def decipher_block(iv, block):
predict = ['\x00'] * 16
for i in xrange(15, -1, -1):
for c in xrange(0, 256):
predict[i] = chr(c)
padding = (chr(16 - i) * (16 - i)).rjust(16, '\x00')
new_iv = crypty.xor_hex_strings(
crypty.xor_ascii_strings("".join(predict), crypty.h2a(iv)),
crypty.a2h(padding))
if padding_oracle(block, new_iv):
if i == 15:
# Recheck for the correctness of found byte, whether its a genioun padding at the end or just random thing.
flag = False
for ch in xrange(0, 256):
new_iv = crypty.xor_hex_strings(
crypty.xor_ascii_strings(
"".join(['\x00'] * 14) + chr(ch) + chr(c),
crypty.h2a(iv)),
crypty.a2h("\x00" * 14 + "\x02\x02"))
if padding_oracle(block, new_iv):
flag = True
break
if flag:
break
else:
break
return "".join(predict).encode("hex")
def solve():
ciphertext = get_ciphertext().decode("hex")
new_text = 'A' * len(ciphertext)
new_ciphertext = attacker_function(new_text.encode("hex"), 0, new_text)
key_stream = crypty.xor_hex_strings(new_ciphertext, new_text.encode("hex"))
old_plaintext = crypty.xor_hex_strings(key_stream,
ciphertext.encode("hex"))
print old_plaintext.decode("hex")
def solve():
ciphertext = encrypter('A' * 16)
blocks = crypty.get_blocks(ciphertext)
old_cipher_block = blocks[1]
new_cipher_block = crypty.xor_hex_strings(
crypty.xor_hex_strings(old_cipher_block, crypty.a2h('A' * 16)),
crypty.a2h(";admin=true;XXXX"))
blocks[1] = new_cipher_block
if decrypter("".join(blocks)):
print "New Ciphertext : %s" % ("".join(blocks))
def solve():
ciphertext = encrypter('A' * 16 * 3)
blocks = crypty.get_blocks(ciphertext)
blocks = [blocks[0], '00' * 16, blocks[0]]
plaintext = decrypter("".join(blocks))
blocks = crypty.get_blocks(plaintext)
foundkey = crypty.xor_hex_strings(blocks[0], blocks[2])
print "Key : %s" % (foundkey)
def encrypt(plaintext, key, nounce):
"""
Encrypts plaintext using AES-128-CTR Block Cipher
:param plaintext: Hex string
:param key: Hex string
:param nounce: int
:return: Hex string
"""
plaintext = crypty.h2a(plaintext)
nounce_little_endian = struct.pack("<q",nounce)
keystream = []
for ctr in xrange(len(plaintext)/16 + 1):
ctr_little_endian = struct.pack("<q",ctr)
keystream.append(ecb_cipher.infra.encrypt(crypty.a2h(nounce_little_endian+ctr_little_endian), key))
keystream = "".join(keystream)[:len(plaintext)*2]
return crypty.xor_hex_strings(keystream, crypty.a2h(plaintext))
def encrypt_manual(hex_string, key, iv):
"""
Manually AES-128-CBC Encrypts the input hex string using key, iv and AES-128-ECB
:param hex_string: Hex string
:param key: Hex string
:param iv: Hex string
:return: hex string
"""
assert len(iv) == len(key)
blocks = crypty.get_blocks(hex_string, block_size=16)
ciphertext = ""
for block in blocks:
if len(crypty.h2a(block)) % 16 is not 0:
block = crypty.pad_pkcs_7(block, block_size=16)
xor_block = crypty.xor_hex_strings(block, iv)
iv = ecb_cipher.infra.encrypt(xor_block, key)
ciphertext += iv
return ciphertext
def decrypt_manual(hex_string, key, iv, raiser=True):
"""
Manually AES-128-CBC decrypts the input hex string using key, iv and AES-128-ECB
:param hex_string: Hex string
:param key: Hex string
:param iv: Hex string
:return: hex string
"""
assert len(iv) == len(key)
blocks = crypty.get_blocks(hex_string, block_size=16)
plaintext = ""
for block in blocks:
xor_block = ecb_cipher.infra.decrypt(block, key)
plaintext += crypty.xor_hex_strings(xor_block, iv)
iv = block
if crypty.is_pcks7_padded(plaintext):
plaintext = crypty.unpad_pkcs_7(plaintext)
elif raiser:
raise Exception("Wrongly padded hex string")
return plaintext
def solve():
str1 = b"1c0111001f010100061a024b53535009181c"
str2 = b"686974207468652062756c6c277320657965"
return crypty.xor_hex_strings(str1, str2)