Posted:

7 Jun 2024

An opportunity to play with practical cryptography and see how easy it is to encrypt all of a user’s files.

Preparation | Procedure

Preparation

  1. Bring a USB stick to the lab to save your work

  2. Use rsync to copy files from one directory hierarchy to another (hint: man rsync may be helpful)

Procedure

Caution
Caution: real-world harms and ethical expectations

In this lab, you are going to write software that, although unsophisticated, could cause unrecoverable file loss. Like real ransomware, effects are reversible if you have good backups and/or if you have a working decryptor. However, untested backups should be assumed not to work, and decryptors don’t always work as they should!

As a matter of ethical practice:

  • Do not give this code to others and tell them to run it "for a joke".

  • Do not leave this code lying around where someone might run it ("I wonder what this is").

As in all aspects of your academic program, failure to behave in an ethical manner could have implications for your professional suitability and your ability to continue in the program.

  1. Log into Kali using the username l33t and the password opposable thumbs.

  2. Copy files into your home directory:

    • the frank user’s Music directory

    • the sam user’s Photos directory

  3. Write a Python function that uses the secrets module to generate a secret $n$-bit key. Show the output of this function for several key sizes — you may find binascii.hexlify helpful for this purpose.

  4. Write a Python function that will encrypt the contents of a given file with a given key, using a cipher of your own choosing. You may find the Cryptodome module helpful; on our Python installation you may need to refer to this module as Cryptodome.Cipher rather than Crypto.Cipher. This function should return the ciphertext as bytes. Show this function’s output when applied to several (small) files.

  5. Use the Python os.walk function to inspect every file within a directory (searching recursively), outputting for each:

    1. the path used to reach the file

    2. the first 16 B of the file (in hex format)

    3. the first 16 B of the ciphertext of the file (in hex format), using a key passed into your function

  6. Write a Python script that will generate a random key, saving it in a specified file path, then walk through a specified directory recursively, encrypting all files it finds in place (i.e., overwriting the originals). Demonstrate that this script works when executed against the l33t user’s home directory.

  7. Required for ENGI 9823, optional for ENGI 7420: Take the symmetric key that you used to encrypt the user’s data and encrypt it under another key known to you [1]. Write a decryptor that can decrypt the user’s files given their encrypted key. Demonstrate that it works and that the user gets their files back.

1. In reality this step would be done using public-key cryptography, but since we haven’t covered that in lectures yet, you can use more symmetric-key cryptography.