In [1]:
import pandas as pd
from color import bcolors
from hash_functions import generate, complex_hash_function, simple_hash_function
from bank_application import BankApplication

-----
<div class="alert alert-block alert-info">
    <h1>[Final project] Live code demo</h1>
    A hacker in bank application
</div>

<div class="alert alert-block alert-success">  
Initialize bank application
</div>

In [2]:
def develop_application(hash_function):
    app = BankApplication(hash_function)
    app.add_user('jay_msds', 'jay@dons.usfca.edu', '76498231')
    app.add_user('kejia_msds', 'kejia@dons.usfca.edu', '12345678')
    app.add_user('vidith_msds', 'vidith@dons.usfca.edu', '20231010')
    return app

hash_function = generate(complex_hash_function, digits=7)
app = develop_application(hash_function)
app.database

Unnamed: 0,email,password_hash
jay_msds,jay@dons.usfca.edu,2551098
kejia_msds,kejia@dons.usfca.edu,1348109
vidith_msds,vidith@dons.usfca.edu,1322883


<div class="alert alert-block alert-success">  
Normal user behavior
</div>

In [3]:
def user(app: BankApplication):
    # Jay
    user_id = 'jay_msds'
    password = '76498231'
    app.withdraw(user_id, password, 5000)

user(app)

Good morning, jay_msds. [92mYou are authenticated[0m
Here is [92m$5000[0m


<div class="alert alert-block alert-success">  
Novice hacker
</div>

In [4]:
def novice_hacker(app: BankApplication, db: pd.DataFrame, hash_function):
    user_id = 'jay_msds'
    random_password = "12345678"
    app.withdraw(user_id, random_password, 5000)

novice_hacker(app, app.database, app.hash_function)

Your password is [91mnot valid[0m


<div class="alert alert-block alert-success">  
Better hacker
</div>

In [5]:
from tqdm import tqdm
def search_collision(hash_function, hash, password_length):
    for i in tqdm(range(10 ** (password_length+1))):
        fake_password = f"{i:08d}"
        if hash == hash_function(fake_password):
            return fake_password

In [6]:
def better_hacker(app: BankApplication, db: pd.DataFrame, hash_function):
    user_id = app.database.iloc[0].name
    password_hash = app.database.iloc[0].password_hash
    
    fake_password = search_collision(hash_function, password_hash, password_length=8)
    print(f"Found the fake password: {fake_password}")
    
    app.withdraw(user_id, fake_password, 10000000)
better_hacker(app, app.database, app.hash_function)

  1%|          | 5534739/1000000000 [00:16<48:31, 341579.22it/s]

Found the fake password: 05534739
Good morning, jay_msds. [92mYou are authenticated[0m
Here is [92m$10000000[0m





In [None]:
fake_password = '05534739'
real_password = '76498231'

print(f"fake password: {bcolors.WARNING}{fake_password}{bcolors.ENDC} -> hash: {bcolors.OKGREEN}{hash_function(fake_password)}{bcolors.ENDC}")
print(f"original password: {bcolors.WARNING}{real_password}{bcolors.ENDC} -> hash: {bcolors.OKGREEN}{hash_function(real_password)}{bcolors.ENDC}")

In [None]:
# Simple hash function + same size of hash
hash_function = generate(simple_hash_function, digits=7)
app = develop_application(hash_function)
better_hacker(app, app.database, app.hash_function)