def aesRandomEncOracle(bstr_clear, bits=128):
"""
encrypt input with random key and random appended and prepended bytes
return: cipher and (for verification) encryption mode as tuple
"""
blocksize = 16
key = os.urandom(blocksize)
numbytes = random.randint(5, 10)
bytes_prepend = os.urandom(numbytes)
bytes_append = os.urandom(numbytes)
bstr_clear = misc.padPKCS7(bytes_prepend + bstr_clear + bytes_append,
blocksize)
mode_switch = random.randint(1, 2)
mode = ""
if mode_switch == 1:
mode = 'ecb'
else:
mode = 'cbc'
cipher = b''
if mode_switch == 1:
cipher = aes.aesEncrypt(bstr_clear, key, 128, mode=mode, bstr_IV=None)
else:
IV = os.urandom(blocksize)
cipher = aes.aesEncrypt(bstr_clear, key, 128, mode=mode, bstr_IV=IV)
return (cipher, mode)
def _ctrAppendMakeSecret(bstr_chosen):
blocksize = 16
bstr_urlencoded_chosen = bytes(urllib.parse.quote_plus(bstr_chosen),
'ascii')
bstr_urlencoded_chosen = bstr_chosen
bstr_clear = misc.padPKCS7(
bstr_prefix + bstr_urlencoded_chosen + bstr_suffix, blocksize)
return aes.aesCTR(bstr_clear, bstr_key, 128, bstr_nonce)
def _cbcAppendMakeSecret(bstr_chosen):
blocksize = 16
#bstr_urlencoded_chosen = bytes(urllib.parse.quote_plus(bstr_chosen), 'ascii')
bstr_urlencoded_chosen = bstr_chosen
bstr_clear = misc.padPKCS7(
bstr_prefix + bstr_urlencoded_chosen + bstr_suffix, blocksize)
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='cbc',
bstr_IV=bstr_IV)
def _ecbAppendMakeSecret(bstr_chosen):
"""
give clear input and append unkown clear string (to be cracked) and prepend
random number of random bytes to input before encrypting
"""
blocksize = 16
bstr_prefix = os.urandom(random.randint(5, 38))
bstr_clear = misc.padPKCS7(bstr_prefix + bstr_chosen + to_crack,
blocksize)
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='ecb',
bstr_IV=None)
def _ecbAppendMakeSecret(bstr_chosen):
"""
give clear input and append unkown clear string (to be cracked) before encrypting
"""
blocksize = 16
bstr_clear = misc.padPKCS7(bstr_chosen + to_crack, blocksize)
# print(bstr_clear)
# print(chr(bstr_clear[15]))
#print(chr(aes.aesEncrypt(bstr_clear, bstr_key, 128, mode='ecb', bstr_IV=None)[15]))
return aes.aesEncrypt(bstr_clear,
bstr_key,
128,
mode='ecb',
bstr_IV=None)
#!/usr/bin/python3
from crypto_algos import misc
from crypto_algos.challenge_specific import InvalidPKCS7Error, hasValidPKCS7
padded = misc.padPKCS7(b'12345678', 16)
padded = b'1234567812345678\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10'
padded = b'\xad\x0b\xa3\xab\x1fF\xa5\x035\xb8\xb5\xfbn\xa2\x1a\x04\x19\x1a\x1b\x1c\x1d\x1e\x1f\x10\x1d\x1e\x1f\x10\x19\x1a\x1b\x01'
try:
hasValidPKCS7(padded, 16)
except InvalidPKCS7Error:
print('invalid pkcs7')
else:
print('valid pkcs7')
def _decryptProfile(encrypted_profile, bstr_key):
return aes.aesDecrypt(encrypted_profile, bstr_key, 128, mode='ecb')
def decryptParse(encrypted_profile):
bstr_key = b'1234567812345678'
urlenc_prof = _decryptProfile(encrypted_profile, bstr_key).decode('ascii')
urlenc_prof = misc.unpadPKCS7(urlenc_prof.encode('ascii'), 16)
return _profDecode(urlenc_prof.decode('ascii'))
json_prof = profileFor('*****@*****.**')
#json_prof = profileFor('[email protected]')
print(json_prof)
prof_encoded = _profEncode(json_prof)
print(prof_encoded)
print(_profDecode(prof_encoded))
bstr_key = b'1234567812345678'
prof_encoded = misc.padPKCS7(bytes(prof_encoded, 'ascii'),16)
prof_encrypted = _encryptProfile(prof_encoded, bstr_key)
print(prof_encrypted)
#prof_encrypted = b'\xc0x\xc6\xd1)~\xf3J\xb2\xbb\xe5\xd8\x02#\xa6!\xc3\x07\xa3s\xd8\x16\x87C\xb1\xe6\xbb\xf3\xf7\x00\xab!\x93^\xec\x11T\x9c&\xa2\x01\xb8{\xf7^:\x0e\x97'
prof_encrypted = b'\xbdC\x10\x15\xb8\xdd\xfb\x17\xf0\xa0ki\xd8\xa4cd\xbdC\x10\x15\xb8\xdd\xfb\x17\xf0\xa0ki\xd8\xa4cd\x93^\xec\x11T\x9c&\xa2\x01\xb8{\xf7^:\x0e\x97\xd9j\xa4+Y\x15\x1a\x9e\x9bY%\xfc\x9d\x95\xad\xaf'
prof_decrypted = _decryptProfile(prof_encrypted, bstr_key)
prof_decrypted = misc.unpadPKCS7(prof_decrypted, 16)
print(prof_decrypted)
print(decryptParse(prof_encrypted))
#!/usr/bin/python3
from crypto_algos import aes
from crypto_algos.challenge_specific import hasValidPKCS7, makeCBCPaddingOracle
from crypto_algos.attack.blockcipher import cbc
from crypto_algos.misc import padPKCS7
import random, base64, os
key = os.urandom(16)
IV = os.urandom(16)
f = open('17-strings.txt', 'r')
b64strings = f.read().split('\n')
choose_str_index = random.randint(0, len(b64strings) - 1)
secret = base64.b64decode(b64strings[choose_str_index])
secret_padded = padPKCS7(secret, 16)
for s in b64strings:
print(base64.b64decode(s))
cipher = aes.aesEncrypt(secret_padded, key, 128, mode='cbc', bstr_IV=IV)
# ^ is this: b'\x8c\x02g\xea\xa2\xd5\xf5\x0e/\xf6B\x0b\xc6/hr\xc7|yTZR\xed)\xa4UU6\x19\x9a\xaa\xa8'
#aes.aesDecrypt(cipher, key, 128, mode='cbc', bstr_IV=IV)
cbcPaddingOracle = makeCBCPaddingOracle(key, IV)
clear = cbc.paddingOracleAttack(cipher, 16, cbcPaddingOracle, IV=IV)
print(clear)
def testPadPKCS7(self):
txt = b'12345678123456'
expected_padded = b'12345678123456\x02\x02'
padded = misc.padPKCS7(txt, 16)
self.assertEqual(padded, expected_padded)
from crypto_algos import misc print(misc.padPKCS7(b'12345678', 16))