def send_msg(self, msg):
iv = chal11.get_random_bytes(16)
#print 'iv - ',iv
cipher = chal10.encrypt_CBC(msg, self.key, iv)
cipher = iv + cipher
#print cipher
self.c.send(cipher)
def CBC_padding_oracle_encrypt(key):
plaintext = base64.b64decode(random_strings[random.randint(
0,
len(random_strings) - 1)])
print '.',
iv = chal11.get_random_bytes(16)
plaintext = chal9.pad(plaintext, 16)
ciphertext = chal10.encrypt_CBC(plaintext, key, iv)
return ciphertext, iv
def encryption_oracle(plaintext):
aes_key = get_random_bytes(16)
plaintext = get_random_bytes(random.randint(
5, 10)) + plaintext + get_random_bytes(random.randint(5, 10))
ecb_flag = (0 == random.randint(0, 1))
#print ecb_flag
if ecb_flag:
#ecb encryption
plaintext = chal9.pad(plaintext, 16)
return chal7.encrypt_ECB(plaintext, aes_key)
else:
iv = get_random_bytes(16)
return chal10.encrypt_CBC(plaintext, aes_key, iv)
g = 2
a = randint(1, p)
A = pow(g, a, p)
packet = {}
packet['p'] = p
packet['g'] = g
packet['A'] = A
c.send(json.dumps(packet))
print "p,g,A sent to B"
response = json.loads(c.recv(1024))
B = response['B']
print 'B received'
msg = "Hello B"
s = pow(B, a, p)
hash = SHA1()
hash.update(str(s))
key = hash.hexdigest()[0:16]
#print key
iv = chal11.get_random_bytes(16)
#print 'iv - ',iv
cipher = chal10.encrypt_CBC(msg, key, iv)
cipher = iv + cipher
#print cipher
c.send(cipher)
response = c.recv(1024)
cipher = response[16:]
iv = response[:16]
msg = chal10.decrypt_CBC(cipher, key, iv)
print 'Message from B - ', msg
c.close()
iv = base64.b64decode(data['iv'])
msg = data['message']
msg_length = len(msg)
blocks = msg_length / len(iv)
print msg[blocks - 1 * 16:]
iv = iv[:-3] + chr(ord(iv[-3]) ^ ord('5') ^ ord('9')) + iv[-2:]
data['iv'] = base64.b64encode(iv)
msg = msg[:-3] + '9' + msg[-2:]
data['message'] = msg
response = requests.get('http://localhost:9000/transaction',
data=json.dumps(data))
print 'Attacker Test#1 - ', response.content == "Transaction Successful"
KEY = 'YELLOW_SUBMARINE'
iv = chal11.get_random_bytes(16)
msg = 'from=Target&to=Nitesh&amount=500'
mac = chal10.encrypt_CBC(msg, KEY, iv)[-16:]
data = {}
data['message'] = msg
data['iv'] = base64.b64encode(iv)
data['mac'] = base64.b64encode(mac)
response = requests.get('http://localhost:9000/transaction',
data=json.dumps(data))
print 'Server Test#1 - ', response.content == "Transaction Successful"
attack(data)
data['message'] = 'from=Target&to=Nitesh&amount=5000'
response = requests.get('http://localhost:9000/transaction',
data=json.dumps(data))
print 'Server Test#2 - ', response.content == "Mac doesn't match!"
def cbc_oracle(plaintext):
plaintext = plaintext.replace(';','')
plaintext = plaintext.replace('=','')
plaintext = "comment1=cooking%20MCs;userdata="+plaintext+";comment2=%20like%20a%20pound%20of%20bacon"
plaintext = chal9.pad(plaintext,16)
return chal10.encrypt_CBC(plaintext,KEY,iv)
def verify_mac(msg, iv, mac):
return mac == chal10.encrypt_CBC(msg, KEY, iv)[-16:]
def send_msg(self, msg):
iv = chal11.get_random_bytes(16)
cipher = chal10.encrypt_CBC(msg, self.key, iv)
cipher = iv + cipher
self.s.send(cipher)