# symmetric cryptography lab

### lab setup
* after building and running the docker image a server starts on localhost:5000
* the server contains 8 labs named as 

| Lab Code | Lab Name               | File Name in Docker Image               | Code           |
|----------|------------------------|----------------------------------------|----------------|
| Lab 00   | Setup                  | -                                      | -              |
| Lab 01   | Block size detection   | Lab_01_Block_size_detection.py         | /lab1_algo1 or /lab1_algo2 |
| Lab 02   | Mode detection         | Lab_02_Mode_detection.py               | /lab2          |
| Lab 03   | ECB byte at a time     | Lab_03_ECB_byte_at_a_time.py           | /lab3          |
| Lab 04   | CBC IV detection       | Lab_04_CBC_IV_detection.py             | /lab4          |
| Lab 05   | CBC bit flipping       | Lab_05_CBC_bit_flipping.py             | /lab5          |
| Lab 06   | CBC byte at a time     | Lab_06_CBC_byte_at_a_time.py           | /lab6          |
| Lab 07   | CBC padding            | Lab_07_CBC_padding.py                  | /lab7          |
| Lab 08   | CTR Bit flipping       | Lab_08_CTR_Bit_flipping.py             | /lab8          |



* to access any lab we will use `get_result(lab_name , input_data , byte_object = False)` function below
* use the lab code listed in the table above to access the lab as `get_result("lab3" , 'plain text' , byte_object=True)`
* the function connects to the server, send a requests' payload and return the resuld
* the result is formated in text format represents hex values as `e0 38 06 01 7a 30 bb 37 e9 9d 4c 89 ed 3a 0e 8b`
* to convert the hex string to byte object for easier calculations `byte_object` to `True`

In [146]:
import requests

def get_result(lab_name , input_data , byte_object = False):
    try:
        url = f'http://localhost:5000/{lab_name}'
        input_string = input_data
        payload = {'text': input_string}
        response = requests.post(url, data=payload)
        if byte_object == False:
            return response.text
        else:
            return bytes.fromhex(response.text.replace(' ', ''))
    except:
        pass

# example of dealing with lab environment
print("hex as string" , get_result("lab3" , "plain"))
print("byte objct   " , get_result("lab3" , "plain" , byte_object=True ))

hex as string a2 3e 20 f1 a1 4b 36 59 cc 8f b4 90 e1 2d ca 0d 5c f9 d9 43 b8 77 dc 48 35 4a 54 98 e5 d4 c4 28
byte objct    b'\xa2> \xf1\xa1K6Y\xcc\x8f\xb4\x90\xe1-\xca\r\\\xf9\xd9C\xb8w\xdcH5JT\x98\xe5\xd4\xc4('


# Lab 01 : Block size detection

## 01 - Detect block size 
* this lab has 2 algorithms whict can be accessed as 
    * lab1_algo1
    * lab1_algo2

### 01 - detect block size of algorithem 1

In [118]:
for i in range(5 , 20):
    cipher_text = get_result("lab1_algo1" , 'A'*i , byte_object=True)
    print("plain text length\t" , i , "\tcipher text length\t" , len(cipher_text))

plain text length	 5 	cipher text length	 16
plain text length	 6 	cipher text length	 16
plain text length	 7 	cipher text length	 16
plain text length	 8 	cipher text length	 16
plain text length	 9 	cipher text length	 16
plain text length	 10 	cipher text length	 16
plain text length	 11 	cipher text length	 16
plain text length	 12 	cipher text length	 16
plain text length	 13 	cipher text length	 16
plain text length	 14 	cipher text length	 16
plain text length	 15 	cipher text length	 16
plain text length	 16 	cipher text length	 16
plain text length	 17 	cipher text length	 32
plain text length	 18 	cipher text length	 32
plain text length	 19 	cipher text length	 32


* the algorithem is mostly AES due to the block size and the wide use of AES

### 01 - detect block size of algorithem 2

In [119]:
for i in range(5 , 20):
    cipher_text = get_result("lab1_algo2" , 'A'*i , byte_object=True)
    print("plain text length\t" , i , "\tcipher text length\t" , len(cipher_text))

plain text length	 5 	cipher text length	 8
plain text length	 6 	cipher text length	 8
plain text length	 7 	cipher text length	 8
plain text length	 8 	cipher text length	 8
plain text length	 9 	cipher text length	 16
plain text length	 10 	cipher text length	 16
plain text length	 11 	cipher text length	 16
plain text length	 12 	cipher text length	 16
plain text length	 13 	cipher text length	 16
plain text length	 14 	cipher text length	 16
plain text length	 15 	cipher text length	 16
plain text length	 16 	cipher text length	 16
plain text length	 17 	cipher text length	 24
plain text length	 18 	cipher text length	 24
plain text length	 19 	cipher text length	 24


* the algorithem is DES due to the 8 bytes block size

#### here are some of block cipher encryption algorithms and it's corresponding block size and key size
| Algorithm                                   | Block Size (bytes) | Key Size (bits) |
|---------------------------------------------|--------------------|-----------------|
| AES (Advanced Encryption Standard)           | 16                 | 128, 192, 256   |
| DES (Data Encryption Standard)               | 8                  | 56               |
| Triple DES (3DES)                            | 8                  | 168              |
| Blowfish                                     | 8                  | 32 to 448        |
| Twofish                                      | 16                 | 128, 192, 256   |
| Camellia                                     | 16                 | 128, 192, 256   |
| Serpent                                      | 16                 | 128, 192, 256   |
| IDEA (International Data Encryption Algorithm)| 8                  | 128              |
| CAST-128                                     | 8                  | 40 to 128        |


# Lab 02 : mode detection

In [120]:
print('ECB-mode      ' , get_result("lab2_algo1" , b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) # 2 block encrypted with ECB
print('noneECB-mode  ' , get_result("lab2_algo2" , b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) # 2 block encrypted with CBC

ECB-mode       87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95 87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95
noneECB-mode   ed 11 7c 6a 33 12 7a 6c cc f8 8e df 4e f5 7a 7e 41 d0 12 0f 5f b8 df 2f 5b 42 70 2b e4 34 ab 38


the 2 blocks resulted the same cipher text in ECB mode


* AES-ECB-mode <span style="color: gray;">87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95</span>
               <span style="color: gray;">87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95</span>

the 2 blocks resulted the diffrent cipher text in ECB mode
* AES-CBC-mode <span style="color: green;">ed 11 7c 6a 33 12 7a 6c cc f8 8e df 4e f5 7a 7e </span>
               <span style="color: blue;">41 d0 12 0f 5f b8 df 2f 5b 42 70 2b e4 34 ab 38</span>

# Lab 03 : ECB byte at a time

#### 1 - get block size

![Alt Text](Asset1.png)

In [147]:
for i in range(1,20):
    cipher_text = get_result("lab3" , "a"*i  , byte_object=True)
    print(i , "  " , len(cipher_text), "  " , cipher_text)
#     print(len(cipher_text))

1    32    b"\xe8\xc6\x97\xeb\xa3#'b\xbdb\x86\xdb\x813zR\xe24\xfd\xe5\xb3\xc0U\xd8\x17?k\xd6q%\xc3\x8d"
2    32    b'\x89\xc0\xb53\x03\x8co\x1d\xfcZ":\xe5\xf0\x94\xc6\xce\xa8\xc2W}\rF\x8b\xd4\x93:]\xac7\xbbM'
3    32    b'\xfb\xc5\xd3\xbb\x81\x85\xc7:\xe1\xb6+>\x11f\xaf7\x19\x7fWkM\x954?az\x9f%5e\xe5n'
4    32    b"\xaf\x84Q`\xc8\x95\xe9'\xd3\x05\xd6\x8a\xec\xc0C\xb3\xe9\x1e\xc0\xe0\xf4k`\xec\xd0\x81/f\x98\xf2\xf1c"
5    32    b'\r\x8f\xb9A\xca\xb8w\x1f\x16g.\xf9\x91\x11\x80\x16\\\xf9\xd9C\xb8w\xdcH5JT\x98\xe5\xd4\xc4('
6    32    b'(\x91\x84tM-\x96\xa0\xed;\x91\xbfD\xf8\xa6\x9d\x90\xa7\xe4QRBgP\tSFg\xe7aD\xaa'
7    32    b'\x0b\xb1U\x05\xdd\x06j\xf4\x9b\xa7\x19\x93&\x1d\x8c-\x9f\x80|\xe1OF*\xbd%\x8f\x92:I\x16\x8e\xcd'
8    32    b'#\xee\xb0\x9e\x96\xee\x86\xca\xb2"\xff:\xbf\xde\x8b\xb9n=\x12\xe48\x15\xed\x9fn\x98\xd0\x91^\xaf\xa0\xa2'
9    32    b'SY\xee\xb9\xfd0\xc1\xf7\x87\xcbr\xcda\xd9\x15j\x046[\x1a\xe7(\xd8\xa5\xebiU\xb3\x89\xa0\x16\xf8'
10    32    b'\xb9\x033\xc1\xe2<\x1a-\x99\

* block size = 16
* secret size is 16 byte also (because the number of cipher block starts to increase when the plain text size was 16)
* the mode is ECB , note the first cipher block when plain text length is more than 16


#### 2 - get first the cipher block for data length from 0 to 16

In [158]:
secret_string_length = 16
first_cipher_blocks = []
for i in range(0,secret_string_length):
    first_cipher_blocks.append(get_result("lab3" , 'a'*i , byte_object=True)[:16])

first_cipher_blocks

[b'\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b',
 b"\xe8\xc6\x97\xeb\xa3#'b\xbdb\x86\xdb\x813zR",
 b'\x89\xc0\xb53\x03\x8co\x1d\xfcZ":\xe5\xf0\x94\xc6',
 b'\xfb\xc5\xd3\xbb\x81\x85\xc7:\xe1\xb6+>\x11f\xaf7',
 b"\xaf\x84Q`\xc8\x95\xe9'\xd3\x05\xd6\x8a\xec\xc0C\xb3",
 b'\r\x8f\xb9A\xca\xb8w\x1f\x16g.\xf9\x91\x11\x80\x16',
 b'(\x91\x84tM-\x96\xa0\xed;\x91\xbfD\xf8\xa6\x9d',
 b'\x0b\xb1U\x05\xdd\x06j\xf4\x9b\xa7\x19\x93&\x1d\x8c-',
 b'#\xee\xb0\x9e\x96\xee\x86\xca\xb2"\xff:\xbf\xde\x8b\xb9',
 b'SY\xee\xb9\xfd0\xc1\xf7\x87\xcbr\xcda\xd9\x15j',
 b'\xb9\x033\xc1\xe2<\x1a-\x99\xc2o\xba\x9cb|\xff',
 b"\xf4j\x8e\xd6\x04\xd1\x0c\xdd\x9cD'i\xaf\xdb\xa0\x88",
 b'[\x1c\x19h%w\xefh\xc6\xd48\x9b:u\xf9@',
 b'V\t4\x8e\xd7\x99\xc7\x85\x85Z\x0c\x8e\xef\x8b\xd34',
 b'EM\xc1\xc2\x97\x95\xbd/\xc9\xb7w\xb9f\xd4tI',
 b"\x8e\xf0\x9f\xee\xad\x0bES\xf2a8\xb2\xb2<'\xcf"]

#### 3 - try to brute force the secret string

In [160]:
block_size = 16
secret = b''
for j in range(secret_string_length , -1 , -1):
    for i in range(255):
        plain_text = b"a"*j + secret + i.to_bytes(1, 'big')
        generated_ciphertext = get_result("lab3" , plain_text , byte_object=True)
        if generated_ciphertext[:block_size] in first_cipher_blocks:
            secret = secret + i.to_bytes(1 , 'big')
            break
secret

b'MAHARA_TECH_2023'

# Lab 04 : CBC IV detection

In [203]:
get_result('lab4_enc' , "salah")

'01 6a 96 de 34 ae f6 2b fd 1c 39 47 6b 26 08 45'

In [272]:
get_result('lab4_dec' , "61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61" , byte_object=True)

b'this is an error message "cipher text must be multiple of block size" '

In [196]:
get_result('lab4_dec' , get_result('lab4_enc' , "salah") , byte_object=True)

b'salah'

In [200]:
byte_obj = b'a'*16 + b'\x00'*16 + b'a'*16
hex_string = byte_obj.hex()

# Insert a space between each pair of characters
spaced_hex_string = ' '.join(hex_string[i:i+2] for i in range(0, len(hex_string), 2))

print(spaced_hex_string)


61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61
