|
Public White-Box Cryptographic Implementations and their Practical Attacks
Deadpool is a repository of various public white-box cryptographic implementations and their practical attacks.
This could be of practical utility to us when dealing with the WBAES of dongles for example... LINK : Quote:
Attacks Differential Computation Analysis Differential Fault Analysis White-box implementations Wyseur 2007 challenge A Linux binary implementing a DES. Hack.lu 2009 challenge A Windows binary implementing an AES 128. Karroumi 2010 challenge A Linux binary implementing an AES 128. SSTIC 2012 challenge A Python serialized object implementing a DES. NoSuchCon 2013 challenge A Windows binary implementing an AES 128 with uncompensated external encodings. NoSuchCon 2013 variants Variants of the NoSuchCon 2013 challenge, using the same white-box generator but compiled for Linux, without obfuscation and with compensated external encodings. PlaidCTF 2013 challenge A Linux binary implementing an AES 128. CHES 2015 challenge A GameBoy ROM implementing an AES 128. OpenWhiteBox AES Chow An implementation of Chow written in Go, implementing an AES 128. OpenWhiteBox AES Xiao-Lai An implementation of Xiao-Lai written in Go, implementing an AES 128. CHES 2016 challenge A Linux binary (and source) implementing an AES 128. |
thx nice share,,,,
bye N |
There are lengthy description of what the various attacks do, but have any of them actually decrypted AES encrypted data?. There are no examples of successful attacks documented that I could see. In fact, if AES can be broken aren't a lot of people going to have sleepless nights?. Or have I totally missed the point and it's only about the WB part?
|
@Git check out http://whiteboxcrypto.com basically it's about storing the keys in the algorithm. Useful in for example DRM solutions like Spotify where the user has to decrypt the songs to listen to them but you don't want them to be able to easily retrieve the key.
|
Sure, but I don't see an answer to my question.
|
It's only about the whitebox system (hiding the AES-key in these cases), not about AES itself. That still doesn't answer the other part of your question, but I don't know how 'successful' they were in 'cracking' those challenges ...
|
Have a look at the solutions to the challenges itself. For instance, here:
https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_ches2016/DFA They are able to obtain the last round key. This means that they are able to calculate the initial AES key. By this key it is possible to decrypt encrypted data. Another nice read is http://phrack.org/issues/68/8.html |
I have already posted on other threads in this forum last year (in the dongle section I think) that with the use of Differential Frequency Analysis (DFA) its possible to get the AES key in some cases.
Of course it may not be possible in ALL the cases, especially if the key length is very long etc.. But we should remeber that these are mainly experimental approaches to what was once thought of as an impossible task ! Cheers :) |
They now also adapted differential fault attacks:
http://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html |
| All times are GMT +8. The time now is 14:53. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX