# Cryptography & Encryption ## Cryptography {% embed url="" %} ## Ciphers * <-- useful site which can help identify type of cipher. * <-- one of the best sites I have found with many decoders for many types of ciphers. * [Cyber Chef](https://gchq.github.io/CyberChef/) <-- very useful for chained ciphers which require different steps to solve. Can decrypt certificates. ### Fernet Fernet (symmetric encryption) - **looks like base64** but decodes to garbage, in two parts. First part (32 bytes) is the key. Uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. IV is created from `os.random()`. Decode fernet @ <-- Will also give the IV and timestamp (could be useful!) more info about this @ ```python from cryptography.fernet import Fernet key = Fernet.generate_key() f = Fernet(key) token = f.encrypt(b"this is my key") print('the key is ' + key + '/nThe cipher text is ' + token) ==========decrypt from cryptography.fernet import Fernet key = 'input key here' f = Fernet(key) token = 'cipher text here' print(f.decrypt(token)) ``` ### Malbolge Esoteric inferno encryption. Used in some CTF challenges. Malbolge programming language - **text from base64 looks like random text**, but complete garbage (much of it unprintable.) . Read for at and ### BrainFuck A programming language that uses a series of only `+-.[]<>` characters. ++++++++++\[>+>+++>+++++++>++++++++++<<<<-]>>>----.>++++++++++++++.-----------------.++++++++.+++++.--------.+++++++++++++++.------------------.++++++++. = BrainFuck Decode using ### OOK! Uses only the word `ook` paired with punctuation marks (`.!?`). Shorthand leaves out `ook`. ....................!?.?...?.......?...............?....................?.?.?.?.!!?!.?.?.?..................!.!.!!!!!!!!!.?.......!. = OOK! Decode using ## Test for Plaintext Output from a (Python) Script ```python #checks the output from crypto and sees if at least 60% is ascii letters and returns true for possible plaintext def is_plaintext(ptext): num_letters = sum(map(lambda x : 1 if x in string.ascii_letters else 0, ptext)) if num_letters / len(ptext) >= .6: return True ``` If this function is giving false positives/negatives, it can be tweaked by altering the number in the line: ```python if num_letters / len(ptext) >= .6: ``` `0.6` has been tested as working for simple CTF usage. ## Digital Certificates X.509 -- extract information from various digital certificates ## SSH Keys For those interested in the details - you can see what's inside the public key file (generated as explained above), by doing this:- \`\`\`openssl rsa -noout -text -inform PEM -in key.pub -pubin or for the private key file, this:- openssl rsa -noout -text -in key.private which outputs as text on the console the actual components of the key (modulus, exponents, primes, ...) ` `` extract public key from private key: `openssl rsa -in privkey.pem -pubout -out key.pub\` ## Encryption/Decryption [CyberChef](https://gchq.github.io/CyberChef/): Website for encryption/decryption of many different types at same time good cipher tools: one time pad: `pt - ct = key` decrypt rsa private key: `openssl rsautl -decrypt -inkey $key_file < $pass.crypt` ($pass.crypt is hex file? encrypted contents of pub key?) * [Ippsec:HacktheBox - Charon](https://www.youtube.com/watch?v=_csbKuOlmdE) ### Decrypt LDAP Passwords ```csharp using System; using System.IO; using System.Security.Cryptography; using System.Text; public class Program { public static void Main() { //Change these three variables to decode your own; need a key and IV to decode! string ciphertext = "BQO5l5Kj9MdErXx6Q6AGOw=="; string key = "c4scadek3y654321"; string iv = "1tdyjCbY1Ix49842"; string plaintext = string.Empty; plaintext = DecryptString(ciphertext, key, iv); Console.WriteLine(plaintext); } public static string DecryptString(string EncryptedString, string Key, string iv) { byte[] buffer = Convert.FromBase64String(EncryptedString); Aes aes = Aes.Create(); ((SymmetricAlgorithm) aes).KeySize = 128; ((SymmetricAlgorithm) aes).BlockSize = 128; ((SymmetricAlgorithm) aes).IV = Encoding.UTF8.GetBytes(iv); ((SymmetricAlgorithm) aes).Mode = CipherMode.CBC; ((SymmetricAlgorithm) aes).Key = Encoding.UTF8.GetBytes(Key); using (MemoryStream memoryStream = new MemoryStream(buffer)) { using (CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, ((SymmetricAlgorithm) aes).CreateDecryptor(), CryptoStreamMode.Read)) { byte[] numArray = new byte[checked (buffer.Length - 1 + 1)]; //not sure why this has -1+1 here, example works without it though... cryptoStream.Read(numArray, 0, numArray.Length); return Encoding.UTF8.GetString(numArray); } } } } ``` Decodes to: `w3lc0meFr31nd` If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zweilosec.gitbook.io/hackers-rest/os-agnostic/cryptography-and-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.