def c19(filename):
"""
This program reads 40 strings and encrypts them under AES - CTR
Then it attempts to crack the CTR mode without knowing the key
using the fact that the nonce is repeated
"""
with open(filename, "r") as file:
lines = file.readlines()
ciphers = []
key = Random.get_random_bytes(16)
nonce = 0xdeadbeef
for line in lines:
plaintext = base.base64_to_hex(line.strip("\n")).decode('hex')
ciphers.append(base.aes_ctr_encrypt(plaintext, key, nonce, 16))
# get tbe minimum length cipher
min_len = 10000000
for cipher in ciphers:
cur_len = len(cipher)
if min_len > cur_len:
min_len = cur_len
# brute force each byte, column-wise, since each column entry
# is encrypted with the same byte of the keystream as it is
# repeated.
key_bytes = [0x0] * min_len
idx = 0
for i in range(min_len):
for brute in range(256):
deciphered = [ord(cipher[i]) ^ brute for cipher in ciphers]
if base.is_all_ascii(deciphered):
key_bytes[idx] = brute
idx += 1
break
# expand key now, start from 11th byte of key
key_bytes = base.expand_ctr_key(ciphers[-12], key_bytes, 've', 10)
key_bytes = base.expand_ctr_key(ciphers[-4], key_bytes, 'l', 12)
key_bytes = base.expand_ctr_key(ciphers[3], key_bytes, 'ntury', 13)
key_bytes = base.expand_ctr_key(ciphers[20], key_bytes, 'eet', 18)
key_bytes = base.expand_ctr_key(ciphers[21], key_bytes, 'ful', 21)
key_bytes = base.expand_ctr_key(ciphers[19], key_bytes, 'ill', 24)
key_bytes = base.expand_ctr_key(ciphers[-7], key_bytes, 'rt', 27)
key_bytes = base.expand_ctr_key(ciphers[-11], key_bytes, 'ht', 29)
key_bytes = base.expand_ctr_key(ciphers[-15], key_bytes, 'd', 31)
key_bytes = base.expand_ctr_key(ciphers[-13], key_bytes, 'd', 32)
key_bytes = base.expand_ctr_key(ciphers[4], key_bytes, 'ead', 33)
key_bytes = base.expand_ctr_key(ciphers[-3], key_bytes, 'n', 36)
# decipher all ciphertexts now with the guessed key
plaintexts = []
for cipher in ciphers:
pbytes = base.equal_size_xor(bytearray(cipher), key_bytes)
plaintexts.append(''.join([chr(byte) for byte in pbytes]))
print '\n'.join(plaintexts)
def c10(filename):
f = open(filename,"r")
data = f.readlines()
f.close()
pad = "\x04"
decoded_data = base.base64_to_hex(''.join(data).strip()).decode('hex')
block_size = 16
key = "YELLOW SUBMARINE"
iv = ''.join(["\x00" for i in range(block_size)])
blocks = [str(decoded_data[i*block_size : (i+1)*block_size]) for i in range(int(len(decoded_data)/block_size))]
op = []
size = len(blocks)
for i in range(size):
pt = base.AES_ECB_decrypt(blocks[i],key)
res = base.equal_size_xor(bytearray(pt),bytearray(iv))
res = base.bytearray_to_ASCII(res)
op.append(res)
iv = blocks[i]
plaintext = base.pkcs7_unpad(''.join(op))
print plaintext
def c20(filename):
"""
This program reads 40 strings and encrypts them under AES - CTR
Then it attempts to crack the CTR mode without knowing the key
using the fact that the nonce is repeated
"""
with open(filename, "r") as file:
lines = file.readlines()
ciphers = []
key = Random.get_random_bytes(16)
nonce = 0xdeadbeef
for line in lines:
plaintext = base.base64_to_hex(line.strip("\n")).decode('hex')
#print plaintext
ciphers.append(base.aes_ctr_encrypt(plaintext, key, nonce, 16))
# get tbe minimum length cipher
min_len = 10000000
for cipher in ciphers:
cur_len = len(cipher)
if min_len > cur_len:
min_len = cur_len
# brute force each byte, column-wise, since each column entry
# is encrypted with the same byte of the keystream as it is
# repeated.
key_bytes = [0x0] * min_len
idx = 0
for i in range(min_len):
for brute in range(256):
deciphered = [ord(cipher[i]) ^ brute for cipher in ciphers]
if base.is_all_ascii_expanded(deciphered):
#print ''.join([chr(byte) for byte in deciphered])
key_bytes[idx] = brute
idx += 1
break
# expand key now, start from 11th byte of key
key_bytes = base.expand_ctr_key(ciphers[8], key_bytes, 'irteenth', 13)
key_bytes = base.expand_ctr_key(ciphers[4], key_bytes, 'e', 21)
key_bytes = base.expand_ctr_key(ciphers[-9], key_bytes, 'rite', 22)
key_bytes = base.expand_ctr_key(ciphers[-4], key_bytes, 'ing', 26)
key_bytes = base.expand_ctr_key(ciphers[-8], key_bytes, 'out', 29)
key_bytes = base.expand_ctr_key(ciphers[-26], key_bytes, 'and', 32)
key_bytes = base.expand_ctr_key(ciphers[-17], key_bytes, 'ey', 35)
key_bytes = base.expand_ctr_key(ciphers[-16], key_bytes, 'ence', 37)
key_bytes = base.expand_ctr_key(ciphers[25], key_bytes, 'n', 41)
key_bytes = base.expand_ctr_key(ciphers[29], key_bytes, 're', 42)
key_bytes = base.expand_ctr_key(ciphers[-17], key_bytes, 'nt', 44)
key_bytes = base.expand_ctr_key(ciphers[-11], key_bytes, 'n', 46)
key_bytes = base.expand_ctr_key(ciphers[-24], key_bytes, 'dge', 47)
key_bytes = base.expand_ctr_key(ciphers[5], key_bytes, 'ypse', 50)
key_bytes = base.expand_ctr_key(ciphers[-23], key_bytes, 'y', 54)
key_bytes = base.expand_ctr_key(ciphers[-18], key_bytes, 't', 55)
key_bytes = base.expand_ctr_key(ciphers[16], key_bytes, 'ime', 56)
key_bytes = base.expand_ctr_key(ciphers[-2], key_bytes, 'kin', 59)
key_bytes = base.expand_ctr_key(ciphers[22], key_bytes, 'ate', 62)
key_bytes = base.expand_ctr_key(ciphers[6], key_bytes, 'lty', 65)
key_bytes = base.expand_ctr_key(ciphers[16], key_bytes, 'ght', 68)
key_bytes = base.expand_ctr_key(ciphers[22], key_bytes, 'ate', 71)
key_bytes = base.expand_ctr_key(ciphers[7], key_bytes, 'ssion', 74)
key_bytes = base.expand_ctr_key(ciphers[-17], key_bytes, 'n', 79)
key_bytes = base.expand_ctr_key(ciphers[8], key_bytes, 't', 80)
key_bytes = base.expand_ctr_key(ciphers[5], key_bytes, 'e', 81)
key_bytes = base.expand_ctr_key(ciphers[-28], key_bytes, 'lance', 82)
key_bytes = base.expand_ctr_key(ciphers[4], key_bytes, 'row', 87)
key_bytes = base.expand_ctr_key(ciphers[17], key_bytes, 'ble', 90)
key_bytes = base.expand_ctr_key(ciphers[11], key_bytes, 'st', 93)
key_bytes = base.expand_ctr_key(ciphers[-26], key_bytes, 'on', 95)
key_bytes = base.expand_ctr_key(ciphers[26], key_bytes, 'rve', 97)
key_bytes = base.expand_ctr_key(ciphers[-19], key_bytes, 'ull', 100)
key_bytes = base.expand_ctr_key(ciphers[21], key_bytes, 'ace', 103)
key_bytes = base.expand_ctr_key(ciphers[26], key_bytes, 'hole', 106)
# decipher all ciphertexts now with the guessed key
plaintexts = []
for cipher in ciphers:
pbytes = base.equal_size_xor(bytearray(cipher), key_bytes)
plaintexts.append(''.join([chr(byte) for byte in pbytes]))
print '\n'.join(plaintexts)