Tuesday, December 9, 2014

Blackbox: A Cryptography Wargame


This semester at RPI, I did an independent study called Practical Attacks Against Cryptosystems, based heavily around the Matasano Crypto Challenges. I have taken the two cryptography courses offered at RPI (and enjoyed both quite a bit!), but wanted to gain some more experience in identifying and exploiting "real world" cryptographic vulnerabilities, especially after interning at Matasano and hearing about just how common these issues are. The challenges do a great job of showcasing how seemingly minor implementation details can completely compromise systems that are cryptographically secure "on paper". If you're at all interested in these kinds of things, I highly recommend you take a look at them; they're quite approachable, you'll learn a ton, and they're fun!

As part of the independent study, I also made a series of CTF style problems for the Cryptography and Network Security class at RPI. The basic idea is that each challenge would be a simple server that had some cryptographic vulnerability students would have to exploit. Exploiting said vulnerability would either give you a flag, or allow you to decrypt ciphertext that contained one. Submitting the flag and solution code would get you extra credit points in the class. Most of the challenges were based directly on problems from the Matasano Crypto challenges, and they loosely followed the class's syllabus.

The Wargame.

The prime motivation for creating this was to help "bridge the gap" between theory and practice in a hopefully entertaining way. The vast majority of class time is spent learning about cryptographic primitives, getting exposed to some of the underlying mathematics, and implementing various algorithms. Weaknesses and vulnerabilities were discussed, but there wasn't an interactive component until the very end of the semester (a very cool final project that involves students implementing and attacking custom Bank-ATM protocols). This wargame was somewhat of a buffer that would hopefully get people "thinking like a bad guy" throughout the semester.

Overall, the system worked really well.  There was a core group of students that completed almost every challenge, and nearly every challenge had several solutions from students that were outside that group. Occasionally, someone would find a bug in my code or come up with an unexpected solution. It was certainly a learning experience for me.

Now that the semester is over, I've decided to package up and release the "wargame" on github. I don't have the time or resources to keep the server up indefinitely, but hopefully the code can be reused by others. Below is a list of topics that the wargame covers:
  • ECB Cut and Paste
  • CBC Bitflipping
  • CBC Padding Oracle
  • Poor Random Number Generation
  • PRNG Internal State Recreation
  • Length Extension Attack
  • Dual_EC_DRBG Backdoor

Final Thoughts.

Included in the github repo is a collection containing source code for the servers. is the server that hosted the wargame during the semester. As of right now, the server is still up and hosting all of the challenges, so feel free to poke at them. They are accessible at Ports 9000 --> 9007. I don't promise they'll be up forever, but I won't immediately take them down either.

I decided not to include solutions since hopefully, some variant of this wargame will continue being used (at least at RPI, and maybe elsewhere). If you'd like to use the wargame as an education tool, or you want to host the challenges as part of your own wargame, get in touch and I can send you the solution code.

 The Github Repo!