Diffie-Hellman_Backdoor - How to backdoor Diffie-Hellman

  •        7

The whitepaper is on ePrint.




Related Projects

Python Cryptographic Toolkit

  •    C

CryptKit is a small, fast cryptographic toolkit for python. It implements Rijndael(AES), SHA 256, Elliptic Curve PKI, Diffie-Hellman key exchange and Nyberg-Ruppel signature/verification. Comprehensive enough to provide a secure socket alternative to SSL

docker-letsencrypt-nginx-proxy-companion - LetsEncrypt companion container for nginx-proxy

  •    Shell

letsencrypt-nginx-proxy-companion is a lightweight companion container for the nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically. See Let's Encrypt section for configuration details.NOTE: The first time this container is launched it generates a new Diffie-Hellman group file. This process can take several minutes to complete (be patient).

EmPyre - A post-exploitation OS X/Linux agent written in Python 2.7

  •    Python

EmPyre is a pure Python post-exploitation agent built on cryptologically-secure communications and a flexible architecture. It is based heavily on the controller and communication structure of Empire. The Diffie Hellman implementation is from Mark Loiseau's project here, licensed under version 3.0 of the GNU General Public License.

usbdriveby - USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in

  •    Arduino

USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing controlled commands, flailing the mouse pointer around and weaponizing mouse clicks. In this project, we'll learn how to exploit a system's blind trust in USB devices, and learn how a $20 Teensy microcontroller can evade various security settings on a real system, open a permanent backdoor, disable a firewall, control the flow of network traffic, and all within a few seconds and permanently, even after the device has been removed.

rosenbridge - Hardware backdoors in some x86 CPUs

  •    C

project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel) data. While the backdoor is typically disabled (requiring ring 0 execution to enable it), we have found that it is enabled by default on some systems.


  •    Java

lt;bgt;SicHerlt;/bgt; is an encryption client that will allow secure chat across the internet using AES and a Diffe-Hellman key exchange.

twittor - A fully featured backdoor that uses Twitter as a C&C server

  •    Python

A stealthy Python based backdoor that uses Twitter (Direct Messages) as a command and control server This project has been inspired by Gcat which does the same but using a Gmail account. You're probably going to want to compile implant.py into an executable using Pyinstaller In order to remove the console when compiling with Pyinstaller, the flags --noconsole --onefile will help. Just saying.

Cloak - Cloak can backdoor any python script with some tricks.

  •    Python

Cloak generates a python payload via msfvenom and then intelligently injects it into the python script you specify. To evade basic detection, Cloak breaks the payload into several parts and places it in different places in the code. If you want the victim to run your injected script as root, Cloak can handle that too. Cloak will be further upgraded in future to support a wide range of payloads, platforms and evasion techniques.

prism - PRISM is an user space stealth reverse shell backdoor, written in pure C.

  •    C

PRISM is an user space stealth reverse shell backdoor. The code is available on GitHub. PRISM can works in two different ways: ICMP and STATIC mode.

Botan - Crypto library for C++

  •    C++

Botan (Japanese for peony) is a cryptography library written in C++11. Botan's goal is to be the best option for cryptography in new C++ code by offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.

sjcl - Stanford Javascript Crypto Library

  •    Javascript

The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

Openxpki - Manage Keys and Certificate

  •    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

pyopenssl - A Python wrapper around the OpenSSL library

  •    Python

Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency. ... and much more.

Boringssl - Fork of OpenSSL that is designed to meet Google's needs

  •    C

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

crypto - [mirror] Go supplementary cryptography libraries

  •    Go

This repository holds supplementary Go cryptography libraries.The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

featherduster - An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

  •    Python

FeatherDuster is a tool written by Daniel "unicornfurnace" Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and can be used independently of FeatherDuster. Why "FeatherDuster"? There's an in-joke amongst some crypto folk where using crypto poorly, or to solve a problem that crypto isn't meant to solve is called "sprinkling magical crypto fairy dust on it". FeatherDuster is for cleaning up magical crypto fairy dust.

OpenSSL - Toolkit for SSL and TLS

  •    C

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

MIHCrypto - OpenSSL wrapper for Objective-C [cryptography]

  •    Objective-C

OpenSSL is the most powerful SSL and TLS library available which wraps a full cryptographic library. The library is written in pure C and due to its endless size and not-so-well-designed C interface it is very hard for beginners to step into it. The aim of the MIHCrypto library is to provide an object-oriented interface which allows developers to write simple and clean code by still using the power of the OpenSSL libCrypto library. OpenSSL is a very large library so (yet) not the whole library is wrapped by MIHCrypto. Since I am developing the library because personal needs focus of the functionallity is on modern cryptographic apporaches, but everybody is welcome to contribute other parts to the library.