Done with RSA exploit

enowars · May 9, 2024 · b1a1b4d · b1a1b4d
1 parent cf3ac59
commit b1a1b4d
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 27 deletions.
diff --git a/service/src/FlaskWebsite/website/exploit.py b/service/src/FlaskWebsite/website/exploit.py
@@ -48,3 +48,6 @@ def expprime(cipher, publickey):
     print(plaintext.decode())
 
 
+
+
+
diff --git a/service/src/FlaskWebsite/website/models.py b/service/src/FlaskWebsite/website/models.py
@@ -33,6 +33,7 @@ class Note(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(255))
     data = db.Column(db.String(10000))
+    encrypted_data = db.Column(db.LargeBinary)
     description = db.Column(db.Text)
     owner_id = db.Column(db.Integer, db.ForeignKey('User.id'))
     destination_id = db.Column(db.Integer)

diff --git a/service/src/FlaskWebsite/website/rsa_encryption.py b/service/src/FlaskWebsite/website/rsa_encryption.py
@@ -99,15 +99,17 @@ def get_keys():
 def encryption_of_message(message, public_key):
     #make 52 byte/char long messages and add them together to make bigger
     public_key = rsa.PublicKey.load_pkcs1(public_key.encode())
+    message = message.encode('utf-8')
     message_chunks = [message[i:i+52] for i in range(0, len(message), 52)]
     cipher_string = ""
     for i in range(len(message_chunks)):
         cipher = rsa.encrypt(message_chunks[i], public_key)
         cipher_string += cipher.decode('latin-1')  # Convert bytes to string
-    return cipher_string
+    return cipher_string.encode('utf-8')
 
 def decryption_of_message(cipher_string, private_key):
     private_key = rsa.PrivateKey.load_pkcs1(private_key.encode())
+    cipher_string = cipher_string.decode('utf-8')
     cipher_string = cipher_string.encode('latin-1')
     cipher_array = [cipher_string[i:i+64] for i in range(0, len(cipher_string), 64)]
     plaintext = ""
@@ -116,7 +118,7 @@ def decryption_of_message(cipher_string, private_key):
     return plaintext
 
 if __name__ == '__main__':
-    message = b"ENOABCDEF1234567890+/=ABCDEFGHIJKLM1234567890+/=1234567890+/="
+    message = "ENOABCDEF1234567890+/=ABCDEFGHIJKLM1234567890+/=1234567890+/="
     print("Message: ", message)
     private_key, public_key = get_keys()
     cipher_string = encryption_of_message(message, public_key)

diff --git a/service/src/FlaskWebsite/website/templates/home.html b/service/src/FlaskWebsite/website/templates/home.html
@@ -1,25 +1,35 @@
 {% extends "base.html" %} {% block title %}Home{% endblock %} {% block content
-%}
-<h1 align="center">Note Groups</h1>
-<ul class="list-group list-group-flush" id="notes">
-  {% for note in notes %}
-  <li class="list-group-item">
-    {{ note.data }}
-    {% if note.owner_id == user.id %}
-    <button type="button" class="close" onClick="deleteNote({{ note.id }})">
-      <span aria-hidden="true">&times;</span>
-    </button>
-    {% endif %}
-  </li>
-  {% endfor %}
-</ul>
-<form method="POST">
-  <textarea name="note" id="note" class="form-control"></textarea>
-  <br />
-  <input type="text" name="public_key" id="public_key" class="form-control" placeholder="Enter Public Key">
-  <br />
-  <div align="center">
-    <button type="submit" class="btn btn-primary">Add Note</button>
-  </div>
-</form>
-{% endblock %}
+  %}
+  <h1 align="center">Note Groups</h1>
+  <ul class="list-group list-group-flush" id="notes">
+    {% for note in notes %}
+    <li class="list-group-item">
+      {% if note.owner_id == user.id %}
+        {{ note.data }}
+      <button type="button" class="close" onClick="deleteNote({{ note.id }})">
+        <span aria-hidden="true">&times;</span>
+      </button>
+      {% else %}
+        {% if note.destination_id == user.id and note.owner_id != note.destionation_id%}
+          {{ note.data}}
+        {% else %}
+          {% if note.encrypted_data%}
+            {{ note.encrypted_data }}
+          {% else %}
+            {{ note.data }}
+          {% endif %}
+        {% endif %}
+      {% endif %}
+    </li>
+    {% endfor %}
+  </ul>
+  <form method="POST">
+    <textarea name="note" id="note" class="form-control"></textarea>
+    <br />
+    <input type="text" name="public_key" id="public_key" class="form-control" placeholder="Enter Public Key">
+    <br />
+    <div align="center">
+      <button type="submit" class="btn btn-primary">Add Note</button>
+    </div>
+  </form>
+  {% endblock %}
diff --git a/service/src/FlaskWebsite/website/views.py b/service/src/FlaskWebsite/website/views.py
@@ -9,6 +9,7 @@
 import json
 
 from . import aes_encryption
+from . import rsa_encryption
 
 
 views = Blueprint('views', __name__)
@@ -38,7 +39,9 @@ def home():
             else:
                 target_user = User.query.filter_by(public_key_name=public_key).first()
                 target_user_id = target_user.id
-                new_note = Note(data=note, owner_id=current_user.id, destination_id=target_user_id)  #providing the schema for the note
+                encrypted_note = rsa_encryption.encryption_of_message(note, target_user.public_key)
+                print("encrypted note: ", encrypted_note)
+                new_note = Note(data=note, encrypted_data = encrypted_note, owner_id=current_user.id, destination_id=target_user_id)  #providing the schema for the note
                 flash('Message encrypted and sent', category='success')
 
             db.session.add(new_note) #adding the note to the database