def encode(userStr, cipherObj): front = "comment1=cooking%20MCs;userdata=" back = ";comment2=%20like%20a%20pound%20of%20bacon" regex = re.compile('(=)') userStr = regex.sub('"="', userStr) regex = re.compile('(;)') userStr = regex.sub('";"', userStr) message = set2.pkcs7Pad(array.array('B', front + userStr + back), 16) return cipherObj.encrypt(message)
import set2 import array plainText = array.array('B', 'YELLOW SUBMARINE') paddedText = set2.pkcs7Pad(plainText, 20) print repr(''.join(format(x, '01c') for x in paddedText))
def encode(userStr, cipherObj): front = "comment1=cooking%20MCs;userdata=" back = ";comment2=%20like%20a%20pound%20of%20bacon" regex = re.compile('(=)') userStr = regex.sub('"="', userStr) regex = re.compile('(;)') userStr = regex.sub('";"', userStr) message = set2.pkcs7Pad(array.array('B', front + userStr + back), 16) return cipherObj.encrypt(message) def decode(cipherText, cipherObj): plainText = cipherObj.decrypt(cipherText) print plainText if(string.find(plainText, ';admin=true;') >= 0): print True else: print False rndfile = Random.new() key = rndfile.read(16) iv = array.array('B', rndfile.read(16)) cipherObj = AES.new(key, AES.MODE_CBC, iv) cipherText = encode("YELLOW SUBMARINEYELLOW SUBMARINE", cipherObj) cipherText = array.array('B', cipherText) cipherText[32:48] = array.array('B', set1.bufferXOR(set1.bufferXOR(array.array('B', 'YELLOW SUBMARINE'), set2.pkcs7Pad(array.array('B', ';admin=true;'), 16)), cipherText[32:48]) ) cipherObj = AES.new(key, AES.MODE_CBC, iv) decode(cipherText, cipherObj)
blockSize = i break plainText = plainText[(len(plainText) % blockSize):] cipherText = cipherObj.encrypt(plainText) count = set1.twoByteMatch(cipherText) print count if count > 100: print 'ECB mode' base = '' baseSize = -1 blockNum = -1 for i in range(1, 48): base += 'A' plainText = set2.pkcs7Pad(randPrefix + array.array('B', base) + unknownStr, blockSize) cipherText = cipherObj.encrypt(plainText) for j in range(0, len(cipherText) / 16): if (cipherText[j * 16:(j + 1) * 16] == cipherText[(j + 1) * 16:(j + 2) * 16]): baseSize = i blockNum = j + 1 break if (baseSize != -1): break miniBase = '' for i in range(0, 16): miniBase += 'A' for i in range(0, 10):
sys.path.append('../set1') import set1 import set2 import string rndfile = Random.new() key = rndfile.read(16) frontPadLen = random.choice(range(5, 11)) endPadLen = random.choice(range(5, 11)) frontPad = array.array('B', rndfile.read(frontPadLen)) endPad = array.array('B', rndfile.read(endPadLen)) fileBytes = array.array('B',open(sys.argv[1] , "rb").read()) padded = set2.pkcs7Pad(frontPad + fileBytes + endPad, 16) iv = array.array('B', rndfile.read(16)) if(ord(rndfile.read(1)) % 2): cipherObj = AES.new(key, AES.MODE_CBC, iv) else: cipherObj = AES.new(key, AES.MODE_ECB) cipherText = cipherObj.encrypt(padded) count = set1.twoByteMatch(cipherText) print count if count > 100: print 'ECB' else: print 'CBC'
sys.path.append('../set1') import set1 import set2 import string rndfile = Random.new() key = rndfile.read(16) frontPadLen = random.choice(range(5, 11)) endPadLen = random.choice(range(5, 11)) frontPad = array.array('B', rndfile.read(frontPadLen)) endPad = array.array('B', rndfile.read(endPadLen)) fileBytes = array.array('B', open(sys.argv[1], "rb").read()) padded = set2.pkcs7Pad(frontPad + fileBytes + endPad, 16) iv = array.array('B', rndfile.read(16)) if (ord(rndfile.read(1)) % 2): cipherObj = AES.new(key, AES.MODE_CBC, iv) else: cipherObj = AES.new(key, AES.MODE_ECB) cipherText = cipherObj.encrypt(padded) count = set1.twoByteMatch(cipherText) print count if count > 100: print 'ECB' else: print 'CBC'
blockSize = i break; plainText = plainText[(len(plainText) % blockSize):] cipherText = cipherObj.encrypt(plainText) count = set1.twoByteMatch(cipherText) print count if count > 100: print 'ECB mode' base = '' baseSize = -1 blockNum = -1 for i in range(1,48): base += 'A' plainText = set2.pkcs7Pad(randPrefix + array.array('B', base) + unknownStr, blockSize) cipherText = cipherObj.encrypt(plainText) for j in range(0, len(cipherText) / 16): if(cipherText[j * 16 : (j+1) * 16] == cipherText[(j+1) * 16 : (j+2) * 16]): baseSize = i blockNum = j + 1 break if(baseSize != -1): break miniBase = '' for i in range(0,16): miniBase += 'A' for i in range(0,10):
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==', 'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl', 'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==', 'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==', 'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=', 'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=', 'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93' ] rndfile = Random.new() key = rndfile.read(16) iv = array.array('B', rndfile.read(16)) plainText = array.array( 'B', binascii.a2b_base64(plainTexts[ord(rndfile.read(1)) % 10])) cipherObj = AES.new(key, AES.MODE_CBC, iv) cipherText = cipherObj.encrypt(set2.pkcs7Pad(plainText, 16)) prevCipher = iv outputText = '' for blockNum in range(0, len(cipherText) / 16): curCipher = array.array('B', cipherText[blockNum * 16:(blockNum + 1) * 16]) cPrime = array.array('B', [ord(rndfile.read(1)) for x in range(0, 16)]) imd = [0 for _ in range(0, 16)] for i in reversed(range(0, 16)): for j in range(0, 256): cPrime[i] = j if decryptOracle(curCipher, key, cPrime): curImd = j ^ (16 - i) # print chr(curImd ^ iv[i]) imd[i] = curImd # prepare cPrime with values that will create correct padding up to the point of interest
import set1 import set2 def decryptOracle(cipherText, key, iv): cipherObj = AES.new(key,AES.MODE_CBC, iv) plainText = cipherObj.decrypt(cipherText) return set2.pkcs7Validation(plainText)[0] plainTexts = ['MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=','MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=','MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==','MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==','MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl','MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==','MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==','MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=','MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=','MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'] rndfile = Random.new() key = rndfile.read(16) iv = array.array('B', rndfile.read(16)) plainText = array.array('B', binascii.a2b_base64(plainTexts[ord(rndfile.read(1)) % 10])) cipherObj = AES.new(key,AES.MODE_CBC, iv) cipherText = cipherObj.encrypt(set2.pkcs7Pad(plainText,16)) prevCipher = iv outputText = '' for blockNum in range(0, len(cipherText) / 16): curCipher = array.array('B', cipherText[blockNum * 16:(blockNum+1) * 16]) cPrime = array.array('B', [ord(rndfile.read(1)) for x in range(0,16)]) imd = [0 for _ in range(0,16)] for i in reversed(range(0,16)): for j in range(0,256): cPrime[i] = j if decryptOracle(curCipher, key, cPrime): curImd = j ^ (16 - i) # print chr(curImd ^ iv[i]) imd[i] = curImd # prepare cPrime with values that will create correct padding up to the point of interest
def profile_for(email): global uid email = email.translate(None, '&=') uid += 1 return ({ 'email': email, 'uid': uid, 'role': 'user' }, 'email=' + email + '&uid=' + str(uid) + '&role=user') # print parse("foo=bar&baz=qux&zap=zazzle") # print profile_for('*****@*****.**') profile1 = profile_for('*****@*****.**')[1] maliciousEmail = '*****@*****.**' + ''.join( format(x, '01c') for x in set2.pkcs7Pad(array.array('B', 'admin\0'), 16)) profile2 = profile_for(maliciousEmail)[1] rndfile = Random.new() key = rndfile.read(16) cipherObj = AES.new(key, AES.MODE_ECB) forgeFront = cipherObj.encrypt(set2.pkcs7Pad(array.array('B', profile1), 16)) forgeBack = cipherObj.encrypt(set2.pkcs7Pad(array.array('B', profile2), 16)) forgedCredentials = forgeFront[:32] + forgeBack[16:32] maliciousDecrypt = cipherObj.decrypt(forgedCredentials) print repr(maliciousDecrypt) print parse(maliciousDecrypt)