AES Sbox and Pari/GP

Hello folks !

Lately I was interested in how to mathematically generate the AES substitution box. Actually, all the implementations of AES use a pre-filled table to compute the value of a substituted byte. The goal of this article is to understand how this table is computed.

In a first part, we will describe the mathematical transformation and in the second part we will see how to do the mathematical transformation of the Sbox with Pari-GP. Because of my crappy level in mathematics, this article can be mathematically wrong or incorrect, so if you have advices, you are welcome :).

The goal of the article is to understand how to find this table :

   | 0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|
00 |63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76 
10 |ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 
20 |b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 
30 |04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 
40 |09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 
50 |53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf 
60 |d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 
70 |51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 
80 |cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 
90 |60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db 
a0 |e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 
b0 |e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 
c0 |ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a 
d0 |70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e 
e0 |e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df 
f0 |8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 

NoSuchCon 2013 challenge - Write up and Methodology

I had to do a write-up for the NoSuchCon 2013 challenge to get my "usb missile launcher". I wanted to share this write-up to give some approaches to do the challenge. I’m really interested to have feedback, comments or ideas to improve the process.
In the first section of this paper, we will see the methodology to break the challenge, even the bad ideas. Then we will see how to automate the deobfuscation. In the third section, we will see how to attack the algorithm and we will end up with a small conclusion.

The link : https://github.com/kutio/nosuchcon2013-challenge/raw/master/doc/NoSuchCon2013-re-chall-writeup-v1.0.pdf

The sources : https://github.com/kutio/nosuchcon2013-challenge

Greetz: @0vercl0k who lost some neurones with me
             @elvanderb with his crazy challenge
             @skier who gave me some clever ideas

             @Taron__  who reviewed the write-up

Breaking MD5 hashs

Hello world!

Here is an easy to understand article about breaking md5 hashs. Breaking md5 hashs is a subject really discussed on the Internet. If you are new in the hacking community, the first thing that you learn to do is to break md5 hashs. Actually a lot of developers use the md5 hash function to hash passwords before to store it in a database. So if a hacker is able to compromise a website or a system and he is able to retrieve the hashs, he has to break md5 hashs to recover plaintexts.
To break a md5 hash there are a lot of technics, for example :

• Dictionary attack
• Rainbow table attack
• Brute force attack

For courses I had a challenge where I had to break 5 md5 hashs. So I wanted to write up how I proceeded to break this hashs. In our case, we know that the hashs are randomly generated so it will be difficult to retrieve the plaintext with a dictionary attack. Dictionary attacks are used
when we know that people use common word of the dictionary for their password. We also know that the length of the passwords is between 6 and 10 characters. On the one hand we will see what material I used to break this challenge, on the other hand we will see how I proceeded to recover the plaintexts and then again we will see the good practices to have for a secure password.

libLLL

Hello world!

For my first post, I want to share a small library that I developed during my spare time : libLLL !

The first idea of this library was initially to solve the knapsack problem of the SecurIMAG's challenge 5 ( Easy for Santa Claus and his helpers by Mirak ). I didn't find an implementation in Python of the LLL algorithm ( Arjen Lenstra, Hendrik Lenstra and László Lovász ). Usually I use PARI/GP and the "qflll" function to reduce my lattices, but this time I wanted to integrate the lattice reduction in my Python scripts to automate the whole.

I'm not a pure mathematician, so I will not go into the theory to explain in detail what is formally a lattice and to prove the LLL algorithm. In this post I just propose an implementation of the LLL algorithm in Python and explain how to use it to break the Merkle Hellman cryptosystem. If you are interested by the theory I encourage you to buy the book "The LLL Algorithm : Survey and Applications" by Phong Q.Nguyen and Brigitte Vallée.


In one hand I will explain the Merkle Hellman knapsack cryptosystem, in second hand I will explain how to use liblll to break the Merkle Hellman knapsack cryptosystem and finally I will show how to use libLLL to break the "Easy for Santa Claus and his helpers" challenge.