def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!";
secret = mypow(state["B"], state["a"], group5_p);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
state["a_iv"] = generateAESKey();
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
return state;
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!";
secret = mypow(state["B"], state["a"], group5_p);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
state["a_iv"] = generateAESKey();
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
print('A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv');
return state;
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!"
secret = mypow(state["B"], state["a"], group5_p)
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
state["a_iv"] = generateAESKey()
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
state["a_cipherkey"], state["a_iv"])
return state
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"]);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
a_iv = generateAESKey();
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
state["a_cipher"] = a_cipher;
state["a_iv"] = a_iv;
return state;
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
return state;
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!"
secret = mypow(state["B"], state["a"], group5_p)
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
state["a_iv"] = generateAESKey()
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
state["a_cipherkey"], state["a_iv"])
print(
'A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv')
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
print("B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
return state;
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"])
state["a_cipherkey"], state["a_mackey"] = secretToKeys(
intToBytes(a_shared))
a_iv = generateAESKey()
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
a_iv)
state["a_cipher"] = a_cipher
state["a_iv"] = a_iv
return state
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"]);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
a_iv = generateAESKey();
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
state["a_cipher"] = a_cipher;
state["a_iv"] = a_iv;
print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
#print(state);
print('-'*64);
return state;
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
return state
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"])
state["a_cipherkey"], state["a_mackey"] = secretToKeys(
intToBytes(a_shared))
a_iv = generateAESKey()
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
a_iv)
state["a_cipher"] = a_cipher
state["a_iv"] = a_iv
print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
#print(state);
print('-' * 64)
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
print(
"B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
)
return state
b'U28gSSB3YWxrIHVwIHRoZSBzdHJlZXQgd2hpc3RsaW4nIHRoaXMgLyBGZWVsaW4nIG91dCBvZiBwbGFjZSAnY3V6LCBtYW4sIGRvIEkgbWlzcw==', \
b'QSBwZW4gYW5kIGEgcGFwZXIsIGEgc3RlcmVvLCBhIHRhcGUgb2YgLyBNZSBhbmQgRXJpYyBCLCBhbmQgYSBuaWNlIGJpZyBwbGF0ZSBvZg==', \
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
]
rawPlains = [base64toRaw(c) for c in b64Plains]
aesKey = generateAESKey()
rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains]
# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers])
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers]
# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
keystream = b''
# for the 0th, 1st, 2nd byte...
#!/usr/bin/env python
# Written against python 3.3.1
# Matasano Problem 25
# Break "random access read/write AES CTR
from prob7 import doProb7
from prob11 import generateAESKey
from prob18 import aes_ctr, raw_xor
# Back to CTR. Encrypt the recovered plaintext from
# (the ECB exercise)
# under CTR with a random key (for this exercise the
# key should be unknown to you, but hold on to it).
plaintext = doProb7();
key = generateAESKey();
iv = b'\x00' * 16;
cipher = aes_ctr(plaintext, key, iv);
# Now, write the code that allows you to "seek" into the ciphertext,
# decrypt, and re-encrypt with different plaintext. Expose this as a
# function, like, "edit(ciphertext, key, offet, newtext)".
def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv);
#print(oldPlain)
newPlain = oldPlain[0:offset] + new + oldPlain[offset+len(new):];
#print(newPlain)
newCipher = aes_ctr(newPlain, key, iv);
#print(newCipher)
return newCipher;
# Matasano Problem 27
# CBC bit flipping
from prob11 import generateAESKey
from prob10 import aes_cbc_dec, aes_cbc_enc
from prob18 import raw_xor
from symbol import except_clause
# Recover the key from CBC with IV=Key
# Take your code from the CBC exercise (16) and modify it so that it
# repurposes the key for CBC encryption as the IV. Applications
# sometimes use the key as an IV on the auspices that both the sender
# and the receiver have to know the key already, and can save some space
# by using it as both a key and an IV.
global_aes_key = generateAESKey()
global_iv = global_aes_key
# Using the key as an IV is insecure; an attacker that can modify
# ciphertext in flight can get the receiver to decrypt a value that will
# reveal the key.
# The CBC code from exercise 16 encrypts a URL string. Verify each byte
# of the plaintext for ASCII compliance (ie, look for high-ASCII
# values). Noncompliant messages should raise an exception or return an
# error that includes the decrypted plaintext (this happens all the time
# in real systems, for what it's worth).
def checkAscii(s):
for b in s:
#!/usr/bin/env python
# Written against python 3.3.1
# Matasano Problem 16
# 16. CBC bit flipping
from prob11 import generateAESKey
from prob10 import aes_cbc_enc, aes_cbc_dec
from prob9 import addPKCS7Padding
from prob15 import checkAndRemovePKCS7Padding
from prob8 import chunks
from prob2 import hex_xor
from prob1 import rawToHex, hexToRaw
# Generate a random AES key.
global_aes_key = generateAESKey();
global_iv = b'\x00' * 16;
# Combine your padding code and CBC code to write two functions.
# The first function should take an arbitrary input string, prepend the
# string:
# "comment1=cooking%20MCs;userdata="
# and append the string:
# ";comment2=%20like%20a%20pound%20of%20bacon"
# The function should quote out the ";" and "=" characters.
# The function should then pad out the input to the 16-byte AES block
# length and encrypt it under the random AES key.
prefix = "comment1=cooking%20MCs;userdata="
suffix = ";comment2=%20like%20a%20pound%20of%20bacon"
def padAndEncryptString(s):
s = s.replace(";", "';'").replace("=", "'='");
strInput = prefix + s + suffix;
def encryptString():
myString = rawStrings[getOneRandomByte() % len(rawStrings)];
iv = generateAESKey(); # it's a 16-byte value...
myOut = aes_cbc_enc(addPKCS7Padding(myString, 16), aeskey, iv);
return myOut, iv;
b64Strings = [ b'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
b'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=',
b'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
b'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
b'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
b'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
b'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
b'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
b'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
b'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93' ];
rawStrings = [base64toRaw(s) for s in b64Strings];
# generate a random AES key (which it should save for all future
# encryptions),
aeskey = generateAESKey();
# pad the string out to the 16-byte AES block size and
# CBC-encrypt it under that key, providing the caller the ciphertext and
# IV.
def encryptString():
myString = rawStrings[getOneRandomByte() % len(rawStrings)];
iv = generateAESKey(); # it's a 16-byte value...
myOut = aes_cbc_enc(addPKCS7Padding(myString, 16), aeskey, iv);
return myOut, iv;
# The second function should consume the ciphertext produced by the
# first function, decrypt it, check its padding, and return true or
# false depending on whether the padding is valid.
def checkPadding(rawCipher, rawIV):
rawOutput = aes_cbc_dec(rawCipher, aeskey, rawIV);