| 1 | Bletchley provides a variety of tools that make black box |
|---|
| 2 | cryptanalysis easier by taking care of some of the more tedious |
|---|
| 3 | engineering challenges. Bletchley is maintained by <a href="http://vsecurity.com/">VSR</a>. |
|---|
| 4 | Bletchley is currently in the early stages of development, which means |
|---|
| 5 | documentation may be lacking. Contributions are welcome. |
|---|
| 6 | |
|---|
| 7 | *Contents* |
|---|
| 8 | <wiki:toc max_depth="2" /> |
|---|
| 9 | |
|---|
| 10 | |
|---|
| 11 | = Command Line Tools = |
|---|
| 12 | |
|---|
| 13 | == bletchley-analyze == |
|---|
| 14 | |
|---|
| 15 | Analyzes samples of encrypted data in an attempt to decode samples to |
|---|
| 16 | binary and identify patterns useful in cryptanalysis. The purpose of |
|---|
| 17 | the tool is to provide an cryptanalyst with a variety of information |
|---|
| 18 | that is useful in determining how a token is encoded, encrypted and |
|---|
| 19 | formatted. |
|---|
| 20 | <br /> |
|---|
| 21 | bletchley-analyze currently performs two primary functions: iterative |
|---|
| 22 | encoding detection and ciphertext-only block analysis. Encrypted tokens |
|---|
| 23 | are processed in multiple rounds. Within each round, the following |
|---|
| 24 | occurs: |
|---|
| 25 | <ul> |
|---|
| 26 | <li>Token length analysis is performed to attempt to determine possible |
|---|
| 27 | ciphertext block sizes, where applicable</li> |
|---|
| 28 | <li>The tokens are analyzed for blocks of data that are repeated |
|---|
| 29 | throughout any of the tokens</li> |
|---|
| 30 | <li>A hexadecimal dump and escaped binary/ascii string is printed for |
|---|
| 31 | each token with repeated blocks highlighted</li> |
|---|
| 32 | <li>The full set of all known and possible data encodings is |
|---|
| 33 | determined<sup>1</sup></li> |
|---|
| 34 | <li>An educated guess is made as to the most likely encoding is</li> |
|---|
| 35 | <li>All tokens are decoded using the most likely encoding, and then the |
|---|
| 36 | process is repeated until no further encodings are detected</li> |
|---|
| 37 | </ul> |
|---|
| 38 | |
|---|
| 39 | bletchley-analyze can read from stdin or from a file. Tokens are |
|---|
| 40 | delimited with newlines. Various options are provided to give the |
|---|
| 41 | analyst control over the block sizes and encoding used during analysis. |
|---|
| 42 | See the tool's usage statement for more information. |
|---|
| 43 | |
|---|
| 44 | As an example, several tokens were encrypted using ECB mode and encoded |
|---|
| 45 | using base64, and then percent (URL) encoding: |
|---|
| 46 | {{{ |
|---|
| 47 | zRW5bHxcRYHHqi0nriqOzg%3D%3D |
|---|
| 48 | meU8SyxVHE3Hqi0nriqOzg%3D%3D |
|---|
| 49 | vTA9eA4hhbFlktsbYI4hIg%3D%3D |
|---|
| 50 | meU8SyxVHE1lktsbYI4hIg%3D%3D |
|---|
| 51 | }}} |
|---|
| 52 | |
|---|
| 53 | These tokens were then fed to bletchley-analyze: |
|---|
| 54 | <img src="http://bletchley.googlecode.com/svn/wiki/images/bletchley-analyze.png" /> |
|---|
| 55 | |
|---|
| 56 | 1. <i>Bletchley's blobtools module currently supports 33 encoding variants, |
|---|
| 57 | including various forms of hexadecimal, base32, base64, and percent |
|---|
| 58 | encodings.</i> |
|---|
| 59 | |
|---|
| 60 | |
|---|
| 61 | == bletchley-encode == |
|---|
| 62 | TODO |
|---|
| 63 | |
|---|
| 64 | == bletchley-decode == |
|---|
| 65 | TODO |
|---|
| 66 | |
|---|
| 67 | == bletchley-http2py == |
|---|
| 68 | TODO |
|---|
| 69 | |
|---|
| 70 | == bletchley-nextrand == |
|---|
| 71 | TODO |
|---|
| 72 | |
|---|
| 73 | |
|---|
| 74 | = Libraries = |
|---|
| 75 | |
|---|
| 76 | TODO |
|---|
