Merge pull request #12 from 0xalivecow/dev
fix: performance improvements
This commit is contained in:
An0nymous
GitHub
commit
b5be86401d
2 changed files with 1226 additions and 11 deletions
|
|
@ -31,7 +31,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
for chunk in &cipher_chunks {
|
for chunk in &cipher_chunks {
|
||||||
let start = Instant::now();
|
let start = Instant::now();
|
||||||
|
|
||||||
let mut stream = TcpStream::connect(format!("127.0.0.1:{}", port))?;
|
let mut stream = TcpStream::connect(format!("{}:{}", hostname, port))?;
|
||||||
stream.set_nonblocking(false)?;
|
stream.set_nonblocking(false)?;
|
||||||
|
|
||||||
// Track value sent to server
|
// Track value sent to server
|
||||||
|
|
@ -66,6 +66,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
|
|
||||||
//thread::sleep(Duration::from_millis(1000));
|
//thread::sleep(Duration::from_millis(1000));
|
||||||
payload.extend(&attack_counter);
|
payload.extend(&attack_counter);
|
||||||
|
//eprintln!("I in q builder {}", i);
|
||||||
attack_counter[i as usize] += 1;
|
attack_counter[i as usize] += 1;
|
||||||
}
|
}
|
||||||
//eprintln!("Time for qblocks: {:?}", start.elapsed());
|
//eprintln!("Time for qblocks: {:?}", start.elapsed());
|
||||||
|
|
@ -82,34 +83,44 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
let valid_val = server_q_resp
|
let valid_val = server_q_resp
|
||||||
.iter()
|
.iter()
|
||||||
.position(|&r| r == 0x01)
|
.position(|&r| r == 0x01)
|
||||||
.expect("No valid found in main loop") as u8;
|
.unwrap_or(0x00) as u8;
|
||||||
|
if valid_val == 0x00 {
|
||||||
|
eprintln!("No valid found in main loop");
|
||||||
|
}
|
||||||
//eprintln!("Valid value found: {:02X?}", valid_val);
|
//eprintln!("Valid value found: {:02X?}", valid_val);
|
||||||
// Craft next attack vector padding; 0x01, 0x02, ...
|
// Craft next attack vector padding; 0x01, 0x02, ...
|
||||||
attack_counter[i as usize] = valid_val;
|
attack_counter[i as usize] = valid_val;
|
||||||
|
|
||||||
// Check for edgecase
|
// Check for edgecase
|
||||||
if i == 15 {
|
if i == 15 {
|
||||||
|
let mut l_msg_check: Vec<u8> = vec![0x01, 0x00];
|
||||||
let mut check_q_block: Vec<u8> = vec![0; 16];
|
let mut check_q_block: Vec<u8> = vec![0; 16];
|
||||||
check_q_block[15] = attack_counter[15];
|
check_q_block[15] = attack_counter[15];
|
||||||
check_q_block[14] = !check_q_block[15];
|
check_q_block[14] = !check_q_block[15];
|
||||||
|
|
||||||
stream.write_all(&[0x01, 0x00])?;
|
l_msg_check.extend(check_q_block.as_slice());
|
||||||
stream.write_all(&check_q_block)?;
|
|
||||||
|
stream.write_all(&l_msg_check)?;
|
||||||
|
//stream.write_all(&check_q_block)?;
|
||||||
let mut buf = [0u8; 0x01];
|
let mut buf = [0u8; 0x01];
|
||||||
stream.read(&mut buf)?;
|
stream.read(&mut buf)?;
|
||||||
eprintln!("Buffer from pad check: {:02X?}", buf);
|
//eprintln!("I = {}", i);
|
||||||
|
//eprintln!("Buffer from pad check: {:02X?}", buf);
|
||||||
if buf == [0x01] {
|
if buf == [0x01] {
|
||||||
eprintln!("Valid padding");
|
//eprintln!("Valid padding");
|
||||||
} else {
|
} else {
|
||||||
eprintln!("Invalid padding");
|
//eprintln!("Invalid padding");
|
||||||
// Search for second hit
|
// Search for second hit
|
||||||
let valid_val = (255
|
let valid_val = (255
|
||||||
- server_q_resp
|
- server_q_resp
|
||||||
.iter()
|
.iter()
|
||||||
.rev()
|
.rev()
|
||||||
.position(|&r| r == 0x01)
|
.position(|&r| r == 0x01)
|
||||||
.expect("No valid found") as u8);
|
.unwrap_or(0x00) as u8);
|
||||||
eprintln!("Valid value found: {:02X?}", valid_val);
|
if valid_val == 0x00 {
|
||||||
|
eprintln!("No valid found");
|
||||||
|
}
|
||||||
|
//eprintln!("Valid value found: {:02X?}", valid_val);
|
||||||
// Craft next attack vector padding; 0x01, 0x02, ...
|
// Craft next attack vector padding; 0x01, 0x02, ...
|
||||||
attack_counter[i as usize] = valid_val;
|
attack_counter[i as usize] = valid_val;
|
||||||
}
|
}
|
||||||
|
|
@ -127,7 +138,8 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
plaintext.push(iv[i] ^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)));
|
plaintext.push(iv[i] ^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)));
|
||||||
}
|
}
|
||||||
//eprintln!("Attack counter after set: {:02X?}", attack_counter);
|
//eprintln!("Attack counter after set: {:02X?}", attack_counter);
|
||||||
for pos in i..=15 {
|
let range = i;
|
||||||
|
for pos in range..=15 {
|
||||||
//eprintln!("i is: {:02X?}", i);
|
//eprintln!("i is: {:02X?}", i);
|
||||||
//eprintln!("i + 1 is: {:02X?}", ((16 - i) as u8).to_le());
|
//eprintln!("i + 1 is: {:02X?}", ((16 - i) as u8).to_le());
|
||||||
/*
|
/*
|
||||||
|
|
@ -154,7 +166,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
stream.flush()?;
|
stream.flush()?;
|
||||||
// break;
|
// break;
|
||||||
drop(stream);
|
drop(stream);
|
||||||
eprintln!("Time rest of calc: {:?}", start.elapsed());
|
//eprintln!("Time rest of calc: {:?}", start.elapsed());
|
||||||
}
|
}
|
||||||
|
|
||||||
plaintext.reverse();
|
plaintext.reverse();
|
||||||
|
|
|
||||||
1203
test_json/padding_long.json
Normal file
1203
test_json/padding_long.json
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Add table
Add a link
Reference in a new issue