From ef7c971593562a5d8087ffc1627968ab81fd2470 Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Sun, 29 Jun 2014 19:55:13 -0700 Subject: [PATCH 1/1] init --- README.txt | 21 +++++++++++ timingattack.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 README.txt create mode 100644 timingattack.c diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..26c75d4 --- /dev/null +++ b/README.txt @@ -0,0 +1,21 @@ +# Simple Timing Attack + +This program implements a simple [timing attack](http://en.wikipedia.org/wiki/Timing_attack). It measures the execution time of a target program over a number of iterations, rotating through a character set and appending the fastest character to the result. + +## Requirements: + + librt (with clock_gettime implemented) + +Note: OSX [does not currently implement](http://stackoverflow.com/questions/5167269/clock-gettime-alternative-in-mac-os-x) `clock_gettime` + +## Compilation: + + gcc -lrt ./timingattack -o timingattack + +## Usage: + + Usage: timingattack [options...] + Options: + --l, --length specify password length + --i, --iterations specify iterations per character + --c, --charset specify possible password characters (alphanum default) diff --git a/timingattack.c b/timingattack.c new file mode 100644 index 0000000..60d773b --- /dev/null +++ b/timingattack.c @@ -0,0 +1,94 @@ +#include +#include +#include +#include +#include +#include + +void usage() { + fprintf(stderr, "Usage: timingattack [options...] \n"); + fprintf(stderr, "Options:\n"); + fprintf(stderr, " --l, --length \t specify password length\n"); + fprintf(stderr, " --i, --iterations \t specify iterations per character\n"); + fprintf(stderr, " --c, --charset \t specify possible password characters (alphanum default)\n"); + _exit(1); +} + +int main(int argc, char **argv) { + static int verbose_flag; + unsigned int iterations = 100; + unsigned int length = 20; + char alphanum[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ + "abcdefghijklmnopqrstuvwxyz" \ + "0123456789"; + char *charset = alphanum; + int c; + while (1) { + static struct option long_options[] = { + { "length", required_argument, 0, 'l' }, + { "iterations", required_argument, 0, 'i' }, + { "charset", required_argument, 0, 'c' }, + }; + int option_index = 0; + c = getopt_long(argc, argv, "i:", long_options, &option_index); + if (c == -1) + break; + switch (c) { + case '0': + puts("word"); + break; + case 'i': + iterations = atoi(optarg); + break; + case 'l': + length = atoi(optarg); + break; + case 'c': + charset = optarg; + break; + default: + usage(); + } + } + + if (argc < 2 || argc - optind < 1) + usage(); + + struct timespec begin, end; + unsigned long time, best_time; + char password[length]; + pid_t pid; + int i, ii, iii; + + for (i = 0; i < length; i++) { + char best_candidate = 'A'; + for (ii = 0; ii < strlen(charset); ii++) { + password[i] = charset[ii]; + password[i+1] = '\0'; + char *command[] = { argv[optind], password }; + clock_gettime(CLOCK_REALTIME, &begin); + for (iii = 0; iii < iterations; iii++) { + int status = 0; + if (!(pid = fork())) { + execvp(command[0], command); + } else if (pid < 0) { + return 1; + } else { + wait(&status); + } + } + clock_gettime(CLOCK_REALTIME, &end); + time = (unsigned long)(end.tv_nsec - begin.tv_nsec)/iterations; + printf("%s\n", password); + if (!ii || time < best_time) { + best_time = time; + best_candidate = charset[ii]; + } + } + password[i] = best_candidate; + } + + printf("\nPassword: %s\n", password); + + return 0; +} -- 2.30.2