Пример #1
0
    """Attack block using side-channel leak in padding oracle."""
    c2 = ciphertext[16:32]
    plaintext = b""
    dc_string = b""
    h = 15
    for i in range(1, 17):
        for j in range(256):
            c1 = b"A" * h + bytes([j])
            if dc_string:
                for c in dc_string[::-1]:
                    c1 += bytes([c ^ i])
            if padding_validation(c1 + c2):
                dc = j ^ i
                dc_string += bytes([dc])
                plaintext += bytes([dc ^ ciphertext[h]])
                break
        h -= 1
    return plaintext[::-1]


IV = generate_bytes(16)
KEY = generate_bytes(16)

ciphertext = IV + padding_oracle()
plaintext = b""

for i in range(0, len(ciphertext) - 16, 16):
    plaintext += attack_block(ciphertext[i:i + 32])

print(plaintext)
Пример #2
0
def extract_secret(oracle, offset, keysize):
    """Extract secret text from encryption oracle with a known offst and keysize."""
    plaintext = b""
    # iterate over the blocksize
    for i in range(0, len(oracle(b"A" * offset + b"")[16:]), keysize):
        h = keysize - 1
        for j in range(keysize):
            block = oracle(b"A" * offset + b"A" * h)[16:][i:i + keysize]
            byte_dict = {}
            for k in range(127):
                byte_dict[k] = oracle(b"A" * offset + b"A" * h + plaintext +
                                      bytes([k]))[16:][i:i + keysize]
            for key, value in byte_dict.items():
                if block == value:
                    plaintext += bytes([key])
            h -= 1
    return plaintext


def extract_prefix_secret():
    """Iterate over offsets from 0-16 returning secret when output != b''."""
    for i in range(16):
        if extract_secret(encryption_oracle, i, 16) != b"":
            return extract_secret(encryption_oracle, i, 16)


KEY = generate_bytes(16)
RANDOM_PREFIX = generate_bytes(16)

# print(extract_prefix_secret())