def CBCDecryptor(key, ciphertext): byte_key = key.decode('hex') cipher = AES.new(key=byte_key) byte_ct = ciphertext.decode('hex') split_ct = split_by_length(byte_ct, 16) iv = split_ct[0] result = [] for index, block_ct in enumerate(split_ct[1:]): if index == 0: block_pt = strxor(cipher.decrypt(block_ct), iv) else: block_pt = strxor(cipher.decrypt(block_ct), split_ct[index]) result.append(block_pt) return ''.join(result)
def CTRDecryptor(key, ciphertext): byte_key = key.decode('hex') cipher = AES.new(key=byte_key) byte_ct = ciphertext.decode('hex') split_ct = split_by_length(byte_ct, 16) iv = split_ct[0] result = [] for index, block_ct in enumerate(split_ct[1:]): block_iv = copy.deepcopy(iv) split_block_iv = split_by_length(block_iv, 1) split_block_iv[-1] = chr(ord(split_block_iv[-1]) + index) block_iv = ''.join(split_block_iv) block_pt = strxor(cipher.encrypt(block_iv), block_ct) result.append(block_pt) return ''.join(result)
return True # good padding return False # bad padding decoded_CT = CT.decode('hex') split_CT = split_by_length(decoded_CT, 16) byte_num = len(split_CT) split_MSG = [[]] * byte_num po = PaddingOracle() for i in range(1, byte_num): IV = split_CT[i - 1] part_MSG = [''] * 16 for j in range(1, 17): print j for k in range(256): if i == 3 and k == 1: continue print k trial = strxor(chr(k) + ''.join(part_MSG[-j:]), chr(j) * j) trial_CT = IV[:-j] + strxor(IV[-j:], trial) + split_CT[i] trial_CT = trial_CT.encode('hex') # print trial_CT if po.query(trial_CT): # Issue HTTP query with the given argument part_MSG[-j] = chr(k) print j, k, chr(k) break else: continue split_MSG[i] = part_MSG print ''.join([''.join(s) for s in split_MSG])
def xor_ith_ct_with_other_cts(i, cts): result = [] for index, ct in enumerate(cts): if index != i: result.append((index, strxor(cts[i], ct))) return result
def encrypt(key, msg): c = strxor(key, msg) print print c.encode('hex') return c
ct_analysis = xor_ith_ct_with_other_cts(ct_index, decoded_cts) ct_analysis.append(('key', ct)) min_length = min([len(x[1]) for x in ct_analysis]) for i in range(min_length): ith_char = [(x[0], x[1][i]) for x in ct_analysis] letter_count = \ [m[1] in string.ascii_letters for m in ith_char].count(True) if letter_count >= 5: print 'Good Start!' if len(set([m[1] for m in ith_char])) <= 1: print 'Ooops!!' else: MSGS[ct_index][i] = ' ' for j, char in ith_char: if j == 'key': s_key[i] = strxor(char, ' ') else: MSGS[j][i] = strxor(char, ' ') # Part 2: auto trial and tribulation max_ct_length = max([len(x) for x in decoded_cts]) for i in range(max_ct_length): for msg_index, msg in enumerate(MSGS): print "FULL MSG {}: {}".format(msg_index, ''.join(msg)) max_key = '' max_key_count = 0 result = [] # Running trial