def profile_for(username): username = username.replace('&', '') username = username.replace('=', '') str = 'email=' + username + '&uid=10&role=user' random_key = random_string(16) aes = AES.new(random_key) return aes.encrypt(pkcs7padding(bytes(str, encoding='utf-8'))), random_key
def build_profile(userdata): plaintext = ('comment1=cooking%20MCs;userdata=' + quote(userdata) + ';comment2=%20like%20a%20pound%20of%20bacon') plaintext = bytearray(plaintext, encoding='utf-8') plaintext = pkcs7padding(plaintext) ciphertext = aes_cbc_encrypt(plaintext, random_key, random_iv) return ciphertext
def encrypt_oracle(plaintext): to_append = binascii.a2b_base64('Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg'\ 'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq'\ 'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg'\ 'YnkK') global random_key aes = AES.new(random_key) ciphertext = aes.encrypt(challenge9.pkcs7padding(plaintext + to_append)) return ciphertext
def main(): ciphertext, random_key = profile_for('ab') print('Ciphertext: ', len(ciphertext)) print('Random Key: ', binascii.b2a_hex(random_key)) # insert attack here ciphertext = bytearray(ciphertext) aes = AES.new(random_key) ciphertext[16:32] = aes.encrypt(pkcs7padding(b'role=admin')) print('Plaintext: ', decrypt_profile(ciphertext, random_key))
def encrypt_random(plaintext): bytes_to_add = random.randint(5, 10) plaintext = challenge9.pkcs7padding( random_string(bytes_to_add) + plaintext + random_string(bytes_to_add)) ecb = random.randint(0, 1) if ecb: aes = AES.new(random_string(16)) ciphertext = aes.encrypt(plaintext) else: ciphertext = challenge10.aes_cbc_encrypt(plaintext, random_string(16), random_string(16)) return ciphertext, (ecb == 1)
def encrypt_oracle(plaintext): to_append = binascii.a2b_base64('VGhyZWUgUmluZ3MgZm9yIHRoZSBFbHZlbi1raW5ncyB1bmRlciB0aGUgc2t5LA0KU2V2ZW4gZm9y' + 'IHRoZSBEd2FyZi1sb3JkcyBpbiB0aGVpciBoYWxscyBvZiBzdG9uZSwNCk5pbmUgZm9yIE1vcnRh' + 'bCBNZW4gZG9vbWVkIHRvIGRpZSwNCk9uZSBmb3IgdGhlIERhcmsgTG9yZCBvbiBoaXMgZGFyayB0' + 'aHJvbmUNCkluIHRoZSBMYW5kIG9mIE1vcmRvciB3aGVyZSB0aGUgU2hhZG93cyBsaWUuDQpPbmUg' + 'UmluZyB0byBydWxlIHRoZW0gYWxsLCBPbmUgUmluZyB0byBmaW5kIHRoZW0sDQpPbmUgUmluZyB0' + 'byBicmluZyB0aGVtIGFsbCwgYW5kIGluIHRoZSBkYXJrbmVzcyBiaW5kIHRoZW0sDQpJbiB0aGUg' + 'TGFuZCBvZiBNb3Jkb3Igd2hlcmUgdGhlIFNoYWRvd3MgbGllLg==') global random_key aes = AES.new(random_key) ciphertext = aes.encrypt(challenge9.pkcs7padding(to_prepend + plaintext + to_append)) return ciphertext