Skip to content

Commit

Permalink
put pdf
Browse files Browse the repository at this point in the history
  • Loading branch information
gogo2464 committed Oct 16, 2024
1 parent c8b26c3 commit 671a293
Show file tree
Hide file tree
Showing 5 changed files with 177 additions and 5 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/gh-pages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ jobs:
deploy:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: true # Fetch Hugo themes (true OR recursive)
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod

- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
uses: peaceiris/actions-hugo@v3
with:
hugo-version: 'latest'
hugo-version: '0.135.0'
extended: true

- name: Clean
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ draft: false

According to the documentation and as it is mentionned that type 7 is an hashing algorithm.

A secure hash algorithm is an hash algorithm so that for any function hash that transform the original (plaintext) value $ hased = h(plain) $ there does not exist a function $ rev() $ so that $ rev(hashed) = plain $.
A secure hash algorithm is an hash algorithm so that for any function hash that transform the original (plaintext) value $ hased = H(plain) $ there does not exist a function $ rev(hashed) $ so that $ rev(hashed) = plain $.

## 1 - Analysis under mathematical thinking

Expand All @@ -20,4 +20,22 @@ We could then guess that the researchers thanks then that:

![image](/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/theory-behind-type7-hash.png)

We now have the mathematical proof (demonstration) that the algorithm is vulnerable.
The question is to proove that there exists a function $ rev(hashed) $ so that $ \forall plain [rev(H(plain)) = plain] $ then $ \forall x [x = H(plain)]$


We intuitevely see points to split the issue into easier pieces:

- the algorithm threat data block by blocks with blocks of two opcodes (numbers between 0 and 256) knowns bigram.

The algorith treat bigrams as following:

- the two opcodes are both xored to the hardcoded password.






We now have the mathematical proof (demonstration) that the algorithm is vulnerable:

[Download the pdf]( /gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/latex-reverse-type7.pdf )
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
\documentclass{article}
\usepackage{amsmath}
\usepackage{mathtools, nccmath}
\usepackage{amssymb, amsthm, mathrsfs}
\begin{document}

According to the decompilation of the Ciso Vigenere hash algorithm, when the password length is less than 16 the idea behind Ciso Vigenere hash algorithm is: \\
Let p be the password that the user types. \\
Let hp be the hardcoded password in the code of Packet Tracer. \\
Let lp be the length of the user input password. \\
Let h be the hash value obtained from the custom algorithm. \\
So that:
$$
\begin{flushleft}
\begin{multline}
\[
\forall h \forall lp \forall hp [(hp = (d, s, f, d, ;, k, f, o, A, ,, ., i, y, e, w, r, k, l, d, J, K, D, H, S, U, B, s, g, v, c, a, 6, 9, 8, 3, 4, n, c, x , v), \\
0 \textless lp \textless 16, \\
h_{0} = 0, \\
h_{1} = 8, \\
h = \Sigma_{i=2}^{lp}
\begin{cases}
((p_i \oplus hp_{8 + i}) \ggg 4) + 0x30, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xfffffff0 < 0xa0) \text{ and if } i \equiv 0 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \ggg 4) + 0x37, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xfffffff0 \geq 0xa0) \text{ and if } i \equiv 0 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \land 0xf) + 0x30, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xf < 0x0a) \text{ and if } i \equiv 1 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \land 0xf) + 0x37, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xf \geq 0x0a) \text{ and if } i \equiv 1 \pmod 2
\end{cases} \\
) \implies \nexists p[p = \mathbf{rev}(h)] \\
\]
\end{flushleft}
\end{multline}
$$

So let's split each sub steps of the algorithm. In this wayt, we could start prooving that if $ P \implies Q $ and if $ Q \implies R $ then $ P \implies R $

So for any P so that:

$$
\begin{flushleft}
\begin{multline}
\[
h = \Sigma_{i=2}^{lp}
\begin{cases}
(p_{i} \oplus hp_{i+8} \land 0xfffffff0 < 0xa0) \text{ if } i \equiv 0 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xfffffff0 \geq 0xa0) \text{ if } i \equiv 0 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xf < 0x0a) \text{ if } i \equiv 1 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xf \geq 0x0a) \text{ if } i \equiv 1 \pmod 2
\end{cases} \\
) \implies \nexists p[p = \mathbf{rev}(h)] \\
\]
\end{flushleft}
\end{multline}
$$


So for any Q so that:

$$
\begin{flushleft}
\begin{multline}
\[
h = \Sigma_{i=2}^{lp}
\begin{cases}
(p_{i} \oplus hp_{i+8} \land 0xfffffff0 < 0xa0), \text{ if } i \equiv 0 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xfffffff0 \geq 0xa0) \text{ if } i \equiv 0 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xf < 0x0a), \text{ if } i \equiv 1 \pmod 2 \\
(p_{i} \oplus hp_{i+8} \land 0xf \geq 0x0a), \text{ if } i \equiv 1 \pmod 2
\end{cases} \\
) \implies \forall p[p = \mathbf{rev}(h)] \\
\]
\end{flushleft}
\end{multline}\\
$$


Let's start by prooving

$$
\begin{flushleft}
\begin{multline}
\[
\forall h \forall lp \forall hp [(hp = (d, s, f, d, ;, k, f, o, A, ,, ., i, y, e, w, r, k, l, d, J, K, D, H, S, U, B, s, g, v, c, a, 6, 9, 8, 3, 4, n, c, x , v), \\
0 \textless lp \textless 16, \\
h_{0} = 0, \\
h_{1} = 8, \\
h = \Sigma_{i=2}^{lp}
\begin{cases}
((p_i \oplus hp_{8 + i}) \ggg 4) + 0x30, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xfffffff0 < 0xa0) \text{ and if } i \equiv 0 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \ggg 4) + 0x37, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xfffffff0 \geq 0xa0) \text{ and if } i \equiv 0 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \land 0xf) + 0x30, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xf < 0x0a) \text{ and if } i \equiv 1 \pmod 2 \\
((p_i \oplus hp_{8 + i}) \land 0xf) + 0x37, & \text{if } (p_{i} \oplus hp_{i+8} \land 0xf \geq 0x0a) \text{ and if } i \equiv 1 \pmod 2
\end{cases} \\
) \implies \nexists p[p = \mathbf{rev}(h)] \\
\]
\end{flushleft}
\end{multline}
$$

## I/ exclusive or

According to the [Karnaught table](https://fr.wikipedia.org/wiki/Table_de_v%C3%A9rit%C3%A9#Disjonction_exclusive), $ \forall x [(x \xor x) \implies (x = 0)] $.

Then as $ xlat \xor xlat = 0 $, and as $ p \xor 0 = p $, we know that the original password $p = xlat \xor h $.

## II/ substraction to reverse the addition

$\forall x [(x = y + z) \implies (y = e \minus z)]$

## III/ truncating 4 first and 4 last bits


Then we have proven that:

$hp = (d, s, f, d, ;, k, f, o, A, ,, ., i, y, e, w, r, k, l, d, J, K, D, H, S, U, B, s, g, v, c, a, 6, 9, 8, 3, 4, n, c, x , v) \implies (\forall x \in hp[0 \geq x 0 \geq 256 \implies x \in hp]) $

then:

$$
\begin{flushleft}
\begin{multline}
Let p be the password that the user types. \\
Let hp be the hardcoded password in the code of Packet Tracer. \\
Let lp be the length of the user input password. \\
Let h be the hash value obtained from the custom algorithm. \\
So that:
\[
\forall h \forall lp \forall hp [(hp \in N \land 0 \geq hp, \\
0 \textless lp \textless 16, \\
h_{0} = 0, \\
h_{1} = 8, \\
h = \Sigma_{i=2}^{lp}
\begin{cases}
(((p_{i} \oplus hp_{i+8}) \lll 4) - 0x30), & \text{if } p_i < 0xa0 \text{ and if } i \equiv 0 \pmod 2 \\
(((p_{i} \oplus hp_{i+8}) \lll 4) - 0x37), & \text{if } p_i \geq 0x0a0 \text{ and if } i \equiv 0 \pmod 2 \\
(((p_{i} \oplus hp_{i+8}) \land 0xffffffff0) - 0x30), & \text{if } p_i < 0x0a \text{ and if } i \equiv 1 \pmod 2 \\
(((p_{i} \oplus hp_{i+8}) \land 0xffffffff0) - 0x37), & \text{if } p_i \geq 0x0a \text{ and if } i \equiv 1 \pmod 2
\end{cases} \\
) \implies \forall p[p = \mathbf{rev}(h)] \\
\]
\end{flushleft}
\end{multline}\\
$$
\end{document}

0 comments on commit 671a293

Please sign in to comment.