pico2024 rsa oracle

Martin Carlisle
22 Jun 202405:13

Summary

TLDRThe script describes an RSA encryption attack where an attacker intercepts communication between a bank and a fintech company, obtaining an encrypted message and its password. They discover an oracle that can decrypt any message except the password itself. Using a chosen plaintext attack, they exploit RSA's properties by encrypting a known value, multiplying it by the encrypted message, and then using the oracle to decrypt the result. This allows them to retrieve the original message by dividing by the known value. The script also highlights the importance of padding and random bits in secure RSA implementations.

Takeaways

  • 🔐 The attacker intercepted communications between a bank and a fintech company, obtaining a message and its encryption password.
  • 🕵️‍♂️ The attacker discovered an RSA oracle used by the bank for encryption, which can be exploited.
  • 💻 The attacker used a netcat command to interact with the oracle and attempted to decrypt the password.
  • 🚫 The oracle could not decrypt the password but could decrypt other messages, indicating a chosen plaintext attack scenario.
  • 🔑 RSA encryption involves raising a message to the power of 'E' modulo 'n', a mathematical operation used in the attack.
  • 🤖 The attacker crafted a custom message to exploit the RSA algorithm's properties, multiplying '2' raised to 'E' mod 'n' by the encrypted message.
  • 🔄 The attacker used the oracle to decrypt the crafted message and then divided the result by '2' to retrieve the original message.
  • 💡 A Python script was used to automate the interaction with the oracle, handling the encryption and decryption processes.
  • 🔒 The final step involved using OpenSSL to decrypt the message with the obtained key, revealing the flag.
  • 📚 The importance of implementing chosen plaintext security in cryptographic systems was highlighted to prevent such attacks.

Q & A

  • What is an RSA Oracle and how can it be abused?

    -An RSA Oracle is a service that can decrypt messages encrypted with RSA, but it has a limitation that it cannot decrypt the password itself. It can be abused by an attacker who intercepts a message and its password, then uses the oracle to decrypt the message by exploiting the properties of RSA encryption.

  • What is a chosen plaintext attack?

    -A chosen plaintext attack is a type of cryptographic attack where the attacker can choose arbitrary plaintexts and obtain their corresponding ciphertexts. This can help the attacker gain information about the encryption scheme and potentially find weaknesses to exploit.

  • Why is it important to include random bits and padding in RSA encryption?

    -Including random bits and padding in RSA encryption is crucial for security. It prevents attacks like the one described in the script by ensuring that the same plaintext does not always encrypt to the same ciphertext, which would otherwise allow an attacker to deduce patterns and potentially decrypt messages.

  • What is the significance of the 'netcat' tool mentioned in the script?

    -Netcat is a utility used for reading from and writing to network connections using TCP or UDP. In the context of the script, it is used to interact with the RSA Oracle to encrypt and decrypt messages.

  • What does 'Titan Pico cf. net5 6192' refer to in the script?

    -This appears to be a reference to a specific network address and port number ('Titan Pico' could be a hostname or an alias, 'cf' might be a typo or part of the address, and 'net5 6192' is likely the port number) where the RSA Oracle service is running and can be accessed via netcat.

  • How does the script describe the process of decrypting the intercepted message?

    -The script describes a process where the attacker uses the RSA Oracle to decrypt the message by first encrypting the number '2' using the same public key, then multiplying the result by the intercepted ciphertext (which is the message encrypted with the same key). The oracle decrypts this combined value, and the attacker divides the result by two to obtain the original message.

  • What is the role of the Python program in the script?

    -The Python program is used to automate the process of interacting with the RSA Oracle. It connects to the Oracle, sends the necessary commands to encrypt and decrypt messages, and performs the mathematical operations required to exploit the RSA encryption.

  • What does the script mean by '2m to the EOD n'?

    -This is a shorthand way of describing the mathematical operation where the number '2' is raised to the power of 'E' modulo 'n', then multiplied by the message 'm' raised to the power of 'E' modulo 'n'. This operation is part of the attack to exploit the RSA Oracle.

  • Why is OpenSSL used at the end of the script?

    -OpenSSL is used to decrypt the final message using the decrypted key obtained from the RSA Oracle. The script specifies using OpenSSL with a 256-bit Cipher Block Chaining (CBC) mode to decrypt the message with the key 'da99'.

  • What is the significance of the flag mentioned in the script?

    -In the context of cybersecurity, a 'flag' often refers to a piece of data that serves as a proof of successful exploitation or completion of a challenge. In this script, the flag is the final piece of information that the attacker retrieves after decrypting the message.

Outlines

00:00

🔐 RSA Encryption and Decryption Process

The script describes an RSA encryption scenario where an attacker intercepts communications between a bank and a fintech company, obtaining an encrypted message and the password used for encryption. The attacker discovers an oracle that can encrypt messages but not decrypt the password. This leads to a chosen plaintext attack where the attacker uses the oracle's encryption capability to decrypt the intercepted message. The script explains the use of netcat to communicate with a server that can encrypt messages. It also touches on the importance of padding and random bits in RSA encryption for a secure cryptosystem. The attacker then demonstrates how to exploit RSA properties by encrypting a known value, multiplying it by the encrypted message, and using the oracle to decrypt the result, which is then divided by the known value to obtain the original message. The process involves using Python and connecting to a server to perform these operations.

05:01

🚩 Decrypting to Reveal the Flag

The second paragraph briefly mentions the process of decrypting the intercepted message using OpenSSL with a 256-bit CBC cipher block chaining mode. The key used for decryption is derived from the previous decryption process. The result of this decryption is the flag, which is presumably the objective of the attacker's efforts. This paragraph serves as a conclusion to the script, indicating the successful extraction of the flag after the decryption process.

Mindmap

Keywords

💡RSA Oracle

RSA Oracle refers to a service or function that can decrypt messages encrypted with RSA encryption, except for the password itself. In the context of the video, the attacker discovers this oracle and plans to exploit it to decrypt a message intercepted from a bank and a fintech company. The RSA Oracle is a crucial element in the attack scenario described, as it allows the attacker to bypass the need to know the password.

💡Chosen Plaintext Attack

A chosen plaintext attack is a type of cryptographic attack where the attacker can obtain the ciphertext for chosen plaintexts. In the script, the attacker uses this attack to send a custom message to the server encrypted with RSA, leveraging the RSA Oracle to decrypt it. This attack is significant in the video's narrative as it demonstrates a vulnerability in the system that the attacker aims to exploit.

💡Netcat

Netcat, often abbreviated as 'nc', is a utility used for reading from and writing to network connections using TCP or UDP. In the video, netcat is used to interact with the RSA Oracle service to encrypt and decrypt messages. It's a tool that facilitates the communication between the attacker and the target system, showcasing its utility in network-based attacks.

💡Padding

Padding is an important part of many encryption schemes, including RSA, where it is used to randomize the input to the encryption function to prevent certain types of attacks. The script mentions that a real implementation of RSA should include padding to ensure security. Padding is highlighted as a necessary security measure that was not implemented properly, leading to the vulnerability exploited in the attack.

💡Modular Exponentiation

Modular exponentiation is a mathematical operation used in cryptography, particularly in RSA encryption and decryption. In the script, it is mentioned in the context of the formula used to encrypt messages (m^e mod n). The concept is central to understanding how RSA works and how the attacker manipulates the encrypted data to decrypt the intercepted message.

💡Hexadecimal

Hexadecimal is a base-16 number system used in computing to represent binary data in a more human-readable form. In the video, the attacker receives a hexadecimal string from the RSA Oracle and converts it to a number to perform further calculations. Hexadecimal is a common format for representing encrypted data and is integral to the decryption process described.

💡ASN.1

ASN.1 (Abstract Syntax Notation One) is a standard and notation that is used for describing data structures for representing, encoding, transmitting, and decoding data. The script mentions 'asky' which seems to be a typo or shorthand for 'ASCII' or 'ASN.1'. In the context of the video, it refers to the format in which the message is encoded before being encrypted or after being decrypted.

💡Crypto System

A crypto system refers to the algorithms, protocols, and practices used to secure communication against eavesdropping and provide other security services. The script discusses the requirements for a useful crypto system, such as chosen plaintext security and the inclusion of random bits and padding. The crypto system is the target of the attack described in the video.

💡Flag

In cybersecurity, a 'flag' often refers to a piece of data that serves as a proof of solving a challenge or exploiting a vulnerability. In the script, the attacker uses OpenSSL to decrypt the message and reveal the flag, which is the ultimate goal of the attack. The flag is a common element in cybersecurity exercises and represents the success of the attacker's efforts.

💡OpenSSL

OpenSSL is a robust, full-featured open-source toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is used in the script to decrypt the final encrypted message using the key derived from the previous steps. OpenSSL is a widely recognized tool in the cybersecurity field, and its use in the video demonstrates a practical application of decryption.

💡CBC

CBC stands for Cipher Block Chaining, a mode of operation for a block cipher where each block of plaintext is XORed with the previous ciphertext block before being encrypted. In the video, CBC is mentioned as part of the OpenSSL command used to decrypt the message. CBC is a critical concept in understanding how block ciphers operate and secure data.

Highlights

Attacker intercepted communications between a bank and a fintech company.

The attacker obtained a message and the password used to encrypt it.

The bank's oracle was identified as a potential vulnerability.

The oracle could decrypt anything except the password, indicating a chosen plaintext attack scenario.

The necessity for a real RSA implementation to include random bits and padding is emphasized.

The process of using netcat to connect to the oracle for encryption and decryption is described.

The attacker's inability to decrypt the password directly is highlighted.

A strategy to exploit RSA properties by encrypting '2' and multiplying it by the encrypted message is outlined.

The attacker's use of a Python program to automate the decryption process is mentioned.

The attacker connects to Titan Pico to encrypt a message using RSA.

The process of encrypting '2' and multiplying it by the encrypted message to exploit the oracle is detailed.

The attacker decrypts the manipulated message to obtain the original message.

The use of OpenSSL to decrypt the final message and reveal the flag is explained.

The importance of chosen plaintext security in a useful crypto system is reiterated.

The final flag is obtained after decrypting the message with OpenSSL.

The transcript concludes with additional points on the attack's success.

Transcripts

play00:00

RSA Oracle can you abuse the Oracle an

play00:03

attacker was able to intercept

play00:05

Communications between a bank and a

play00:06

fintech company they managed to get the

play00:08

message and the password that was used

play00:10

to encrypt the message after some

play00:12

intensive reconnaissance they found out

play00:13

the bank has an oracle that was used to

play00:15

encrypt the password and can be found

play00:17

here all right so that's a netcat thing

play00:20

uh decrypt the password and use it to

play00:21

decrypt the message the article can

play00:23

decrypt anything except the password so

play00:25

they call this a chosen plain text

play00:27

attack uh here's the op SS cell command

play00:31

that we will use to get uh the message

play00:34

after we've gotten the

play00:36

password we want to send a custom

play00:38

message to the server using that RSA

play00:41

algorithm and one of the minimal

play00:43

requirements for useful crypto system is

play00:45

chosen PL Tex security so uh yeah if you

play00:48

actually do a real implementation of RSA

play00:50

you need to include some random bits and

play00:53

padding for lots of reasons as opposed

play00:55

to just directly encrypting the message

play00:58

that you have

play01:00

okay so what we have here is we

play01:11

have downloaded the message which is

play01:16

secret so we have some sort of as

play01:19

encrypted

play01:21

blob and we have the password which is a

play01:25

big decimal

play01:28

number so we'll netcat to Titan

play01:33

Pico cf. net5

play01:38

6192 so we can encrypt

play01:42

things so it it converts the clear text

play01:45

to Hax and then it raises that to the E

play01:48

power we can decrypt

play01:50

things so if we decrypt for example

play01:55

this we get back the text that we typed

play01:58

in

play02:02

um I guess what we could try to do which

play02:05

they tell us we won't be able to do is

play02:07

do this

play02:12

password good try we can't decrypt that

play02:15

for you now what we will be able to do

play02:18

is we'll be able to exploit the

play02:20

properties of RSA so what we know is

play02:24

that when we encrypt something we're

play02:25

taking a message we're raising it to the

play02:27

E power mod n

play02:31

so what we will also do is we will take

play02:33

two and we will raise it to the E power

play02:36

mod

play02:37

n and then if we multiply that by m to

play02:41

the E mod

play02:43

n we will have basically

play02:47

2m to the EOD n we will ask the program

play02:53

to decrypt that for us because it will

play02:56

because it's not actually the

play02:58

message and then we'll divide it by two

play03:01

so we're going to compute this value to

play03:03

the EOD n we already know this it's the

play03:07

secret we'll decrypt this and divide by

play03:12

two so I have a Python

play03:16

program that will take care of this this

play03:19

again uses pone tools we're connecting

play03:21

to Titan Pico

play03:24

cf. we're waiting till we get that first

play03:26

message and we're saying we want to

play03:28

encrypt we're going to encrypt the

play03:30

message to so we send the asky character

play03:33

2 with a new line we receive that line

play03:38

when we decode that number that is 2 to

play03:41

the E and we multiply it by the

play03:43

contents of secret so that's the M

play03:47

raised to the E power so now we have 2 m

play03:50

raised to the E power we are going to

play03:53

decode

play03:54

that so I send this

play03:58

num ask it to be decrypted it's going to

play04:01

give us

play04:02

back a heximal string so we convert that

play04:06

heximal string to a number we divide it

play04:08

by two and then we convert that to

play04:17

asky so when we convert that to asky we

play04:20

are going to get the string da

play04:26

a099 and that was the the hex string we

play04:29

got back before for we divided it by two

play04:31

and then converted it uh from hex to asy

play04:34

so now what they're telling

play04:36

us is to use this open

play04:39

SSL so we can say open SSL

play04:43

encrypt as

play04:46

256 CBC cyer blockchaining we're

play04:49

actually say- D which means

play04:51

decrypt uh we'll take

play04:54

secret. and our key is da99

play05:01

and here is our

play05:09

flag and now we have some more points

Посмотреть больше похожих видео

CS2107 Padding Oracle Attack

Coding Encrypted Chat in Python

Impacket GetUserSPNs & Kerberoasting Explained

世上無人能破解!量子力學為何是最強之盾?量子糾纏不只安全,還能讓你上網超光速!?|量子熊 ✕ 泛科學 EP11

Siguran administrativni pristup prekidaču

Deauthentication - N10-008 CompTIA Network+ : 4.2

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Связанные теги
CybersecurityRSA EncryptionOracle AttackData BreachCrypto ExploitationHacking TechniquesChosen PlaintextNetcat DecryptionRSA AlgorithmSecurity Flaws
Вам нужно краткое изложение на английском?