def main(argv): ciphertext = argv[1].decode("hex") desired_plaintext = argv[2] cipher_bytes = map(ord, ciphertext) cipher_mod = cipher_bytes[0:16] + [ random.randint(0x80, 0xff) for i in xrange(16) ] + cipher_bytes[32:48] decr_out = [] for n_pad in xrange(1, 17): for bval in xrange(0, 256): cipher_mod[32 - n_pad] = bval if vulnerable.decr(''.join(map(chr, cipher_mod))) == "SUCCESS": decr_out.insert(0, bval ^ n_pad) cipher_mod[32 - n_pad:32] = [ x ^ y for (x, y) in zip(decr_out, [n_pad + 1] * n_pad) ] break desired_bytes = map(ord, desired_plaintext) cipher_bytes[32 - len(desired_bytes) - 1:31] = [ x ^ y for (x, y) in zip(decr_out[16 - len(desired_bytes) - 1:15], desired_bytes) ] cipher_bytes[31] = decr_out[15] ^ 0x01 with open('cipher.txt', 'w') as f: f.write(''.join(map(chr, cipher_bytes)))
def Main(): #valid = False T = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] c = list(C) DP = list(dp) DP.append(chr(1)) lenDP = len(DP) for i in range(0, lenDP): original = c[31 - i] array = [] index = -1 for j in range(0, 256): c[31 - i] = chr(j) if vulnerable.decr(''.join(c)) == "SUCCESS": array.append(j) for j in range(0, len(array)): if array[j] != ord(original): index = array[j] #print index break if index == -1: index = ord(original) c[31 - i] = chr(index) T[15 - i] = chr(ord(c[31 - i]) ^ (i + 1)) if i != lenDP - 1: for j in range(0, i + 1): c[31 - j] = chr(ord(T[15 - j]) ^ (i + 2)) for i in range(0, lenDP): c[31 - i] = chr(ord(T[15 - i]) ^ ord(DP[lenDP - i - 1])) #out = ''.join(c) #f = open("cipher.txt", "w") #f.write(out) #f.close() sys.stdout.write(''.join(c))
def findCipher(padded_DP): T = [0] * 16 ciphertext = list(original_ciphertext) cipher_to_return = list(original_ciphertext) padding_length = 1 cipher_index = 31 for j in range(0, len(padded_DP) ): # for each character of the 2. ciphertext block C[16:31] success_array = [] cipher_index = 31 - j for i in range(0, 256): # try all possible hex values 0-255 ciphertext[cipher_index] = chr(i) if vulnerable.decr(''.join(ciphertext)) == "SUCCESS": success_array.append(chr(i)) if len(success_array) == 2: break if len(success_array) == 2: for m in range(2): if success_array[m] != original_ciphertext[cipher_index]: T[15 - j] = ord( success_array[m] ) ^ padding_length # T[15] = i xor 0x1, T[14] = i xor 0x2, ... padding_length += 1 for k in range( 0, j + 1 ): # update ciphertext values: C[31] = T[15] xor 0x2, ... ciphertext[31 - k] = chr(T[15 - k] ^ padding_length) elif len(success_array) == 1: T[15 - j] = ord( success_array[0] ) ^ padding_length # T[15] = i xor 0x1, T[14] = i xor 0x2, ... padding_length += 1 for k in range( 0, j + 1): # update ciphertext values: C[31] = T[15] xor 0x2, ... ciphertext[31 - k] = chr(T[15 - k] ^ padding_length) for i in range(0, len(padded_DP)): cipher_to_return[31 - i] = chr(T[15 - i] ^ ord(padded_DP[len(padded_DP) - 1 - i])) return ''.join(cipher_to_return)
def calculateTBlock(ct): t_block = bytearray([0xff] * 16) ct_array = bytearray(ct) for t_index in range(16): c_index = 31 - t_index for i in range(256): test_block = createTestBlock(t_block, t_index, i) fake_ct = str(ct[:16] + test_block + ct[32:]) if "SUCCESS" == vulnerable.decr(fake_ct) and i != ct[c_index]: t_block[15 - t_index] = i break return t_block
def main(): print(sys.argv) print(v.encr(sys.argv[1])) ciphertext = sys.argv[1] desPlain = sys.argv[2] print(ciphertext) print(desPlain) state = 1 i = 0 val = 31 print(ciphertext[:31] + chr(i)) while (val > 15): while (i < 255): if (v.decr(ciphertext[:31] + chr(i)) == "SUCCESS" and ciphertext[val] != chr(i)): state = ord(i) i = i + 1 val = val - 1 print(state)
def main(): #ciphertext = v.encr(sys.argv[1]) #print(sys.argv) ciphertext = sys.argv[1] desPlain = sys.argv[2] #print(ciphertext) #print(desPlain) T = [''] * 16 i = 0 val = 31 k = 15 #print(ciphertext[0:31]+chr(i)) xorVal = 1 state = 0 newfor = 15 newXor = 2 newVal = 31 whileval = len(desPlain) + 0 lastCipher = sys.argv[1] while (val > 15): #print(val) i = 0 if (state): # newXor = 2 newfor = 15 newVal = 31 for x in range(0, 31 - val): new = list(ciphertext) new[newVal] = chr(T[newfor] ^ newXor) ciphertext = ''.join(new) newfor = newfor - 1 newVal = newVal - 1 #ciphertext[val+1] = chr( T[k+1] ^ xorVal) newXor = newXor + 1 temp = ciphertext[val] while (i < 256): new = list(ciphertext) new[val] = chr(i) ciphertext = ''.join(new) #print(ciphertext[0:32]) #print(''.join(new)) if (v.decr(ciphertext) == "SUCCESS" and ord(temp) != i): # print(xorVal) # print(k) # print(temp) T[k] = ord(chr(i)) ^ xorVal xorVal = xorVal + 1 k = k - 1 state = 1 break elif (i == 255): T[k] = ord(temp) ^ xorVal #sys.stderr.write(str(ord(temp))+"\n") xorVal = xorVal + 1 k = k - 1 state = 1 i = i + 1 val = val - 1 i = 0 retCipher = ciphertext[0:32] desPlain = desPlain + chr(1) lastVal = len(desPlain) ind = 32 - len(desPlain) tind = 0 while (lastVal > 0): new = list(ciphertext) new[ind] = chr(T[16 - lastVal] ^ ord(desPlain[tind])) ciphertext = ''.join(new) tind = tind + 1 ind = ind + 1 lastVal = lastVal - 1 #chiphertext=ciphertext[32-len(desPlain):32]^T[16-len(desPlain):16] #sys.stderr.write(str(T)) result = lastCipher[0:32 - len(desPlain)] + ciphertext[ 32 - len(desPlain):32] + lastCipher[32:] sys.stdout.write(result) f = open('cipher.txt', 'w') print >> f, result #print("0000000000000000") return result
T = "*" * 16 for pad_len, i in enumerate(reversed(range(DP_start_index, 16))): # update T[i] pad_len += 1 old_byte = C2[i] l_new_byte = [] temp_C2 = C2 for j in range(i + 1, 16): temp_C2 = modify_string(temp_C2, j, chr(ord(T[j]) ^ pad_len)) for byte in possible_bytes: if vulnerable.decr(C1 + modify_string(temp_C2, i, byte) + C3) == "SUCCESS": l_new_byte.append(byte) if len(l_new_byte) == 1: new_byte = l_new_byte[0] elif l_new_byte[0] == old_byte: new_byte = l_new_byte[1] else: new_byte = l_new_byte[0] new_byte = chr(ord(new_byte) ^ pad_len) T = modify_string(T, i, new_byte) DP = "*" * (16 - DP_len) + DP for i in range(DP_start_index, 16):