[83] | 1 | Here you will find a brief overview of the tools and libraries provided by Bletchley. For further details, see the individual tool usage statements, pydoc documentation, and of course the <a href="https://github.com/ecbftw/bletchley">source code</a>. |
---|
[23] | 2 | |
---|
[105] | 3 | <h1>Installation</h1> |
---|
[83] | 4 | See: <a href="https://github.com/ecbftw/bletchley/blob/master/trunk/INSTALL">INSTALL</a> |
---|
[23] | 5 | |
---|
[105] | 6 | <h1>Command Line Tools</h1> |
---|
[23] | 7 | |
---|
[105] | 8 | <h2> bletchley-analyze </h2> |
---|
[23] | 9 | |
---|
| 10 | Analyzes samples of encrypted data in an attempt to decode samples to |
---|
[24] | 11 | binary and identify patterns useful in cryptanalysis. The purpose of |
---|
| 12 | the tool is to provide an cryptanalyst with a variety of information |
---|
| 13 | that is useful in determining how a token is encoded, encrypted and |
---|
| 14 | formatted. |
---|
| 15 | <br /> |
---|
| 16 | bletchley-analyze currently performs two primary functions: iterative |
---|
| 17 | encoding detection and ciphertext-only block analysis. Encrypted tokens |
---|
| 18 | are processed in multiple rounds. Within each round, the following |
---|
| 19 | occurs: |
---|
| 20 | <ul> |
---|
| 21 | <li>Token length analysis is performed to attempt to determine possible |
---|
| 22 | ciphertext block sizes, where applicable</li> |
---|
| 23 | <li>The tokens are analyzed for blocks of data that are repeated |
---|
| 24 | throughout any of the tokens</li> |
---|
| 25 | <li>A hexadecimal dump and escaped binary/ascii string is printed for |
---|
| 26 | each token with repeated blocks highlighted</li> |
---|
| 27 | <li>The full set of all known and possible data encodings is |
---|
| 28 | determined<sup>1</sup></li> |
---|
| 29 | <li>An educated guess is made as to the most likely encoding is</li> |
---|
| 30 | <li>All tokens are decoded using the most likely encoding, and then the |
---|
| 31 | process is repeated until no further encodings are detected</li> |
---|
| 32 | </ul> |
---|
[23] | 33 | |
---|
[86] | 34 | <code>bletchley-analyze</code> can read from stdin or from a file. Tokens are |
---|
[24] | 35 | delimited with newlines. Various options are provided to give the |
---|
| 36 | analyst control over the block sizes and encoding used during analysis. |
---|
| 37 | See the tool's usage statement for more information. |
---|
[23] | 38 | |
---|
[25] | 39 | As an example, several tokens were encrypted using ECB mode and encoded |
---|
[29] | 40 | using base64, and then percent (URL) encoded: |
---|
[105] | 41 | <pre> |
---|
[25] | 42 | zRW5bHxcRYHHqi0nriqOzg%3D%3D |
---|
| 43 | meU8SyxVHE3Hqi0nriqOzg%3D%3D |
---|
| 44 | vTA9eA4hhbFlktsbYI4hIg%3D%3D |
---|
| 45 | meU8SyxVHE1lktsbYI4hIg%3D%3D |
---|
[105] | 46 | </pre> |
---|
[25] | 47 | |
---|
[86] | 48 | These tokens were then fed to <code>bletchley-analyze</code>: |
---|
[105] | 49 | <img src="https://code.blindspotsecurity.com/trac/bletchley/export/head/wiki/images/bletchley-analyze.png" /> |
---|
[25] | 50 | |
---|
[55] | 51 | 1. <i>Bletchley's blobtools module currently supports 36 encoding variants, |
---|
[24] | 52 | including various forms of hexadecimal, base32, base64, and percent |
---|
[86] | 53 | encodings. Try '<code>-e ?</code>' to list them.</i> |
---|
[24] | 54 | |
---|
| 55 | |
---|
[105] | 56 | <h2> bletchley-encode </h2> |
---|
[29] | 57 | A simple tool to encode arbitrary data using a specified encoding chain. |
---|
| 58 | See the usage statement for more information. A quick example: |
---|
[105] | 59 | <pre> |
---|
[29] | 60 | $ echo 'Mallory Is My Friend.' | bletchley-encode -e percent/upper-plus,base64/rfc3548 |
---|
| 61 | TWFsbG9yeSBJcyBNeSBGcmllbmQuCg%3D%3D |
---|
[105] | 62 | </pre> |
---|
[23] | 63 | |
---|
[29] | 64 | NOTE: The encoding chain is applied from right to left in order to be consistent with other tools. |
---|
| 65 | That is, one can use the same encoding chain ordering for |
---|
[86] | 66 | <code>bletchley-encode</code>, <code>bletchley-decode</code>, and <code>bletchley-analyze</code>. |
---|
[29] | 67 | |
---|
| 68 | |
---|
[105] | 69 | <h2> bletchley-decode </h2> |
---|
[29] | 70 | A simple tool to decode data using a specified encoding chain. See the |
---|
| 71 | usage statement for more information. A quick example: |
---|
[105] | 72 | <pre> |
---|
[29] | 73 | $ echo 'TWFsbG9yeSBJcyBNeSBGcmllbmQuCg%3D%3D' | bletchley-decode -e percent/upper-plus,base64/rfc3548 |
---|
| 74 | Mallory Is My Friend. |
---|
[105] | 75 | </pre> |
---|
[23] | 76 | |
---|
[105] | 77 | <h2> bletchley-http2py </h2> |
---|
[29] | 78 | This script parses an HTTP request (provided via stdin or as a text |
---|
| 79 | file) and generates a Python script that sends (approximately) the same |
---|
| 80 | request. This is useful when one wants to repeatedly send variations of |
---|
| 81 | a request that was observed to be sent by an application or web |
---|
| 82 | browser. For more information, see the script's usage statement. |
---|
[23] | 83 | |
---|
[105] | 84 | <h2> bletchley-nextrand </h2> |
---|
[29] | 85 | A simple program which computes the state of a Java Random class |
---|
| 86 | instance given two sequential outputs of |
---|
[86] | 87 | <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Random.html#nextInt()"><code>nextInt()</code></a>. |
---|
[29] | 88 | For more information, see the usage statement. |
---|
[23] | 89 | |
---|
| 90 | |
---|
[105] | 91 | <h1>Libraries</h1> |
---|
[23] | 92 | |
---|
[86] | 93 | Start with '<code>pydoc3 bletchley</code>'. The following provides a brief overview of what each module is for. |
---|
[29] | 94 | |
---|
[55] | 95 | |
---|
[105] | 96 | <h2> blobtools </h2> |
---|
[55] | 97 | This module contains the code which handles base analysis of encrypted |
---|
| 98 | token encodings. It can be used to automatically detect the most likely |
---|
| 99 | encoding variant ("dialect") as well as to quickly encode or decode data |
---|
| 100 | which is wrapped in multiple levels of encodings. |
---|
[32] | 101 | |
---|
[55] | 102 | |
---|
[105] | 103 | <h2> buffertools </h2> |
---|
[55] | 104 | This module contains a collection of tools mean to help one manipulate |
---|
| 105 | binary buffers of ciphertext. |
---|
| 106 | |
---|
| 107 | |
---|
[105] | 108 | <h2> CBC </h2> |
---|
[55] | 109 | The CBC module contains various tools for attacking CBC encrypted data. |
---|
| 110 | In particular, it contains the POA class which automates padding oracle |
---|
| 111 | attacks. To use the POA class, one simply needs to implement a function |
---|
| 112 | in Python 3 which submits a request to an oracle and returns True if the |
---|
[56] | 113 | padding check was successful and False otherwise. See |
---|
[86] | 114 | '<code>pydoc3 bletchley.CBC.POA</code>' for more details. |
---|
[32] | 115 | |
---|
| 116 | |
---|
[105] | 117 | <h1>Support</h1> |
---|
[32] | 118 | |
---|
[105] | 119 | Having trouble? Submit an issue <a href="/trac/bletchley/newticket">here</a>, or |
---|
[63] | 120 | ask on the <a href="https://groups.google.com/d/forum/bletchley-devel">email list</a>. |
---|
[32] | 121 | |
---|
| 122 | |
---|
[105] | 123 | <h1>Contributing</h1> |
---|
[32] | 124 | |
---|
| 125 | We welcome any kind of help with the project, from new tools to bug |
---|
[105] | 126 | fixes and documentation. You might want to start with our <a href="/trunk/doc/TODO">TODO</a> |
---|
[86] | 127 | list. Note that the GitHub repository is currently just a static mirror, so please don't submit pull requests. |
---|
| 128 | To submit a patch, please post an issue or submit it to the <a href="https://groups.google.com/d/forum/bletchley-devel">email list</a> and we'll merge it. |
---|