Exemple #1
0
def prob14Encrypt(rawInput):
    unknownB64 = b'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg' + \
    b'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq' + \
    b'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg' + \
    b'YnkK'
    unknownRaw = base64toRaw(unknownB64)
    return constant_ecb_encrypt(prefixValue + rawInput + unknownRaw)
Exemple #2
0
def test18():
    rawCipher = base64toRaw(
        b'L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ=='
    )
    rawKey = b'YELLOW SUBMARINE'
    rawIV = b'\x00' * 16
    print(aes_ctr(rawCipher, rawKey, rawIV))
Exemple #3
0
def prob14Encrypt(rawInput):
    unknownB64 = b'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg' + \
    b'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq' + \
    b'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg' + \
    b'YnkK'
    unknownRaw = base64toRaw(unknownB64);
    return constant_ecb_encrypt(prefixValue + rawInput + unknownRaw);
Exemple #4
0
def checkPasswordToken(b64Token):
    rawToken = base64toRaw(b64Token)
    now = int(time())
    for i in range(-100, 100):  # +/- one hour
        mt = MT19937(now + i)
        mtOutput = b''
        for i in range(6):
            mtOutput += mt.extract_number().to_bytes(4, byteorder='big')
        if (rawToken == mtOutput):
            print("MT seed time = ", (now + i))
            return (now - i)
    return (-1)
Exemple #5
0
def checkPasswordToken(b64Token):
    rawToken = base64toRaw(b64Token);
    now = int(time());
    for i in range(-100, 100): # +/- one hour
        mt = MT19937(now + i);
        mtOutput = b'';
        for i in range(6):
            mtOutput += mt.extract_number().to_bytes(4, byteorder='big');
        if (rawToken == mtOutput):
            print("MT seed time = ", (now+i));
            return (now-i);
    return (-1);
Exemple #6
0
b'QnV0IG5vdyBJIGxlYXJuZWQgdG8gZWFybiAnY3V6IEknbSByaWdodGVvdXMgLyBJIGZlZWwgZ3JlYXQsIHNvIG1heWJlIEkgbWlnaHQganVzdA==', \
b'U2VhcmNoIGZvciBhIG5pbmUgdG8gZml2ZSwgaWYgSSBzdHJpdmUgLyBUaGVuIG1heWJlIEknbGwgc3RheSBhbGl2ZQ==', \
b'U28gSSB3YWxrIHVwIHRoZSBzdHJlZXQgd2hpc3RsaW4nIHRoaXMgLyBGZWVsaW4nIG91dCBvZiBwbGFjZSAnY3V6LCBtYW4sIGRvIEkgbWlzcw==', \
b'QSBwZW4gYW5kIGEgcGFwZXIsIGEgc3RlcmVvLCBhIHRhcGUgb2YgLyBNZSBhbmQgRXJpYyBCLCBhbmQgYSBuaWNlIGJpZyBwbGF0ZSBvZg==', \
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
]

rawPlains = [base64toRaw(c) for c in b64Plains]

aesKey = generateAESKey()

rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains]

# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers])
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers]


# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
Exemple #7
0
    b"SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==",
    b"U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==",
    b"U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=",
    b"VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==",
    b"QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu",
    b"SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=",
    b"VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs",
    b"WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=",
    b"SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0",
    b"SW4gdGhlIGNhc3VhbCBjb21lZHk7",
    b"SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=",
    b"VHJhbnNmb3JtZWQgdXR0ZXJseTo=",
    b"QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=",
]

rawPlain = [base64toRaw(b) for b in b64plain]
longestPlaintextLength = max([len(p) for p in rawPlain])

aeskey = generateAESKey()

rawCiphers = [aes_ctr(p, aeskey, b"\x00" * 16) for p in rawPlain]


def printSolution(guess, ciphers):
    print("------------------------------")
    print("Guess: ", guess)
    for i in range(len(ciphers)):
        print("Plain ", i, ": ", raw_xor(ciphers[i], guess))


def solve19():
Exemple #8
0
"MVQHYhoGGksABwdJAB0ASTpFNwQcTRoDBBgDUkksGioRHUkKCE5THEVCC08E" + \
"EgF0BBwJSQoOGkgGADpfADETDU5tBzcJEFMLTx0bAHQJCx8ADRJUDRdMN1RH" + \
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM="

if __name__ == "__main__":
    bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20)
    # after running this with a bunch of different number of blocks, 29 always pops out.
    # I'm confident 29 is the right answer.
    splits = splitCipher(base64toRaw(b64cipher), 29)
    key = ""
    for s in splits:
        key += (findKey(s))
    print("Key: " + str(key))
    print("Plain: " + str(
        hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))))
Exemple #9
0
def test10():
    rawInput = base64toRaw(testInput)
    rawOutput = aes_cbc_dec(
        rawInput, b"YELLOW SUBMARINE", b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
    )
    print(str(rawOutput))
Exemple #10
0
# decryption to validate them, and spat out an error if they were of the
# wrong parity.
def rsa_oracle_isodd(key, cipher):
    plain = mypow(cipher, key['d'], key['N'])
    return (plain & 1)


# Anyways: function returning true or false based on whether the
# decrypted plaintext was even or odd, and nothing else.

# Take the following string and un-Base64 it in your code (without
# looking at it!) and encrypt it to the public key, creating a
# ciphertext:

mystery_plain = int.from_bytes(base64toRaw(
    'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='
),
                               byteorder='big')
mystery_cipher = mypow(mystery_plain, prob46_key['e'], prob46_key['N'])

# With your oracle function, you can trivially decrypt the message.

# Here's why:

# * RSA ciphertexts are just numbers. You can do trivial math on
#  them. You can for instance multiply a ciphertext by the
#  RSA-encryption of another number; the corresponding plaintext will
#  be the product of those two numbers.

# * If you double a ciphertext (multiply it by (2**e)%n), the resulting
#  plaintext will (obviously) be either even or odd.
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM=";

if __name__ == "__main__":
    bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20);
    # print(bestKeySizes);
    # print(bestScores);
    # after running this with a bunch of different number of blocks, 29 always pops out.
    # I'm confident 29 is the right answer.
    splits = splitCipher(base64toRaw(b64cipher), 29);
    key = "";
    for s in splits:
        key += (findKey(s));
    print("Key: " + str(key));
    print("Plain: " + str(hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))));
    
Exemple #12
0
from prob13 import removePKCS7Padding

# Combine your padding code and your CBC code to write two functions.
# The first function should select at random one of the following 10 strings:

b64Strings = [ b'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=', 
              b'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=', 
              b'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==', 
              b'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==', 
              b'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl', 
              b'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==', 
              b'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==', 
              b'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=', 
              b'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=', 
              b'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93' ];
rawStrings = [base64toRaw(s) for s in b64Strings];

# generate a random AES key (which it should save for all future
# encryptions), 
aeskey = generateAESKey();

# pad the string out to the 16-byte AES block size and
# CBC-encrypt it under that key, providing the caller the ciphertext and
# IV.
def encryptString():
    myString = rawStrings[getOneRandomByte() % len(rawStrings)];
    iv = generateAESKey(); # it's a 16-byte value...
    myOut = aes_cbc_enc(addPKCS7Padding(myString, 16), aeskey, iv);
    return myOut, iv;

# The second function should consume the ciphertext produced by the
Exemple #13
0
def doProb7():
    rawCipher = base64toRaw(b64cipher);
    rawKey = b'YELLOW SUBMARINE'
    plain = aes_ecb_dec(rawCipher, rawKey);
    return plain;
Exemple #14
0
def test10():
    rawInput = base64toRaw(testInput)
    rawOutput = aes_cbc_dec(
        rawInput, b'YELLOW SUBMARINE',
        b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
    print(str(rawOutput))
b'QnV0IG5vdyBJIGxlYXJuZWQgdG8gZWFybiAnY3V6IEknbSByaWdodGVvdXMgLyBJIGZlZWwgZ3JlYXQsIHNvIG1heWJlIEkgbWlnaHQganVzdA==', \
b'U2VhcmNoIGZvciBhIG5pbmUgdG8gZml2ZSwgaWYgSSBzdHJpdmUgLyBUaGVuIG1heWJlIEknbGwgc3RheSBhbGl2ZQ==', \
b'U28gSSB3YWxrIHVwIHRoZSBzdHJlZXQgd2hpc3RsaW4nIHRoaXMgLyBGZWVsaW4nIG91dCBvZiBwbGFjZSAnY3V6LCBtYW4sIGRvIEkgbWlzcw==', \
b'QSBwZW4gYW5kIGEgcGFwZXIsIGEgc3RlcmVvLCBhIHRhcGUgb2YgLyBNZSBhbmQgRXJpYyBCLCBhbmQgYSBuaWNlIGJpZyBwbGF0ZSBvZg==', \
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
];

rawPlains = [base64toRaw(c) for c in b64Plains];

aesKey = generateAESKey();

rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains];

# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers]);
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers];

# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
    keystream = b'';
Exemple #16
0
def test18():
    rawCipher = base64toRaw(b'L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==');
    rawKey = b'YELLOW SUBMARINE';
    rawIV = b'\x00' * 16;
    print(aes_ctr(rawCipher, rawKey, rawIV));
Exemple #17
0
"CA4aB0l0PD1MSQ8PEE87ADtbTmIGDAILAB0cRSo3ABwBRTYKFhROHUETCgZU" + \
"MVQHYhoGGksABwdJAB0ASTpFNwQcTRoDBBgDUkksGioRHUkKCE5THEVCC08E" + \
"EgF0BBwJSQoOGkgGADpfADETDU5tBzcJEFMLTx0bAHQJCx8ADRJUDRdMN1RH" + \
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM=";

if __name__ == "__main__":
    bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20);
    #print(bestKeySizes[1])
    splits = splitCipher(base64toRaw(b64cipher), bestKeySizes[1]);
    key = "";
    for s in splits:
        key += (findKey(s));
    print("Key: " + str(key));
    print("Plain: " + str(hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))));
    
Exemple #18
0
def test10():
    rawInput = base64toRaw(testInput);
    rawOutput = aes_cbc_dec(rawInput, b'YELLOW SUBMARINE', b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
    print(str(rawOutput));
# bit of the message 0 or 1). Imagine for instance a server that
# accepted RSA-encrypted messages and checked the parity of their
# decryption to validate them, and spat out an error if they were of the
# wrong parity.
def rsa_oracle_isodd(key, cipher):
    plain = mypow(cipher, key['d'], key['N']);
    return (plain & 1);

# Anyways: function returning true or false based on whether the
# decrypted plaintext was even or odd, and nothing else.

# Take the following string and un-Base64 it in your code (without
# looking at it!) and encrypt it to the public key, creating a
# ciphertext:

mystery_plain = int.from_bytes(base64toRaw('VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='), byteorder='big');
mystery_cipher = mypow(mystery_plain, prob46_key['e'], prob46_key['N']);

# With your oracle function, you can trivially decrypt the message.

# Here's why:

# * RSA ciphertexts are just numbers. You can do trivial math on
#  them. You can for instance multiply a ciphertext by the
#  RSA-encryption of another number; the corresponding plaintext will
#  be the product of those two numbers.

# * If you double a ciphertext (multiply it by (2**e)%n), the resulting
#  plaintext will (obviously) be either even or odd.

# * If the plaintext after doubling is even, doubling the plaintext
Exemple #20
0
b'SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==', \
b'U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==', \
b'U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=', \
b'VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==', \
b'QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu', \
b'SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=', \
b'VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs', \
b'WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=', \
b'SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0', \
b'SW4gdGhlIGNhc3VhbCBjb21lZHk7', \
b'SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=', \
b'VHJhbnNmb3JtZWQgdXR0ZXJseTo=', \
b'QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=', \
]

rawPlain = [base64toRaw(b) for b in b64plain]
longestPlaintextLength = max([len(p) for p in rawPlain])

aeskey = generateAESKey()

rawCiphers = [aes_ctr(p, aeskey, b'\x00' * 16) for p in rawPlain]


def printSolution(guess, ciphers):
    print("------------------------------")
    print("Guess: ", guess)
    for i in range(len(ciphers)):
        print("Plain ", i, ": ", raw_xor(ciphers[i], guess))


def solve19():
Exemple #21
0
def doProb7():
    rawCipher = base64toRaw(b64cipher)
    rawKey = b'YELLOW SUBMARINE'
    plain = aes_ecb_dec(rawCipher, rawKey)
    return plain