def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv);
#print(oldPlain)
newPlain = oldPlain[0:offset] + new + oldPlain[offset+len(new):];
#print(newPlain)
newCipher = aes_ctr(newPlain, key, iv);
#print(newCipher)
return newCipher;
def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv)
#print(oldPlain)
newPlain = oldPlain[0:offset] + new + oldPlain[offset + len(new):]
#print(newPlain)
newCipher = aes_ctr(newPlain, key, iv)
#print(newCipher)
return newCipher
def decryptAndCheckAdmin(cip):
rawPlain = aes_ctr(cip, global_aes_key, global_iv);
strPlain = str(rawPlain).rstrip("b'");
print(strPlain)
if ";admin=true;" in strPlain:
return True;
return False;
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
]
rawPlains = [base64toRaw(c) for c in b64Plains]
aesKey = generateAESKey()
rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains]
# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers])
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers]
# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
keystream = b''
# for the 0th, 1st, 2nd byte...
for i in range(shortestCipherLength):
# combine those cipher bytes into one long keystream
# Written against python 3.3.1
# Matasano Problem 25
# Break "random access read/write AES CTR
from prob7 import doProb7
from prob11 import generateAESKey
from prob18 import aes_ctr, raw_xor
# Back to CTR. Encrypt the recovered plaintext from
# (the ECB exercise)
# under CTR with a random key (for this exercise the
# key should be unknown to you, but hold on to it).
plaintext = doProb7();
key = generateAESKey();
iv = b'\x00' * 16;
cipher = aes_ctr(plaintext, key, iv);
# Now, write the code that allows you to "seek" into the ciphertext,
# decrypt, and re-encrypt with different plaintext. Expose this as a
# function, like, "edit(ciphertext, key, offet, newtext)".
def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv);
#print(oldPlain)
newPlain = oldPlain[0:offset] + new + oldPlain[offset+len(new):];
#print(newPlain)
newCipher = aes_ctr(newPlain, key, iv);
#print(newCipher)
return newCipher;
# Imagine the "edit" function was exposed to attackers by means of an
b"SGUgaGFkIGRvbmUgbW9zdCBiaXR0ZXIgd3Jvbmc=",
b"VG8gc29tZSB3aG8gYXJlIG5lYXIgbXkgaGVhcnQs",
b"WWV0IEkgbnVtYmVyIGhpbSBpbiB0aGUgc29uZzs=",
b"SGUsIHRvbywgaGFzIHJlc2lnbmVkIGhpcyBwYXJ0",
b"SW4gdGhlIGNhc3VhbCBjb21lZHk7",
b"SGUsIHRvbywgaGFzIGJlZW4gY2hhbmdlZCBpbiBoaXMgdHVybiw=",
b"VHJhbnNmb3JtZWQgdXR0ZXJseTo=",
b"QSB0ZXJyaWJsZSBiZWF1dHkgaXMgYm9ybi4=",
]
rawPlain = [base64toRaw(b) for b in b64plain]
longestPlaintextLength = max([len(p) for p in rawPlain])
aeskey = generateAESKey()
rawCiphers = [aes_ctr(p, aeskey, b"\x00" * 16) for p in rawPlain]
def printSolution(guess, ciphers):
print("------------------------------")
print("Guess: ", guess)
for i in range(len(ciphers)):
print("Plain ", i, ": ", raw_xor(ciphers[i], guess))
def solve19():
# initial guess: Assume every plaintext char is a space. Guess the key that creates the most spaces
guess = b""
for i in range(longestPlaintextLength):
myDict = {}
for j in range(256):
def encryptString(s):
s = s.replace(b';', b'\';\'').replace(b'=', b'\'=\'');
rawInput = prefix + s + suffix;
rawOutput = aes_ctr(rawInput, global_aes_key, global_iv);
return rawOutput;
def encryptString(s):
s = s.replace(b';', b'\';\'').replace(b'=', b'\'=\'')
rawInput = prefix + s + suffix
rawOutput = aes_ctr(rawInput, global_aes_key, global_iv)
return rawOutput
#!/usr/bin/env python
# Written against python 3.3.1
# Matasano Problem 25
# Break "random access read/write AES CTR
from prob7 import doProb7
from prob11 import generateAESKey
from prob18 import aes_ctr, raw_xor
# Back to CTR. Encrypt the recovered plaintext from
# (the ECB exercise)
# under CTR with a random key (for this exercise the
# key should be unknown to you, but hold on to it).
plaintext = doProb7()
key = generateAESKey()
iv = b'\x00' * 16
cipher = aes_ctr(plaintext, key, iv)
# Now, write the code that allows you to "seek" into the ciphertext,
# decrypt, and re-encrypt with different plaintext. Expose this as a
# function, like, "edit(ciphertext, key, offet, newtext)".
def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv)
#print(oldPlain)
newPlain = oldPlain[0:offset] + new + oldPlain[offset + len(new):]
#print(newPlain)
newCipher = aes_ctr(newPlain, key, iv)
#print(newCipher)
return newCipher
def editCipher(cipher, key, offset, new):
oldPlain = aes_ctr(cipher, key, iv);
newPlain = oldPlain[0:offset] + new + oldPlain[offset+len(new):];
newCipher = aes_ctr(newPlain, key, iv);
return newCipher;
b'RmlzaCwgd2hpY2ggaXMgbXkgZmF2b3JpdGUgZGlzaCAvIEJ1dCB3aXRob3V0IG5vIG1vbmV5IGl0J3Mgc3RpbGwgYSB3aXNo', \
b'J0N1eiBJIGRvbid0IGxpa2UgdG8gZHJlYW0gYWJvdXQgZ2V0dGluJyBwYWlkIC8gU28gSSBkaWcgaW50byB0aGUgYm9va3Mgb2YgdGhlIHJoeW1lcyB0aGF0IEkgbWFkZQ==', \
b'U28gbm93IHRvIHRlc3QgdG8gc2VlIGlmIEkgZ290IHB1bGwgLyBIaXQgdGhlIHN0dWRpbywgJ2N1eiBJJ20gcGFpZCBpbiBmdWxs', \
b'UmFraW0sIGNoZWNrIHRoaXMgb3V0LCB5byAvIFlvdSBnbyB0byB5b3VyIGdpcmwgaG91c2UgYW5kIEknbGwgZ28gdG8gbWluZQ==', \
b'J0NhdXNlIG15IGdpcmwgaXMgZGVmaW5pdGVseSBtYWQgLyAnQ2F1c2UgaXQgdG9vayB1cyB0b28gbG9uZyB0byBkbyB0aGlzIGFsYnVt', \
b'WW8sIEkgaGVhciB3aGF0IHlvdSdyZSBzYXlpbmcgLyBTbyBsZXQncyBqdXN0IHB1bXAgdGhlIG11c2ljIHVw', \
b'QW5kIGNvdW50IG91ciBtb25leSAvIFlvLCB3ZWxsIGNoZWNrIHRoaXMgb3V0LCB5byBFbGk=', \
b'VHVybiBkb3duIHRoZSBiYXNzIGRvd24gLyBBbmQgbGV0IHRoZSBiZWF0IGp1c3Qga2VlcCBvbiByb2NraW4n', \
b'QW5kIHdlIG91dHRhIGhlcmUgLyBZbywgd2hhdCBoYXBwZW5lZCB0byBwZWFjZT8gLyBQZWFjZQ==', \
];
rawPlains = [base64toRaw(c) for c in b64Plains];
aesKey = generateAESKey();
rawCiphers = [aes_ctr(p, aesKey, b'\x00' * 16) for p in rawPlains];
# To exploit this: take your collection of ciphertexts and truncate
# them to a common length (the length of the smallest ciphertext will
# work).
shortestCipherLength = min([len(c) for c in rawCiphers]);
truncatedCiphers = [c[0:shortestCipherLength] for c in rawCiphers];
# Solve the resulting concatenation of ciphertexts as if for repeating-
# key XOR, with a key size of the length of the ciphertext you XOR'd.'''
def solve20():
keystream = b'';
# for the 0th, 1st, 2nd byte...
for i in range(shortestCipherLength):
# combine those cipher bytes into one long keystream
cipher = b''.join([tc[i].to_bytes(1, byteorder='big') for tc in truncatedCiphers]);
