formalised project structure

2025-06-21 19:05:47 +10:00 · 2025-06-21 19:05:47 +10:00 · 6f8a7322f2
commit 6f8a7322f2
parent 897272d7c1
14 changed files with 177 additions and 71 deletions
--- a/bcrypt/init.py
+++ b/bcrypt/init.py
--- a/bcrypt/cli/init.py
+++ b/bcrypt/cli/init.py
--- a/bcrypt/bcrypt.py
+++ b/bcrypt/bcrypt.py
@ -1,54 +1,6 @@
 from math import gcd
 from random import randint, randbytes

-H = 18446744073709551614
-K = 59275109328752
-M = 2**64
-
-def Rjb(j: int, b: int) -> int:
-    return b << j**2
-
-def Rb(b: int) -> int:
-    Rb = 0
-    for j in range(8):
-        Rb ^= Rjb(j, b) 
-    return Rb
-
-'''
-Returns a hashmap (python dictionary) of b -> R(b)
-for all b such that: min < b < max
-'''
-def precompute_R(min: int, 
-                 max: int) -> dict[int, int]:
-    b = min
-    R_table = {}
-    while b <= max:
-        R_table[b] = Rb(b)
-        b += 1
-    return R_table
-    
-
-def hashfn(x: bytes, R_table: dict[int, int]) -> int:
-    h = -2
-    for i in range(len((x))):
-        b = x[i]
-        h = h**2 * (b+1) + ((K * (i+1)) ^ R_table[b])
-        h %= M
-    return h % M
-
-def bcrypt(x: bytes) -> int:
-    h = 18446744073709551614
-
-    for (i, b) in enumerate(x):
-        h *= h * (b + 1)
-        k = 59275109328752 * (i + 1)
-        for j in range(8):
-            k ^= b << (j * j)
-        h += k
-        h %= (2 ** 64)
-
-    return h
-
 def debug_hashes_eq(x: bytes, R_table: dict[int, int]) -> bool:
    return hashfn(x, R_table) == bcrypt(x)

--- a/bcrypt/debug/init.py
+++ b/bcrypt/debug/init.py
--- a/bcrypt/debug/constants.py
+++ b/bcrypt/debug/constants.py
@ -0,0 +1 @@
+
--- a/bcrypt/debug/constituents.py
+++ b/bcrypt/debug/constituents.py
@ -0,0 +1,18 @@
+'''
+This file provides various "disint" (display internal) methods
+regarding the "constituent functions" that exist in "bcrypt".
+'''
+
+from bcrypt.lib.format import lpad, lpadbin
+
+'''
+Display internal calculations of Rb(b: int) for bcrypt/hashrev.py  
+'''
+def disint_Rb(b: int):
+    Rb = 0
+    for j in range(8):
+        j_sq = j**2
+        Rjb = b << j_sq
+        Rb ^= Rjb
+        print(f'{lpad(j_sq, 2)}: {lpadbin(Rjb, 64)} {Rjb}')
+    print(f'Rb: {lpadbin(Rb, 64)} {Rb}') 
--- a/bcrypt/debug/hasheq.py
+++ b/bcrypt/debug/hasheq.py
@ -0,0 +1,39 @@
+'''
+This file implements debug methods to check whether
+hashrev.bcrypt() operates identically to hash.bcrypt().
+TLDR: test if I made a dumb typo.
+'''
+
+from random import randint, randbytes
+import bcrypt.hash
+import bcrypt.hashrev
+
+def is_bcrypt_eq(x: bytes, R_table: Optional[dict[int, int]] = None) -> bool:
+    return hashrev.bcrypt(x, R_table=R_table) == hash.bcrypt(x)
+
+'''
+Display internals of testing bcrypt implementations
+from bcrypt/hash.py and bcrypt/hashrev.py
+NOTE: By default this runs 10000 trials for
+NOTE: random sequences of length 0-16 bytes.
+'''
+def disint_bcrypt_eq(trials: int = 10000, 
+                     max_bytes: int = 16) -> bytes | None:
+    R_table = hashrev.calc_R_array(max = 255)
+    for i in range(trials):
+        # generate random bytes
+        num_bytes = randint(0, max_bytes)
+        x = randbytes(num_bytes)
+        
+        # test the modified bcrypt with the original    
+        hash_rev = hashrev.bcrypt(x, R_table=R_table)
+        hash_expected = hash.bcrypt(x)
+        if hash_rev != hash_expected:
+            print(f'Your hashfn sucks, big mistake bucko!! (failed iter: {i})')
+            print(f'     Got: {hash_rev}')
+            print(f'Expected: {hash_bcrypt}')
+            print(f'Input Bytes: {[str(b) for b in x]}')
+            return x
+
+    print('Impeccable hashfn holy moly!!')
+    return None
--- a/bcrypt/hash/init.py
+++ b/bcrypt/hash/init.py
--- a/bcrypt/hash/og.py
+++ b/bcrypt/hash/og.py
@ -0,0 +1,15 @@
+'''
+The unchanged original "bcrypt" function for the CTF (by bpaul)
+'''
+def bcrypt(x: bytes) -> int:
+    h = 18446744073709551614
+
+    for (i, b) in enumerate(x):
+        h *= h * (b + 1)
+        k = 59275109328752 * (i + 1)
+        for j in range(8):
+            k ^= b << (j * j)
+        h += k
+        h %= (2 ** 64)
+
+    return h
--- a/bcrypt/hash/rev.py
+++ b/bcrypt/hash/rev.py
@ -0,0 +1,59 @@
+'''
+This file reverse engineers and reconstructs the original 
+"bcrypt" hash function for the CTF (stored in bcrypt/hash.py).
+This reconstructs implements, namely, precomputation of tables
+of values in the hashing. Allowing bulk computation of hashes
+to be significantly faster.
+'''
+
+from array import array
+from typing import Optional
+
+# Constants
+H = 18446744073709551614
+K = 59275109328752
+M = 2**64
+
+def Rjb(j: int, b: int) -> int:
+    return b << j**2
+
+def Rb(b: int) -> int:
+    Rb = 0
+    for j in range(8):
+        Rb ^= Rjb(j, b) 
+    return Rb
+
+'''
+Reconstructed implementation of the "bcrypt" hash function by bpaul.
+NOTE: An optional precomputed R_table is permitted as an arguement.
+'''
+def bcrypt(x: bytes, R_table: Optional[dict[int, int]] = None) -> int:
+    h = -2
+    for i, b in enumerate(x):
+        R = R_table[b] if R_table is not None else Rb(b)
+        h = h**2 * (b+1) + ((K * (i+1)) ^ R)
+        h %= M
+    return h % M
+
+'''
+Returns a hashmap (python dictionary) of b -> R(b)
+for all b such that: min <= b <= max
+'''
+def calc_R_map(min: int = 0,
+               max: int = 255) -> dict[int, int]:
+    R_map = {}
+    # b from min to max (inclusive)
+    for b in range(min, max+1):
+        R_map[b] = Rb(b)
+    return R_map
+
+'''
+Same as calc_R_map() but using an array not a hashmap.
+'''
+def calc_R_array(min: int = 0,
+                 max: int = 255) -> array.array[int]:
+    R_array = array('i', [0]*(max-min))
+    # b from min to max (inclusive)
+    for b in range(min, max+1):
+        R_array[b-min] = Rb(b)
+    return R_array
--- a/bcrypt/lib/format.py
+++ b/bcrypt/lib/format.py
@ -0,0 +1,17 @@
+from typing import Any
+from bcrypt.lib.math import clamp_min
+
+'''
+Apply left padding to str(x) for parameter x: Any 
+'''
+def lpad(x: Any, n: int, pad: chr = ' ') -> str:
+    x = str(x)
+    width = clamp_min(n - len(x), 0)
+    return width * pad + x
+
+'''
+Left pad an integer's binary representation with zeros 
+'''
+def lpadbin(x: int, n: int) -> str:
+    return lpad(bin(x)[2:], n, pad='0')
+
--- a/bcrypt/lib/math.py
+++ b/bcrypt/lib/math.py
@ -0,0 +1,16 @@
+'''
+Implements numeric range clamping (idk why its not in the stdlib...)
+NOTE: the upper and lower bounds for clamping are inclusive 
+'''
+def clamp(x: int, min: int, max: int) -> int:
+    if x < min:
+        return min
+    elif x > max:
+        return max
+    return x
+
+def clamp_min(x: int, min: int) -> int:
+    return x if x > min else min
+
+def clamp_max(x: int, max: int) -> int:
+    return x if x < max else max
--- a/bcrypt/working/shifts.py
+++ b/bcrypt/working/shifts.py
@ -1,23 +0,0 @@
-from typing import Any
-
-def clamp_pos(x: int):
-    return x if x > 0 else 0
-
-def lpad(x: Any, n: int, pad: chr = ' '):
-    x = str(x)
-    return clamp_pos(n - len(x))*pad + x
-    
-def debug_R(B: int):
-    # B = int('1'*7, 2)
-    for j in range(8):
-        j_sq = j**2
-        R_j = B << j_sq
-        lpadbin_R_j = lpad(bin(R_j)[2:], 64, pad='0')
-        print(f'{lpad(j_sq, 2)}: {lpadbin_R_j} {R_j}')
-
-def main():
-    B = int(input('B: '), 2)
-    debug_R(B)
-
-if __name__ == '__main__':
-    main()
--- a/bcrypter.py
+++ b/bcrypter.py
@ -0,0 +1,12 @@
+from bcrypt.cli import repl
+
+def main():
+    repl()
+
+if __name__ == '__main__':
+    try:
+        main()
+    except KeyboardInterrupt:
+        print('\n[!] SIGINT')
+    except EOFError:
+        print('\n[!] EOF')