# HashTools
This is a pure python project implementing hash length extension attack. It also supports the implementation of some popular hashing algorithms.
## Currently Supported Algorithms
| Algorithm | Implementation | Length Extension Attack |
| :-------: | :----------------: | :----------------------: |
| MD5 | :white_check_mark: | :white_check_mark: |
| SHA1 | :white_check_mark: | :white_check_mark: |
| SHA224 | :white_check_mark: | :x: |
| SHA256 | :white_check_mark: | :white_check_mark: |
| SHA384 | :white_check_mark: | :x: |
| SHA512 | :white_check_mark: | :white_check_mark: |
## Installation
```shell
pip install HashTools
```
## Usage
### Using algorithm normally
Using `update` method (like [python hashlib](https://docs.python.org/3/library/hashlib.html))
```python
import HashTools
magic = HashTools.new(algorithm="sha256")
magic.update(b"Hello World!")
print(magic.hexdigest())
```
or just one line
```python
import HashTools
msg = b"Hello World!"
print(HashTools.new(algorithm="sha256", raw=msg).hexdigest())
```
### Using hash length extension attack
Using `extension` method
```python
import HashTools
from os import urandom
# setup context
secret = urandom(16) # idk ¯\_(ツ)_/¯
original_data = b"&admin=False"
sig = HashTools.new(algorithm="sha256", raw=secret+original_data).hexdigest()
# attack
append_data = b"&admin=True"
magic = HashTools.new("sha256")
new_data, new_sig = magic.extension(
secret_length=16, original_data=original_data,
append_data=append_data, signature=sig
)
```
## Testing
- Compare my implementation with [python hashlib](https://docs.python.org/3/library/hashlib.html)
```python
def test_imple():
algorithms = [
"md5", "sha1", "sha224", "sha256", "sha384", "sha512"
]
print("> Implementation test...")
for alg in algorithms:
msg = urandom(randint(0, 1024))
py_hash = hashlib.new(alg)
my_hash = HashTools.new(alg)
py_hash.update(msg)
my_hash.update(msg)
test1 = py_hash.hexdigest()
test2 = my_hash.hexdigest()
if test1 != test2:
print(f"[!] {alg.ljust(6)} failed the validation test!")
print(test1)
print(test2)
exit(1)
else:
print(f"[+] {alg.ljust(6)} passed the validation test!")
print("> All test passed!!!")
```
- Testing length extension attack
```python
def test_attack():
algorithms = [
"md5", "sha1", "sha256", "sha512"
]
print("> Implementation test...")
for alg in algorithms:
# setup context
length = randint(0, 1024)
secret = urandom(length) # idk ¯\_(ツ)_/¯
original_data = b"admin=False"
sig = HashTools.new(algorithm=alg, raw=secret + original_data).hexdigest()
# attack
append_data = b"admin=True;"
magic = HashTools.new(alg)
new_data, new_sig = magic.extension(
secret_length=length, original_data=original_data,
append_data=append_data, signature=sig
)
if new_sig != HashTools.new(algorithm=alg, raw=secret + new_data).hexdigest():
print(f"[!] Our attack didn't work with {alg.ljust(6)}")
exit(1)
else:
print(f"[+] {alg.ljust(6)} passed")
print("> All test passed!!!")
```
## License
- [MIT License](./License)
## References
- Pub, F. I. P. S. (2012). Secure hash standard (shs). Fips pub, 180(4).
Raw data
{
"_id": null,
"home_page": "https://github.com/viensea1106/hash-length-extension",
"name": "length-extension-tool",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "hash length extension,md5,sha1,sha224,sha256,sha512",
"author": "Nguyen Chuong Vo",
"author_email": "viensea1106@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/8a/3f/80d4ca8259e7ebbb740d2bf2e00a324b53b5f8f8f84b09f3888f231af390/length-extension-tool-0.1.0.tar.gz",
"platform": null,
"description": "# HashTools\n\nThis is a pure python project implementing hash length extension attack. It also supports the implementation of some popular hashing algorithms.\n\n## Currently Supported Algorithms\n\n| Algorithm | Implementation | Length Extension Attack |\n| :-------: | :----------------: | :----------------------: |\n| MD5 | :white_check_mark: | :white_check_mark: |\n| SHA1 | :white_check_mark: | :white_check_mark: |\n| SHA224 | :white_check_mark: | :x: |\n| SHA256 | :white_check_mark: | :white_check_mark: |\n| SHA384 | :white_check_mark: | :x: |\n| SHA512 | :white_check_mark: | :white_check_mark: |\n\n## Installation\n\n```shell\npip install HashTools\n```\n\n## Usage\n\n### Using algorithm normally\n\nUsing `update` method (like [python hashlib](https://docs.python.org/3/library/hashlib.html))\n\n```python\nimport HashTools\n\nmagic = HashTools.new(algorithm=\"sha256\")\nmagic.update(b\"Hello World!\")\nprint(magic.hexdigest())\n```\n\nor just one line\n\n```python\nimport HashTools\n\nmsg = b\"Hello World!\"\nprint(HashTools.new(algorithm=\"sha256\", raw=msg).hexdigest())\n```\n\n### Using hash length extension attack\n\nUsing `extension` method\n\n```python\nimport HashTools\nfrom os import urandom\n\n# setup context\nsecret = urandom(16) # idk \u00af\\_(\u30c4)_/\u00af\noriginal_data = b\"&admin=False\"\nsig = HashTools.new(algorithm=\"sha256\", raw=secret+original_data).hexdigest()\n\n# attack\nappend_data = b\"&admin=True\"\nmagic = HashTools.new(\"sha256\")\nnew_data, new_sig = magic.extension(\n secret_length=16, original_data=original_data,\n append_data=append_data, signature=sig\n)\n```\n\n## Testing\n\n- Compare my implementation with [python hashlib](https://docs.python.org/3/library/hashlib.html)\n\n```python\ndef test_imple():\n algorithms = [\n \"md5\", \"sha1\", \"sha224\", \"sha256\", \"sha384\", \"sha512\"\n ]\n\n print(\"> Implementation test...\")\n for alg in algorithms:\n msg = urandom(randint(0, 1024))\n\n py_hash = hashlib.new(alg)\n my_hash = HashTools.new(alg)\n\n py_hash.update(msg)\n my_hash.update(msg)\n\n test1 = py_hash.hexdigest()\n test2 = my_hash.hexdigest()\n \n if test1 != test2:\n print(f\"[!] {alg.ljust(6)} failed the validation test!\")\n print(test1)\n print(test2)\n exit(1)\n else:\n print(f\"[+] {alg.ljust(6)} passed the validation test!\")\n\n print(\"> All test passed!!!\")\n```\n\n- Testing length extension attack\n\n```python\ndef test_attack():\n algorithms = [\n \"md5\", \"sha1\", \"sha256\", \"sha512\"\n ]\n\n print(\"> Implementation test...\")\n for alg in algorithms:\n # setup context\n length = randint(0, 1024) \n secret = urandom(length) # idk \u00af\\_(\u30c4)_/\u00af\n original_data = b\"admin=False\"\n sig = HashTools.new(algorithm=alg, raw=secret + original_data).hexdigest()\n \n # attack\n append_data = b\"admin=True;\"\n magic = HashTools.new(alg)\n new_data, new_sig = magic.extension(\n secret_length=length, original_data=original_data,\n append_data=append_data, signature=sig\n )\n\n if new_sig != HashTools.new(algorithm=alg, raw=secret + new_data).hexdigest():\n print(f\"[!] Our attack didn't work with {alg.ljust(6)}\")\n exit(1)\n else:\n print(f\"[+] {alg.ljust(6)} passed\")\n\n print(\"> All test passed!!!\")\n```\n\n## License\n\n- [MIT License](./License)\n\n## References\n\n- Pub, F. I. P. S. (2012). Secure hash standard (shs). Fips pub, 180(4).\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A pure python tool to implement/exploit the hash length extension attack",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/viensea1106/hash-length-extension"
},
"split_keywords": [
"hash length extension",
"md5",
"sha1",
"sha224",
"sha256",
"sha512"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8a3f80d4ca8259e7ebbb740d2bf2e00a324b53b5f8f8f84b09f3888f231af390",
"md5": "5ee9b6cec50ec2a6d975064f2728f9cf",
"sha256": "591df10c57a28f81fd0a82dbc758bd869383422daa35d168f1937b6396796822"
},
"downloads": -1,
"filename": "length-extension-tool-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "5ee9b6cec50ec2a6d975064f2728f9cf",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 10131,
"upload_time": "2023-08-12T09:14:59",
"upload_time_iso_8601": "2023-08-12T09:14:59.786508Z",
"url": "https://files.pythonhosted.org/packages/8a/3f/80d4ca8259e7ebbb740d2bf2e00a324b53b5f8f8f84b09f3888f231af390/length-extension-tool-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-12 09:14:59",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "viensea1106",
"github_project": "hash-length-extension",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "length-extension-tool"
}
JSON
