Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Smashing RSA for fun and profit
RSArmageddon is a free software project released under GPL-3.0 license aiming to bring a powerful tool to attack the RSA cryptosystem and to manage ciphertexts and keys.
Many common attacks are provided as part of the default package and new ones can be added in an extensible fashion. Attacks are written in Sage, an extension of the Python programming language providing improved math capabilities and greater execution speed for computation-heavy tasks.
For Arch users, this software is easily installed from the AUR
$ yaourt -S rsarmageddon
Packages will be provided for Ubuntu/Debian and Windows in the releases section of the GitHub page.
A python package is available on PyPI for installation through pip on unsupported systems (but Sage has to be installed manually, see section Sage
$ pip install rsarmageddon
The main python script can also be used or installed straight out from a clone of this repo, although using the provided packages is more advisable.
On UNIX and Linux a supported version of Sage (9.x) must be present in the system's PATH. In case multiple versions are installed, the correct one should be the first one found. When installing via one of the provided packages this will generally be taken care of automatically.
Sometimes though Sage requires manual installation, such as when running from a cloned repo or on Windows, when installing through pip, or on *nix systems that do not ship Sage 9.x in their official repositories (confirmed on Debian version 10 and below). For these and more, see the instructions in the next paragraphs.
In some situations, including when:
and others, Sage requires manual installation. See the instructions in the next paragraphs for directions on how to do that.
There are many ways to install Sage on a Linux system, and some are harder than others. First of all, you should check if a supported version is available through your distro's package manager. The way to do this will be different on every system, but as an example on Ubuntu you would
$ sudo apt update && sudo apt install sagemath-common
Check with your distro for specific instructions. After installing through your package manager, check that the version installed is supported with:
$ sage -v
You should see something like SageMath version 9.2, Release Date: 2020-10-24
. If your version is not in the 9.x series, it is advised to
uninstall it and try one of the other methods below.
On Debian 10, Sage 9 is currently unavailable in the stable repositories. One option could be switching to Debian unstable, which at the time of writing ships Sage 9.2. If you are willing to do so, you can use the following commands to replace the contents of your /etc/apt/sources.list (doing a backup first) and install Sage 9 while upgrading your system to Debian unstable in the process
$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
$ echo 'deb http://deb.debian.org/debian/ sid main contrib non-free' | sudo tee /etc/apt/sources.list
$ echo 'deb-src http://deb.debian.org/debian/ sid main contrib non-free' | sudo tee -a /etc/apt/sources.list
$ sudo apt update && sudo apt dist-upgrade && sudo apt install sagemath
Your system should then be rebooted.
When a system package is not available, Sage must be installed from upstream. You can follow the instructions found in the official guide, section 2.1.
Download and run one of the installers for the latest supported version (9.x) from the sage-windows GitHub page. RSArmageddon should now be able to find the Sage installation automatically.
Crack a key vulnerable to Wiener factorization
$ rsarmageddon attack wiener -k examples/wiener.pub
Compute whole keys from partial information
$ rsarmageddon pem --dumpvalues -e 65537 -p 59324049994823056990807521915169702002197665897051782389894568149461077528733573161772021466179722704578809854939465445017077058505643271895926748239061359104208689455055208330141778200932280078304275269116573373683890335591263445317053081574622277328277733269675848414776648578497072273924489742291466663664728135782470217482641655776586326036779608751043056008882799192671053855818424895726100126833103213177923610642055953481374647391755694567628770583606826727132842668407118774498338841740271125482904779282687648543113216718032163573461465800663302702757738475592812012962616560400622190059897874533689263969513 -q 56214247180961101472418904084010866028721084750603538850912412988629938657856050506199747131481758687951394659255916498984648545468149966951075957118009649410947195509540243734626631437077632294920348877778126106857190799098500548702150792996731448944864546089813716649988246458024209115269339139700713248173765122394228136275663424166384192546495220986511506395231230712368557643028950758002822402061597625771649228811312719338006284781996960825317128843424255164212087586472800077894183144689764968774192993792706953206432004848853187269871408285302806880768934306325931793314083485686465813811090736334222919041553
Find and break keys from a set that share one or more factors with one another
$ rsarmageddon attack common_factor -k examples/common_factor --exts pem,pub -r --okd cracked_keys
Attack a key using two different methods with a timeout of 30 seconds each
$ rsarmageddon attack fermat,wiener -k examples/wiener.pub --timeout 30 --ok
Attack a key using all available methods with a timeout of 1 minute each
$ rsarmageddon attack all -k examples/fermat.pub --timeout 1m
Create a private key from e, p and q and print it to stdout in PEM format
$ rsarmageddon pem -e 65537 -p 12779877140635552275193974526927174906313992988726945426212616053383820179306398832891367199026816638983953765799977121840616466620283861630627224899026453 -q 12779877140635552275193974526927174906313992988726945426212616053383820179306398832891367199026816638983953765799977121840616466620283861630627224899027521 --cpr -
Factor a number using PARI
$ rsarmageddon factor 9837918379182
Encrypt the bytes string hello_bob using the OAEP encryption standard
$ rsarmageddon encrypt --ptr hello_bob --std oaep -k examples/wiener.pub
RSArmageddon supports the execution of user-created attacks in an
extensible fashion. New attacks can be added to an RSArmageddon
installation by dropping their files in user-wide and system-wide
configuration directories. These are
$XDG_CONFIG_HOME/rsarmageddon/attacks
and
/usr/share/rsarmageddon/attacks
on *nix systems, and
%LOCALAPPDATA%\RSArmageddon\attacks
on Windows. System-wide attacks
will shadow builtin attacks of the same name, and user-wide attacks will
shadow both system-wide and builtin ones.
Attack files are Sage scripts written using RSArmageddon's attack API.
The name of the attack will be equal to the attack file's name with the
trailing .sage
extension removed. To properly integrate with
RSArmageddon, every attack should:
import attack
attack.init()
with the full attack name, and a shorthand name
to use as prefix for multiple key outputs. This returns the list
s of
keys and of ciphertexts to work on, in a tuple. attack.init
takes
optional keyword arguments min_keys
to specify the minimum number of
keys the attack needs to work, min_ciphertexts
for the minimum
number of ciphertexts, and deduplicate
which can be set to "keys"
or "ns"
to filter out wholly duplicate keys or multiple keys with
the same public modulus.attack.input
, which takes one
optional argument prompt
and two keyword arguments default
and
validator
. default
provides a default value that will be used if
the user presses enter without writing anything; when prompt
is set
to a string, it will be displayed to the user when asking for input
while also showing the default value if one is provided. validator
takes a callable that can be used to validate and type convert user
input before attack.input
returns it; it should raise ValueError
on malformed input.attack.info
, such as intermediate values and heuristics.attack.keys
and attack.cleartexts
to send them to RSArmageddon.
attack.keys
takes any number of 5-tuples or 6-tuples in the form
(n, e, d, p, q, [name])
with the optional 6th element being the key
name, only used for multi-key outputs to override the default
auto-generated key names. attack.cleartexts
takes any number of
integer cleartexts, or tuples in the form (cleartext, name)
where
name
overrides the default cleartext name for multiple cleartext
outputs in the same way as for keys.attack.success
or attack.fail
to signal
the outcome and terminate the script. attack.fail
takes an optional
message and a boolean keyword bad_key
which signals RSArmageddon one
of the keys the attack was given is invalid.Note: Attacks may freely use any feature of the Python programming
language version 3.7 and of SageMath 9 but they should not interact
with the standard file descriptors directly (e.g. using the print
function to print data to standard output or input
to get lines from
standard input), as those are reserved for use by the attack API, and
RSArmageddon makes no guarantee they will be connected to a terminal or
anything sensible at all. Remember to use attack.info
and
attack.input
for all user interactions instead.
Note: interactive input should generally be avoided because it hinders RSArmageddon's ability to try out many consecutive attacks on a given set of keys, basically brute-forcing the attack method while running unsupervised.
Note: Should a multiprocessing Pool need to be created (to greatly
improve computational performance of parallelizable computing tasks on
multicore hardware), make sure to use the attack.Pool
wrapper to
ensure signals are properly handled in the attack script's execution
environment.
FAQs
RSA cryptography and cryptoanalysis toolkit
We found that rsarmageddon demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.