def create_admin(user_input):
found_block_size = block_size_detection(s2_2.CBC_encrypt)
print(pre_append_size_detection(CBC_encryption_oracle, found_block_size))
admin_string = (b'AadminAtrue').decode()
fake_string = found_block_size * 'A'
encrypted_string = CBC_encryption_oracle(fake_string + admin_string)
char_index = 2 * found_block_size
encrypted_string = bytearray(encrypted_string)
encrypted_string[int(char_index)] = int(
s1_2.b16_x(
hex(encrypted_string[char_index])[2:],
s1_2.b16_x(hex(ord('A'))[2:],
hex(ord(';'))[2:])), 16)
char_index += 6
encrypted_string[int(char_index)] = int(
s1_2.b16_x(
hex(encrypted_string[char_index])[2:],
s1_2.b16_x(hex(ord('A'))[2:],
hex(ord('='))[2:])), 16)
#char_index += 5
#encrypted_string[int(char_index)] =int(s1_2.b16_x(hex(encrypted_string[char_index])[2:], s1_2.b16_x(hex(ord('A'))[2:], hex(ord(';'))[2:])), 16)
encrypted_string = bytes(encrypted_string)
print(encrypted_string)
decrypted_string = s2_1.pkcs7_unpad(
s2_2.CBC_decrypt(encrypted_string, unkown_key, IV))
print(decrypted_string)
if find_admin(decrypted_string) == 1:
return "*ADMIN FOUND*"
else:
return "*ADMIN NOT FOUND*"
def padding_attack(cipher_text):
block_size = block_size_detection(u_encrypt_cbc)
block_array = [IV]
plaintext = b''
plaintext_block = b""
#plaintext to blocks
for ind in range(0, (int)(len(cipher_text) / block_size)):
block_array.append(cipher_text[ind * block_size:(ind + 1) *
block_size])
plain = b''
#loop through blocks
for block in range(len(block_array) - 1, 0, -1):
control = block_size * bytes([0])
plaintext_block = b''
#loop through each byte of block
for _byte in range(block_size - 1, -1, -1):
#loop through all possible guesses
for b in range(0, 256):
if (_byte < 15):
control = control[:_byte] + bytes(
[b]) + control[(_byte + 1):]
else:
control = control[:_byte] + bytes([b])
if padding_oracle(control + block_array[block]) == 1:
break
#decrypt plaintext byte
plaintext_byte = bytes.fromhex(
s1_2.b16_x(
s1_2.b16_x(
bytes([block_size - _byte]).hex(),
bytes([block_array[block - 1][_byte]]).hex()),
bytes([b]).hex()))
plaintext_block = plaintext_byte + plaintext_block
#set coontrol block for next byte guess
control = control[:_byte]
for u in range(_byte, block_size):
controlled_byte = bytes.fromhex(
s1_2.b16_x(
s1_2.b16_x(
bytes([block_size - _byte + 1]).hex(),
bytes([plaintext_block[u - block_size]]).hex()),
bytes([block_array[block - 1][u]]).hex()))
control += controlled_byte
#insert solved plaintext block into plaintext string
plaintext = plaintext_block + plaintext
return plaintext
def Break_CTR_Edit_2(unknown_ciphertext):
recovered_plaintext = b''
for byte in range(0, len(unknown_ciphertext)):
edited_ciphertext = Edit_Ciphertext(unknown_ciphertext, byte, b'a')
for guess in range(0, 256):
if (bytes.fromhex(
s1_2.b16_x(edited_ciphertext[byte:byte + 1].hex(),
bytes([guess]).hex())) == b'a'):
recovered_plaintext += bytes.fromhex(
s1_2.b16_x(unknown_ciphertext[byte:byte + 1].hex(),
bytes([guess]).hex()))
break
return recovered_plaintext
def decrypt_repeating_key(_input):
test_results = key_size_test(_input)
found_messages = []
#use 3 best key sizes
for z in range(0, 5):
key_size = test_results[z][1]
key_string = ""
decrypted_string = ""
#transpose blocks of key size by byte
for i in range(0, key_size):
block = ""
for j in range(2 * i, len(_input), 2 * key_size):
block += str(_input[j] + _input[j + 1])
(key, message, error) = rep.brute_force_decrypt(block)
key_string += key
key_hex = XOR.ascii2hex(int(len(_input)) * (key_string))
decoded_hex = XOR.b16_x(_input, key_hex)
#conversion from hex to ascii
for c in range(0, int(len(decoded_hex)), 2):
decrypted_string += chr(int(decoded_hex[c:c + 2], 16))
found_messages.append((rep.english_detect(decrypted_string),
decrypted_string, key_string))
found_messages.sort(key=lambda x: x[0])
return (found_messages[0][1], found_messages[0][2])
def recover_key():
block_size=block_size_detection(CBC_encryption_oracle)
ciphertext=CBC_encryption_oracle(block_size*3*b"a")
modded_cipher= ciphertext[0:block_size]+block_size*b"\x00"+ciphertext[0:block_size]
token_check=recieve_token(modded_cipher)
if token_check!=1:
recovered_key=b""
for i in range(0, block_size):
recovered_key+=bytes.fromhex(s1_2.b16_x(token_check[i:i+1].hex(), token_check[2*block_size+i:2*block_size+i+1].hex()))
return recovered_key
def CTR_decrypt(ciphertext, key, nonce):
ecb_cipher = AES.new(key, AES.MODE_ECB)
ctr = Counter(64, nonce, 'little')
decrypted_string = b""
for i in range(0, len(ciphertext)):
if i % 16 == 0:
encrypted_ctr = ecb_cipher.encrypt(ctr.update_CTR())
decrypted_string += bytes.fromhex(
s1_2.b16_x(
bytes([ciphertext[i]]).hex(),
encrypted_ctr[i % 16:(i % 16) + 1].hex()))
return decrypted_string
def encrypt_string(input_string, key):
key_ascii_string = math.ceil(len(input_string) / len(key)) * key
encrypted_string = ""
input_hex = ""
key_string = ""
for i in range(0, len(input_string)):
input_hex_string = "0x%x" % ord(input_string[i])
input_hex += input_hex_string[2:4]
key_hex_string = "0x%x" % ord(key_ascii_string[i])
key_string += key_hex_string[2:4]
encoded_hex = XOR.b16_x(input_hex, key_string)
for c in range(0, int(len(encoded_hex)), 2):
encrypted_string += chr(int(encoded_hex[c:c + 2], 16))
return encoded_hex
def CBC_decrypt(ciphertext, key, IV):
ciphertext_blocks = []
plaintext_blocks = []
next_x = IV.hex()
for i in range(0, int(math.ceil(len(ciphertext) / 16))):
block = ciphertext[16 * i:16 * i + 16]
ciphertext_blocks.append(block)
plaintext_string = b""
#decrypt CBC block by block
for b in range(0, len(ciphertext_blocks)):
dec = decrypt_AES_ECB(ciphertext_blocks[b], key)
x_or = s1_2.b16_x(dec.hex(), next_x)
next_x = (ciphertext_blocks[b].hex())
plaintext_string += (bytes.fromhex(x_or))
return plaintext_string
def CBC_encrypt(plaintext_byte_string, key, IV):
plaintext_blocks = []
next_x = IV.hex()
#pad to 16 byte blocks
for i in range(0, int(math.ceil(len(plaintext_byte_string) / 16))):
block = s2_1.pkcs7_pad(plaintext_byte_string[16 * i:16 * i + 16], 16)
plaintext_blocks.append(block)
encrypted_string = b''
#encrypt CBC block by block
for b in range(0, len(plaintext_blocks)):
x_or = s1_2.b16_x(plaintext_blocks[b].hex(), next_x)
enc = encrypt_AES_ECB(bytes.fromhex(x_or), key)
next_x = enc.hex()
encrypted_string += enc
return encrypted_string
def brute_force_decrypt(str1):
min_error=100
found_message=""
found_key=""
found_error=""
for i in range (0,126):
cipher_key=hex(int(i))
key_string=int(len(str1))*cipher_key[2:]
decoded_hex=XOR.b16_x(str1, key_string)
decrypted_string=''
for c in range (0, int(len(decoded_hex)),2):
decrypted_string+=chr(int(decoded_hex[c:c+2], 16))
error=english_detect(decrypted_string)
if (error<min_error):
#print("key:" + chr(i), ", Decrypted Message:" + decrypted_string, ",Error:" + str(error))
found_message=(decrypted_string)
found_key=(chr(i))
found_error=(error)
min_error=error
return (found_key, found_message, found_error)
total_error = math.sqrt(sum)
return total_error
decrypted_strings = []
for fill in range(0, len(encrypted_string_list)):
decrypted_strings.append(b"")
min_length = 1000000
for _string in encrypted_string_list:
if len(_string) < min_length:
min_length = len(_string)
for byte in range(0, min_length):
error = 1
for guess in range(0, 256):
decrypted_bytes = b""
for string in encrypted_string_list:
encrypted_byte = string[byte:byte + 1]
decrypted_byte = bytes.fromhex(
s1_2.b16_x(encrypted_byte.hex(),
bytes([guess]).hex()))
decrypted_bytes += decrypted_byte
decrypted_bytes_error = english_detect(decrypted_bytes)
if (decrypted_bytes_error < error):
error = decrypted_bytes_error
solved_bytes = decrypted_bytes
for _char in range(0, len(solved_bytes)):
decrypted_strings[_char] += solved_bytes[_char:_char + 1]
print(decrypted_strings)