def edit(ciphertext, offset, newtext): decrypted_text = aes_ctr_operation(key, ciphertext, nonce.hex()) len_newtext = len(newtext) crafted_plaintext = decrypted_text[:offset] + newtext + decrypted_text[ offset + len_newtext:] ciphertext = aes_ctr_operation(key, crafted_plaintext, nonce.hex()) return ciphertext
def guess_full_key(ciphertext): key_bytes = bytearray([0] * 16) for i in range(0, len(key_bytes), 3): temp_score = 0 best_score = -9999999 best_byte1 = 0 best_byte2 = 0 best_byte3 = 0 for j in range(256): key_bytes[i] = j for k in range(256): key_bytes[i + 1] = k for l in range(256): key_bytes[i + 2] = l plaintext = aes_ctr_operation(key_bytes.hex(), ciphertext, nonce.hex()) if len(plaintext) % 2: plaintext = '0' + plaintext temp_score = score_string( bytes.fromhex(plaintext[2 * i:2 * (i + 3)])) if temp_score > best_score: print(bytes.fromhex(plaintext)) (best_score, best_byte1, best_byte2, best_byte3) = (temp_score, j, k, l) key_bytes[i] = best_byte1 key_bytes[i + 1] = best_byte2 key_bytes[i + 2] = best_byte3
def main(): # code taken from 1.7 dt = '' with open('25.txt', 'r') as f: ciphertext = base64.b64decode(f.read().strip()) chall_seven_key = "YELLOW SUBMARINE" CipherObj = Cipher(algorithms.AES(chall_seven_key.encode()), modes.ECB(), backend=default_backend()) dt = aes_ecb_decrypt(CipherObj, ciphertext) ciphertext = aes_ctr_operation(key, dt.hex(), nonce.hex()) ciphertext_bytes = bytes.fromhex(ciphertext) # begin "attack" here injected_text = "A" * int(len(ciphertext) / 2) injected_ciphertext = edit(ciphertext, 0, injected_text.encode().hex()) injected_bytes = bytes.fromhex(injected_ciphertext) assert len(ciphertext_bytes) == len(injected_bytes) extracted_plaintext = '' for i in range(len(injected_bytes)): extracted_plaintext += chr(injected_bytes[i] ^ ord("A") ^ ciphertext_bytes[i]) print(extracted_plaintext)
def decryption_oracle(ciphertext): plaintext = bytes.fromhex(aes_ctr_operation(key, ciphertext, nonce)) print(plaintext) normal_plaintext = pkcs7_unpad(plaintext) #print(plaintext) cookie_data = normal_plaintext.split(b';') for data in cookie_data: try: (pt_key, value) = (data.split(b'=')[0], data.split(b'=')[1]) if b"admin" == pt_key: return (pt_key, value) except IndexError: pass return 0
def encrypt_lines(lines): for pt in lines: msg = base64.b64decode(pt.strip()) ciphertexts.append(aes_ctr_operation(key, msg.hex(), nonce))
def encryption_oracle(input_string): input_string = urllib.parse.quote(input_string) plaintext = '"comment1"="cooking%20MCs";"userdata"="' + input_string + '";"comment2"="%20like%20a%20pound%20of%20bacon"' plaintext = pkcs7_pad(plaintext.encode().hex(), block_size) return aes_ctr_operation(key, plaintext, nonce)
for k in range(256): key_bytes[i + 1] = k for l in range(256): key_bytes[i + 2] = l plaintext = aes_ctr_operation(key_bytes.hex(), ciphertext, nonce.hex()) if len(plaintext) % 2: plaintext = '0' + plaintext temp_score = score_string( bytes.fromhex(plaintext[2 * i:2 * (i + 3)])) if temp_score > best_score: print(bytes.fromhex(plaintext)) (best_score, best_byte1, best_byte2, best_byte3) = (temp_score, j, k, l) key_bytes[i] = best_byte1 key_bytes[i + 1] = best_byte2 key_bytes[i + 2] = best_byte3 # encryption with open('19.txt', 'r') as f: for line in f: plaintext = b64decode(line.strip()) ciphertext_array.append( aes_ctr_operation(aes_key, plaintext.hex(), nonce.hex())) print(ciphertext_array) for ctext in ciphertext_array: guess_full_key(ctext)