def get_goodpairs(key): crypt = AES_128(5) crypt.key = key x = [chr(i) for i in range(256)] pl1 = [chr(0) for _ in range(16)] pl2 = [chr(0) for _ in range(16)] LIMIT = 2**22 good_pairs, count = [], 0 for i1 in range(256): for i2 in range(i1 + 1, 256): for j1 in range(256): for j2 in range(j1 + 1, 256): for k1 in range(256): for k2 in range(k1 + 1, 256): count += 1 pl2[5], pl2[10], pl2[15] = x[i2], x[j2], x[k2] pl1[5], pl1[10], pl1[15] = x[i1], x[j1], x[k1] c1 = crypt.cipher(''.join(pl1)) c2 = crypt.cipher(''.join(pl2)) if ((c1[0] == c2[0]) and (c1[7] == c2[7]) and (c1[10] == c2[10]) and (c1[13] == c2[13]) and (pl1 != pl2)): good_pairs.append([pl1, pl2]) if count == LIMIT: return good_pairs return good_pairs
def update_34(all_good_pairs): one_round_crypt = AES_128(1, True) len_gp = len(all_good_pairs) # 2**15 keys_0, keys_5, keys_10, keys_15 = [], [], [], [] for i in range(len_gp): for j in range(i + 1, len_gp): x, y = all_good_pairs[i] z, w = all_good_pairs[j] quartet_0 = [y[0] ^ x[0], z[0] ^ x[0], w[0] ^ x[0]] quartet_4 = [y[4] ^ x[4], z[4] ^ x[4], w[4] ^ x[4]] quartet_8 = [y[8] ^ x[8], z[8] ^ x[8], w[8] ^ x[8]] quartet_12 = [y[12] ^ x[12], z[12] ^ x[12], w[12] ^ x[12]] quartet_0.sort() quartet_4.sort() quartet_8.sort() quartet_12.sort() k0 = pre_computed_table[quartet_0[0]][quartet_0[1]][ quartet_0[2]] ^ x[0] k5 = pre_computed_table[quartet_4[0]][quartet_4[1]][ quartet_4[2]] ^ x[4] k10 = pre_computed_table[quartet_8[0]][quartet_8[1]][ quartet_8[2]] ^ x[8] k15 = pre_computed_table[quartet_12[0]][quartet_12[1]][ quartet_12[2]] ^ x[12] key_guess = [chr(k0)] + [chr(0)] * 4 + [chr(k5)] + [chr(0)] * 4 + [ chr(k10) ] + [chr(0)] * 4 + [chr(k15)] return key_guess
def get_goodpairs(key): crypt = AES_128(5) crypt.key = key x = [chr(i) for i in range(256)] pl1 = [chr(0) for _ in range(16)] pl2 = [chr(0) for _ in range(16)] a = range(256) b, c, d = a[:], a[:], a[:] random.shuffle(b) random.shuffle(c) random.shuffle(d) for i1 in range(256): for i2 in range(i1 + 1, 256): # print(i1,i2) for j1 in range(256): for j2 in range(j1 + 1, 256): for k1 in range(256): for k2 in range(k1 + 1, 256): for l1 in range(256): for l2 in range(l1 + 1, 256): pl2[0], pl2[5], pl2[10], pl2[15] = x[ a[i2]], x[b[j2]], x[c[k2]], x[d[l2]] pl1[0], pl1[5], pl1[10], pl1[15] = x[ a[i1]], x[b[j1]], x[c[k1]], x[d[l1]] c1 = crypt.cipher(''.join(pl1)) c2 = crypt.cipher(''.join(pl2)) if ((c1[0] == c2[0]) and (c1[7] == c2[7]) and (c1[10] == c2[10]) and (c1[13] == c2[13]) and (pl1 != pl2)): return pl1, pl2
def update_124(all_good_pairs): one_round_crypt = AES_128(1) len_gp = len(all_good_pairs) # 2**15 keys_0, keys_5, keys_10, keys_15 = [], [], [], [] for i in range(len_gp): for j in range(i + 1, len_gp): x, y = all_good_pairs[i] z, w = all_good_pairs[j] for k in range(1, 256): if is_mixture(one_round_crypt, k, x, y, z, w, 0): keys_0.append(k) if is_mixture(one_round_crypt, k, x, y, z, w, 4): keys_5.append(k) if is_mixture(one_round_crypt, k, x, y, z, w, 8): keys_10.append(k) if is_mixture(one_round_crypt, k, x, y, z, w, 12): keys_15.append(k) one_round_crypt = AES_128(1, True) for k0 in keys_0: for k5 in keys_5: for k10 in keys_10: for k15 in keys_15: key_guess = [chr(k0)] + [chr(0)] * 4 + [ chr(k5) ] + [chr(0)] * 4 + [chr(k10) ] + [chr(0)] * 4 + [chr(k15)] one_round_crypt.key = ''.join(key_guess) c_x = map(ord, one_round_crypt.cipher(''.join(x))) c_y = map(ord, one_round_crypt.cipher(''.join(y))) c_z = map(ord, one_round_crypt.cipher(''.join(z))) c_w = map(ord, one_round_crypt.cipher(''.join(w))) if (c_x[0] ^ c_y[0] == c_z[0] ^ c_w[0]) and ( c_x[4] ^ c_y[4] == c_z[4] ^ c_w[4]) and ( c_x[8] ^ c_y[8] == c_z[8] ^ c_w[8]) and (c_x[12] ^ c_y[12] == c_z[12] ^ c_w[12]): return key_guess
def get_goodpairs(key): crypt = AES_128(5) crypt.key = key x = [chr(i) for i in range(256)] pl1 = [chr(0) for _ in range(16)] pl2 = [chr(0) for _ in range(16)] a = range(256) b, c = a[:], a[:] random.shuffle(b) random.shuffle(c) LIMIT = 2**21 good_pairs, count = [], 0 for i1 in range(256): for i2 in range(i1 + 1, 256): # print(i1,i2) for j1 in range(256): for j2 in range(j1 + 1, 256): for k1 in range(256): for k2 in range(k1 + 1, 256): count += 1 pl2[5], pl2[10], pl2[15] = x[a[i2]], x[b[j2]], x[ c[k2]] pl1[5], pl1[10], pl1[15] = x[a[i1]], x[b[j1]], x[ c[k1]] c1 = crypt.cipher(''.join(pl1)) c2 = crypt.cipher(''.join(pl2)) if ((c1[0] == c2[0]) and (c1[7] == c2[7]) and (c1[10] == c2[10]) and (c1[13] == c2[13]) and (pl1 != pl2)): good_pairs.append([pl1, pl2]) if count == LIMIT: return good_pairs return good_pairs
keys_0, keys_5, keys_10, keys_15 = [], [], [], [] for k in range(0, 256): keys_0.append(k) keys_5.append(k) keys_10.append(k) keys_15.append(k) for k0 in keys_0: for k5 in keys_5: for k10 in keys_10: for k15 in keys_15: key_guess = [chr(k0)] + [chr(0)] * 4 + [ chr(k5) ] + [chr(0)] * 4 + [chr(k10)] + [chr(0)] * 4 + [chr(k15)] one_round_crypt = AES_128(1, True) one_round_crypt.key = key_guess xp = one_round_crypt.cipher(''.join(p1)) yp = one_round_crypt.cipher(''.join(p2)) zp = xp[:] wp = yp[:] zp[4] = yp[4] zp[12] = yp[12] wp[4] = xp[4] wp[12] = xp[12] p3 = one_round_crypt.inv_cipher(''.join(zp)) p4 = one_round_crypt.inv_cipher(''.join(wp)) crypt = AES_128(5) crypt.key = key_guess
from aes import AES_128 if __name__=="__main__": key = "0f1571c947d9e8591cb7add6af7f6798".decode('hex') crypt = AES_128() crypt.key = key # encrypt p = "0123456789abcdeffedcba9876543210".decode('hex') c = crypt.cipher(p) print c.encode('hex') # decrypt p = crypt.inv_cipher(c) print p.encode('hex') print "\n\nThis is for the Avalanche Compare:" base = "8123456789abcdeffedcba9876543210" trial1 = "8123456789abcdeffedcba9876543211" trial2 = "8123456789abcdeffedcba9876543212" trial3 = "8123456789abcdeffedcba9876543214" print "Base\t: {0} : {1}".format(base, crypt.cipher(base.decode('hex')).encode('hex')) print "Round 1\t: {0} : {1}".format(base, crypt.cipher(trial1.decode('hex')).encode('hex')) print "Round 2\t: {0} : {1}".format(base, crypt.cipher(trial2.decode('hex')).encode('hex')) print "Round 3\t: {0} : {1}".format(base, crypt.cipher(trial3.decode('hex')).encode('hex'))