def padding_oracle(iv, data):
dec = AES_CBC_decrypt(data, oracle_key, iv)
try:
unpad(dec)
return True
except:
return False
def retrieve(username, hashed_pwd):
# to keep check of status
flag = 0
# finding the account
for check in config['DATA'].keys():
search = re.search('\\b' + username + '\\b', check)
if search:
pyperclip.copy(
unpad(bytes.decode(decrypt(config['DATA'][check],
hashed_pwd))))
print('Password for ' + check + ' copied to clipboard.')
flag = 1
# If account not found
if flag == 0:
print("Account not found!")
count = 0
for find in config['DATA'].keys():
search = re.search(username, find)
if search:
if count == 0:
print("Did you mean?")
print("=> " + find)
count = count + 1
def padding_attack(padding_oracle, iv, ciphertext):
ret = ''
prev = iv
for i in range(0, len(ciphertext), 16):
cracked = crack_block(padding_oracle, prev, ciphertext[i:i + 16])
ret += cracked
prev = ciphertext[i:i + 16]
return unpad(ret)
def main():
filename = os.path.dirname(os.path.abspath(inspect.stack()[0][1]))
config.read(filename + '/data.ini')
if int(config['SETUP']['first_time']) == 1:
setup.setup()
exit()
# authenticating the user
hashed_pwd = hashed_pass(getpass.getpass(prompt='Password for script: '))
if unpad(bytes.decode(decrypt(config['SETUP']['check'],
hashed_pwd))) == "dictionary_check":
# if less than one argument
if len(sys.argv) <= 1:
sys.argv.append('--help')
# Main script
parser = argparse.ArgumentParser(
description='A Command line password manager')
parser.set_defaults(func=lambda x: parser.print_usage())
parser.add_argument(
'-a',
'--add',
nargs='?',
action='store',
help=
'Add a new account. Just provide the unique account-name along with it'
)
parser.add_argument(
'-g',
'--get',
nargs='?',
action='store',
help=
'Copies the password of username passed as argument to your clipboard'
)
parser.add_argument('-l',
'--list',
nargs='?',
default='all',
const='all',
help='List usernames of accounts already added')
args = parser.parse_args()
# calling functions
if args.add:
add_user(args.add, hashed_pwd)
elif args.get:
retrieve(args.get, hashed_pwd)
elif args.list:
list_all()
else:
print("Wrong password!!")
def decryption_oracle(ct, IV):
global key
try:
pt = common.aes_cbc_decrypt(ct, key, IV)
unpadpt = common.unpad(common.aes_cbc_decrypt(ct, key, IV), 16)
except common.InvalidPaddingError as e:
return False
# print hex(ord(pt[-1]))
return True
def decryption_oracle(ct, IV):
global key
try:
pt = common.aes_cbc_decrypt(ct, key, IV)
unpadpt = common.unpad(common.aes_cbc_decrypt(ct, key, IV), 16)
except common.InvalidPaddingError as e:
return False
# print hex(ord(pt[-1]))
return True
def main():
print common.unpad("ICE ICE BABY\x04\x04\x04\x04", 16)
try:
print common.unpad("ICE ICE BABY\x05\x05\x05\x05", 16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
try:
print common.unpad("ICE ICE BABY\x01\x02\x03\x04", 16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
try:
print common.unpad("ICE ICE BABY\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10", 16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
def main():
print common.unpad("ICE ICE BABY\x04\x04\x04\x04", 16)
try:
print common.unpad("ICE ICE BABY\x05\x05\x05\x05", 16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
try:
print common.unpad("ICE ICE BABY\x01\x02\x03\x04", 16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
try:
print common.unpad(
"ICE ICE BABY\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10",
16)
except common.InvalidPaddingError as e:
print "invalid padding %s" % (e.msg)
def user_profile(enc):
from common import AES_ECB_decrypt, unpad
return parse(unpad(AES_ECB_decrypt(enc, oracle_key)))
data = "{\"flag\": \"^FLAG^871316352eb20f698291dc4d4c5678240c03f8b22d4e98114b04a32da6bed1bf$FLAG$\", \"id\": \"2\", \"key\": \"sbioNf5FsbHI8568PkXC2w~~\"}"
extradata = binascii.unhexlify('0a0a0a0a0a0a0a0a0a0a')
lastblock = binascii.unhexlify('00000000000000000000000000000001')
#static_key = base64.b64decode('sbioNf5FsbHI8568PkXC2w==')
iv = bytes([0] * 15 + [1])
static_key = bytes([0] * 16)
bl = (int(len(data) / 16) + 1) * 16
blocks = bytes(data.encode('utf8')) + extradata
lblocks = list(blocks)
print(len(lastblock))
import common
print('sin padding')
print(binascii.hexlify(common.unpad(blocks)))
cipher = AES.new(static_key, AES.MODE_CBC, iv)
cripted = cipher.encrypt(blocks)
print(binascii.hexlify(cripted))
with open('hash.bin', 'rb') as f:
hash_ = f.read()
print(binascii.hexlify(hash_))
"""
print(lblocks[96])
print(chr(lblocks[96]))
lcripted = list(cripted)
from common import unpad
try:
unpad("ICE ICE BABY\x04\x04\x04\x04")
print "[+] Unpadded correctly"
except:
print "[-] Should not have thrown exception."
try:
unpad("ICE ICE BABY\x05\x05\x05\x05")
print "[-] Should have thrown exception"
except:
print "[+] Threw exception properly"
try:
unpad("ICE ICE BABY\x01\x02\x03\x04")
print "[-] Should have thrown exception"
except:
print "[+] Threw exception properly"