def encode(userStr, cipherObj):
front = "comment1=cooking%20MCs;userdata="
back = ";comment2=%20like%20a%20pound%20of%20bacon"
regex = re.compile('(=)')
userStr = regex.sub('"="', userStr)
regex = re.compile('(;)')
userStr = regex.sub('";"', userStr)
message = set2.pkcs7Pad(array.array('B', front + userStr + back), 16)
return cipherObj.encrypt(message)
import set2
import array
plainText = array.array('B', 'YELLOW SUBMARINE')
paddedText = set2.pkcs7Pad(plainText, 20)
print repr(''.join(format(x, '01c') for x in paddedText))
def encode(userStr, cipherObj):
front = "comment1=cooking%20MCs;userdata="
back = ";comment2=%20like%20a%20pound%20of%20bacon"
regex = re.compile('(=)')
userStr = regex.sub('"="', userStr)
regex = re.compile('(;)')
userStr = regex.sub('";"', userStr)
message = set2.pkcs7Pad(array.array('B', front + userStr + back), 16)
return cipherObj.encrypt(message)
def decode(cipherText, cipherObj):
plainText = cipherObj.decrypt(cipherText)
print plainText
if(string.find(plainText, ';admin=true;') >= 0):
print True
else:
print False
rndfile = Random.new()
key = rndfile.read(16)
iv = array.array('B', rndfile.read(16))
cipherObj = AES.new(key, AES.MODE_CBC, iv)
cipherText = encode("YELLOW SUBMARINEYELLOW SUBMARINE", cipherObj)
cipherText = array.array('B', cipherText)
cipherText[32:48] = array.array('B', set1.bufferXOR(set1.bufferXOR(array.array('B', 'YELLOW SUBMARINE'), set2.pkcs7Pad(array.array('B', ';admin=true;'), 16)), cipherText[32:48]) )
cipherObj = AES.new(key, AES.MODE_CBC, iv)
decode(cipherText, cipherObj)
blockSize = i
break
plainText = plainText[(len(plainText) % blockSize):]
cipherText = cipherObj.encrypt(plainText)
count = set1.twoByteMatch(cipherText)
print count
if count > 100:
print 'ECB mode'
base = ''
baseSize = -1
blockNum = -1
for i in range(1, 48):
base += 'A'
plainText = set2.pkcs7Pad(randPrefix + array.array('B', base) + unknownStr,
blockSize)
cipherText = cipherObj.encrypt(plainText)
for j in range(0, len(cipherText) / 16):
if (cipherText[j * 16:(j + 1) * 16] == cipherText[(j + 1) *
16:(j + 2) * 16]):
baseSize = i
blockNum = j + 1
break
if (baseSize != -1):
break
miniBase = ''
for i in range(0, 16):
miniBase += 'A'
for i in range(0, 10):
sys.path.append('../set1')
import set1
import set2
import string
rndfile = Random.new()
key = rndfile.read(16)
frontPadLen = random.choice(range(5, 11))
endPadLen = random.choice(range(5, 11))
frontPad = array.array('B', rndfile.read(frontPadLen))
endPad = array.array('B', rndfile.read(endPadLen))
fileBytes = array.array('B',open(sys.argv[1] , "rb").read())
padded = set2.pkcs7Pad(frontPad + fileBytes + endPad, 16)
iv = array.array('B', rndfile.read(16))
if(ord(rndfile.read(1)) % 2):
cipherObj = AES.new(key, AES.MODE_CBC, iv)
else:
cipherObj = AES.new(key, AES.MODE_ECB)
cipherText = cipherObj.encrypt(padded)
count = set1.twoByteMatch(cipherText)
print count
if count > 100:
print 'ECB'
else:
print 'CBC'
sys.path.append('../set1')
import set1
import set2
import string
rndfile = Random.new()
key = rndfile.read(16)
frontPadLen = random.choice(range(5, 11))
endPadLen = random.choice(range(5, 11))
frontPad = array.array('B', rndfile.read(frontPadLen))
endPad = array.array('B', rndfile.read(endPadLen))
fileBytes = array.array('B', open(sys.argv[1], "rb").read())
padded = set2.pkcs7Pad(frontPad + fileBytes + endPad, 16)
iv = array.array('B', rndfile.read(16))
if (ord(rndfile.read(1)) % 2):
cipherObj = AES.new(key, AES.MODE_CBC, iv)
else:
cipherObj = AES.new(key, AES.MODE_ECB)
cipherText = cipherObj.encrypt(padded)
count = set1.twoByteMatch(cipherText)
print count
if count > 100:
print 'ECB'
else:
print 'CBC'
blockSize = i
break;
plainText = plainText[(len(plainText) % blockSize):]
cipherText = cipherObj.encrypt(plainText)
count = set1.twoByteMatch(cipherText)
print count
if count > 100:
print 'ECB mode'
base = ''
baseSize = -1
blockNum = -1
for i in range(1,48):
base += 'A'
plainText = set2.pkcs7Pad(randPrefix + array.array('B', base) + unknownStr, blockSize)
cipherText = cipherObj.encrypt(plainText)
for j in range(0, len(cipherText) / 16):
if(cipherText[j * 16 : (j+1) * 16] == cipherText[(j+1) * 16 : (j+2) * 16]):
baseSize = i
blockNum = j + 1
break
if(baseSize != -1):
break
miniBase = ''
for i in range(0,16):
miniBase += 'A'
for i in range(0,10):
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'
]
rndfile = Random.new()
key = rndfile.read(16)
iv = array.array('B', rndfile.read(16))
plainText = array.array(
'B', binascii.a2b_base64(plainTexts[ord(rndfile.read(1)) % 10]))
cipherObj = AES.new(key, AES.MODE_CBC, iv)
cipherText = cipherObj.encrypt(set2.pkcs7Pad(plainText, 16))
prevCipher = iv
outputText = ''
for blockNum in range(0, len(cipherText) / 16):
curCipher = array.array('B', cipherText[blockNum * 16:(blockNum + 1) * 16])
cPrime = array.array('B', [ord(rndfile.read(1)) for x in range(0, 16)])
imd = [0 for _ in range(0, 16)]
for i in reversed(range(0, 16)):
for j in range(0, 256):
cPrime[i] = j
if decryptOracle(curCipher, key, cPrime):
curImd = j ^ (16 - i)
# print chr(curImd ^ iv[i])
imd[i] = curImd
# prepare cPrime with values that will create correct padding up to the point of interest
import set1
import set2
def decryptOracle(cipherText, key, iv):
cipherObj = AES.new(key,AES.MODE_CBC, iv)
plainText = cipherObj.decrypt(cipherText)
return set2.pkcs7Validation(plainText)[0]
plainTexts = ['MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=','MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=','MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==','MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==','MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl','MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==','MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==','MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=','MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=','MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93']
rndfile = Random.new()
key = rndfile.read(16)
iv = array.array('B', rndfile.read(16))
plainText = array.array('B', binascii.a2b_base64(plainTexts[ord(rndfile.read(1)) % 10]))
cipherObj = AES.new(key,AES.MODE_CBC, iv)
cipherText = cipherObj.encrypt(set2.pkcs7Pad(plainText,16))
prevCipher = iv
outputText = ''
for blockNum in range(0, len(cipherText) / 16):
curCipher = array.array('B', cipherText[blockNum * 16:(blockNum+1) * 16])
cPrime = array.array('B', [ord(rndfile.read(1)) for x in range(0,16)])
imd = [0 for _ in range(0,16)]
for i in reversed(range(0,16)):
for j in range(0,256):
cPrime[i] = j
if decryptOracle(curCipher, key, cPrime):
curImd = j ^ (16 - i)
# print chr(curImd ^ iv[i])
imd[i] = curImd
# prepare cPrime with values that will create correct padding up to the point of interest
def profile_for(email):
global uid
email = email.translate(None, '&=')
uid += 1
return ({
'email': email,
'uid': uid,
'role': 'user'
}, 'email=' + email + '&uid=' + str(uid) + '&role=user')
# print parse("foo=bar&baz=qux&zap=zazzle")
# print profile_for('*****@*****.**')
profile1 = profile_for('*****@*****.**')[1]
maliciousEmail = '*****@*****.**' + ''.join(
format(x, '01c') for x in set2.pkcs7Pad(array.array('B', 'admin\0'), 16))
profile2 = profile_for(maliciousEmail)[1]
rndfile = Random.new()
key = rndfile.read(16)
cipherObj = AES.new(key, AES.MODE_ECB)
forgeFront = cipherObj.encrypt(set2.pkcs7Pad(array.array('B', profile1), 16))
forgeBack = cipherObj.encrypt(set2.pkcs7Pad(array.array('B', profile2), 16))
forgedCredentials = forgeFront[:32] + forgeBack[16:32]
maliciousDecrypt = cipherObj.decrypt(forgedCredentials)
print repr(maliciousDecrypt)
print parse(maliciousDecrypt)