import collections import random import string import unittest from Crypto.Cipher import AES from Crypto.Util import py3compat import padlib, stringlib KEY = 'x]ln6jSC=Fk&b43Q' BLOCKSIZE = 16 BASE64_SUFFIX = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK" SUFFIX = stringlib.decode_base64(BASE64_SUFFIX).decode("ascii") def encryption_oracle(plaintext, suffix=SUFFIX, key=KEY): cipher = AES.new(key, AES.MODE_ECB) plaintext = padlib.pad_pkcs7(plaintext + suffix, BLOCKSIZE) return cipher.encrypt(plaintext) def solve(msg_len, bs): dec_msg = [] test_7block = "a" * (bs - 1) for block_idx in range((msg_len + bs - 1) // bs): for byte_offset in range(bs): if block_idx * bs + byte_offset >= msg_len: return ''.join(dec_msg) shift_pad = (bs - byte_offset - 1) * "a" ciphertext = encryption_oracle(shift_pad) target_block = ciphertext[bs * block_idx: bs * (block_idx + 1)]
import collections import random import string import unittest from Crypto.Cipher import AES from Crypto.Util import py3compat import padlib, stringlib KEY = 'x]ln6jSC=Fk&b43Q' BLOCKSIZE = 16 BASE64_SUFFIX = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK" SUFFIX = stringlib.decode_base64(BASE64_SUFFIX).decode("ascii") def encryption_oracle(plaintext, suffix=SUFFIX, key=KEY): cipher = AES.new(key, AES.MODE_ECB) plaintext = padlib.pad_pkcs7(plaintext + suffix, BLOCKSIZE) return cipher.encrypt(plaintext) def solve(msg_len, bs): dec_msg = [] test_7block = "a" * (bs - 1) for block_idx in range((msg_len + bs - 1) // bs): for byte_offset in range(bs): if block_idx * bs + byte_offset >= msg_len: return ''.join(dec_msg) shift_pad = (bs - byte_offset - 1) * "a" ciphertext = encryption_oracle(shift_pad)
def solve(base64_ciphertext, key, nonce): prefix = struct.pack('<Q', nonce) ctr = Counter.new(64, prefix=prefix, initial_value=0, little_endian=True) cipher = AES.new(key, AES.MODE_CTR, counter=ctr) ciphertext = stringlib.decode_base64(base64_ciphertext) return cipher.decrypt(ciphertext)
def solve(key, filename): cipher = AES.new(key, AES.MODE_ECB) with open(filename, "r") as f: ciphertext = ''.join(line.rstrip() for line in f.readlines()) unbase64 = stringlib.decode_base64(ciphertext) return cipher.decrypt(unbase64)