def main():
key = ch11.rand_bytes(16)
plaintext = ('x' * 16) + '!admin.true!'
enc = bytearray(enc_userdata(plaintext))
enc[32] ^= 26 # '!' ^ 26 = ';'
enc[38] ^= 19 # '.' ^ 19 = '='
enc[43] ^= 26 # '!' ^ 26 = ';'
dec = dec_userdata(bytes(enc))
print(dec)
print( is_admin(dec) )
def enc_oracle(plaintext):
global key
if key is None:
key = ch11.rand_bytes(16)
cipher = AES.new(key, AES.MODE_ECB)
plaintext += binascii.a2b_base64(postfix)
#plaintext = ch11.rand_padding(plaintext)
plaintext = ch9.pad_PCKS7(plaintext, 16)
return cipher.encrypt(plaintext)
def enc_oracle(plaintext):
global key
if key is None:
key = ch11.rand_bytes(16)
cipher = AES.new(key, AES.MODE_ECB)
plaintext += binascii.a2b_base64(postfix)
#plaintext = ch11.rand_padding(plaintext)
plaintext = ch9.pad_PCKS7(plaintext, 16)
return cipher.encrypt(plaintext)
def main():
key = ch11.rand_bytes(16)
email1 = '*****@*****.**' # Want this to be 13 characters
email2 = 'adminadminadmindf' + ('\x0b' * 11) # Want admin string to start after 10 characters
profile1 = profile_for(email1)
profile2 = profile_for(email2)
enc1 = profile_encrypt(profile1, key)
enc2 = profile_encrypt(profile2, key)
dec1 = profile_decrypt(enc1, key)
dec2 = profile_decrypt(enc2, key)
print( dec1[0:32] + dec2[16:32] )
print( profile_decrypt(enc1[0:32] + enc2[16:32], key) )
from Crypto.Cipher import AES
import ch9
import ch10
import ch11
key = ch11.rand_bytes(16)
IV = ch11.rand_bytes(16)
def enc_userdata(s):
global key
global IV
prefix = "comment1=cooking%20MCs;userdata="
suffix = ";comment2=%20like%20a%20pound%20of%20bacon"
cipher = ch10.CBC(AES.new(key, AES.MODE_ECB), IV)
s = s.replace(';', '%3B').replace('=', '%3D')
s = (prefix + s + suffix).encode('utf-8')
s = ch9.pad_PCKS7(s, 16)
return cipher.encrypt(s)
def dec_userdata(ciphertext):
cipher = ch10.CBC(AES.new(key, AES.MODE_ECB), IV)
plaintext = cipher.decrypt(ciphertext)
return plaintext
def is_admin(userdata):
if userdata.find(b';admin=true;') != -1:
def gen_prefix(num):
print("GENERATING PREFIX OF LENGTH {}".format(num))
return ch11.rand_bytes(num)
def gen_key(blk_sz):
print("GENERATING KEY")
return ch11.rand_bytes(blk_sz)
import ch15
strings = [
b'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
b'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=',
b'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
b'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
b'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
b'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
b'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
b'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
b'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
b'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'
]
key = ch11.rand_bytes(16)
iv = ch11.rand_bytes(16)
def enc_oracle():
global key
global iv
cipher = ch10.CBC(AES.new(key, AES.MODE_ECB), iv)
plaintext = binascii.a2b_base64( random.choice(strings) )
padded = ch9.pad_PCKS7(plaintext, 16)
return cipher.encrypt(padded)
def decrypt_check_pad(ciphertext):
global key
def gen_prefix(num):
print("GENERATING PREFIX OF LENGTH {}".format(num))
return ch11.rand_bytes(num)
def gen_key(blk_sz):
print("GENERATING KEY")
return ch11.rand_bytes(blk_sz)