Exemplo n.º 1
0
 def decrypt(self, c):
     c = PKCS7(c, 16)
     c_block = []
     cipher = AES.new(self.key, AES.MODE_ECB)
     for i in range(len(c) // 16):
         c_block.append(c[16 * i:16 * (i + 1)])
     plaintext = b""
     for i in range(len(c_block) - 1):
         plaintext_i = xor(cipher.decrypt(c_block[i]), self.iv)
         plaintext += plaintext_i
         self.iv = c_block[i]
     return plaintext
Exemplo n.º 2
0
 def encrypt(
     self,
     m,
 ):
     m = PKCS7(m, 16)
     m_block = []
     cipher = AES.new(self.key, AES.MODE_ECB)
     for i in range(len(m) // 16):
         m_block.append(m[16 * i:16 * (i + 1)])
     encode = b""
     for i in range(len(m_block) - 1):
         encode_i = cipher.encrypt(xor(self.iv, m_block[i]))
         encode += encode_i
         self.iv = encode_i
     return encode
Exemplo n.º 3
0
def encrypt_oracle(s):
    s = PKCS7(s + suffix_r, 16)
    cipher = AES.new(key, AES.MODE_ECB)
    return cipher.encrypt(s)
Exemplo n.º 4
0
def encrypt(string):
    assert b"=" not in string or b";" not in string
    string = prepend + string + append
    string = PKCS7(string, 16)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    return cipher.encrypt(string)
Exemplo n.º 5
0
def encrypt_profile(profile):
    profile = PKCS7(profile, 16)
    cipher = AES.new(key, AES.MODE_ECB)
    return cipher.encrypt(profile)
Exemplo n.º 6
0
    cipher = AES.new(key, AES.MODE_ECB)
    return cipher.encrypt(profile)


def check_role(en_profile):
    cipher = AES.new(key, AES.MODE_ECB)
    text = cipher.decrypt(en_profile)
    text = unPad(text)
    role = parse_routine(text)[1][2][1]
    if role == b"admin":
        print("Log in as admin!")
    else:
        print("Log in as user!")


if __name__ == '__main__':
    key = urandom(16)
    email = b"0" * 13
    profile = profile_for(email)
    e_profile = encrypt_profile(profile)
    print("[*] Log in with user : %s" % email)

    print("[*] Attack to get admin role.......")
    fake_email = b"0" * 10 + PKCS7(b"admin", 16)
    fake_profile = profile_for(fake_email)
    e_profile_f = encrypt_profile(fake_profile)
    e_admin = e_profile[:32] + e_profile_f[16:32]

    print("[*] Server check role .......")
    check_role(e_admin)
Exemplo n.º 7
0
def encrypt_oracle(s):
    s = random_prefix + s + targets_bytes
    s = PKCS7(s, 16)
    cipher = AES.new(key, AES.MODE_ECB)
    return cipher.encrypt(s)
Exemplo n.º 8
0

def discover_padding_length(r, c_block, padding_validation):
    padding = 0
    for i in range(15, -1, -1):
        r0 = r[:i] + bytes([r[i] ^ 1]) + r[i + 1:]
        if padding_validation(r0 + c_block):
            return padding
        padding += 1


if __name__ == '__main__':
    key = urandom(16)
    iv = urandom(16)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    c = cipher.encrypt(PKCS7(b"0" * 31, 16))
    ''' break D(ci) from c and padding oracle '''
    ci = c[:16]
    Dci = b""
    R0 = urandom(15)
    ''' choose random R to R+C is valid padding '''
    for bytess in range(256):
        R = R0 + bytes([bytess])
        if padding_validation(R + ci):
            break
    padding_length = discover_padding_length(R, ci, padding_validation)
    print("Padding length for the first R : %d" % padding_length)
    ''' find Dci'''
    for i in range(padding_length):
        Dci += bytes([R[-i - 1] ^ padding_length])
    for i in range(padding_length + 1, 17, 1):