def aesRandomEncOracle(bstr_clear, bits=128):
"""
encrypt input with random key and random appended and prepended bytes
return: cipher and (for verification) encryption mode as tuple
"""
blocksize = 16
key = os.urandom(blocksize)
numbytes = random.randint(5, 10)
bytes_prepend = os.urandom(numbytes)
bytes_append = os.urandom(numbytes)
bstr_clear = misc.padPKCS7(bytes_prepend + bstr_clear + bytes_append,
blocksize)
mode_switch = random.randint(1, 2)
mode = ""
if mode_switch == 1:
mode = 'ecb'
else:
mode = 'cbc'
cipher = b''
if mode_switch == 1:
cipher = aes.aesEncrypt(bstr_clear, key, 128, mode=mode, bstr_IV=None)
else:
IV = os.urandom(blocksize)
cipher = aes.aesEncrypt(bstr_clear, key, 128, mode=mode, bstr_IV=IV)
return (cipher, mode)
def _ecbAppendedClearEncrypt(self, bstr_input, bstr_append, key, bits=128):
"""
give clear input and append unkown clear string (to be cracked) before encrypting
"""
blocksize = 16
bstr_clear = padPKCS7(bstr_input + bstr_append, blocksize)
return aes.aesEncrypt(bstr_clear, key, 128, mode='ecb', bstr_IV=None)
def _cbcAppendMakeSecret(bstr_chosen):
blocksize = 16
#bstr_urlencoded_chosen = bytes(urllib.parse.quote_plus(bstr_chosen), 'ascii')
bstr_urlencoded_chosen = bstr_chosen
bstr_clear = misc.padPKCS7(
bstr_prefix + bstr_urlencoded_chosen + bstr_suffix, blocksize)
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='cbc',
bstr_IV=bstr_IV)
def testAESEnryptECB(self):
#key = bytes.fromhex('2b7e151628aed2a6abf7158809cf4f3c')
#data = bytes.fromhex('3243f6a8885a308d313198a2e0370734')
#cipher_expected = b'9%\x84\x1d\x02\xdc\t\xfb\xdc\x11\x85\x97\x19j\x0b2'
#cipher = aes.aesEncrypt(data, key, 128)
#self.assertEqual(cipher, cipher_expected)
key = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
data = bytes.fromhex('00112233445566778899aabbccddeeff')
cipher_expected = bytes.fromhex('69c4e0d86a7b0430d8cdb78070b4c55a')
cipher = aes.aesEncrypt(data, key, 128)
self.assertEqual(cipher, cipher_expected)
def testAESEnryptCBC(self):
#key = bytes.fromhex('2b7e151628aed2a6abf7158809cf4f3c')
#data = bytes.fromhex('3243f6a8885a308d313198a2e0370734')
#cipher_expected = b'9%\x84\x1d\x02\xdc\t\xfb\xdc\x11\x85\x97\x19j\x0b2'
#cipher = aes.aesEncrypt(data, key, 128)
#self.assertEqual(cipher, cipher_expected)
key = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
data = bytes.fromhex('00112233445566778899aabbccddeeff')
cipher_expected = b'|\x99\xf4+n\xe5\x030\x9cl\x1ag\xe9z\xc2B'
IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'
cipher = aes.aesEncrypt(data, key, 128, mode='cbc', bstr_IV=IV)
self.assertEqual(cipher, cipher_expected)
def _ecbAppendMakeSecret(bstr_chosen):
"""
give clear input and append unkown clear string (to be cracked) and prepend
random number of random bytes to input before encrypting
"""
blocksize = 16
bstr_prefix = os.urandom(random.randint(5, 38))
bstr_clear = misc.padPKCS7(bstr_prefix + bstr_chosen + to_crack,
blocksize)
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='ecb',
bstr_IV=None)
def _ecbAppendMakeSecret(bstr_chosen):
"""
give clear input and append unkown clear string (to be cracked) before encrypting
"""
blocksize = 16
bstr_clear = misc.padPKCS7(bstr_chosen + to_crack, blocksize)
# print(bstr_clear)
# print(chr(bstr_clear[15]))
#print(chr(aes.aesEncrypt(bstr_clear, bstr_key, 128, mode='ecb', bstr_IV=None)[15]))
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='ecb',
bstr_IV=None)
import numpy as np
from crypto_algos import aes
np.set_printoptions(formatter={'int': hex})
#cipher = aesEncrypt(bytes("ABCDEFGHIJKLMNOP", "ascii"), b'YELLOW SUBMARINE', 128)
#aesMixColumns(b'\x2b\x28\xab\x09\x7e\xae\xf7\xcf\x15\xd2\x15\x4f\x16\xa6\x88\x3c')
# 328831e0435a3137f6309807a88da234
# 2b28ab097eaef7cf15d2154f16a6883c
#cipher = aesEncrypt(b'\x32\x88\x31\xe0\x43\x5a\x31\x37\xf6\x30\x98\x07\xa8\x8d\xa2\x34', b'\x2b\x28\xab\x09\x7e\xae\xf7\xcf\x15\xd2\x15\x4f\x16\xa6\x88\x3c', 128)
#k = bytes.fromhex('2b7e151628aed2a6abf7158809cf4f3c')
#d = bytes.fromhex('3243f6a8885a308d313198a2e0370734')
#cipher = aesEncrypt(d, k, 128)
k = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
d = bytes.fromhex('00112233445566778899aabbccddeeff')
IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'
cipher = aes.aesEncrypt(d, k, 128)
print(cipher)
cipher = aes.aesEncrypt(d, k, 128, mode='cbc', bstr_IV=IV)
print(cipher)
k = b'YELLOW SUBMARINE'
f = open("7.txt", "rb")
cipher = f.read()
f.close()
clear = aes.aesDecrypt(cipher, k, 128)
print(clear)
def _encryptProfile(urlenc_profile, bstr_key): bstr_urlenc_profile = urlenc_profile return aes.aesEncrypt(bstr_urlenc_profile, bstr_key, 128, mode='ecb')
#!/usr/bin/python3
from crypto_algos import aes
from crypto_algos.challenge_specific import hasValidPKCS7, makeCBCPaddingOracle
from crypto_algos.attack.blockcipher import cbc
from crypto_algos.misc import padPKCS7
import random, base64, os
key = os.urandom(16)
IV = os.urandom(16)
f = open('17-strings.txt', 'r')
b64strings = f.read().split('\n')
choose_str_index = random.randint(0, len(b64strings) - 1)
secret = base64.b64decode(b64strings[choose_str_index])
secret_padded = padPKCS7(secret, 16)
for s in b64strings:
print(base64.b64decode(s))
cipher = aes.aesEncrypt(secret_padded, key, 128, mode='cbc', bstr_IV=IV)
# ^ is this: b'\x8c\x02g\xea\xa2\xd5\xf5\x0e/\xf6B\x0b\xc6/hr\xc7|yTZR\xed)\xa4UU6\x19\x9a\xaa\xa8'
#aes.aesDecrypt(cipher, key, 128, mode='cbc', bstr_IV=IV)
cbcPaddingOracle = makeCBCPaddingOracle(key, IV)
clear = cbc.paddingOracleAttack(cipher, 16, cbcPaddingOracle, IV=IV)
print(clear)