def main(): global random_key global to_prepend random_key = challenge11.random_string(AES.block_size) to_prepend = challenge11.random_string(randint(1, 32)) guessed_block_size = guess_block_size(encrypt_oracle) guessed_offset = guess_offset(encrypt_oracle) guessed_ecb = challenge11.guess_ecb(encrypt_oracle(b'?' * guessed_offset[1] + b'YELLOW SUBMARINEYELLOW SUBMARINE')) # print('Block size: ', guessed_block_size) # print('ECB: ', guessed_ecb) # print('Offset: ', guessed_offset) prevs = bytearray() block_n = 0 for i in range(24): prevs += decrypt_block(encrypt_oracle, guessed_block_size, prevs, guessed_offset) block_n += 1 #print(prevs) correct = bytearray(b'Three Rings for the Elven-kings under the sky,\r\nSeven for the Dwarf-lords in their halls' b' of stone,\r\nNine for Mortal Men doomed to die,\r\nOne for the Dark Lord on his dark throne' b'\r\nIn the Land of Mordor where the Shadows lie.\r\nOne Ring to rule them all, One Ring to' b' find them,\r\nOne Ring to bring them all, and in the darkness bind them,\r\nIn the Land of ' b'Mordor where the Shadows lie.\x01\x00\x00\x00\x00') if prevs != correct: print('Error at: ', guessed_offset)
def main(): mac = secret_prefix_mac(plaintext, random_string(16)) print(mac) mac2 = secret_prefix_mac( b'Alight, winds approach deadly approaching winds alight.', random_string(16)) print(mac2)
def profile_for(username): username = username.replace('&', '') username = username.replace('=', '') str = 'email=' + username + '&uid=10&role=user' random_key = random_string(16) aes = AES.new(random_key) return aes.encrypt(pkcs7padding(bytes(str, encoding='utf-8'))), random_key
def aes_ctr_enc_lines(filename): ciphertexts = [] key = random_string(16) # Original challenge set this to 0. But that's boring. nonce = random.randint(4294967296, 9223372036854775807) with open(filename, 'rb') as file: for line in file.readlines(): ciphertexts.append( aes_ctr_crypt(binascii.a2b_base64(line), key, nonce)) return ciphertexts
def cbc_padding_oracle(c1, c2): assert (len(c1) == len(c2) == AES.block_size) p2 = bytearray([0] * AES.block_size) chosen_c1 = bytearray(random_string(AES.block_size)) # note that padding is the amount of padding this iteration is attempting to achieve. -padding is the byte being set for padding in range(1, AES.block_size + 1): for c in range(256): chosen_c1[-padding] = c if check_cbc_padding_random(c2, chosen_c1): break p2[-padding] = chosen_c1[-padding] ^ padding ^ c1[-padding] for i in range(1, padding + 1): chosen_c1[-i] = chosen_c1[-i] ^ padding ^ (padding + 1) return p2
#!/usr/bin/env python3 import binascii from Crypto.Cipher import AES import challenge11 import challenge9 random_key = challenge11.random_string(AES.block_size) def encrypt_oracle(plaintext): to_append = binascii.a2b_base64('Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg'\ 'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq'\ 'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg'\ 'YnkK') global random_key aes = AES.new(random_key) ciphertext = aes.encrypt(challenge9.pkcs7padding(plaintext + to_append)) return ciphertext def guess_block_size(oracle): last_block_size = 0 this_block_size = 0 length = 1 while last_block_size == 0 or this_block_size == last_block_size: last_block_size = this_block_size this_block_size = len(oracle(b'A' * length)) length += 1 return this_block_size - last_block_size
#!/usr/bin/env python import sys import challenge11 import string import challenge9 key = challenge11.random_string() def oracle_function(data): to_append = \ '''Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg YnkK''' return challenge11.encrypt_AES_ECB(data + to_append.decode('base64'), key) if __name__ == '__main__': # Step 1 block_size = 0 while True: result = oracle_function('A' * block_size) if challenge11.is_ECB(result): break block_size += 1 block_size /= 2 print 'Step #1: Block size length = {}'.format(block_size) # Step 2 if challenge11.is_ECB(oracle_function('A' * block_size * 4)):
def encrypt_cbc_random(): plaintext = binascii.a2b_base64(random.choice(possible_b64_plaintexts)) iv = random_string(AES.block_size) return aes_cbc_encrypt(plaintext, random_key, iv), iv
from challenge15 import strip_pkcs7padding possible_b64_plaintexts = [ 'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=', 'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=', 'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==', 'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==', 'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl', 'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==', 'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==', 'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=', 'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=', 'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93]' ] random_key = random_string(AES.key_size[0]) def encrypt_cbc_random(): plaintext = binascii.a2b_base64(random.choice(possible_b64_plaintexts)) iv = random_string(AES.block_size) return aes_cbc_encrypt(plaintext, random_key, iv), iv def check_cbc_padding_random(ciphertext, iv): ciphertext = bytes(ciphertext) iv = bytes(iv) try: plaintext = aes_cbc_decrypt(ciphertext, random_key, iv) return True except ValueError:
#!/usr/bin/env python3 from challenge2 import fixed_xor from util import * from challenge18 import aes_ctr_crypt from challenge11 import random_string import random from urllib.parse import quote, unquote random_key = random_string(16) random_nonce = random.getrandbits(16) def build_profile(userdata): plaintext = ('comment1=cooking%20MCs;userdata=' + quote(userdata) + ';comment2=%20like%20a%20pound%20of%20bacon') plaintext = bytearray(plaintext, encoding='utf-8') ciphertext = aes_ctr_crypt(plaintext, random_key, random_nonce) return ciphertext def authenticate(ciphertext): plaintext = aes_ctr_crypt(ciphertext, random_key, random_nonce) info_dict = {} for pair in plaintext.split(b';'): k, v = pair.split(b'=') info_dict[bytes(unquote(k.decode(errors='ignore')), encoding='utf-8')] = \ bytes(unquote(v.decode(errors='ignore')), encoding='utf-8') if b'admin' in info_dict and info_dict[b'admin'] == b'true': print('Logged in as admin. ') return True, plaintext