Takeaways from solving CryptoHack

Just over a month ago I learnt about a new “fun platform for learning modern cryptography” called CryptoHack. The platform looked fun indeed offering a gamified experience to master cryptography. A while ago I had a try at Matasano crypto challenges, which are now known as CryptoPals. In original Matasano challenges you had to mail your solutions for verification in order to obtain the next set of challenges which now seems ridiculous. I managed to solve just a couple of sets and abandoned it for good. I have no profound math background other than from high school and a little bit of combinatorics at the university. In order to proceed with the next sets it seemed to me that I really lack some necessary math knowledge.

However in CryptoHack there is another approach. It’s not just about challenges, but learning things. All the tasks are divided into logical categories: block ciphers, RSA, Diffie-Hellman, elliptic curves and others. Each category starts with preliminary tasks that teach you the basics that are behind well-known crypto algorithms. You start reading different sources: Wikipedia, crypto StackExchange, CTF writeups, obscure papers on arxiv.org to name the least. After enough reading you start to connect the dots and come up with solutions. I don’t remember a moment when I was more obsessed with mastering something than this time.

Here are some things that I learnt and really improved at for the past month thanks to CryptoHack:

Python 3. Endless hex and big number manipulation make you understand and remember gmpy2, PyCryptoDome and native Python 3 APIs. Python 2 seems barbaric as for now.

SageMath. Sage is a large piece of math software written in Python that covers different areas, particularly number theory which is very useful for solving CryptoHack challenges.

Fundamentals. Yeah, this is the most important one. Modular arithmetic, Chinese remainder theorem, Fermat’s little theorem, extended GCD and many others – these are the basics without which cryptography could not be imagined. And you will feel really comfortable with it.

An insight into the history of major crypto vulnerabilities. Playstation 3 hack, NSA’s Dual EC DRBG backdoor, Windows CryptoAPI failure, and others – this is something you may have heard but never understood in depth. When you try to implement the attack with bare hands you achieve another level of understanding.

I would like to thank @hyperreality and Jack for putting their efforts into creating this platform, and looking forward for the new challenges to be added.

Radamsa Fuzzer Extension for Burp Suite

Radamsa is a cool tool that combines a set of fuzzers which generate data based on input string. You can feed it a PDF file for example and Radamsa will produce a bunch of PDF-alike documents that are fuzzed in all imaginable forms. Just see this:

$ echo "test123" | radamsa -n 10

Perfect for looking for all kinds of buffer overflows. And this tool can be especially useful combined with Burp Suite, that is why here is quick and dirty extension that enables you to use Radamsa to generate Burp Suite’s Intruder payloads:
Снимок экрана от 2013-06-24 21:25:01
Grab the code here: https://github.com/Raz0r/burp-radamsa

Прокачиваем Burp Suite

Burp Suite является если не основным то, пожалуй, одним из главных инструментов пентестера. С момента выхода первого релиза Burp приобрел множество новых функций, появилась платная и бесплатная версии. Однако зачастую при проведении пентеста встроенного функционала не хватает, и в этом случае на помощь приходит Burp Extender – набор интерфейсов для расширения возможностей Burp. Сама программа написана на Java, и писать расширения предлагается также на этом языке. Тем не менее усилиями сторонних разработчиков в настоящее время появилось несколько проектов, цель которых – дать возможность создавать расширения и на других языках. Среди них:

  • Buby – позволяет писать расширения на Ruby с использованием jRuby;
  • Resty Burp – предоставляет REST/JSON-интерфейс для функционала Burp, что позволяет писать расширения на любом языке (к сожалению, работает только с платной версией Burp).
  • Jython Burp API – открывает доступ к интерфейсам Burp Extender на Jython (реализация Python на Java);