def encryption_oracle(random_prefix, attacker_controlled, target_bytes, random_key):
plainbuf = random_prefix + attacker_controlled + target_bytes
padded_plainbuf = challenge9.pkcs7_pad(16, plainbuf)
encbuf = challenge7.encrypt_aes_128_ecb(random_key, padded_plainbuf)
return encbuf
def encrypt_ecb(message, key):
encrypt_array = []
block_array = chunks(message, 16)
if len(block_array[-1]) != 16:
block_array[-1] = pad_text(block_array[-1], 16)
for i in range(0, len(block_array)):
ecb_block = encrypt_aes_128_ecb(block_array[i], key)
encrypt_array.append(ecb_block)
return b"".join(encrypt_array)
def encrypt_cbc(message, key, iv, blocksize):
encrypt_array = []
block_array = chunks(message, blocksize)
if len(block_array[-1]) != blocksize:
block_array[-1] = pad_text(block_array[-1], 16)
for i in range(0, len(block_array)):
xor_block = bytes((b1 ^ b2) for b1, b2 in zip(block_array[i], iv))
iv = encrypt_aes_128_ecb(xor_block, key)
encrypt_array.append(iv)
return b"".join(encrypt_array)
def crypt(self, inbuf):
outbuf = []
for i, ib in enumerate(inbuf):
if i % self.block_size == 0:
ctr_data = struct.pack("QQ", self.nonce, self.counter)
self.counter += 1
keystream = challenge7.encrypt_aes_128_ecb(self.key, ctr_data)
ob = ord(ib) ^ ord(keystream[i % len(keystream)])
outbuf.append(chr(ob))
return "".join(outbuf)
def encryption_oracle(plaintext):
rand_key = get_rand_bytes(16)
rand_size1 = random.randint(5, 10)
rand_buf1 = get_rand_bytes(rand_size1)
rand_size2 = random.randint(5, 10)
rand_buf2 = get_rand_bytes(rand_size2)
plainbuf = rand_buf1 + plaintext + rand_buf2
plainbuf_padded = challenge9.pkcs7_pad(16, plainbuf)
if random.randrange(2):
mode = "ecb"
encbuf = challenge7.encrypt_aes_128_ecb(rand_key, plainbuf_padded)
else:
mode = "cbc"
rand_iv = get_rand_bytes(16)
encbuf = challenge10.encrypt_aes_128_cbc(rand_key, rand_iv, plainbuf_padded)
return encbuf, mode
if __name__ == "__main__":
random_key = challenge11.get_rand_bytes(16)
rand_size = random.randint(0, 64)
random_prefix = challenge11.get_rand_bytes(rand_size)
block_size = 16
num_padded_bytes = block_size - 1
base_block = chr(num_padded_bytes)*num_padded_bytes
# dictionary of "<byte><0xf padding>" encbufs
block_dict = {}
for i in range(256):
block = chr(i) + base_block
encbuf = challenge7.encrypt_aes_128_ecb(random_key, block)
block_dict[encbuf] = chr(i)
unknown_string = base64.b64decode("Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK")
plainbuf = []
for b in unknown_string:
# at some point within block_size, "<enc byte><0xf padding>" will be the last encrypted block
for i in range(block_size):
base_block = "A"*i
encbuf = encryption_oracle(random_prefix, base_block, b, random_key)
last_block = encbuf[-16:]
try:
if last_block in block_dict:
plain_byte = block_dict[last_block]
plainbuf.append(plain_byte)
def encrypt_profile(key, profile):
padded_profile = challenge9.pkcs7_pad(16, profile)
enc_profile = challenge7.encrypt_aes_128_ecb(key, padded_profile)
return enc_profile
def encryption_oracle(your_string, unknown_string, random_key):
plainbuf = your_string + unknown_string
encbuf = challenge7.encrypt_aes_128_ecb(random_key, plainbuf)
return encbuf