def crack_block(padding_oracle, iv, block):
assert (len(iv) == 16)
assert (len(block) == 16)
def do_pad(iv, suffix):
l = len(suffix)
t = 'x' * (16 - l)
r = xor_str(xor_str(t + chr(l) * l, t + suffix), iv)
return r
rev = ''
if padding_oracle(iv, block): # Pre-padded block
for i in range(16):
a = 'x' * i + '\xff' + 'x' * (16 - i - 1)
b = 'x' * i + '\x00' + 'x' * (16 - i - 1)
test_iv = xor_str(xor_str(a, b), iv)
if not padding_oracle(test_iv, block):
rev = chr(16 - i) * (16 - i)
break
for i in range(16 - len(rev)):
for j in range(256):
guess = (rev + chr(j))[::-1]
new_iv = do_pad(iv, guess)
# print repr(iv), repr(new_iv), repr(block)
if padding_oracle(new_iv, block):
rev += chr(j)
break
return rev[::-1]
def main():
prefix_only = encryption_oracle("")
value = encryption_oracle("A" * (16 * 3))
for i in range(0, len(prefix_only), 16):
if prefix_only[i:i + 16] != value[i:i + 16]:
attack = value[:i]
attack += xor_str(value[i:i + 16],
xor_str(';admin=true;xxxx', 'A' * 16))
attack += value[i + 16:]
break
if decryption_oracle(attack):
print "[+] Admin access granted"
else:
print "[-] Attack failed"
def break_ctr(edit):
from common import xor_str
enc = ciphertext[:]
edit(0, '\x00' * len(enc))
keystream = ciphertext[:]
dec = xor_str(enc, keystream)
edit(0, dec) # Fix the original ciphertext, so that
# no malicious work is seen. Keep your
# actions hidden :)
return dec
def solve(enc):
mlen = min(len(a) for a in enc)
enc = [a[:mlen] for a in enc]
key = ''
for i in range(mlen):
e = ''.join(a[i] for a in enc)
scorer = lambda k: score(xor_str(e, cycle(chr(k))))
scores = [scorer(k) for k in range(256)]
key += chr(max(range(256), key=lambda k: scores[k]))
return key
def main():
injection_string = ';admin=true;'
part1 = encryption_oracle('X' * len(injection_string))
part2 = encryption_oracle('Y' * len(injection_string))
part3 = xor_str('X' * len(injection_string), injection_string)
locationing = xor_str(part1, part2)
prefix_pos = locationing.index('\x01')
suffix_pos = prefix_pos + len(injection_string)
prefix = part1[:prefix_pos]
mid = part1[prefix_pos:suffix_pos]
suffix = part1[suffix_pos:]
attack = prefix + xor_str(mid, part3) + suffix
if decryption_oracle(attack):
print "[+] Admin access granted"
else:
print "[-] Attack failed"
data = [a.decode('base64') for a in data]
key = randstr(16)
nonce = randint(0, 2**64 - 1)
enc = [AES_CTR(a, key, nonce) for a in data]
return enc
def solve(enc):
mlen = min(len(a) for a in enc)
enc = [a[:mlen] for a in enc]
key = ''
for i in range(mlen):
e = ''.join(a[i] for a in enc)
scorer = lambda k: score(xor_str(e, cycle(chr(k))))
scores = [scorer(k) for k in range(256)]
key += chr(max(range(256), key=lambda k: scores[k]))
return key
enc = get_enc()
key = solve(enc)
print "Effective Key:", repr(key)
print "Decryptions:", [xor_str(e, key) for e in enc]
def do_pad(iv, suffix):
l = len(suffix)
t = 'x' * (16 - l)
r = xor_str(xor_str(t + chr(l) * l, t + suffix), iv)
return r