Merge branch 'main' into fixed

Author: st0ffregen

.github/workflows/memorais.yml

@@ -32,8 +32,7 @@ jobs:
     - name: remove docker volumes
       run: |
         cd service
-        docker compose down
-        docker volume rm -f service_mariadb_data service_mariadb service_qdrant_data service_qdrant
+        docker compose down -v
     - name: start service
       run: |
         cd service
@@ -47,7 +46,7 @@ jobs:
         echo "ENOCHECKER_TEST_SERVICE_ADDRESS=$(ip -4 address show dev eth0 | grep inet | awk '{ print $2 }' | sed 's|/.*$||')" >> $GITHUB_ENV
     - name: run enochecker_test
       run: |
-        sleep 20
+        sleep 5
         enochecker_test
     - name: Dump docker logs on failure
       if: failure()

README.md

@@ -20,6 +20,34 @@ Flags, in contrast, are random character strings with no inherent semantics. To
 
 Because a leaky endpoint exposes these embeddings, an attacker can download the embedding of any document (potentially one containing a flag), replicate the same encoding process locally, and use the resulting lookup table to recover every character of the flag.
 
+### Attack Flow Chart
+
+```mermaid
+flowchart TD
+    A["🎯 Start: Get flag hint session ID"] --> B["👤 Register new attacker user"]
+    B --> C["🔐 Login as attacker"]
+    C --> D["📥 Import shared session containing flag"]
+    D --> E["🔍 Create search query with random characters"]
+    E --> F["📊 Search collection for documents"]
+    F --> G["🔤 Build character embedding lookup table<br/>by embedding all ASCII characters"]
+    G --> H["📄 For each found document:"]
+    H --> I["📊 Extract embedding vector and norm"]
+    I --> J["🧩 Reconstruct flag character by character<br/>using nearest neighbor matching"]
+    J --> K{"🚫 Does flag end with 'FAKE'?"}
+    K -->|Yes| L["⏭️ Skip this document"]
+    K -->|No| M["✅ Unformat and return flag"]
+    L --> N{"📝 More documents?"}
+    N -->|Yes| H
+    N -->|No| O["❌ No flag found"]
+    M --> P["🏁 Success: Flag recovered"]
+    
+    style A fill:#ffcccb
+    style P fill:#90EE90
+    style O fill:#ffcccb
+    style K fill:#FFE4B5
+    style G fill:#E6E6FA
+```
+
 ## Cryptographic Handshake Bypass (All-Zero IV Vulnerability)
 This vulnerability exists in the custom MCP (Model Context Protocol) authentication handshake mechanism for personal AI-agents. The service implements a challenge-response authentication system using AES CFB8 encryption, but contains a critical flaw in its cryptographic implementation.
 
@@ -41,6 +69,34 @@ The attacker can repeatedly attempt the handshake by:
 3. Eventually succeeding in authentication due to the deterministic nature of the encryption with known inputs
 4. Once authenticated, gaining access to the MCP interface to read chat sessions and retrieve flags
 
+### Attack Flow Chart
+
+```mermaid
+flowchart TD
+    A["🎯 Start: Get user ID and session ID<br/>from attack info"] --> B["🔢 Create all-zero client challenge<br/>(8 bytes of 0x00)"]
+    B --> C["🔄 Start handshake attempts<br/>(up to 5000 tries)"]
+    C --> D["📤 Send zero-byte client challenge<br/>to server"]
+    D --> E["📥 Receive server challenge,<br/>memory key, and IV"]
+    E --> F["⚠️ IV is all-zero due to vulnerability:<br/>var iv = new byte[16]"]
+    F --> G["🔐 Attempt authentication with<br/>zero-byte client credentials"]
+    G --> H{"✅ Authentication successful?"}
+    H -->|No| I{"🔄 More attempts left?"}
+    H -->|Yes| J["🎟️ Receive JWT token"]
+    I -->|Yes| D
+    I -->|No| K["❌ Attack failed after 5000 attempts"]
+    J --> L["🤖 Connect to MCP interface<br/>using JWT token"]
+    L --> M["📖 Read messages from<br/>target chat session"]
+    M --> N["🏴 Extract flag from messages<br/>(message[1]['content'])"]
+    N --> O["✅ Unformat and return flag"]
+    O --> P["🏁 Success: Flag recovered"]
+    
+    style A fill:#ffcccb
+    style F fill:#ff6b6b
+    style P fill:#90EE90
+    style K fill:#ffcccb
+    style H fill:#FFE4B5
+    style I fill:#FFE4B5
+```
 
 # enochecker_cli
 

checker/src/checker.py

@@ -13,5 +13,10 @@
     "cd /home && find . -name flag.txt",
     "select name, password from users",
     "touch /tmp/testfile",
-    "//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++@===.[]//++++"
+    "ENOMEqxNzhil07MZANu7Gq0d9cRSB/rN9c1mEWbmaCMKUArQq5X#################################################################################################################################################################################################################################################################################################################################################################################################################################################################",
+    "@+++++++++[>++++++++>++++++>++++++++++++>+++++++++++>+++++++++>++++++++>+++++++++++++>++++++++++>+++++<<<<<<<<<-]>---.>>>>---.+.<<<++.>>>---.<<.+++++.>.>-.++++.<-.>+++++++.>>.<++++++.+.>+++.<<<<<<++.>>>>>>.++.<<<<-.<<-.>>-------.+++++.<<---.>>>>>>>.<<<.++.<<<---.>>>>.-----.>-.>.----.<<<<<+++.>>.>+++++.<<<--.>.>-.<+.>>>>>++.<<<<<++++.>-.++++.<<-.<<+++.>++.>>--.<<<--.>>>>-.>>.@PADDINGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    "@++++++++[>+++++++++>+++++++++++>+++++++++>++++++>++++++++++++++>+++++++++++>+++++++<<<<<<<-]>---.>>++++++.+.<++.++++++++++..>+++++.<<++.>-.>>>---.<<------.>>++.<-.<--.>+++++.>+++++++++.<<<<-.---.>+++++++++.>>++.<+++++.------.>>>-.<.<-----.>>-.<+.<<<------.++++++++.>>--.<<-------.>+.<++++.<++.>>>>-.-----.<<<.>>+++++.>--.<.-----.>>.<<<<<+.>>>>>---.<<<<------.>>>>>+.-.<<<<<-.<-.>-.++++++++.@PADDINGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    "@++++++++[>+++++++++>+++++++++>+++++++>++++++++++++++>+++++++>+++++++++++++++>++++++++>++++++++++++++<<<<<<<<-]>---.>++++++.+.-.+.+++++++.<++.>+.----.>-.<<--.>>>+.<<<++++++.>++.>-.>------.<<<-----.+++.>>>++.-.------.<------.>----.>.>>++++.<<<++++.<<<+.+.>---.>>>.<---.>>>.<---.>++++.+.<<.<.<<+.>>>>+++++.>------.<<<<+.>>>>>.<<<<<+.>>>>++.<<<<<+.<---.>>>>>.<<<<++++.<+++++++.>-.<+++.@PADDINGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    "@++++++++[>+++++++++>+++++++++++++>++++++++>+++++>+++++++++++++++>+++++++++>++++++>+++++++++++++<<<<<<<<-]>---.+++++++++.+.>+++.++++.<++++.>>+.<<.>>>+++.>>>>-.<<<--.<<<<++++.>>>>>>>-.<<<<<<<.>>>>>>>---.<<++.>++.+++++++.-----.>--.<.<<-.<.>>>>+++.<<---.<+++.<<<<.++.>>>>>++.<<++++.>>>>--.+.<---.<<<<<<.>>>++++++.>>---.<<++.----.<<++.<.>>>--.>++.<+++.<<-------.>>+.>>>>-.-.++.<<+.++.<<<<<----.@PADDINGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    "@+++++++++[+++++++++>++++++++++++>++++++>++++++++++>++++++++>++++++++++++>+++++>+++++++++++>+++++++++++++<<<<<<<<<-]>---.+++++++++.+.>++++.<----.>+.+++++.>----.>----.>----.<<<++++.>>>>-.<<.<<<-.--.---.>--.<++++++++.>>>>>>--.<<<++.<<----.>-.>--.---.--.<<----.>>+++++++.<<<++++.>>>>+++.>>>.>+.-.<<<--.>>>-.<<<<----.>>>>++++++.----.+++.<<<<+++++++.+++++.<<<+.>>>>>>-.>-.<<<<<-.<++++.<<.--.>>>.<<+++++.>>---.>----.@PADDINGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
 ]

checker/src/sentences.py

@@ -48,7 +48,6 @@
   "Timeless ideas remain relevant across generations.",
   "Chronology helps us understand the sequence of events.",
   "Temporal changes affect all living things.",
-  "+-<>[].,abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ+/=#@",
   "The flag of Germany is black, red, and gold.",
   "He raised the white flag in surrender.",
   "Ships fly a flag to get their nationality.",
@@ -98,5 +97,6 @@
   "The flag on the tail of the aircraft was Dutch.",
   "Flag iris bloomed early this year.",
   "The team carried the national flag onto the field.",
-  "He carved his initials into a piece of flagstone."
+  "He carved his initials into a piece of flagstone.",
+  "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
 ]

service/backend/Data/sentences.json

@@ -13,7 +13,7 @@ services:
     deploy:
       resources:
         limits:
-          cpus: '0.15'
+          cpus: '0.45'
           memory: 100M
     networks:
       - memorais_network
@@ -91,7 +91,7 @@ services:
     deploy:
       resources:
         limits:
-          cpus: '1.65'
+          cpus: '1.35'
           memory: 650M
     networks:
       - memorais_network

service/docker-compose.yml

@@ -1,37 +1,54 @@
-events { worker_connections 1024; }
+worker_processes auto;
+
+events {
+    use epoll;
+    worker_connections 2048;
+    multi_accept on;
+}
 
 http {
     include       mime.types;
     default_type  application/octet-stream;
-    sendfile        on;
-    keepalive_timeout 65;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 30;
+    types_hash_max_size 2048;
+
+    gzip on;
+    gzip_disable "msie6";
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 3;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
 
     server {
         listen 80;
         server_name localhost;
+        access_log off;
 
         location / {
             root /usr/share/nginx/html;
             index index.html;
             try_files $uri $uri/ /index.html;
+            expires 1d;
+            add_header Cache-Control "public";
         }
 
         location /api {
             proxy_pass http://backend:5000;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection keep-alive;
             proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
+            proxy_http_version 1.1;
         }
 
         location /mcp {
             proxy_pass http://backend:5000;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection keep-alive;
             proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
+            proxy_http_version 1.1;
         }
     }
 }

service/frontend/nginx.conf

@@ -21,6 +21,8 @@ function App() {
   const [showImportError, setShowImportError] = useState(false);
   const [importErrorMessage, setImportErrorMessage] = useState('');
   const [abortController, setAbortController] = useState(null);
+  const [showShareSuccess, setShowShareSuccess] = useState(false);
+  const [sharedSessionId, setSharedSessionId] = useState('');
 
   const loadSessions = async () => {
     try {
@@ -212,6 +214,8 @@ function App() {
     try {
       await shareChatSession(sessionId);
       setSharedSessions(prev => ({ ...prev, [sessionId]: true }));
+      setSharedSessionId(sessionId); // Store the ID of the shared session
+      setShowShareSuccess(true);
     } catch (e) {
       if (e.status === 401) {
         setIsAuthenticated(false);
@@ -312,6 +316,25 @@ function App() {
           </div>
         </div>
       )}
+      {showShareSuccess && (
+        <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-50">
+          <div className="bg-gray-800 p-6 rounded-lg shadow-lg w-full max-w-md">
+            <h2 className="text-lg font-bold text-white mb-4">Session Shared</h2>
+            <p className="text-white mb-4">Session with ID: {sharedSessionId} has been shared. Users can now access it by importing the session ID.</p>
+            <div className="flex justify-end">
+              <button
+                className="px-4 py-2 rounded bg-blue-600 text-white hover:bg-blue-700"
+                onClick={() => {
+                  setShowShareSuccess(false);
+                  setSharedSessionId('');
+                }}
+              >
+                OK
+              </button>
+            </div>
+          </div>
+        </div>
+      )}
     </div>
   );
 }

service/frontend/src/App.js

@@ -41,13 +41,17 @@ function Sidebar({ sessions, importedSessions, onSelect, onCreate, selectedSessi
             <div
               key={session.id}
               className={`p-4 cursor-pointer hover:bg-gray-800 ${selectedSessionId === session.id ? 'bg-gray-800 font-bold' : ''}`}
+              onClick={() => onSelect(session.id)}
             >
               <div className="flex items-center justify-between">
-                <span onClick={() => onSelect(session.id)} className="flex-1 cursor-pointer">
+                <span className="flex-1">
                   Session {session.id}
                 </span>
                 <button
-                  onClick={() => onShare(session.id)}
+                  onClick={(e) => {
+                    e.stopPropagation();
+                    onShare(session.id);
+                  }}
                   className={`ml-2 ${sharedSessions && sharedSessions[session.id] ? 'bg-gray-600 cursor-not-allowed' : 'bg-green-600 hover:bg-green-700'} text-white px-2 py-1 rounded text-xs`}
                   title="Share session - Makes this session universally available to all other users via its ID"
                   disabled={sharedSessions && sharedSessions[session.id]}