我的第一篇文章。:)
在过去的几周里,我为该方法在 java 中编写了一个 Timing Attack Implementation:
static char[] a = new char[] { 's', 'e', 'c', 'r', 'e', 't', '1' };
static boolean passwordCompare(char[] a, char[] b){
int i;
if (a.length != b.length)
return false;
for (i = 0; i < a.length && a[i] == b[i]; i++);
return i == a.length;}
一切都按预期进行。但后来我想用 C 编写相同的攻击,因为那是我目前正在尝试学习的编程语言,但没有任何进展。
我会感激每一个小小的帮助。:)
password_compare.o 是库,其中方法 password_compare(const char *password) 和秘密密码所在。
干杯!
#include <stdio.h>
#include <time.h>
#include <stdbool.h>
#include <stdlib.h>
#include <math.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "password_compare.o"
/* foreach macro for using a string as a collection of char */
#define foreach( ptrvar, strvar ) char* ptrvar; for( ptrvar=strvar ;
(*ptrvar) != '\0' ; *ptrvar++)
int main(void)
{
// variables
int counter;
char[] test;
long begin, end, begin2, end2;
long duration;
long duration2;
long store = 0;
char [] storechar;
char[] tester;
char [] storechar2;
// Try to find out the length from the password.
// Longest time = password.length.
for(int i=0; i<=10; ++i)
{
test = new char[i];
for(int j=0; j<i; ++j)
{
test[j]=a;
}
const char [] fixtest = test;
time_t start = time(0);
for (int k=0; k<1000000000;k++)
{
password_compare(fixtest);
}
time_t end = time(0);
duration = end-start;
if(duration > store)
{
store = duration;
storechar = test;
counter = i;
}
printf("Duration (" + i + ") = " + duration);
}
printf("The right length is :" + storechar.length);
int len=sizeof(storechar)/sizeof(int);
storechar2 = new char[len];
tester = new char[counter];
// Iterate through each position from the password array.
for (int h=0; h<len; h++)
{
long store2 = 0;
// Generate an char[] as String
// with all possible characters.
char* s1 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabc
defghijklmnopqrstuvwxyz1234567890";
// Check for each character from s1 ...
foreach(p1, s1)
{
tester[h] = *p1;
const char [] fixtester = tester;
// Check for each p1 in s1 at Position h the time.
//The largest value will be saved at Pos h.
if (h < (len-1))
{
time_t start2 = time();
for ( int k = 0; k<1000000000;k++)
{
password_compare(fixtester);
}
for ( int p = 0; p<1000000000;p++)
{
password_compare(fixtester);
}
time_t end2 = time();
duration2 = end2-begin2;
if ( duration2 > store2)
{
store2 = duration2;
storechar2[h] = *p1;
}
printf("Duration (" + *p1 + ") = " + duration2);
}
// else if h == password.length, then try
// every character at the last position.
else if (password_compare(fixtester) == true)
{
storechar2[h] = *p1;
printf("Character at Pos " + (h + 1) + ": ")
printf("storechar2[%d]: %d\n",h,storechar2[h]);
printf("The Password is: ");
for(int b = 0; i < my_array.length; i++)
{printf("%d ",storechar2[b]);}
exit(0);
}
}
printf("Character at Pos " + (h + 1) + ": ");
printf("storechar2[%d]: %d\n",h,storechar2[h]);
tester[h] = storechar2[h];
}
// The Password was guessed wrong!
printf("Failed");
exit(0);
return(0);
}