0xalivecow/kauma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Fix performance and algorithm issues

Browse source 
Consolidate sent to server to save time
Add full range to q block sending
This commit is contained in:
0xalivecow 2024-11-07 20:55:57 +01:00
parent 10fd837be9
commit 95de66aca0
No known key found for this signature in database
1 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/tasks/tasks01/pad_oracle.rs
View file

@ -39,7 +39,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
// Amount of q blocks to send to server. // Amount of q blocks to send to server.
// TODO:: May be increased via function // TODO:: May be increased via function
let q_block_count: u16 = 255; let q_block_count: u16 = 256;
//Send the first ciphertext chunk //Send the first ciphertext chunk
//eprintln!("Sending Ciphertext chunk: {:002X?}", chunk); //eprintln!("Sending Ciphertext chunk: {:002X?}", chunk);
@ -74,7 +74,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
stream.flush()?; stream.flush()?;
// Read server response // Read server response
let mut server_q_resp = [0u8; 0xFF]; let mut server_q_resp = [0u8; 256];
stream.read_exact(&mut server_q_resp)?; stream.read_exact(&mut server_q_resp)?;
//eprintln!("{:02X?}", buf); //eprintln!("{:02X?}", buf);
@ -82,7 +82,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
let valid_val = server_q_resp let valid_val = server_q_resp
.iter() .iter()
.position(|&r| r == 0x01) .position(|&r| r == 0x01)
.expect("No valid found") as u8; .expect("No valid found in main loop") as u8;
//eprintln!("Valid value found: {:02X?}", valid_val); //eprintln!("Valid value found: {:02X?}", valid_val);
// Craft next attack vector padding; 0x01, 0x02, ... // Craft next attack vector padding; 0x01, 0x02, ...
attack_counter[i as usize] = valid_val; attack_counter[i as usize] = valid_val;
@ -90,8 +90,8 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
// Check for edgecase // Check for edgecase
if i == 15 { if i == 15 {
let mut check_q_block: Vec<u8> = vec![0; 16]; let mut check_q_block: Vec<u8> = vec![0; 16];
check_q_block[15] = attack_counter[15] ^ (15 - i as u8); check_q_block[15] = attack_counter[15];
check_q_block[14] = check_q_block[15].reverse_bits(); check_q_block[14] = !check_q_block[15];
stream.write_all(&[0x01, 0x00])?; stream.write_all(&[0x01, 0x00])?;
stream.write_all(&check_q_block)?; stream.write_all(&check_q_block)?;
@ -103,11 +103,12 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
} else { } else {
eprintln!("Invalid padding"); eprintln!("Invalid padding");
// Search for second hit // Search for second hit
let valid_val = server_q_resp let valid_val = (255
.iter() - server_q_resp
.rev() .iter()
.position(|&r| r == 0x01) .rev()
.expect("No valid found") as u8; .position(|&r| r == 0x01)
.expect("No valid found") as u8);
eprintln!("Valid value found: {:02X?}", valid_val); eprintln!("Valid value found: {:02X?}", valid_val);
// Craft next attack vector padding; 0x01, 0x02, ... // Craft next attack vector padding; 0x01, 0x02, ...
attack_counter[i as usize] = valid_val; attack_counter[i as usize] = valid_val;