Thursday, 14 December 2017

Hash forgery

In my opinion, Hashing is one of the best invention in the field of algorithms. You can do so much with hashing, And the mathematics behind all of the hash functions are so amazing! Though it comes with a lot of risks, implementing your own hash function is very challenging. It is because there are uncountably many ways to do it incorrectly!

Hash functions have lots application, Today I will talk about key generation technique. and how to forge it. Interesting?

so, let's see first what is key generation?

def generate_key(msg):
if is_valid(msg):
return sha256(SOME_MAGIC || msg)
raise ValueError('invalid message')

def submit(key, msg):
if key != generate_key(msg)
return -1
return 0

Target is to get an invalid message successfully accepted by submit procedure. You might be wondering what is the application of this.

Imagine a case, server generates a cookie and inject that in your browser, everytime you visit the website server check if cookie is valid or not. if it is valid then get data from cookies. Interesting right?

so how to forge it? Is it possible to get a invalid message accepted by the server? And Is it valid for every key generation function?

This code is vulnerable because of this line return sha256(SOME_MAGIC || msg). So what is wrong with this line? we are simply appending message to some internal magic string which is unknown to attacker and finding hash of it, even I have used this way of generating key many time when I was not so much in cryptography.

To see what is wrong with this method of hashing we need to find how sha256 works.

def sha256(msg):
""" Return the SHA-256 hash of msg as a hex string. """
# Pad the message
msg = pad_message_512(msg)
# Initialization vector
md = [0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]
# Break msg into 512-bit chunks
view = memoryview(msg)
for chunk_num in range(0, len(msg), CHUNK_SIZE):
chunk_start = chunk_num * CHUNK_SIZE
process_chunk(md, view[chunk_start:chunk_start + CHUNK_SIZE])
# Produce the final value
return hexdigest(md)
this is my implementation of sha256

if you are not good at reading python code:
1) pad the message with zeros (roughly)
2) process message in the blocks of size 512-bits
3) return internal register values in string format

Before reading further you take your time to figure out what is wrong with that generate_key function, it should be clear by now.

So, sha256 returns the value of internal register, which gets updated after processing each chunk of 512 bits right? if I call generate_key("") it should return hash of empty message.

Assume empty string is a valid message and SOME_MAGIC hash length less than 512 bits. what you can say about key now?

Can we say key is actually internal state of sha256 after processing SOME_MAGIC || PADDING (size 512 bits). what if I know this internal state can I use it to call process_chunk again with next 512-bit block of data? ofcourse! And do I need SOME_MAGIC to know what will be hash of this new added block if I have passed it through generate_key. NO!

putting it all together
1) generate key of empty message.
2) split key into 8-internal registers
3) convert your invalid data into bits and add necessary padding
4) use 8-internal registers and your data block to generate new key.

This hack is valid on all hashing function that process data this way. So, never hash data this way. Happy Hacking!

Saturday, 24 June 2017

Editing WhatsApp Message

First thing, It's not really a vulnerability or something. It's like tricking WhatsApp sandbox environment. But I will still recommend to use it for educational purpose only and any illegal use of the tool is not my responsibility.

Proof of Concept video first!

Looks cool, right?
You can download the tool and script I created which automates all the process, from here:

What you need to run the script ?
1. Android device with WhatsApp Installed :p
2. adb.exe should be in path
3. Developer Option should be enabled
4. Python3

How it works?
1. Install WhatsApp with API level < 21.
2. Get the WhatsApp backup
3. Decompress and extract mgstore.db
4. Edit the database file
5. Compress and Pack database file again into android backup file
6. Restore the backup

PS. Kudos to my friend Garvit. but wait I don't have permission from him to post this video :p Please hope he don't kill me for this xD

Friday, 10 March 2017

Atom OS: Why Open Source?

5th March, 2017. It was a beautiful Sunday. I woke up late as usual. Though next day I had Advanced Computer Architecture exam but I decided to take a look at some unfixed bugs in Atom and study for exam later in night. I was coding, building and testing in repeat for continuously 2 hour. But I don't know how it come to mind that "let's make it open source today".
I was thinking about making it open source from a long time. But was not fully convince to make it. why? From the very first day, I was fully committed to every piece of code. But things was not working that way anymore. I was still fully committed but hard to hold myself to see the big picture. I don't know if that was my failure and I was not capable of it from starting.
It still don't make sense why I open sourced, right? It is something which I never wanted it to discuss with anyone. I failed in interviews and many other things one-by-one. Story date back to 1st Aug, 2016. First Company which visited our Campus (NSIT) was Amazon for internship. I applied and qualified for face-to-face interview round. what happen next was something I never expected! I actually failed in interview! I failed to complete code on paper. And so I was rejected.
It was an evaluation time something which I always do after a major failure. where I went wrong? Guess what. It isn't difficult to answer this question. I didn't prepare for interviews (during summer vacation) I was doing GSoC and rest of time contributing to Atom. I am not really giving any excuse. Things don't come easy You always have to work for it! I didn't sit for any other campus interview because I didn't had enough courage to face it again. Thanks to Manraj sir who tried his best to take me out of depression! I started preparing for interviews and applied in Directi (off campus). 5th October, 2016. I remember everything date-by-date time-by-time. 13.30 I had my first interview in Directi office. It went good. I completed code in 15 minutes (out of 40 minutes). In the last interview. I was able to find the optimal algorithm but failed to debug my code on time. Result? I was rejected in the interview! haha! what could be the excuse this time? I don't know. But I prepared hard for my next interview. I mean I seriously did. My third interview was with Google USA. I got a call for telephonic round. But despite of having great interviews I was still rejected. Feedback? None. This was something where I gave up. I really did well in interview. I remember my last interview It was a guy from Google HQ working in search engine team. He asked one question I answered two! and he was like "oh! you just answered my next question" and indeed we completed interview before time and discussed some other stuffs in last 10 minutes. I don't know where I failed? My grades? Probably. when you face a failure you count every negative thing.

Fast forward 4 months! I open sourced Atom!

why? I didn't had enough belief in myself that I can pull it anymore. But something else happened that day. It went trending. woah! I was not expecting that :') I was not enjoying the fame I was building up my confidence. oh! I am really sorry for spamming on Facebook I know it was childish.

People were discussing about Atom. They were amazed to see the code base. Reddit.

Discussing on Forums:


Hey Google, you rejected me na?

Retweeting everywhere:

That felt amazing!

I got new ideas for Atom from some amazing people. I have new motivation now. don't know where will it go from here. But I am again committed to it!