def test_aes_cbc_encrypt():
""" Set 2, Challenge 10 """
aes_cbc = AESOracle(mode=AesMode.CBC, key='1122334455667788', prepend='', append='')
iv = '112233445566778899aabbccddeeff00'.decode('hex')
assert (aes_cbc.encrypt('0102030405060708', iv)
== ('\xda\x84\xe4\xf7>{\xbb\x83\xa5\x8d\x04\x05Iv\xaa9\xa1X\xdeyu\xa8P\xc4\xcfnoui\xc4\xbb\xfe', iv))
def test_break_encrypted():
""" Set 2, Challenge 13 """
key = os.urandom(16)
aes_ecb = AESOracle(key=key, mode=AesMode.ECB, prepend='', append='', encode_fn=profile_for, decode_fn=key_value_parser)
# Make sure our test setup is working
assert aes_ecb.decrypt(aes_ecb.encrypt('*****@*****.**')) == {'email': '*****@*****.**', 'uid': '10', 'role': 'user'}
# Run the real test
assert aes_ecb.decrypt(set2.break_encrypted_profile(aes_ecb.encrypt)) == {'email': '*****@*****.**', 'uid': '10', 'role': 'admin'}
def test_break_ctr():
""" Set 3, Challenge 19 """
test_strings = ["SSBoYXZlIG1ldCB0aGVtIGF0IGNsb3NlIG9mIGRheQ=="
"Q29taW5nIHdpdGggdml2aWQgZmFjZXM=",
"RnJvbSBjb3VudGVyIG9yIGRlc2sgYW1vbmcgZ3JleQ==",
"RWlnaHRlZW50aC1jZW50dXJ5IGhvdXNlcy4=",
"SSBoYXZlIHBhc3NlZCB3aXRoIGEgbm9kIG9mIHRoZSBoZWFk",
"T3IgcG9saXRlIG1lYW5pbmdsZXNzIHdvcmRzLA==",
"T3IgaGF2ZSBsaW5nZXJlZCBhd2hpbGUgYW5kIHNhaWQ=",
"UG9saXRlIG1lYW5pbmdsZXNzIHdvcmRzLA==",
"QW5kIHRob3VnaHQgYmVmb3JlIEkgaGFkIGRvbmU=",
"T2YgYSBtb2NraW5nIHRhbGUgb3IgYSBnaWJl",
"VG8gcGxlYXNlIGEgY29tcGFuaW9u",
"QXJvdW5kIHRoZSBmaXJlIGF0IHRoZSBjbHViLA==",
"QmVpbmcgY2VydGFpbiB0aGF0IHRoZXkgYW5kIEk=",
"QnV0IGxpdmVkIHdoZXJlIG1vdGxleSBpcyB3b3JuOg==",
"QWxsIGNoYW5nZWQsIGNoYW5nZWQgdXR0ZXJseTo=",
"QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=",
"VGhhdCB3b21hbidzIGRheXMgd2VyZSBzcGVudA==",
"SW4gaWdub3JhbnQgZ29vZCB3aWxsLA==",
"SGVyIG5pZ2h0cyBpbiBhcmd1bWVudA==",
"VW50aWwgaGVyIHZvaWNlIGdyZXcgc2hyaWxsLg==",
"V2hhdCB2b2ljZSBtb3JlIHN3ZWV0IHRoYW4gaGVycw==",
"V2hlbiB5b3VuZyBhbmQgYmVhdXRpZnVsLA==",
"U2hlIHJvZGUgdG8gaGFycmllcnM/",
"VGhpcyBtYW4gaGFkIGtlcHQgYSBzY2hvb2w=",
"QW5kIHJvZGUgb3VyIHdpbmdlZCBob3JzZS4=",
"VGhpcyBvdGhlciBoaXMgaGVscGVyIGFuZCBmcmllbmQ=",
"V2FzIGNvbWluZyBpbnRvIGhpcyBmb3JjZTs=",
"SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==",
"U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==",
"U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=",
"VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==",
"QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu",
"SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=",
"VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs",
"WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=",
"SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0",
"SW4gdGhlIGNhc3VhbCBjb21lZHk7",
"SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=",
"VHJhbnNmb3JtZWQgdXR0ZXJseTo=",
"QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4="]
ctr_oracle = AESOracle(mode=AesMode.CTR, key='YELLOW SUBMARINE', prepend='', append='')
def fixed_nonce():
while True:
yield struct.pack('<QQ', 5, 1)
test_strings = [s.decode('base64') for s in test_strings]
test_ciphertexts = [ctr_oracle.encrypt(pt, fixed_nonce()) for pt in test_strings]
# There are not enough samples to break this perfectly
assert set3.break_repeating_nonce_ctr(test_ciphertexts)[0] == 'i have met them\nAt close of day'
def test_aes_ctr():
""" Set 3, Challenge 18 """
test_string = "L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==".decode('base64')
ctr_oracle = AESOracle(mode=AesMode.CTR, key='YELLOW SUBMARINE', prepend='', append='')
assert ctr_oracle.decrypt(test_string, simple_nonce_generator()) == "Yo, VIP Let's kick it Ice, Ice, baby Ice, Ice, baby "
my_test = 'A' * 22
assert ctr_oracle.decrypt(ctr_oracle.encrypt(my_test, simple_nonce_generator()), simple_nonce_generator()) == my_test
def test_cbc_bitflipping_attack():
""" Set 2, Challenge 16 """
def parse_by_semi(text):
print text
print text.split(';')
return [key_value_parser(s) for s in text.split(';')]
aes_cbc = AESOracle(key=os.urandom(16), mode=AesMode.CBC,
prepend='comment1=cooking%20MCs;userdata=', append=';comment2=%20like%20a%20pound%20of%20bacon',
encode_fn=quote, decode_fn=parse_by_semi)
ciphertext, iv = set2.cbc_bitflipping_attack(aes_cbc.encrypt)
assert {'admin': 'true'} in aes_cbc.decrypt(ciphertext, iv)
def test_cbc_padding_oracle():
""" Set 3, Challenge 17 """
test_strings = ['MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=',
'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93']
cbc_oracle = AESOracle(mode=AesMode.CBC, key=os.urandom(16), prepend='', append='')
padding_check_fn = gen_padding_check(cbc_oracle)
for test_string in test_strings:
test_string = test_string.decode('base64')
ciphertext, iv = cbc_oracle.encrypt(test_string)
assert set3.cbc_padding_oracle(ciphertext, iv, padding_check_fn) == test_string
