CSE 291E, Fall 2020
Homework 4: Length extension attacks

The web application located here validates API queries using a "keyed-hash" authentication token before executing the commands in the query string. To validate the token, the web server parses the full query as:

    query = token=token_string&rest_of_query_string
and then checks whether
    token_string == hex(SHA256(API_KEY || unquote_to_bytes(rest_of_query_string)))
where API_KEY is a 256-bit secret key known to the server.

Unfortunately for this insecure attempt at MAC construction, SHA256 is vulnerable to length extension attacks. Your task is to carry out a length extension attack that appends the string &get_file=hw4.pdf to the above API query and forges a corresponding token that will validate against the server, thus allowing you to download the rest of your homework. Your attack will necessarily need to include some binary garbage in the API string; this is fine, since the server won't notice as long as it's appropriately URL-encoded.

This is very similar to a vulnerability that Flickr had in 2009.

Please write your program in Python 3. Your program should take in a URL as a command-line argument which it can assume has a query string of the form token=...&rest_of_query_string, and print out a URL with a forged token that has &get_file=hw4.pdf appended to the query string. Gradescope will expect your script to be named hw4-sol.py.

The point of this assignment isn't really to put you through implementing SHA256 yourself, so feel free to find an appropriately-licensed open source SHA256 implementation and repurpose it for your needs (with appropriate acknowledgements, of course). I do expect you to implement the logic of the length extension attack yourself.

Please submit your code and a short description of how you solved the problem along with a PDF named hw4-solutions.pdf of your LaTeXed solutions to the other problems to Gradescope before class on Wednesday, April 29. You may discuss this assignment in small groups with classmates, but please code and write up your solutions yourself. Please credit any collaborators you discussed with and any references you used.