Learning a few Crypto pitfalls practically - Part 2 - NULL Hyd

NULL Hyderabad held its September month's security meetup at CA Technologies, Hyderabad. I had the opportunity to present in this meet and I chose to continue with April month's topic - practical crypto pitfalls.

As always, for me presentation means demos first and slides last. This time I have spent exactly a week on the demos and as usual didn't prepare slides till the last hour :)

Topic: Regarding the topic, I have presented on Padding Oracle attacks. This is one topic I really struggled to grasp the low-level details. I thought presenting this topic in NULL meet is an opportunity for me to study this properly. So I have spent a week trying to understand the math behind it as well as coming up with a demo.

Slides: Below are the slides. They only contain screenshots of my hand-written notes and screenshots of Crypto Explorer utility. Thankfully, there are several fantastic blog posts which serve as great reference materials. No point re-creating slides or writing in length about the topic. Check the references slide in the ppt for the pointers. I have also listed them at the end of this article.

Note: Understanding the basics of crypto is a pre-requisite to understand padding oracle attack. I strongly recommend you to go through the slides of April month's talk, in case you want a refresher.

Demo Source Code: There are two parts to the demo:
1. A web application, built in ASP.NET, which is vulnerable to Padding Oracle attack. Check my PaddingOracleWebApp github repo for the source.
2. A client which launches the attack on the vulnerable web app. Check my Crypto Explorer utility for this. I have added "Padding oracle" tab.

Credits: The core padding oracle attack logic is actually taken from @martani's padding oracle repo. While Martani has developed a console app in C#, I have migrated it to WPF and integrated it into my Crypto Explorer utility.

Demo Video: Here is a quick video recording of the padding oracle attack: