def main(argv):
ciphertext = argv[1].decode("hex")
desired_plaintext = argv[2]
cipher_bytes = map(ord, ciphertext)
cipher_mod = cipher_bytes[0:16] + [
random.randint(0x80, 0xff) for i in xrange(16)
] + cipher_bytes[32:48]
decr_out = []
for n_pad in xrange(1, 17):
for bval in xrange(0, 256):
cipher_mod[32 - n_pad] = bval
if vulnerable.decr(''.join(map(chr, cipher_mod))) == "SUCCESS":
decr_out.insert(0, bval ^ n_pad)
cipher_mod[32 - n_pad:32] = [
x ^ y for (x, y) in zip(decr_out, [n_pad + 1] * n_pad)
]
break
desired_bytes = map(ord, desired_plaintext)
cipher_bytes[32 - len(desired_bytes) - 1:31] = [
x ^ y
for (x,
y) in zip(decr_out[16 - len(desired_bytes) - 1:15], desired_bytes)
]
cipher_bytes[31] = decr_out[15] ^ 0x01
with open('cipher.txt', 'w') as f:
f.write(''.join(map(chr, cipher_bytes)))
def Main():
#valid = False
T = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
c = list(C)
DP = list(dp)
DP.append(chr(1))
lenDP = len(DP)
for i in range(0, lenDP):
original = c[31 - i]
array = []
index = -1
for j in range(0, 256):
c[31 - i] = chr(j)
if vulnerable.decr(''.join(c)) == "SUCCESS":
array.append(j)
for j in range(0, len(array)):
if array[j] != ord(original):
index = array[j]
#print index
break
if index == -1:
index = ord(original)
c[31 - i] = chr(index)
T[15 - i] = chr(ord(c[31 - i]) ^ (i + 1))
if i != lenDP - 1:
for j in range(0, i + 1):
c[31 - j] = chr(ord(T[15 - j]) ^ (i + 2))
for i in range(0, lenDP):
c[31 - i] = chr(ord(T[15 - i]) ^ ord(DP[lenDP - i - 1]))
#out = ''.join(c)
#f = open("cipher.txt", "w")
#f.write(out)
#f.close()
sys.stdout.write(''.join(c))
def findCipher(padded_DP):
T = [0] * 16
ciphertext = list(original_ciphertext)
cipher_to_return = list(original_ciphertext)
padding_length = 1
cipher_index = 31
for j in range(0, len(padded_DP)
): # for each character of the 2. ciphertext block C[16:31]
success_array = []
cipher_index = 31 - j
for i in range(0, 256): # try all possible hex values 0-255
ciphertext[cipher_index] = chr(i)
if vulnerable.decr(''.join(ciphertext)) == "SUCCESS":
success_array.append(chr(i))
if len(success_array) == 2:
break
if len(success_array) == 2:
for m in range(2):
if success_array[m] != original_ciphertext[cipher_index]:
T[15 - j] = ord(
success_array[m]
) ^ padding_length # T[15] = i xor 0x1, T[14] = i xor 0x2, ...
padding_length += 1
for k in range(
0, j + 1
): # update ciphertext values: C[31] = T[15] xor 0x2, ...
ciphertext[31 - k] = chr(T[15 - k] ^ padding_length)
elif len(success_array) == 1:
T[15 - j] = ord(
success_array[0]
) ^ padding_length # T[15] = i xor 0x1, T[14] = i xor 0x2, ...
padding_length += 1
for k in range(
0, j +
1): # update ciphertext values: C[31] = T[15] xor 0x2, ...
ciphertext[31 - k] = chr(T[15 - k] ^ padding_length)
for i in range(0, len(padded_DP)):
cipher_to_return[31 -
i] = chr(T[15 - i]
^ ord(padded_DP[len(padded_DP) - 1 - i]))
return ''.join(cipher_to_return)
def calculateTBlock(ct):
t_block = bytearray([0xff] * 16)
ct_array = bytearray(ct)
for t_index in range(16):
c_index = 31 - t_index
for i in range(256):
test_block = createTestBlock(t_block, t_index, i)
fake_ct = str(ct[:16] + test_block + ct[32:])
if "SUCCESS" == vulnerable.decr(fake_ct) and i != ct[c_index]:
t_block[15 - t_index] = i
break
return t_block
def main():
print(sys.argv)
print(v.encr(sys.argv[1]))
ciphertext = sys.argv[1]
desPlain = sys.argv[2]
print(ciphertext)
print(desPlain)
state = 1
i = 0
val = 31
print(ciphertext[:31] + chr(i))
while (val > 15):
while (i < 255):
if (v.decr(ciphertext[:31] + chr(i)) == "SUCCESS"
and ciphertext[val] != chr(i)):
state = ord(i)
i = i + 1
val = val - 1
print(state)
def main():
#ciphertext = v.encr(sys.argv[1])
#print(sys.argv)
ciphertext = sys.argv[1]
desPlain = sys.argv[2]
#print(ciphertext)
#print(desPlain)
T = [''] * 16
i = 0
val = 31
k = 15
#print(ciphertext[0:31]+chr(i))
xorVal = 1
state = 0
newfor = 15
newXor = 2
newVal = 31
whileval = len(desPlain) + 0
lastCipher = sys.argv[1]
while (val > 15):
#print(val)
i = 0
if (state):
# newXor = 2
newfor = 15
newVal = 31
for x in range(0, 31 - val):
new = list(ciphertext)
new[newVal] = chr(T[newfor] ^ newXor)
ciphertext = ''.join(new)
newfor = newfor - 1
newVal = newVal - 1
#ciphertext[val+1] = chr( T[k+1] ^ xorVal)
newXor = newXor + 1
temp = ciphertext[val]
while (i < 256):
new = list(ciphertext)
new[val] = chr(i)
ciphertext = ''.join(new)
#print(ciphertext[0:32])
#print(''.join(new))
if (v.decr(ciphertext) == "SUCCESS" and ord(temp) != i):
# print(xorVal)
# print(k)
# print(temp)
T[k] = ord(chr(i)) ^ xorVal
xorVal = xorVal + 1
k = k - 1
state = 1
break
elif (i == 255):
T[k] = ord(temp) ^ xorVal
#sys.stderr.write(str(ord(temp))+"\n")
xorVal = xorVal + 1
k = k - 1
state = 1
i = i + 1
val = val - 1
i = 0
retCipher = ciphertext[0:32]
desPlain = desPlain + chr(1)
lastVal = len(desPlain)
ind = 32 - len(desPlain)
tind = 0
while (lastVal > 0):
new = list(ciphertext)
new[ind] = chr(T[16 - lastVal] ^ ord(desPlain[tind]))
ciphertext = ''.join(new)
tind = tind + 1
ind = ind + 1
lastVal = lastVal - 1
#chiphertext=ciphertext[32-len(desPlain):32]^T[16-len(desPlain):16]
#sys.stderr.write(str(T))
result = lastCipher[0:32 - len(desPlain)] + ciphertext[
32 - len(desPlain):32] + lastCipher[32:]
sys.stdout.write(result)
f = open('cipher.txt', 'w')
print >> f, result
#print("0000000000000000")
return result
T = "*" * 16
for pad_len, i in enumerate(reversed(range(DP_start_index, 16))):
# update T[i]
pad_len += 1
old_byte = C2[i]
l_new_byte = []
temp_C2 = C2
for j in range(i + 1, 16):
temp_C2 = modify_string(temp_C2, j, chr(ord(T[j]) ^ pad_len))
for byte in possible_bytes:
if vulnerable.decr(C1 + modify_string(temp_C2, i, byte) +
C3) == "SUCCESS":
l_new_byte.append(byte)
if len(l_new_byte) == 1:
new_byte = l_new_byte[0]
elif l_new_byte[0] == old_byte:
new_byte = l_new_byte[1]
else:
new_byte = l_new_byte[0]
new_byte = chr(ord(new_byte) ^ pad_len)
T = modify_string(T, i, new_byte)
DP = "*" * (16 - DP_len) + DP
for i in range(DP_start_index, 16):