{"id":16528284,"url":"https://github.com/azeemba/sour16","last_synced_at":"2025-10-28T10:31:11.252Z","repository":{"id":58646356,"uuid":"111861246","full_name":"azeemba/sour16","owner":"azeemba","description":"Toy version of the sweet32 attack","archived":false,"fork":false,"pushed_at":"2017-11-24T00:47:01.000Z","size":18,"stargazers_count":14,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-01T13:41:31.580Z","etag":null,"topics":["attack","birthday-attack","cryptography","rot13","toy"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/azeemba.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-11-24T00:45:03.000Z","updated_at":"2024-12-19T10:21:31.000Z","dependencies_parsed_at":"2022-09-17T18:41:29.088Z","dependency_job_id":null,"html_url":"https://github.com/azeemba/sour16","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azeemba%2Fsour16","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azeemba%2Fsour16/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azeemba%2Fsour16/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azeemba%2Fsour16/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/azeemba","download_url":"https://codeload.github.com/azeemba/sour16/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238630500,"owners_count":19504290,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","birthday-attack","cryptography","rot13","toy"],"created_at":"2024-10-11T17:39:01.015Z","updated_at":"2025-10-28T10:31:05.877Z","avatar_url":"https://github.com/azeemba.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"sour16\n======\n\nThis is a toy version of the sweet32 attack: https://sweet32.info/\n\nThe attack is an example of a birthday attack which exploits crypto algorithms\nwith small block sizes in CBC mode. The attack requires generation of a lot of\nencrypted blocks with known plaintext. After the generation, identical\nencrypted blocks can be identified and used to identify the plaintext value of\nthe blocks with unknown plaintext.\n\nsour16 uses `rot13` as its base encryption algorithm. Though basically any\nhashing/encryption algorithm with customizable block size and chained in CBC\nmode would work here.\n\nSimilarly to sweet32, sour16 generates a lot of encrypted HTTP packets where\nthe only unknown is a cookie value. Then uses the attack to retrieve the cookie\nvalue.\n\n## Scripts\n\n### Packet Generation: \n\n`generate_packets.py`: The script allows you to generate encrypted packets and\ndump them to a file. It supports `-N` flag to change number of packets\ngenerated (in the 1000s). It also allows configuration of the cookie value or\nthe block size.\n\nExample command:\n\n```sh\n./generate_packets.py --count 30 --cookie \"SECRET COOKIE\" --block-size 4 30k-32bit.out\n# creates a file called 30k-32bit.out\n# creates 30,000 encrypted packets with a 4 bytes (32 bit) block size\n# each packet has the cookie set to \"SECRET COOKIE\"\n```\n\n### Retrieving cookie by finding identical blocks\n\n`sour16.py`: This is the script that executes the actual attack and requires a\nfile that is generated using the `generate_packets.py` script. Since the block\nsize can vary, the script needs to know the block size used for the encryption\nas well.\n\nExample command:\n\n```\n./sour16.py --block-size 4 30k-32bit.out\nRetrieved the entire cookie! SECRET COOKIE\n```\n\nAs shown above, the cookie was succesfully retrieved!\n\n## Stats\n\n`find_expected_packet_counts.py` runs many cycles of encrypt-decrypt for\nvarying block size to figure out how many packets are needed on average. The\nnumbers below are very course but give a rought idea of packet count as a\nfunction of block size.\n\n|Block size| Block size| Num Packets| File size| Block count|\n|---|---|---|---|---|\n|2 byte| 16 bits| 40 packets| 28KB| 28k blocks|\n|3 byte| 24 bits| 1000 packets| 700KB| 364k blocks|\n|4 byte| 32 bits| 12500 packets| 8.4MB| 2.8M blocks|\n|5 byte| 40 bits| 250,000 packets| 174MB| 35M blocks|\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazeemba%2Fsour16","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazeemba%2Fsour16","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazeemba%2Fsour16/lists"}