def profile_for(username):
username = username.replace('&', '')
username = username.replace('=', '')
str = 'email=' + username + '&uid=10&role=user'
random_key = random_string(16)
aes = AES.new(random_key)
return aes.encrypt(pkcs7padding(bytes(str, encoding='utf-8'))), random_key
def build_profile(userdata):
plaintext = ('comment1=cooking%20MCs;userdata=' + quote(userdata) +
';comment2=%20like%20a%20pound%20of%20bacon')
plaintext = bytearray(plaintext, encoding='utf-8')
plaintext = pkcs7padding(plaintext)
ciphertext = aes_cbc_encrypt(plaintext, random_key, random_iv)
return ciphertext
def encrypt_oracle(plaintext):
to_append = binascii.a2b_base64('Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg'\
'aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq'\
'dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg'\
'YnkK')
global random_key
aes = AES.new(random_key)
ciphertext = aes.encrypt(challenge9.pkcs7padding(plaintext + to_append))
return ciphertext
def main():
ciphertext, random_key = profile_for('ab')
print('Ciphertext: ', len(ciphertext))
print('Random Key: ', binascii.b2a_hex(random_key))
# insert attack here
ciphertext = bytearray(ciphertext)
aes = AES.new(random_key)
ciphertext[16:32] = aes.encrypt(pkcs7padding(b'role=admin'))
print('Plaintext: ', decrypt_profile(ciphertext, random_key))
def encrypt_random(plaintext):
bytes_to_add = random.randint(5, 10)
plaintext = challenge9.pkcs7padding(
random_string(bytes_to_add) + plaintext + random_string(bytes_to_add))
ecb = random.randint(0, 1)
if ecb:
aes = AES.new(random_string(16))
ciphertext = aes.encrypt(plaintext)
else:
ciphertext = challenge10.aes_cbc_encrypt(plaintext, random_string(16),
random_string(16))
return ciphertext, (ecb == 1)
def encrypt_oracle(plaintext):
to_append = binascii.a2b_base64('VGhyZWUgUmluZ3MgZm9yIHRoZSBFbHZlbi1raW5ncyB1bmRlciB0aGUgc2t5LA0KU2V2ZW4gZm9y' +
'IHRoZSBEd2FyZi1sb3JkcyBpbiB0aGVpciBoYWxscyBvZiBzdG9uZSwNCk5pbmUgZm9yIE1vcnRh' +
'bCBNZW4gZG9vbWVkIHRvIGRpZSwNCk9uZSBmb3IgdGhlIERhcmsgTG9yZCBvbiBoaXMgZGFyayB0' +
'aHJvbmUNCkluIHRoZSBMYW5kIG9mIE1vcmRvciB3aGVyZSB0aGUgU2hhZG93cyBsaWUuDQpPbmUg' +
'UmluZyB0byBydWxlIHRoZW0gYWxsLCBPbmUgUmluZyB0byBmaW5kIHRoZW0sDQpPbmUgUmluZyB0' +
'byBicmluZyB0aGVtIGFsbCwgYW5kIGluIHRoZSBkYXJrbmVzcyBiaW5kIHRoZW0sDQpJbiB0aGUg' +
'TGFuZCBvZiBNb3Jkb3Igd2hlcmUgdGhlIFNoYWRvd3MgbGllLg==')
global random_key
aes = AES.new(random_key)
ciphertext = aes.encrypt(challenge9.pkcs7padding(to_prepend + plaintext + to_append))
return ciphertext