(1)


print(name)
print(params)
ciphertext = getattr(generator, name)(*params)

file_name = "_".join([name] + [str(i) for i in params])
Expand Down
3 changes: 3 additions & 0 deletions step2.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,23 @@
PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \
-c rsa1024/cert.pem -o rsa1024_ciphertexts \
no_structure no_padding=48 signature_padding=8 \
no_structure_with_chosen_plaintext="0x01 0x02 0x03 0x4 0x5 0x6" \
valid_repeated_byte_payload="118 0xff" valid=48 header_only \
no_header_with_payload=48 zero_byte_in_padding="48 4" \
valid=0 valid=118

PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \
-c rsa2048/cert.pem -o rsa2048_ciphertexts \
no_structure no_padding=48 signature_padding=8 \
no_structure_with_chosen_plaintext="0x01" \
valid_repeated_byte_payload="246 0xff" valid=48 header_only \
no_header_with_payload=48 zero_byte_in_padding="48 4" \
valid=0 valid=192 valid=246

PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \
-c rsa4096/cert.pem -o rsa4096_ciphertexts \
no_structure no_padding=48 signature_padding=8 \
no_structure_with_chosen_plaintext="0x01" \
valid_repeated_byte_payload="502 0xff" valid=48 header_only \
no_header_with_payload=48 zero_byte_in_padding="48 4" \
valid=0 valid=192 valid=502