Security class help with Openssl and a word list.

[Keger]

In class we were given a text file with the plan text, a text file with the aes-128-cbc encrypted text and a file that is a list of words. We have to write a program in C on an Ubuntu VM with OpenSSL installed to find what is the correct password.

I am new to C and OpenSSL. can someone point me in the right direction? or give me some base code to work from.

Please.

[cooper]

You're shitting us, right?

You're new to C and someone in a class is asking you to do this for that class... Sounds like you shouldn't be in this class to begin with.

Start here:

#include <stdio.h>
 
int main(void) {
    // Your code starts here.
    return 0;
}

[Keger]

Nope, real deal. I skipped the programming requirements since I had programming as an under grad 30 years ago!

[overwraith]

Ok, so I had a C class a few years ago, I think I am a little bit rusty. This function will read from a text file until it encounters a newline. Each time you call the function you will get a new line from the file. This may need some tweaks.

/*Author: overwraith*/
#include <stdio.h>//file stuff
#include <assert.h>//I use this all the time to break out of code, bad habit though
#include <stdlib.h>//malloc cmd for allocating structs and strings
#include <string.h>//memset cmd for clearing memory

char *readLine(const char *fname);

void main(){
	char fname[] = "Passwords.txt";
	char* password;

	printf("Reading from file...\n");

	//loop through the passwords will return null on fail
	while(password = readLine(fname)){
		printf(password);
		printf("\n");
	}


	system("pause");
}//end main

char *readLine(const char *fname){
	static FILE *fptr = NULL;
	static int firstRun = 1;
	static int len = 32;
	char *str = (char*)malloc(len * sizeof(char));
	int i = 0;
	char* temp;
	char ch;

	if(str == NULL)//malloc has failed
		return NULL;

	memset(str, '\0', len);

	if(firstRun)
		assert((fptr = fopen(fname, "r")) != NULL);

	firstRun = 0;
	
	if(feof(fptr)){
		fclose(fptr);
		return NULL;
	}
	
	while(1){//loop indefinetley until there is enough allocated space for the password
		while(i < len){
			ch = fgetc(fptr);

			if(ch == EOF)
				return NULL;
			if(ch == '\n')
				return str;

			str[i] = ch;

			i++;
		}//end loop

		//have gone past the length, add more space
		len *= 2;
		temp = (char*)malloc(sizeof(char) * len);
		memset(temp, '\0', len);
		memcpy(temp, str, len / 2);
	}//end loop

	return NULL;
}//end function

The biggest hurdle will be the AES 128 encryption. Are you sure your teacher said you couldn't use C++ at all? The reason I ask is that I googled C and AES, and there was a C++ program that used a smattering of C online. Can't find it now, but will post if I find it again.

PS. Post final product, after you turn it in of course(some time after the deadline so you don't get copied or something by another student), would like to see what this beast looks like.

Edited September 21, 2014 by overwraith

[cooper]

Nope, real deal. I skipped the programming requirements since I had programming as an under grad 30 years ago!

Which makes you an idiot.

<sigh>

Take over from here and if you can't manage to do that, drop out of the course as it's not for you.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <openssl/aes.h>
#include <string.h>

#define MAX_PW_LENGTH	8

static int read_word(int fd, char *dest, int dest_length) {
	int result = 0;
	int pos = 0;
	// Init dest to all NULL chars.
	memset(dest,0,dest_length);
	while (pos < dest_length) {
		if (read(fd,dest+pos,1)!=1) {
			//EOF
			break;
		}
		if ((dest[pos]<33) || (dest[pos]>126)) {
			if (pos != 0) { // leading non-keyboard chars are ignored.
				dest[pos]='\0';
				result = 1;
				break;
			}
		} else {
			pos++;
		}
	}
	return result;
}

int main(int argc, char *argv[]) {
	int wordfile_fd;
	int datafile_fd;
	int bytes_read;
	char *datafile_data = NULL;
	char *decrypted_data;
	char possible_pw[MAX_PW_LENGTH];
	AES_KEY wctx;

	if (argc < 3) {
		printf("Insufficient parameters.");
		exit(-1);
	}
	datafile_fd = open(argv[1],O_RDONLY);
	if (datafile_fd < 0) {
		printf("Datafile missing.");
		exit(-2);
	}
	bytes_read = read_everything(datafile_fd, datafile_data);
	close(datafile_fd);
	if (bytes_read <= 0) {
		printf("Couldn't read datafile.");
		exit(-3);
	}
	decrypted_data = (char*)malloc(bytes_read * sizeof(char));
	if (decrypted_data == NULL) {
		printf("Couldn't allocate decryption buffer.");
		exit(-4);
	}
	wordfile_fd = open(argv[2],O_RDONLY);
	if (wordfile_fd < 0) {
		printf("Wordfile missing.");
		free(decrypted_data);
		free(datafile_data);
		exit(-5);
	}
	while (read_word(wordfile_fd, possible_pw, MAX_PW_LENGTH)) {
		AES_set_decrypt_key(possible_pw, 16*MAX_PW_LENGTH, &wctx);
		AES_decrypt(datafile_data, decrypted_data, &wctx);  
		// Figure out if the decrypted data is sensible... That one's on you.

/* You might need this one to decrypt instead:

void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
	const unsigned long length, const AES_KEY *key,
	unsigned char *ivec, const int enc);

*/
	}
	close(wordfile_fd);
	free(decrypted_data);
	free(datafile_data);
	return 0;
}

Compile with -lcrypto

[Keger]

overwraith and Cooper.

From the code you both provided I see where I was going wrong. I am sure I can finish this project. You both gave me good code to build on.

Thank You!