Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-14-2016, 08:54
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Public White-Box Cryptographic Implementations and their Practical Attacks

Deadpool is a repository of various public white-box cryptographic implementations and their practical attacks.

This could be of practical utility to us when dealing with the WBAES of dongles for example...

LINK :

Quote:
https://github.com/SideChannelMarvels/Deadpool
Details :

Attacks

Differential Computation Analysis
Differential Fault Analysis

White-box implementations

Wyseur 2007 challenge
A Linux binary implementing a DES.

Hack.lu 2009 challenge
A Windows binary implementing an AES 128.

Karroumi 2010 challenge
A Linux binary implementing an AES 128.

SSTIC 2012 challenge
A Python serialized object implementing a DES.

NoSuchCon 2013 challenge
A Windows binary implementing an AES 128 with uncompensated external encodings.

NoSuchCon 2013 variants
Variants of the NoSuchCon 2013 challenge, using the same white-box generator but compiled for Linux, without obfuscation and with compensated external encodings.

PlaidCTF 2013 challenge
A Linux binary implementing an AES 128.

CHES 2015 challenge
A GameBoy ROM implementing an AES 128.

OpenWhiteBox AES Chow
An implementation of Chow written in Go, implementing an AES 128.

OpenWhiteBox AES Xiao-Lai
An implementation of Xiao-Lai written in Go, implementing an AES 128.

CHES 2016 challenge
A Linux binary (and source) implementing an AES 128.

Last edited by TechLord; 09-14-2016 at 13:10.
Reply With Quote
The Following 6 Users Say Thank You to TechLord For This Useful Post:
chants (11-03-2016), foosaa (09-29-2016), mak (09-22-2016), nathan (01-01-2018), niculaita (09-14-2016), Syoma (09-14-2016)
  #2  
Old 10-29-2016, 05:33
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
thx nice share,,,,

bye N
Reply With Quote
The Following User Says Thank You to NeOXOeN For This Useful Post:
TechLord (10-29-2016)
  #3  
Old 10-29-2016, 18:03
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,115
Rept. Given: 220
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 108
Thanks Rcvd at 216 Times in 124 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
There are lengthy description of what the various attacks do, but have any of them actually decrypted AES encrypted data?. There are no examples of successful attacks documented that I could see. In fact, if AES can be broken aren't a lot of people going to have sleepless nights?. Or have I totally missed the point and it's only about the WB part?
Reply With Quote
  #4  
Old 10-30-2016, 03:49
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@Git check out http://whiteboxcrypto.com basically it's about storing the keys in the algorithm. Useful in for example DRM solutions like Spotify where the user has to decrypt the songs to listen to them but you don't want them to be able to easily retrieve the key.
Reply With Quote
The Following 2 Users Say Thank You to mr.exodia For This Useful Post:
niculaita (10-30-2016), TechLord (10-30-2016)
  #5  
Old 10-31-2016, 18:11
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,115
Rept. Given: 220
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 108
Thanks Rcvd at 216 Times in 124 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
Sure, but I don't see an answer to my question.
Reply With Quote
  #6  
Old 11-05-2016, 03:00
SKiLLa SKiLLa is offline
Friend
 
Join Date: Jul 2016
Location: Europe
Posts: 27
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 17
Thanks Rcvd at 16 Times in 15 Posts
SKiLLa Reputation: 0
It's only about the whitebox system (hiding the AES-key in these cases), not about AES itself. That still doesn't answer the other part of your question, but I don't know how 'successful' they were in 'cracking' those challenges ...
Reply With Quote
The Following User Says Thank You to SKiLLa For This Useful Post:
chants (11-05-2016)
  #7  
Old 11-06-2016, 03:55
t3xc0d3 t3xc0d3 is offline
Friend
 
Join Date: Oct 2016
Posts: 9
Rept. Given: 0
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 24 Times in 9 Posts
t3xc0d3 Reputation: 4
Have a look at the solutions to the challenges itself. For instance, here:

https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_ches2016/DFA

They are able to obtain the last round key. This means that they are able to calculate the initial AES key. By this key it is possible to decrypt encrypted data.

Another nice read is http://phrack.org/issues/68/8.html
Reply With Quote
The Following User Gave Reputation+1 to t3xc0d3 For This Useful Post:
niculaita (11-06-2016)
The Following User Says Thank You to t3xc0d3 For This Useful Post:
niculaita (11-06-2016)
  #8  
Old 11-06-2016, 07:50
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
I have already posted on other threads in this forum last year (in the dongle section I think) that with the use of Differential Frequency Analysis (DFA) its possible to get the AES key in some cases.

Of course it may not be possible in ALL the cases, especially if the key length is very long etc..

But we should remeber that these are mainly experimental approaches to what was once thought of as an impossible task !

Cheers
Reply With Quote
  #9  
Old 12-20-2016, 08:03
t3xc0d3 t3xc0d3 is offline
Friend
 
Join Date: Oct 2016
Posts: 9
Rept. Given: 0
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 24 Times in 9 Posts
t3xc0d3 Reputation: 4
They now also adapted differential fault attacks:

http://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html
Reply With Quote
The Following 3 Users Say Thank You to t3xc0d3 For This Useful Post:
niculaita (12-21-2016), Tomy73 (12-20-2016), user1 (12-20-2016)
Reply

Tags
crypto, dfa, white-box

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Idenitfying a cryptographic algorithm wassim_ General Discussion 1 07-15-2020 22:15
Any one see this Cryptographic? winndy General Discussion 17 10-19-2005 09:57


All times are GMT +8. The time now is 16:45.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )