|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Public White-Box Cryptographic Implementations and their Practical Attacks
Deadpool is a repository of various public white-box cryptographic implementations and their practical attacks.
This could be of practical utility to us when dealing with the WBAES of dongles for example... LINK : Quote:
Attacks Differential Computation Analysis Differential Fault Analysis White-box implementations Wyseur 2007 challenge A Linux binary implementing a DES. Hack.lu 2009 challenge A Windows binary implementing an AES 128. Karroumi 2010 challenge A Linux binary implementing an AES 128. SSTIC 2012 challenge A Python serialized object implementing a DES. NoSuchCon 2013 challenge A Windows binary implementing an AES 128 with uncompensated external encodings. NoSuchCon 2013 variants Variants of the NoSuchCon 2013 challenge, using the same white-box generator but compiled for Linux, without obfuscation and with compensated external encodings. PlaidCTF 2013 challenge A Linux binary implementing an AES 128. CHES 2015 challenge A GameBoy ROM implementing an AES 128. OpenWhiteBox AES Chow An implementation of Chow written in Go, implementing an AES 128. OpenWhiteBox AES Xiao-Lai An implementation of Xiao-Lai written in Go, implementing an AES 128. CHES 2016 challenge A Linux binary (and source) implementing an AES 128. Last edited by TechLord; 09-14-2016 at 13:10. |
#3
|
||||
|
||||
There are lengthy description of what the various attacks do, but have any of them actually decrypted AES encrypted data?. There are no examples of successful attacks documented that I could see. In fact, if AES can be broken aren't a lot of people going to have sleepless nights?. Or have I totally missed the point and it's only about the WB part?
|
#4
|
|||
|
|||
@Git check out http://whiteboxcrypto.com basically it's about storing the keys in the algorithm. Useful in for example DRM solutions like Spotify where the user has to decrypt the songs to listen to them but you don't want them to be able to easily retrieve the key.
|
#5
|
||||
|
||||
Sure, but I don't see an answer to my question.
|
#6
|
|||
|
|||
It's only about the whitebox system (hiding the AES-key in these cases), not about AES itself. That still doesn't answer the other part of your question, but I don't know how 'successful' they were in 'cracking' those challenges ...
|
The Following User Says Thank You to SKiLLa For This Useful Post: | ||
chants (11-05-2016) |
#7
|
|||
|
|||
Have a look at the solutions to the challenges itself. For instance, here:
https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_ches2016/DFA They are able to obtain the last round key. This means that they are able to calculate the initial AES key. By this key it is possible to decrypt encrypted data. Another nice read is http://phrack.org/issues/68/8.html |
The Following User Gave Reputation+1 to t3xc0d3 For This Useful Post: | ||
niculaita (11-06-2016) |
The Following User Says Thank You to t3xc0d3 For This Useful Post: | ||
niculaita (11-06-2016) |
#8
|
|||
|
|||
I have already posted on other threads in this forum last year (in the dongle section I think) that with the use of Differential Frequency Analysis (DFA) its possible to get the AES key in some cases.
Of course it may not be possible in ALL the cases, especially if the key length is very long etc.. But we should remeber that these are mainly experimental approaches to what was once thought of as an impossible task ! Cheers |
#9
|
|||
|
|||
They now also adapted differential fault attacks:
http://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html |
Tags |
crypto, dfa, white-box |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Idenitfying a cryptographic algorithm | wassim_ | General Discussion | 1 | 07-15-2020 22:15 |
Any one see this Cryptographic? | winndy | General Discussion | 17 | 10-19-2005 09:57 |