def test_aes_cbc_encrypt(): """ Set 2, Challenge 10 """ aes_cbc = AESOracle(mode=AesMode.CBC, key='1122334455667788', prepend='', append='') iv = '112233445566778899aabbccddeeff00'.decode('hex') assert (aes_cbc.encrypt('0102030405060708', iv) == ('\xda\x84\xe4\xf7>{\xbb\x83\xa5\x8d\x04\x05Iv\xaa9\xa1X\xdeyu\xa8P\xc4\xcfnoui\xc4\xbb\xfe', iv))
def test_break_encrypted(): """ Set 2, Challenge 13 """ key = os.urandom(16) aes_ecb = AESOracle(key=key, mode=AesMode.ECB, prepend='', append='', encode_fn=profile_for, decode_fn=key_value_parser) # Make sure our test setup is working assert aes_ecb.decrypt(aes_ecb.encrypt('*****@*****.**')) == {'email': '*****@*****.**', 'uid': '10', 'role': 'user'} # Run the real test assert aes_ecb.decrypt(set2.break_encrypted_profile(aes_ecb.encrypt)) == {'email': '*****@*****.**', 'uid': '10', 'role': 'admin'}
def test_break_ctr(): """ Set 3, Challenge 19 """ test_strings = ["SSBoYXZlIG1ldCB0aGVtIGF0IGNsb3NlIG9mIGRheQ==" "Q29taW5nIHdpdGggdml2aWQgZmFjZXM=", "RnJvbSBjb3VudGVyIG9yIGRlc2sgYW1vbmcgZ3JleQ==", "RWlnaHRlZW50aC1jZW50dXJ5IGhvdXNlcy4=", "SSBoYXZlIHBhc3NlZCB3aXRoIGEgbm9kIG9mIHRoZSBoZWFk", "T3IgcG9saXRlIG1lYW5pbmdsZXNzIHdvcmRzLA==", "T3IgaGF2ZSBsaW5nZXJlZCBhd2hpbGUgYW5kIHNhaWQ=", "UG9saXRlIG1lYW5pbmdsZXNzIHdvcmRzLA==", "QW5kIHRob3VnaHQgYmVmb3JlIEkgaGFkIGRvbmU=", "T2YgYSBtb2NraW5nIHRhbGUgb3IgYSBnaWJl", "VG8gcGxlYXNlIGEgY29tcGFuaW9u", "QXJvdW5kIHRoZSBmaXJlIGF0IHRoZSBjbHViLA==", "QmVpbmcgY2VydGFpbiB0aGF0IHRoZXkgYW5kIEk=", "QnV0IGxpdmVkIHdoZXJlIG1vdGxleSBpcyB3b3JuOg==", "QWxsIGNoYW5nZWQsIGNoYW5nZWQgdXR0ZXJseTo=", "QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=", "VGhhdCB3b21hbidzIGRheXMgd2VyZSBzcGVudA==", "SW4gaWdub3JhbnQgZ29vZCB3aWxsLA==", "SGVyIG5pZ2h0cyBpbiBhcmd1bWVudA==", "VW50aWwgaGVyIHZvaWNlIGdyZXcgc2hyaWxsLg==", "V2hhdCB2b2ljZSBtb3JlIHN3ZWV0IHRoYW4gaGVycw==", "V2hlbiB5b3VuZyBhbmQgYmVhdXRpZnVsLA==", "U2hlIHJvZGUgdG8gaGFycmllcnM/", "VGhpcyBtYW4gaGFkIGtlcHQgYSBzY2hvb2w=", "QW5kIHJvZGUgb3VyIHdpbmdlZCBob3JzZS4=", "VGhpcyBvdGhlciBoaXMgaGVscGVyIGFuZCBmcmllbmQ=", "V2FzIGNvbWluZyBpbnRvIGhpcyBmb3JjZTs=", "SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==", "U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==", "U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=", "VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==", "QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu", "SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=", "VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs", "WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=", "SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0", "SW4gdGhlIGNhc3VhbCBjb21lZHk7", "SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=", "VHJhbnNmb3JtZWQgdXR0ZXJseTo=", "QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4="] ctr_oracle = AESOracle(mode=AesMode.CTR, key='YELLOW SUBMARINE', prepend='', append='') def fixed_nonce(): while True: yield struct.pack('<QQ', 5, 1) test_strings = [s.decode('base64') for s in test_strings] test_ciphertexts = [ctr_oracle.encrypt(pt, fixed_nonce()) for pt in test_strings] # There are not enough samples to break this perfectly assert set3.break_repeating_nonce_ctr(test_ciphertexts)[0] == 'i have met them\nAt close of day'
def test_aes_ctr(): """ Set 3, Challenge 18 """ test_string = "L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==".decode('base64') ctr_oracle = AESOracle(mode=AesMode.CTR, key='YELLOW SUBMARINE', prepend='', append='') assert ctr_oracle.decrypt(test_string, simple_nonce_generator()) == "Yo, VIP Let's kick it Ice, Ice, baby Ice, Ice, baby " my_test = 'A' * 22 assert ctr_oracle.decrypt(ctr_oracle.encrypt(my_test, simple_nonce_generator()), simple_nonce_generator()) == my_test
def test_cbc_bitflipping_attack(): """ Set 2, Challenge 16 """ def parse_by_semi(text): print text print text.split(';') return [key_value_parser(s) for s in text.split(';')] aes_cbc = AESOracle(key=os.urandom(16), mode=AesMode.CBC, prepend='comment1=cooking%20MCs;userdata=', append=';comment2=%20like%20a%20pound%20of%20bacon', encode_fn=quote, decode_fn=parse_by_semi) ciphertext, iv = set2.cbc_bitflipping_attack(aes_cbc.encrypt) assert {'admin': 'true'} in aes_cbc.decrypt(ciphertext, iv)
def test_cbc_padding_oracle(): """ Set 3, Challenge 17 """ test_strings = ['MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=', 'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=', 'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==', 'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==', 'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl', 'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==', 'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==', 'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=', 'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=', 'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'] cbc_oracle = AESOracle(mode=AesMode.CBC, key=os.urandom(16), prepend='', append='') padding_check_fn = gen_padding_check(cbc_oracle) for test_string in test_strings: test_string = test_string.decode('base64') ciphertext, iv = cbc_oracle.encrypt(test_string) assert set3.cbc_padding_oracle(ciphertext, iv, padding_check_fn) == test_string