sidechannelmarvels / deadpool Goto Github PK
View Code? Open in Web Editor NEWRepository of various public white-box cryptographic implementations and their practical attacks.
License: GNU General Public License v3.0
Repository of various public white-box cryptographic implementations and their practical attacks.
License: GNU General Public License v3.0
Hi, after the acquisition of traces using Valgrind, I get the configuration files which are classified into 2 categories: those with the names that include rw1 and those with the name that include rw4. What does the abbreviations "rw1" and "rw4" mean and what is the difference between these 2 categories?
Hi, I tried with some examples and writing a little script myself using deadpool_dca.py but every time I run it it outputs this:
`>>> from deadpool_dca import *
T=TracerGrind('whitebox')
T.run(1)
Traceback (most recent call last):
File "", line 1, in
File "deadpool_dca.py", line 300, in run
oblock=self.get_trace(i, iblock)
File "deadpool_dca.py", line 460, in get_trace
output=self._exec(cmd_list, input_stdin)
File "deadpool_dca.py", line 312, in _exec
proc = subprocess.Popen(cmd_list, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/lib/python2.7/subprocess.py", line 390, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory`
I installed tracegrind and it works, i can trace, convert the trace and visualize it with tracegraph but can't seem to make this work.
Hi Guys,
I want to convert my own memory traces (in a custom format) to the
format that Daredevil supports.
Unfortunately, I could not find the exact specification,
in which order/which attributes are required to run DareDevil.
In Deadpool, a function bin2daredevil() is provided in deadpool_dca.py
that is able to convert TracerGrind or TracerPIN data to the DareDevil
format. (Using this technique, I could reproduce the whitebox samples
of the Deadpool repository).
Is there an exact specification of the DareDevil file format?
Best regards
Chips
Hi, while trying to update the Orka image I found out that Debian Stable currently contains version 1.55 of all boost libs. When installing them, the build still fails:
root@a496596ca0c9 ..arroumi2010/target/Whitebox-crypto-AES (git)-[master] # make
HOME: /root
NTL_INCLUDE_PATH: /usr/include
NTL_LIB: /usr/lib/libntl.so
-- Boost version: 1.55.0
-- Found the following Boost libraries:
-- program_options
-- serialization
-- iostreams
-- random
-- Configuring done
-- Generating done
-- Build files have been written to: /root/Deadpool/wbs_aes_karroumi2010/target/Whitebox-crypto-AES
[ 4%] Building CXX object CMakeFiles/main.dir/base.cpp.o
[ 8%] Building CXX object CMakeFiles/main.dir/BGEAttack.cpp.o
[ 12%] Building CXX object CMakeFiles/main.dir/BGEAttack_test.cpp.o
[ 16%] Building CXX object CMakeFiles/main.dir/GenericAES.cpp.o
[ 20%] Building CXX object CMakeFiles/main.dir/LinearAffineEq.cpp.o
[ 25%] Building CXX object CMakeFiles/main.dir/LinearAffineEq_test.cpp.o
[ 29%] Building C object CMakeFiles/main.dir/md5.c.o
[ 33%] Building CXX object CMakeFiles/main.dir/MixingBijections.cpp.o
[ 37%] Building CXX object CMakeFiles/main.dir/NTLUtils.cpp.o
/root/Deadpool/wbs_aes_karroumi2010/target/Whitebox-crypto-AES/NTLUtils.cpp: In function 'int char2int(char)':
/root/Deadpool/wbs_aes_karroumi2010/target/Whitebox-crypto-AES/NTLUtils.cpp:255:8: error: 'invalid_argument' is not a member of 'std'
throw std::invalid_argument("Invalid input string");
^
CMakeFiles/main.dir/build.make:238: recipe for target 'CMakeFiles/main.dir/NTLUtils.cpp.o' failed
make[2]: *** [CMakeFiles/main.dir/NTLUtils.cpp.o] Error 1
CMakeFiles/Makefile2:60: recipe for target 'CMakeFiles/main.dir/all' failed
make[1]: *** [CMakeFiles/main.dir/all] Error 2
Makefile:76: recipe for target 'all' failed
make: *** [all] Error 2
Installing the packages from sid in stable doesn't sound like a good idea, so I'd suggest to build a statically
linked binary if nothing speaks against that. In my opinion, this is the easiest way for users to get everything up and running.
I want to know how you calculate your filter borders when you extract the traces. For example:
valgrind --tool=tracergrind --filter=0x08048000-0x08100000 --output=wbDES.trace ./wbDES 12 34 56 78 91 23 45 67
I want how do you calculate 0x08048000-0x08100000?
I read in one readme of the git repository that these filters chosen to decrease the size of the trace. Is it the only reason?
So I guess you find the block cipher rounds graph(for AES, 10 repetitive figure) without the help of any tool(with eyes) and approximately choose that graph borders as filter address. Am I correct? If I'm not, please explain the procedure of choosing filters.
I try to find the block cipher rounds graph for OpenSSL AES, but it was not possible, because it was a very crowded graph. How can I find the filter borders? please explain generally for every block cipher.
Hi, I want to know if there are some practical attacks on the white box SM4๏ผ
There is a conversion issue in bin2trs. Suggested simple fix:
diff --git a/deadpool_dca.py b/deadpool_dca.py
index 14a3c74..fad783f 100644
--- a/deadpool_dca.py
+++ b/deadpool_dca.py
@@ -229,9 +229,9 @@ def bin2trs(keyword=None, keywords=None, delete_bin=True):
trs.write('\x5F\x00')
for filename, (iblock, oblock) in traces_meta.iteritems():
if iblock_available:
- trs.write(('%0*X' % (2*blocksize, iblock)).decode('hex'))
+ trs.write(iblock.decode('hex'))
if oblock_available:
- trs.write(('%0*X' % (2*blocksize, oblock)).decode('hex'))
+ trs.write(oblock.decode('hex'))
with open(filename, 'rb') as trace:
trs.write(serializechars(trace.read(min_size)))
if delete_bin:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.