<a href="https://colab.research.google.com/github/AndreaCerolini/CriptoLab_1/blob/main/CryptoLab.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Criptography Lab - Cybersecurity Technologies and Risk Management

Save a copy of this notebook in your local google drive to edit it

# RSA - Basic implementation
#### The rsa library

In [None]:
!pip install rsa



In [None]:
import rsa

# https://en.wikipedia.org/wiki/PKCS_1
# Generate the keys and save them in PKCS1 format
def generateKeys():
    (publicKey, privateKey) = rsa.newkeys(2048)
    with open('publicKey.pem', 'wb') as p:
        p.write(publicKey.save_pkcs1('PEM'))
    with open('privateKey.pem', 'wb') as p:
        p.write(privateKey.save_pkcs1('PEM'))

# Load the keys and return them
def loadKeys():
    with open('publicKey.pem', 'rb') as p:
        publicKey = rsa.PublicKey.load_pkcs1(p.read())
        print(publicKey)
    with open('privateKey.pem', 'rb') as p:
        privateKey = rsa.PrivateKey.load_pkcs1(p.read())
    return privateKey, publicKey

# Encrypt a message string
def encrypt(message, public_key):
    return rsa.encrypt(message.encode('ascii'), public_key)

# Decrypt a ciphertext and return False if any error occurs, the plaintext string otherwise
def decrypt(ciphertext, private_key):
    try:
        return rsa.decrypt(ciphertext, private_key).decode('ascii')
    except:
        return False

# https://www.w3.org/PICS/DSig/RSA-SHA1_1_0.html
# Sign a message with a SHA-1 signature type
def sign(message, private_key):
    return rsa.sign(message.encode('ascii'), private_key, 'SHA-1')

# verify the message signature, return True if the signature is correctly verified, false otherwise
def verify(message, signature, public_key):
    try:
        return rsa.verify(message.encode('ascii'), signature, public_key,) == 'SHA-1'
    except:
        return False

In [None]:
# key generation and loading
generateKeys()
privateKey, publicKey = loadKeys()

print(privateKey)

# message to encrypt
message = input('Write your message here:')

# encryption
ciphertext = encrypt(message, publicKey)

# signature
signature = sign(message, privateKey)

# decryption
text = decrypt(ciphertext, privateKey)

# print the results
print(f'Cipher text: {ciphertext}')
print(f'Hex ciphertext: {ciphertext.hex()}')
print(f'Signature: {signature}')

if text:
    print(f'Message text: {text}')
else:
    print(f'Unable to decrypt the message.')

if verify(text, signature, publicKey):
    print("Successfully verified signature")
else:
    print('The message signature could not be verified')

#RSA - A "low-level" library
#### pycryptodome

In [None]:
!pip install pycryptodome

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import binascii

Collecting pycryptodome
  Downloading pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Downloading pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.3/2.3 MB[0m [31m21.7 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodome
Successfully installed pycryptodome-3.21.0


In [None]:
# This code shows how to encrypt/decrypt a message with RSA generating public key and private key "by hand"
from Crypto.Util.number import getStrongPrime, bytes_to_long, long_to_bytes

# generate the keys (two strong primes 1024 bits)
p = getStrongPrime(1024)
q = getStrongPrime(1024)

n = p * q # Modulus
phi = (p-1) * (q-1) # Euler's function

e = 65537 # Exponent
d = pow(e, -1, phi) # Private key

message = "Hello world!"

# Encryption
pt = bytes_to_long(message.encode('utf-8'))
print(f"plaintext message converted in hex: {hex(pt)}")
ct = pow(pt, e, n) # Ciphertext
print(f"encrypted message converted in hex: {hex(ct)}")

# Decryption
pt = long_to_bytes(pow(ct, d, n)) # Plaintext
print(f"decrypted message: {pt}")

# Exercise 1 - RSA

In [None]:
# This code shows an example of how to convert an integer to bytes and viceversa
from Crypto.Util.number import long_to_bytes, bytes_to_long

message = b"Hello!"
int_msg = bytes_to_long(message)
print(int_msg)
bytes_msg = long_to_bytes(int_msg)
print(bytes_msg)

You manage to intercept an rsa encrypted message:
11700901449779765763508101081

We know that it contains only one word

We also know the public key:

n = 132420683385315910791872800790076560548274292915602211551970038528407686609679552632778004136225026734894405625585255079274407744373849604560084628804772237703552168790280768702939708169783196212168917735971708699471743264252681591112502545288149137877768737422686737460701423105441179752299232063182125115961

e = 2

Can you retrieve the original message?

In [None]:
# Implement your solution here

# Hashing

In [None]:
import hashlib
# SECURE - sha256
m = hashlib.sha256(b"Let's go")

# we can add as many bytes to be hashed as we want
m.update(b"ski!")
print(m.hexdigest())
print(len(m.hexdigest()))

# NOT SECURE - md5
m = hashlib.md5(b"a very long message that you cannot decrypt")
print(m.hexdigest())
print(len(m.hexdigest()))

5b0dea678179c22fb05fd12c0042302c12301532c60eb0a2fdbc3d235ab21c01
64
5a58057c7b30aaf96aff1b31f9f50ef1
32


## Excercise 2: Finding a partial hash collision
The exam results are out! Unfortunately your grade is 18. Now you are required to send an email to accept your grade containing the sentence "I accept my grade of 18". An automatic grade-registering platform calculates the md5 of the text of your email, takes the first 6 characters, and checks if they equal to "e88792". The automatic platform only reads the sentence until the grade, everything else is discarded. Can you produce a sentence that starts with "I accept my grade of 30" and that has an hash equal to "e88792"?

## Implement your solution here




In [None]:
import hashlib

m = hashlib.md5()
grade = b"I accept my grade of 18 "
m.update(grade)
to_collide = m.hexdigest()[0:6]
print(to_collide)

# Implement solution

e88792


# AES

In [None]:
!pip install pycryptodomex

Collecting pycryptodomex
  Downloading pycryptodomex-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Downloading pycryptodomex-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.3/2.3 MB[0m [31m20.0 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodomex
Successfully installed pycryptodomex-3.21.0


In [None]:
from Cryptodome.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes

key = get_random_bytes(16)

# encrypt the plaintext and return the ciphertext
def encrypt(plain):
    cipher = AES.new(key, AES.MODE_ECB)
    padded_pt = pad(plain, 16)
    return cipher.encrypt(padded_pt)

# decrypt the ciphertext and return the plaintext
def decrypt(ciphertext):
    cipher = AES.new(key, AES.MODE_ECB)
    return cipher.decrypt(ciphertext)

ciphertext = encrypt(b"AAAACAAAAAABAAAABAAAAAAAAAAABAAAAAAAA")
print(ciphertext)
plaintext = decrypt(ciphertext)
print(unpad(plaintext, 16))


b'&(\xfbW\xbcn%\xf3\xbc\x9e\xc3\xd5\xeeX\xd5k(\xeb\x95\xae\xea\x18FZU\xd2\xf4\n\xce\x04\xc2Z\x9b \xdcO4}\x9f\x8b\xe1\xcb\xf5\xf7\xaa\x01\x84\x16'
b'AAAACAAAAAABAAAABAAAAAAAAAAABAAAAAAAA'


## Exercise 3 - The ECB Oracle attack
The oracle has spoken! It appends a secret message to what you send. Can you leak the secret?

We know that the block size and the secret length are 16.

### Do not watch what's inside the next cell
Inside this cell there is the definition of the "encrypt" function that the oracle uses to encrypt data.

It takes the message, it appends the secret to it and finally it adds padding if the total length is not a multiple of 16

In [None]:
!pip install pycryptodome
from Cryptodome.Cipher import AES
from Crypto.Util.Padding import pad

def encrypt(plain):
    key = b'0123456789abcedf'
    cipher = AES.new( key, AES.MODE_ECB )
    padded_pt = pad(plain+b'AES-ECB-leaking!', 16)
    return cipher.encrypt(padded_pt).hex()




## Implement your solution here

In [None]:
import string

print(string.printable) # this can be useful to bruteforce, it contains all printable characters

# This is the function that simulates an oracle. You need to used this to find the secret message
print(encrypt(b'testmessage'))
print(encrypt(b'')) # this will return the encrypted secret message

# PDF File Manipulation

In [None]:
!pip install pypdf
!pip install reportlab

Collecting pypdf
  Downloading pypdf-5.0.1-py3-none-any.whl.metadata (7.4 kB)
Downloading pypdf-5.0.1-py3-none-any.whl (294 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m294.5/294.5 kB[0m [31m4.4 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pypdf
Successfully installed pypdf-5.0.1
Collecting reportlab
  Downloading reportlab-4.2.5-py3-none-any.whl.metadata (1.5 kB)
Downloading reportlab-4.2.5-py3-none-any.whl (1.9 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m1.9/1.9 MB[0m [31m17.0 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: reportlab
Successfully installed reportlab-4.2.5


In [None]:
import pypdf
from pypdf import PdfReader, PdfWriter
import io
from reportlab.pdfgen import canvas
from reportlab.lib.pagesizes import letter
import hashlib

# Create PDF File
packet = io.BytesIO()
can = canvas.Canvas(packet, pagesize=letter)
can.setFont('Helvetica', 25)
can.drawString(100, 500, "This is a simple PDF file")
can.save()

# Move to the beginning of the StringIO buffer
packet.seek(0)

# create a new PDF with Reportlab
new_pdf = PdfReader(packet)

output = PdfWriter()

output.add_page(new_pdf.pages[0])
output.add_metadata( {
        "/Author": "Manu",
        "/Producer": "CTRM Course",
    })
# finally, write "output" to a real file
output_stream = open("test.pdf", "wb")
output.write(output_stream)
output_stream.close()

# How to calculate the sha256 of our PDF file
pdf = open('test.pdf', 'rb')
pdf_content = pdf.read()

pdf_hash = hashlib.sha256(pdf_content).hexdigest()
print(pdf_hash)

e7f09bc7b3c6b99d6e2a95f6a8c29869ba17afc006c13f63c354c022986737d3


In [None]:
# How to load PDFs and get information on their content

pdf = PdfReader("test.pdf")
print(pdf)

print(pdf.metadata)
print(pdf.pages)
print(pdf.pages[0])
print(pdf.pages[0].extract_text())


<pypdf._reader.PdfReader object at 0x7a6f3225f430>
{'/Producer': 'CTRM Course', '/Author': 'Manu'}
[PageObject(0)]
{'/Contents': IndirectObject(5, 0, 134618001306672), '/MediaBox': [0, 0, 612, 792], '/Resources': {'/Font': IndirectObject(6, 0, 134618001306672), '/ProcSet': ['/PDF', '/Text', '/ImageB', '/ImageC', '/ImageI']}, '/Rotate': 0, '/Trans': {}, '/Type': '/Page', '/Parent': IndirectObject(2, 0, 134618001306672)}
This is a simple PDF file

