def main():
global random_key
global to_prepend
random_key = challenge11.random_string(AES.block_size)
to_prepend = challenge11.random_string(randint(1, 32))
guessed_block_size = guess_block_size(encrypt_oracle)
guessed_offset = guess_offset(encrypt_oracle)
guessed_ecb = challenge11.guess_ecb(encrypt_oracle(b'?' * guessed_offset[1] + b'YELLOW SUBMARINEYELLOW SUBMARINE'))
# print('Block size: ', guessed_block_size)
# print('ECB: ', guessed_ecb)
# print('Offset: ', guessed_offset)
prevs = bytearray()
block_n = 0
for i in range(24):
prevs += decrypt_block(encrypt_oracle, guessed_block_size, prevs, guessed_offset)
block_n += 1
#print(prevs)
correct = bytearray(b'Three Rings for the Elven-kings under the sky,\r\nSeven for the Dwarf-lords in their halls'
b' of stone,\r\nNine for Mortal Men doomed to die,\r\nOne for the Dark Lord on his dark throne'
b'\r\nIn the Land of Mordor where the Shadows lie.\r\nOne Ring to rule them all, One Ring to'
b' find them,\r\nOne Ring to bring them all, and in the darkness bind them,\r\nIn the Land of '
b'Mordor where the Shadows lie.\x01\x00\x00\x00\x00')
if prevs != correct:
print('Error at: ', guessed_offset)
def main():
mac = secret_prefix_mac(plaintext, random_string(16))
print(mac)
mac2 = secret_prefix_mac(
b'Alight, winds approach deadly approaching winds alight.',
random_string(16))
print(mac2)
def profile_for(username):
username = username.replace('&', '')
username = username.replace('=', '')
str = 'email=' + username + '&uid=10&role=user'
random_key = random_string(16)
aes = AES.new(random_key)
return aes.encrypt(pkcs7padding(bytes(str, encoding='utf-8'))), random_key
def aes_ctr_enc_lines(filename):
ciphertexts = []
key = random_string(16)
# Original challenge set this to 0. But that's boring.
nonce = random.randint(4294967296, 9223372036854775807)
with open(filename, 'rb') as file:
for line in file.readlines():
ciphertexts.append(
aes_ctr_crypt(binascii.a2b_base64(line), key, nonce))
return ciphertexts
def cbc_padding_oracle(c1, c2):
assert (len(c1) == len(c2) == AES.block_size)
p2 = bytearray([0] * AES.block_size)
chosen_c1 = bytearray(random_string(AES.block_size))
# note that padding is the amount of padding this iteration is attempting to achieve. -padding is the byte being set
for padding in range(1, AES.block_size + 1):
for c in range(256):
chosen_c1[-padding] = c
if check_cbc_padding_random(c2, chosen_c1):
break
p2[-padding] = chosen_c1[-padding] ^ padding ^ c1[-padding]
for i in range(1, padding + 1):
chosen_c1[-i] = chosen_c1[-i] ^ padding ^ (padding + 1)
return p2
#!/usr/bin/env python3
import binascii
from Crypto.Cipher import AES
import challenge11
import challenge9
random_key = challenge11.random_string(AES.block_size)
def encrypt_oracle(plaintext):
to_append = binascii.a2b_base64('Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg'\
'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq'\
'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg'\
'YnkK')
global random_key
aes = AES.new(random_key)
ciphertext = aes.encrypt(challenge9.pkcs7padding(plaintext + to_append))
return ciphertext
def guess_block_size(oracle):
last_block_size = 0
this_block_size = 0
length = 1
while last_block_size == 0 or this_block_size == last_block_size:
last_block_size = this_block_size
this_block_size = len(oracle(b'A' * length))
length += 1
return this_block_size - last_block_size
#!/usr/bin/env python
import sys
import challenge11
import string
import challenge9
key = challenge11.random_string()
def oracle_function(data):
to_append = \
'''Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg
aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq
dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg
YnkK'''
return challenge11.encrypt_AES_ECB(data + to_append.decode('base64'), key)
if __name__ == '__main__':
# Step 1
block_size = 0
while True:
result = oracle_function('A' * block_size)
if challenge11.is_ECB(result): break
block_size += 1
block_size /= 2
print 'Step #1: Block size length = {}'.format(block_size)
# Step 2
if challenge11.is_ECB(oracle_function('A' * block_size * 4)):
def encrypt_cbc_random():
plaintext = binascii.a2b_base64(random.choice(possible_b64_plaintexts))
iv = random_string(AES.block_size)
return aes_cbc_encrypt(plaintext, random_key, iv), iv
from challenge15 import strip_pkcs7padding
possible_b64_plaintexts = [
'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=',
'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93]'
]
random_key = random_string(AES.key_size[0])
def encrypt_cbc_random():
plaintext = binascii.a2b_base64(random.choice(possible_b64_plaintexts))
iv = random_string(AES.block_size)
return aes_cbc_encrypt(plaintext, random_key, iv), iv
def check_cbc_padding_random(ciphertext, iv):
ciphertext = bytes(ciphertext)
iv = bytes(iv)
try:
plaintext = aes_cbc_decrypt(ciphertext, random_key, iv)
return True
except ValueError:
#!/usr/bin/env python3
from challenge2 import fixed_xor
from util import *
from challenge18 import aes_ctr_crypt
from challenge11 import random_string
import random
from urllib.parse import quote, unquote
random_key = random_string(16)
random_nonce = random.getrandbits(16)
def build_profile(userdata):
plaintext = ('comment1=cooking%20MCs;userdata=' + quote(userdata) +
';comment2=%20like%20a%20pound%20of%20bacon')
plaintext = bytearray(plaintext, encoding='utf-8')
ciphertext = aes_ctr_crypt(plaintext, random_key, random_nonce)
return ciphertext
def authenticate(ciphertext):
plaintext = aes_ctr_crypt(ciphertext, random_key, random_nonce)
info_dict = {}
for pair in plaintext.split(b';'):
k, v = pair.split(b'=')
info_dict[bytes(unquote(k.decode(errors='ignore')), encoding='utf-8')] = \
bytes(unquote(v.decode(errors='ignore')), encoding='utf-8')
if b'admin' in info_dict and info_dict[b'admin'] == b'true':
print('Logged in as admin. ')
return True, plaintext