committing the tagging attack demo

demo.py

@@ -0,0 +1,136 @@
+#!/usr/bin/python
+
+import hashlib, base64, binascii
+import mixKeystore, mixMessage
+
+DoTaggingAttack = True
+
+# ========================================================================
+# Specify the keystore the rest of the code will use.  Build it ourselves
+#  to stop it from going to the filesystem.
+mixKeystore._mixKeyStore = mixKeystore.MixKeyStore()
+
+fk1 = open('key1.seckey', 'r')
+mixKeystore._mixKeyStore.addKey(fk1.readlines(), "key1")
+fk1.close()
+
+fk2 = open('key2.seckey', 'r')
+mixKeystore._mixKeyStore.addKey(fk2.readlines(), "key2")
+fk2.close()
+
+fk3 = open('key3.seckey', 'r')
+mixKeystore._mixKeyStore.addKey(fk3.readlines(), "key3")
+fk3.close()
+
+#Open the Message
+fm = open('message.msg', 'r')
+msg1_lines = fm.readlines()
+fm.close()
+
+# ========================================================================
+print "Client sends message with a Path of Node1,Node2,Node3"
+print "  by pure luck (or unluck) Nodes 1 and 3 are attacker-controlled"
+# ========================================================================
+print "=" * 70
+print "Received Message on Node 1, processing..."
+#Process the message
+msg1 = mixMessage.MixMessage(msg1_lines)
+
+#Decrypt the Message As Node 1
+msg1.decode()
+
+#Display the Decrypted & Decoded Intermediate Message
+
+print "Message recieved by Node 1, decrypted, and decoded:"
+msg1.pprint()
+
+#Create the message that will be sent to the second node
+msg2_lines = msg1.deliveryBody()
+
+if DoTaggingAttack:
+    print "+" * 70
+    print "Performing Tagging Attack"
+    print "+" * 70
+    #We want to flip the 240th byte of the second Mix Header
+    #First seperate the message into it's components:
+    headerIndex = msg2_lines.index("-----BEGIN REMAILER MESSAGE-----")
+    lengthIndex = headerIndex + len("-----BEGIN REMAILER MESSAGE-----") + 1
+    digestIndex = lengthIndex + len("20480") + 1
+    dataIndex = digestIndex + len(base64.b64encode(hashlib.md5("").digest())) + 1
+    footIndex = msg2_lines.index("-----END REMAILER MESSAGE-----")
+
+    #Isolate the data
+    tampereddata = msg2_lines[dataIndex:footIndex].replace("\n", "")
+    tampereddata = base64.b64decode(tampereddata)
+
+    #Corrupt the target byte (the actual mode of corruption is not significant)
+    # 512 bytes to get past the first Mix Header, then 240 bytes beyond that
+    targetByte = 240
+    oldLength = len(tampereddata)
+    if tampereddata[512 + targetByte] == '\x00':
+        tampereddata = tampereddata[:512 + targetByte] + '\x01' + tampereddata[512 + targetByte + 1:]
+    else:
+        tampereddata = tampereddata[:512 + targetByte] + '\x00' + tampereddata[512 + targetByte + 1:]
+    assert(oldLength == len(tampereddata))
+
+    #Reassemble the message
+    from mixMath import splitToNPerLine
+
+    output  = "::" + "\n"
+    output += "Remailer-Type: tagging-attack-demo\n"
+    output += "\n"
+    output += "-----BEGIN REMAILER MESSAGE-----" + "\n"
+    output += "20480" + "\n"
+    output += base64.b64encode(hashlib.md5(tampereddata).digest()) + "\n"
+    tampereddata = base64.b64encode(tampereddata)
+    output += splitToNPerLine(tampereddata) + "\n"
+    output += "-----END REMAILER MESSAGE-----" + "\n"
+
+    msg2_lines = output
+
+print "Sending Message on to Node 2..."
+# ========================================================================
+print "=" * 70
+print "Received Message on Node 2, processing..."
+#Process the message
+msg2 = mixMessage.MixMessage(msg2_lines)
+
+#Decrypt the Message As Node 2
+msg2.decode()
+
+#Display the Decrypted & Decoded Intermediate Message
+print "Message recieved by Node 2, decrypted, and decoded:"
+msg2.pprint()
+
+#Create the message that will be sent to the second node
+msg3_lines = msg2.deliveryBody()
+
+print "Sending Message on to Node 3..."
+# ========================================================================
+print "=" * 70
+print "Received Message on Node 3, processing..."
+#Process the message
+msg3 = mixMessage.MixMessage(msg3_lines)
+
+#Decrypt the Message As Node 3
+try:
+    msg3.decode()
+except Exception, e:
+    print "+" * 70
+    print "Caught a Decoding Exception! Continuing Anyway..."
+
+    msg3.decode(ignoreDigestErrors=True)
+
+    firstHeader = msg3.Headers[0]
+    actualDigest = hashlib.md5( firstHeader.EncHeader_Decrypted[0:firstHeader.DecryptedHeader.byteIndex] ).digest()
+    observedDigest = firstHeader.DecryptedHeader.Digest
+    print "Actual Digest  ", binascii.hexlify(actualDigest)
+    print "Included Digest", binascii.hexlify(observedDigest)
+    print "                |______________||______________|"
+    print "                     Matches       Corrupted   "
+    print "+" * 70
+
+
+#Display the Decrypted & Decoded Intermediate Message
+print "Message recieved by Node 3, decrypted, and decoded:"
+msg3.pprint()

key1.seckey

@@ -0,0 +1,31 @@
+-----Begin Mix Key-----
+Created: 2012-10-24
+Expires: 2013-10-24
+72f00ecf4f4e3af64d19772d4dd7d620
+0
+PODmouviE9Q=
+HMWtMHP3cVxrXHQFz5XwIe78ToBXXAQ/oyWaLpt0
+2KB5b1hVc9tYYkUCE4OfPHuGEcF4z5aUUfPYtac7
+JtjvEB+IMFWLnSiME9/SKm9dHqiunO23gUIrt7II
+al/+NQpijNqhw55RWlj6HGJloPqoStsme+dgLw05
+z6fEeGAvs5bJaiRFY9H7p+mq/BbpavCqaKMjmn5w
+j00UKneDybn9d6RYtqO6SyTqWpFlfeIgdj+k4jkV
+vP6p7ILNqIPAAhrbFsuO23N22y35nrJmzTED+4oB
+pMxqIoyFFyWgDqtdi+XNCOlqW72w7SfxiMCEYYqt
+Ttkk4mAZ/mjOxlN6+CExmDsXrDOJ8HKwtt/ojnMK
+WvWhkmFs4JC0wGgwK8hrW30sBc+zxzU1OdWxTZNJ
+j3qZ0x844eLuMYZlWxgMbwoRSXZwNqQxNokBJJv7
+lfTdneJdSsXJOdLnsXvOFcDxSdaPKMsluvFEqHay
+JoGowwqrBwZOYETswlE3yg0WB6NHz2/JXa5tayta
+9AI1VZCLW0p3CNXERE/CpQDjqVehEf/wHxTau+fO
+9VH28CMq2CKqy9nUhhoTqT0v7yJrVBqPUkqpWBgp
+z7xjLazobUTjpa9bmwAR2Gy32Cr69RH+iAnItiui
+NyDe37ghLHzgR8e9VZu7rOQGxYBr3qzW2CwuDm35
+BlHCn6k0F29KxIRPzGgJfOOjIeS9ok8/ozPOpqdd
+8fKvWCgSEko/Asa0NxQSGlVKEOeg/72HpHsj2j9g
+w063OHOzDTTmCxjjMdENWsrfCOsjfG70T/r33Pg5
+pwGOErF79NmaDpnuUVjEjK0fohOgGO1/++hH4wFr
+RpMkSoMFaAxAD80YL7PxSM59x2bWnEZby/U5S12/
+RvTFV8rVPZF+RiUFxeNYs+dMTSZMyBCrQxDeHQ81
+zlkJ18tV1jRM3uZMIlCBpcu1gbpstg==
+-----End Mix Key-----

key2.seckey

@@ -0,0 +1,31 @@
+-----Begin Mix Key-----
+Created: 2012-10-24
+Expires: 2013-10-24
+24a17d807994cffbe65fdc6ce13d3562
+0
+/Ioo6UfgB9Y=
+7EE23tSYGx9LG7CDB8KZo+uzGdT16XXUwIwpjoSI
+n03huEZat7h309YcaamttZptgnFGzKIhwGRzgL8n
+lU0vXkY+T4262kjpYdSk+vY2IqKSNW3NxnFUMlRw
+qfcj97gQavP+PFOkP9Bzv4NpBD8vXVP2UqPVkOsZ
+SsnJ4eX3pCJQwcE83oFaBvWDDfLN+rFop/04u+Ii
+SpNBEIKUCWhrl5KIoR+4UTLbR3R0jHf8Llzo1v+t
+6ajfnLHZobY7I8204cwTv+7vlMDCEfXOlN5BQnue
+gSQcEAdS4ADmfsArPaQcHNz+y7NVNaXI5H4+Gb0A
+iJeR+InKfhZMYyE2yXeNdHTAjGFPOLZi2WyXa7xx
+FJG1PG2/x0qenbspxaaWUeUx/ThbrodssHvTiP/4
+tt6Q9ThSGD3ioJzy3GyBfiibpcaplxG+Un3Nxxoq
+QtUDgJzflZMKuB7VykOJe5PU6dLd8DawfcO5cc6g
+YeujCRqaL8ZNq0VOACbk+TgT3SE1pk+B+UPDUgjg
+lBJsd+acuDNjVLj4DPen9te4qQx9usUCewXcBjDO
+zwSxzctONzsOEYxb/Pjvb7+ANMWhvdzvH09xF7VG
+xOtGUor62FDh0GwLNCZgBULuYsswrkU4hfH2HmPt
+8sn6CD1BaqhmQlDHimOvIarRNc+eqRjBFtJVs9lm
+y+v+yT4ncxA6Z4iXXsu4xU4KIefw7Sh0iZ9dMhQd
+77SO469WPcR8om/tqGRM3R2SjFPOEDzA+YAJCysa
+vLu0hf/9cf64fngaDaKmrholGwhpOcJi9u0+WClv
+4r8q/bfPuVpKncZJWQJUXvT4YEKMqxeb6o6GoB6P
+s5sfRQ7QamIzS/jqrwOihvuyw622XosmBd8E06bW
+OpSesFbTBymHi/pODv0C2Re9ljukeE6IZaj52Mq1
+7yA2L/u33f7WGAFd2hk9VafzmH7VbQ==
+-----End Mix Key-----

key3.seckey

@@ -0,0 +1,31 @@
+-----Begin Mix Key-----
+Created: 2012-10-24
+Expires: 2013-10-24
+f3372c7effb5887858460b7ed2faab91
+0
+BqukvVHoOw4=
+nH+L/3unhjLOLLOGiBZoOd3QYL78WxZzSIA8GbAn
+7Nl8tSyVp2hmzmaAjlcRL9RUTT9UrO9OloAzGub6
+FzomPxC8HwrFz8fnpvmzosFYjn0EeB1AFd+Mw2oL
+Cm/QNsKdXj/nA84EqBa6A9fFWPkW3iMjxM+sqVFg
+aW9Yajx1eWo4eQ79SICr0nvRurR2uPTmDbEid84u
+QkYSFN7mD7y4pgZ/Wc2rMEu9SLQsyrafHKLbK9jR
+6qc1aPPIt0vfkfF5y6nDadeghNi7E8gh7VG0yx42
+l7KIYGiPsMsiWQ/0U7GwW2Xy4QntY4x43QWwsONI
+xaVMEYVkeb3aM+wU6TCxy3MsF8eIwZLrhPMadPO+
+AgxoKnjbT/0gpflyLeqcTw5XbZgnZiIXHihm1aTp
+xFbZs6GTmYmXF/y0a33KslVKRhH4LXEKpxEsdUKD
+yGYw38wyYa6FF+QacMAcIl3KNx4qPoiUurdefAgY
+OsF8GtsX/bHmdCqU7F1/R4+LNr9JWIgXKyBZMX0x
+w/ORo5hjKr5yC0VoQQ2ee2TRJ+99OONLmN1kI/DQ
+JrvapS4l9bFMNUFVN/FK7Daz1pRHKv9R9qJ6mbZY
+lnhikp4hoG8PTAI1j1A1FMncQotg/tMPVTVggHDB
+Q2xM4gPVbHWwu9b9+kQ9ablp4DKmeOAMckKi7Xxt
+YFR01vN3gXKl1Np6YQ5XHHxbWBrtCzcxhsKwIOCN
+kao+/vhb7LNVq4ljsuLQirc+wnedU+vLKxIX+o9j
+wyY6H9t1i+9ixqivBg8pA0ez69MfA6JXfxPOEinG
+Mf4yuznAGA4CCcAtilDOnoNAzVCmQtQJxyx0Fpig
+aUWpvxESSFxQUTFUpfeaQAkLke4H6C+wNtHpHwFV
+AFvB9m7F+INXILsb7DOZkImhthad9zWfbFEEDkum
+6qEvWeZKnTVpjPaTU/Akf7LO8pi2yQ==
+-----End Mix Key-----