def attack(self):
message = b'\x00admin\x00true\x00'
ciphertext = bytearray(self.oracle.encrypt(message))
ciphertext[48] = bl(xor(bytes([ciphertext[48]]), self.semi_colon))
ciphertext[48 + 6] = bl(xor(bytes([ciphertext[48 + 6]]), self.equal))
ciphertext[48 + 11] = \
bl(xor(bytes([ciphertext[48 + 11]]), self.semi_colon))
return self.oracle.decrypt(ciphertext)
def main():
lines = read_file('./s3f19.txt')
ciphertexts = encrypt(lines)
cracked_key = crack_key_ctr(ciphertexts)
print("[*] key: " + str(cracked_key))
for c in ciphertexts:
print(xor(cracked_key, c))
def encrypt(self, plaintext, seed=None):
ciphertext = b''
if seed is not None:
self.prng = MT19937(seed)
for p in plaintext:
key = bytes([self.prng.extract_number() % 256])
ciphertext += xor(key, bytes([p]))
return ciphertext
def attack(self, injection, block):
bsize = self.get_bsize()
# Not work when IV is randomized
equal_length = self.get_prefix()
# payload[:16] will be decrypted in garbage
payload = 'a' * (bsize * 2)
if self.debug:
print(Fore.YELLOW + "[*] Dictionary : " + str(dict))
print(Fore.YELLOW + "[*] Payload : " + str(payload))
print(Fore.YELLOW + "[*] Blocksize : " + str(bsize))
print(Fore.YELLOW + "[*] Equal length : " + str(equal_length))
# p_{i+1} xor 'a' * 16 xor ;admin = true;bbbb
# p_{i+1} = ;admin=true;bbbb
ciphertext = list(self.oracle.encrypt(payload))
ct = ciphertext[(bsize * block):(bsize * (block + 1))]
xored = list(xor(xor(bytes(ct), b'a' * bsize), injection))
ciphertext[(bsize * block):(bsize * (block + 1))] = xored
return bytes(ciphertext)
def main():
message = ("comment1=cooking%20MCs;userdata="
"comment2=%20like%20a%20pound%20of%20bacon").encode()
oracle = Oracle()
ciphertext, iv = oracle.encrypt(message)
ciphertext_tampered = attack(ciphertext)
plaintext = oracle.decrypt(iv, ciphertext_tampered)
blocks = [plaintext[i:i + AES.block_size] \
for i in range(0, len(plaintext), AES.block_size)]
cracked_key = xor(blocks[0], blocks[2])
assert oracle.key == cracked_key
print("[*] cracked key: " + str(cracked_key))
def encrypt(self, nonce, plaintext):
counter = 0
block = plaintext[counter:(counter * self.blocksize) + self.blocksize]
iv = pack("<QQ", nonce, counter)
ciphertext = iv
while block:
ciphertext += mc.xor(self.aes.encrypt(iv), block)
counter += 1
iv = pack("<QQ", nonce, counter)
block = plaintext[counter * self.blocksize:\
(counter * self.blocksize) + self.blocksize]
return ciphertext
def create_payload(self, ct, pad, char):
p = xor(xor(ct[-len(pad):], pad), char)
return ct[:-len(pad)] + p