def prob14Encrypt(rawInput):
unknownB64 = b'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg' + \
b'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq' + \
b'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg' + \
b'YnkK'
unknownRaw = base64toRaw(unknownB64)
return constant_ecb_encrypt(prefixValue + rawInput + unknownRaw)
def test18():
rawCipher = base64toRaw(
b'L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ=='
)
rawKey = b'YELLOW SUBMARINE'
rawIV = b'\x00' * 16
print(aes_ctr(rawCipher, rawKey, rawIV))
def prob14Encrypt(rawInput):
unknownB64 = b'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg' + \
b'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq' + \
b'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg' + \
b'YnkK'
unknownRaw = base64toRaw(unknownB64);
return constant_ecb_encrypt(prefixValue + rawInput + unknownRaw);
def checkPasswordToken(b64Token):
rawToken = base64toRaw(b64Token)
now = int(time())
for i in range(-100, 100): # +/- one hour
mt = MT19937(now + i)
mtOutput = b''
for i in range(6):
mtOutput += mt.extract_number().to_bytes(4, byteorder='big')
if (rawToken == mtOutput):
print("MT seed time = ", (now + i))
return (now - i)
return (-1)
def checkPasswordToken(b64Token):
rawToken = base64toRaw(b64Token);
now = int(time());
for i in range(-100, 100): # +/- one hour
mt = MT19937(now + i);
mtOutput = b'';
for i in range(6):
mtOutput += mt.extract_number().to_bytes(4, byteorder='big');
if (rawToken == mtOutput):
print("MT seed time = ", (now+i));
return (now-i);
return (-1);
b'QnV0IG5vdyBJIGxlYXJuZWQgdG8gZWFybiAnY3V6IEknbSByaWdodGVvdXMgLyBJIGZlZWwgZ3JlYXQsIHNvIG1heWJlIEkgbWlnaHQganVzdA==', \ b'U2VhcmNoIGZvciBhIG5pbmUgdG8gZml2ZSwgaWYgSSBzdHJpdmUgLyBUaGVuIG1heWJlIEknbGwgc3RheSBhbGl2ZQ==', \ b'U28gSSB3YWxrIHVwIHRoZSBzdHJlZXQgd2hpc3RsaW4nIHRoaXMgLyBGZWVsaW4nIG91dCBvZiBwbGFjZSAnY3V6LCBtYW4sIGRvIEkgbWlzcw==', \ b'QSBwZW4gYW5kIGEgcGFwZXIsIGEgc3RlcmVvLCBhIHRhcGUgb2YgLyBNZSBhbmQgRXJpYyBCLCBhbmQgYSBuaWNlIGJpZyBwbGF0ZSBvZg==', \ b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \ b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \ b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \ b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \ b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \ b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \ b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \ b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \ b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \ ] rawPlains = [base64toRaw(c) for c in b64Plains] aesKey = generateAESKey() rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains] # To exploit this: take your collection of ciphertexts and truncate # them to a common length (the length of the smallest ciphertext will # work). shortestCipherLength = min([len(c) for c in rawCiphers]) truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers] # Solve the resulting concatenation of ciphertexts as if for repeating- # key XOR, with a key size of the length of the ciphertext you XOR'd.''' def solve20():
b"SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==",
b"U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==",
b"U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=",
b"VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==",
b"QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu",
b"SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=",
b"VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs",
b"WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=",
b"SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0",
b"SW4gdGhlIGNhc3VhbCBjb21lZHk7",
b"SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=",
b"VHJhbnNmb3JtZWQgdXR0ZXJseTo=",
b"QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=",
]
rawPlain = [base64toRaw(b) for b in b64plain]
longestPlaintextLength = max([len(p) for p in rawPlain])
aeskey = generateAESKey()
rawCiphers = [aes_ctr(p, aeskey, b"\x00" * 16) for p in rawPlain]
def printSolution(guess, ciphers):
print("------------------------------")
print("Guess: ", guess)
for i in range(len(ciphers)):
print("Plain ", i, ": ", raw_xor(ciphers[i], guess))
def solve19():
"MVQHYhoGGksABwdJAB0ASTpFNwQcTRoDBBgDUkksGioRHUkKCE5THEVCC08E" + \
"EgF0BBwJSQoOGkgGADpfADETDU5tBzcJEFMLTx0bAHQJCx8ADRJUDRdMN1RH" + \
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM="
if __name__ == "__main__":
bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20)
# after running this with a bunch of different number of blocks, 29 always pops out.
# I'm confident 29 is the right answer.
splits = splitCipher(base64toRaw(b64cipher), 29)
key = ""
for s in splits:
key += (findKey(s))
print("Key: " + str(key))
print("Plain: " + str(
hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))))
def test10():
rawInput = base64toRaw(testInput)
rawOutput = aes_cbc_dec(
rawInput, b"YELLOW SUBMARINE", b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
)
print(str(rawOutput))
# decryption to validate them, and spat out an error if they were of the
# wrong parity.
def rsa_oracle_isodd(key, cipher):
plain = mypow(cipher, key['d'], key['N'])
return (plain & 1)
# Anyways: function returning true or false based on whether the
# decrypted plaintext was even or odd, and nothing else.
# Take the following string and un-Base64 it in your code (without
# looking at it!) and encrypt it to the public key, creating a
# ciphertext:
mystery_plain = int.from_bytes(base64toRaw(
'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='
),
byteorder='big')
mystery_cipher = mypow(mystery_plain, prob46_key['e'], prob46_key['N'])
# With your oracle function, you can trivially decrypt the message.
# Here's why:
# * RSA ciphertexts are just numbers. You can do trivial math on
# them. You can for instance multiply a ciphertext by the
# RSA-encryption of another number; the corresponding plaintext will
# be the product of those two numbers.
# * If you double a ciphertext (multiply it by (2**e)%n), the resulting
# plaintext will (obviously) be either even or odd.
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM=";
if __name__ == "__main__":
bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20);
# print(bestKeySizes);
# print(bestScores);
# after running this with a bunch of different number of blocks, 29 always pops out.
# I'm confident 29 is the right answer.
splits = splitCipher(base64toRaw(b64cipher), 29);
key = "";
for s in splits:
key += (findKey(s));
print("Key: " + str(key));
print("Plain: " + str(hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))));
from prob13 import removePKCS7Padding
# Combine your padding code and your CBC code to write two functions.
# The first function should select at random one of the following 10 strings:
b64Strings = [ b'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
b'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=',
b'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
b'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
b'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
b'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
b'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
b'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
b'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
b'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93' ];
rawStrings = [base64toRaw(s) for s in b64Strings];
# generate a random AES key (which it should save for all future
# encryptions),
aeskey = generateAESKey();
# pad the string out to the 16-byte AES block size and
# CBC-encrypt it under that key, providing the caller the ciphertext and
# IV.
def encryptString():
myString = rawStrings[getOneRandomByte() % len(rawStrings)];
iv = generateAESKey(); # it's a 16-byte value...
myOut = aes_cbc_enc(addPKCS7Padding(myString, 16), aeskey, iv);
return myOut, iv;
# The second function should consume the ciphertext produced by the
def doProb7():
rawCipher = base64toRaw(b64cipher);
rawKey = b'YELLOW SUBMARINE'
plain = aes_ecb_dec(rawCipher, rawKey);
return plain;
def test10():
rawInput = base64toRaw(testInput)
rawOutput = aes_cbc_dec(
rawInput, b'YELLOW SUBMARINE',
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
print(str(rawOutput))
b'QnV0IG5vdyBJIGxlYXJuZWQgdG8gZWFybiAnY3V6IEknbSByaWdodGVvdXMgLyBJIGZlZWwgZ3JlYXQsIHNvIG1heWJlIEkgbWlnaHQganVzdA==', \
b'U2VhcmNoIGZvciBhIG5pbmUgdG8gZml2ZSwgaWYgSSBzdHJpdmUgLyBUaGVuIG1heWJlIEknbGwgc3RheSBhbGl2ZQ==', \
b'U28gSSB3YWxrIHVwIHRoZSBzdHJlZXQgd2hpc3RsaW4nIHRoaXMgLyBGZWVsaW4nIG91dCBvZiBwbGFjZSAnY3V6LCBtYW4sIGRvIEkgbWlzcw==', \
b'QSBwZW4gYW5kIGEgcGFwZXIsIGEgc3RlcmVvLCBhIHRhcGUgb2YgLyBNZSBhbmQgRXJpYyBCLCBhbmQgYSBuaWNlIGJpZyBwbGF0ZSBvZg==', \
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
];
rawPlains = [base64toRaw(c) for c in b64Plains];
aesKey = generateAESKey();
rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains];
# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers]);
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers];
# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
keystream = b'';
def test18():
rawCipher = base64toRaw(b'L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==');
rawKey = b'YELLOW SUBMARINE';
rawIV = b'\x00' * 16;
print(aes_ctr(rawCipher, rawKey, rawIV));
"CA4aB0l0PD1MSQ8PEE87ADtbTmIGDAILAB0cRSo3ABwBRTYKFhROHUETCgZU" + \
"MVQHYhoGGksABwdJAB0ASTpFNwQcTRoDBBgDUkksGioRHUkKCE5THEVCC08E" + \
"EgF0BBwJSQoOGkgGADpfADETDU5tBzcJEFMLTx0bAHQJCx8ADRJUDRdMN1RH" + \
"YgYGTi5jMURFeQEaSRAEOkURDAUCQRkKUmQ5XgBIKwYbQFIRSBVJGgwBGgtz" + \
"RRNNDwcVWE8BT3hJVCcCSQwGQx9IBE4KTwwdASEXF01jIgQATwZIPRpXKwYK" + \
"BkdEGwsRTxxDSToGMUlSCQZOFRwKUkQ5VEMnUh0BR0MBGgAAZDwGUwY7CBdN" + \
"HB5BFwMdUz0aQSwWSQoITlMcRUILTxoCEDUXF01jNw4BTwVBNlRBYhAIGhNM" + \
"EUgIRU5CRFMkOhwGBAQLTVQOHFkvUkUwF0lkbXkbHUVUBgAcFA0gRQYFCBpB" + \
"PU8FQSsaVycTAkJHYhsRSQAXABxUFzFFFggICkEDHR1OPxoqER1JDQhNEUgK" + \
"TkJPDAUAJhwQAg0XQRUBFgArU04lUh0GDlNUGwpOCU9jeTY1HFJARE4xGA4L" + \
"ACxSQTZSDxsJSw1ICFUdBgpTNjUcXk0OAUEDBxtUPRpCLQtFTgBPVB8NSRoK" + \
"SREKLUUVAklkERgOCwAsUkE2Ug8bCUsNSAhVHQYKUyI7RQUFABoEVA0dWXQa" + \
"Ry1SHgYOVBFIB08XQ0kUCnRvPgwQTgUbGBwAOVREYhAGAQBJEUgETgpPGR8E" + \
"LUUGBQgaQRIaHEshGk03AQANR1QdBAkAFwAcUwE9AFxNY2QxGA4LACxSQTZS" + \
"DxsJSw1ICFUdBgpTJjsIF00GAE1ULB1NPRpPLF5JAgJUVAUAAAYKCAFFXjUe" + \
"DBBOFRwOBgA+T04pC0kDElMdC0VXBgYdFkU2CgtNEAEUVBwTWXhTVG5SGg8e" + \
"AB0cRSo+AwgKRSANExlJCBQaBAsANU9TKxFJL0dMHRwRTAtPBRwQMAAATQcB" + \
"FlRlIkw5QwA2GggaR0YBBg5ZTgIcAAw3SVIaAQcVEU8QTyEaYy0fDE4ITlhI" + \
"Jk8DCkkcC3hFMQIEC0EbAVIqCFZBO1IdBgZUVA4QTgUWSR4QJwwRTWM=";
if __name__ == "__main__":
bestKeySizes, bestScores = findKeySize(base64toHex(b64cipher), 20);
#print(bestKeySizes[1])
splits = splitCipher(base64toRaw(b64cipher), bestKeySizes[1]);
key = "";
for s in splits:
key += (findKey(s));
print("Key: " + str(key));
print("Plain: " + str(hexToRaw(repeating_hex_xor(base64toHex(b64cipher), rawToHex(key)))));
def test10():
rawInput = base64toRaw(testInput);
rawOutput = aes_cbc_dec(rawInput, b'YELLOW SUBMARINE', b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
print(str(rawOutput));
# bit of the message 0 or 1). Imagine for instance a server that
# accepted RSA-encrypted messages and checked the parity of their
# decryption to validate them, and spat out an error if they were of the
# wrong parity.
def rsa_oracle_isodd(key, cipher):
plain = mypow(cipher, key['d'], key['N']);
return (plain & 1);
# Anyways: function returning true or false based on whether the
# decrypted plaintext was even or odd, and nothing else.
# Take the following string and un-Base64 it in your code (without
# looking at it!) and encrypt it to the public key, creating a
# ciphertext:
mystery_plain = int.from_bytes(base64toRaw('VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='), byteorder='big');
mystery_cipher = mypow(mystery_plain, prob46_key['e'], prob46_key['N']);
# With your oracle function, you can trivially decrypt the message.
# Here's why:
# * RSA ciphertexts are just numbers. You can do trivial math on
# them. You can for instance multiply a ciphertext by the
# RSA-encryption of another number; the corresponding plaintext will
# be the product of those two numbers.
# * If you double a ciphertext (multiply it by (2**e)%n), the resulting
# plaintext will (obviously) be either even or odd.
# * If the plaintext after doubling is even, doubling the plaintext
b'SGUgbWlnaHQgaGF2ZSB3b24gZmFtZSBpbiB0aGUgZW5kLA==', \
b'U28gc2Vuc2l0aXZlIGhpcyBuYXR1cmUgc2VlbWVkLA==', \
b'U28gZGFyaW5nIGFuZCBzd2VldCBoaXMgdGhvdWdodC4=', \
b'VGhpcyBvdGhlciBtYW4gSSBoYWQgZHJlYW1lZA==', \
b'QSBkcnVua2VuLCB2YWluLWdsb3Jpb3VzIGxvdXQu', \
b'SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=', \
b'VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs', \
b'WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=', \
b'SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0', \
b'SW4gdGhlIGNhc3VhbCBjb21lZHk7', \
b'SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=', \
b'VHJhbnNmb3JtZWQgdXR0ZXJseTo=', \
b'QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=', \
]
rawPlain = [base64toRaw(b) for b in b64plain]
longestPlaintextLength = max([len(p) for p in rawPlain])
aeskey = generateAESKey()
rawCiphers = [aes_ctr(p, aeskey, b'\x00' * 16) for p in rawPlain]
def printSolution(guess, ciphers):
print("------------------------------")
print("Guess: ", guess)
for i in range(len(ciphers)):
print("Plain ", i, ": ", raw_xor(ciphers[i], guess))
def solve19():
def doProb7():
rawCipher = base64toRaw(b64cipher)
rawKey = b'YELLOW SUBMARINE'
plain = aes_ecb_dec(rawCipher, rawKey)
return plain