I have some issues with an assignment have been given. The gist is that I have to do a rainbow attack on a "car fop".
With a generator table, the RainbowAttack.py script the following:
- The key broadcasts to car (in this case the adversary)
- The car/eve responds with a challenge
u. - The key then responds with a hash consisting of
MD5(s||u). - Eve now uses the Rainbow-table to crack
s.
We use MD5 to hash our response and our keys
And then we use our reduction function on the hash and take the first 28 bit
f_i(x) = (f(x)+i) mod 2^28.
My hash and redcution function
def f(s, i=0):
"""Lowest 28 bits of (MD5(s||u) % i)"""
digest = '0x' + md5.new(str(s) + str(u)).hexdigest()
result = hex((int(digest, 16) + i) % 2**BIT_SIZE)[:BIT_SIZE/4+2]
return result
anyways when we run our script we receive the response we calculate all successors and compare them to the end points in the rainbow-table if a match is found we get the start point of the collision and now we check if the key is in the chain from start point to end point if one of the keys here is the same as the response we got from the fop we know that the previous key is the secret to opening the car door.
At the moment we are only able to actually find the key when it is in the start position or end position of the rainbow-table and not if it's in the chain. Here is the code for the loops that check the succsessors and that check if any of our successors are in the rainbowtable and if they are we check if our response from the car fop is in there if it is we have our key.
It might be a problem that is caused when we calculate our successors since the reduction function will be diffrent than the one used on the key (i will increment making the reduction function slightly diffrent for all keys in a chain)
def find_key(table, r):
"""Search for matching respons in Rainbow-table"""
succ = [r]
print r
for i in xrange(1, CHAIN_LEN):
succ.append(f(succ[i-1],i))
for key, value in table.iteritems():
if value in succ:
print "\tCollition: %s -> %s" % (key, value)
ss = key
for i in xrange(0, CHAIN_LEN):
rs = f(ss, i)
if rs==r:
return ss
ss = rs
return -1
the rainbowtable and the files can be found here (github)
(derp.py(rainbow attack) and table1.csv(change name to table.csv))