CSE 207B, Fall 2023
Homework 4: Length extension attacks

The web application located here validates API queries using a "keyed-hash" authentication token before executing the commands in the query string. To validate the token, the web server parses the full query as:

    query = token=token_string&rest_of_query_string
  
and then checks whether
    token_string == hex(MAL1(API_KEY || unquote_to_bytes(rest_of_query_string)))
  
where API_KEY is a 256-bit secret key known to the server and MAL1 is a version of SHA1 modified as in this paper.

Unfortunately for this insecure attempt at MAC construction, MAL1 is vulnerable to length extension attacks. Your task is to carry out a length extension attack that appends the string &get_file=hw4.pdf to the above API query and forges a corresponding token that will validate against the server, thus allowing you to download the rest of your homework. Your attack will necessarily need to include some binary garbage in the API string; this is fine, since the server won't notice as long as it's appropriately URL-encoded.

This is very similar to a vulnerability that Flickr had in 2009.

Please submit your code and a short description of how you solved the problem along with a PDF named hw4-solutions.pdf of your LaTeXed solutions to the other problems to Gradescope. You may discuss this assignment in small groups with classmates, but please code and write up your solutions yourself. Please credit any collaborators you discussed with and any references you used.

The Python code to run the modified MAL1 hash function used by the server is provided here. The logic of the length extension attack, however, should be implemented by you, not by copying code from the internet.

Submission requirements summary:

The autograder...