Brian Mork - DC214 October 2015 - ECB Sucks
15
ECB SUCKS A STORY OF AES, CTFS, AND LATE NIGHTS IN THE LAND OF BOURBON AND DERBYS ]-[ERMIT
-
Upload
brian-mork -
Category
Technology
-
view
295 -
download
0
Transcript of Brian Mork - DC214 October 2015 - ECB Sucks
ECB SUCKSA STORY OF AES, CTFS, AND LATE NIGHTS
IN THE LAND OF BOURBON AND DERBYS
]-[ERMIT
THAT DERE AGENDER
• AES is Crypto
• Crypto is hard
• Crypto is really hard
• What is ECB?
• Why does it fail?
• How do you fix it?
• How do you break it?
** All images absolutely completely original by me and not stolen from Wikipedia **
AES IS CRYPTO
• It’s the Advanced Encryption Standard
• Made by the NSA, so you know you can trust it
• Also known as Rijndael… impress your friends!
• It supports a wide range of key sizes, block sizes, and… encryption modes
• Like ECB!
CRYPTO IS HARD
Hard to do right, that is.
Assumptions are flawed, methods that seem strong fail (meet in the middle), and
everyone wants to roll their own fucking implementations.
Stop it.
Use the libraries Obi-Wan, they’re your only hope.
CRYPTO IS REALLY HARD
Let’s just do a quick run down... Call out the attacks when you know them:
DES
3DES
ROT13
WEP
WPA/TKIP
WHAT IS ECB
• Electronic Codebook
WHAT IS ECB / WHY DOES IT FAIL?
• Basically it uses the same key material to encrypt a block… over and over.
• Know plaintext? Know ciphertext? Build a crib!
OBLIGATORY ECB BITMAP DEMO
HOW DO YOU FIX IT?
HOW DO YOU BREAK IT?
• Dependent upon having sufficiently large known cipher/cleartext
• Ingest by block
• Map locations in one to locations in another (positional dependent)
• Boom. Crib. Headshot.
• Now lookup.
BUT THAT IS LE HARD…
• Then fire zee missiles … and just use smashECB.php
• Adjustable block sizes because
your use case may vary
• Update coming to remove the pre-formatted
input file bit… but it was late, it works, and xxd
builds shit just fine.
WHY DID THIS HAPPEN?
• It was late
• A member of the team signed us up for the DerbyCon CTF
• There was alcohol, and there was this crypto thing that wasn’t going to solve
itself
• Who doesn’t want to claim they broke AES?
THE SMASHECB GUARANTEE
• 60% of the time, it works all of the time.
• The other 80% of the time, it works 40% of the time.
WHERE IS THIS MAGICAL CODE?
• Right here:
https://github.com/hermit-hacker/SmashECB/
QUESTIONS?
• Nope. Didn’t think so.
• Resume drinking.
