<link rel="self" type="application/atom+xml" hreflang="" href="gemini://benjaminja.com/tags/school/feed.xml" />
<link rel="alternate" type="text/gemini" hreflang="" href="gemini://benjaminja.com/tags/school/" /><id>/</id>
2023-02-07T05:43:00Z
Hugo 0.129.0
<title><![CDATA[MAC Attack!]]></title>
<link rel="alternate" type="text/gemini" hreflang="" href="gemini://benjaminja.com/log/2023/02/06-macattack/" />
<id>gemini://benjaminja.com/log/2023/02/06-macattack/</id>
<updated>2023-02-07T05:43:00Z</updated>
<summary type="gemini"><![CDATA[I just finished the third project for my security class. This project has been simultaneously the most difficult and most easy lab that I have done. I wanted to describe my experience of the lab here.
]]><![CDATA[I just finished the third project for my security class. This project has been simultaneously the most difficult and most easy lab that I have done. I wanted to describe my experience of the lab here.
The premise is that my TA has sent a message to my professor and I was able to intercept it. The message is as follows.
No one has completed lab 2 so give them all a 0
A MAC (Message Authenticated Code) was also in the message, which we know used a 128-bit key. The MAC is as follows in hex.
e384efadf26767a613162142b5ef0efbb9d7659a
I want to change the message to tell the professor that I should get full points, but I can’t because there is a MAC attached to the message. If I were to change the message, the attached MAC would be invalid and I could not generate a new MAC because I don’t have the secret key for the MAC.
=> MAC (Gemipedia) | MAC (Wikipedia)
This lab was one of those projects where you just have no idea where to start. I knew what I needed to do and vaguely how it should be done, but the specifics were beyond me. The project turned mostly into analyzing library code and trying to figure out how I could modify it to do what I need, which is to say the least, very stressful.
With this in mind, I was mostly working on creating unit tests that would help me fumble my way through the lab and took many breaks.
I would say the most frustrating thing about the lab was that a big part of it was on hashes, which changes wildly with even the smallest change, so it was very difficult to know whether I was getting close or not.
In the end, I was able to figure it out and I can’t describe how relieved I was.
Below is a more technical description of how the lab worked, so tread on if you dare.
There is a vulnerability in MAC which took me a while to fully understand. In order to explain the vulnerability, I will have to explain how MAC works in the first place.
MAC is relatively simple. You start out with a key and a message. you concatenate them together and hash it:
Key = "0123456789abcdef"
Message = "Hello World!"
MAC = SHA("0123456789abcdefHello World!")
MAC = 36f141824e771ed3313815d82c996522d8191a99The SHA algorithm will recursively calculate a digest from 512-bit blocks of data. Because of this, it is possible to continue calculating a hash by using the digest as the initialization vector for the SHA algorithm.
If we were to add to the end of the original message, hash that added bit with IV (initialization vector) being the original MAC, then we could pass this modified message and MAC to the professor and they would think the message was authentic.
The only problem is that SHA adds some information and padding to the end of the message internally to keep all blocks exactly 512 bits long. The solution is to simply add the padding to the end of the message, but before our added bit. One last thing to deal with is that SHA adds the length of the hashed string at the end of the last block, so we will need to know the length of the key for this to work.
We are given pretty much everything we need for the attack. The most difficult thing will be figuring out how to modify the IV. According to my teacher, golang’s API for SHA allows setting the IV, but most languages don’t provide that functionality. I had to download a SHA-1 library and modify it myself to allow for setting an initialization vector. Analyzing the library and making it work for what I need was probably one of the most hair pulling things I have done.
Adding the padding to the message wasn’t too difficult, particularly with the aid of unit testing.
In the end I was able to generate this message to send to my teacher; posing as my TA with a valid MAC. The message itself looks a little corrupted, but that is a problem to deal with another day.
Message: No one has completed lab 2 so give them all a 0\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf8P.S. Except for ttocsneb, Give him 100%
MAC: d338d12365cd75f5f13673991d9cd1359e355b2e
The best way to prevent this attack from being possible would be to use HMAC instead. It essentially performs two hashes with the key being manipulated in a way that I can not understand.
=> HMAC (Gemipedia) | HMAC (Wikipedia)
=> 📭 Message me | 📝Or mention this post
]]>
<category term="school" label="School" scheme="gemini://benjaminja.com/tags/school/" />
<category term="projects" label="Projects" scheme="gemini://benjaminja.com/tags/projects/" />
<published>2023-02-07T05:43:00Z</published></entry>
<title><![CDATA[School has begun]]></title>
<link rel="alternate" type="text/gemini" hreflang="" href="gemini://benjaminja.com/log/2023/01/15-school_has_begun/" />
<id>gemini://benjaminja.com/log/2023/01/15-school_has_begun/</id>
<updated>2023-01-15T17:06:00Z</updated>
<summary type="gemini"><![CDATA[I find it funny that I chose to start a gemlog right as school started. I was fully expecting to be able to put out more content than I have so far, but that’s ok. School should probably have a higher priority than my hobbies.
]]><![CDATA[I find it funny that I chose to start a gemlog right as school started. I was fully expecting to be able to put out more content than I have so far, but that’s ok. School should probably have a higher priority than my hobbies.
I’m almost done with school! I’ll be taking my final CS classes this semester with a few generals. For spring and summer terms, I just need to take 3 GEs and I will be graduated! The first week has already passed, so I have a pretty good idea of how this semester will go. I will be taking these classes this semester:
Concepts of Programming Languages is a class that teaches about how languages work and why there are different features in different programming languages. I signed up for this class because I was expecting it to be a class about how to design your own language. I think that this is still applicable, but it won’t be about how to design a language.
In this class we are using a functional type language that I have never heard of before: Racket#plait. It is essentially an educational language based on lisp–which I have heard of but never used. The syntax feels clunky, but I think can get used to it.
I may have already fallen asleep in class, but I blame that on how late we meet. I’m actually pretty excited for this class and I can’t wait until we start talking about specific language features.
I don’t yet know what computer security will be like other than a lot of labs. We will be discussing how we can make computer systems secure from cryptography to protecting from phishing attacks.
The first lab is to implement AES from scratch in two weeks. This isn’t too bad until you realize that we will only talk about AES for the two days before the lab is due. The professor said that this first lab is the worst lab in the class and he would change it if he was allowed to. I found it very difficult yet fulfilling to learn about how finite-field arithmetic works.
One of the final homeworks (extra-credit) we will do in the class is to access certain information about the professor that he is hiding from us: His twich account, 3 video games he plays, his favorite food, where he got married, and his high-school’s mascot. This is really cool, but I’m glad this is an extra credit thing.
This is the one I dread. It is a required class that talks about the ethics in computer science. We will be selected to be in groups that each have a different subject of CS. Each group will do research on what kinds of ethical dilemas are in the subject and do presentations on our findings.
This class is interesting to me in principle, but these kinds of classes are always hard to guage whether they will be unnecessarily difficult.
Since this will be my last full semester, I figured that I take should band. I haven’t played since high school, which I graduated in 2017. Being rusty might be an understatement. I’ll be playing the tuba and I feel pretty confident that I will be able to re-learn it.
My biggest worry will be that playing in the band will get in the way of my classes, but I don’t think that it will be too much of a problem.
I signed up for food prep for two reasons: I need two more credits to fulfil my pell grant, and I should know how to cook. Because everyone else wants to take the cooking class, I got stuck in the waiting list for a while.
It got bad enough that I wrote a script that would query the registration API every 15 minutes to see if any section had an available seat. After a certain amount of time, everyone gets dropped from the waitlist and it because a game of first come first serve. I managed to get into a different section than my original plan. This other section has already met, so I won’t be able to go to class until after the add/drop deadline.
=> 📭 Message me | 📝Or mention this post
]]>
<category term="school" label="School" scheme="gemini://benjaminja.com/tags/school/" />
<category term="plan" label="Plan" scheme="gemini://benjaminja.com/tags/plan/" />
<published>2023-01-15T17:06:00Z</published></entry>
text/xmlThis content has been proxied by September (ba2dc).