def get_stuff():
#block_size,char_size = find_difference()
block_size, char_size = 32, 10
text = '0' * (3 * block_size - char_size + 15)
url = "http://demo.sjoerdlangkemper.nl/bitflip.php?data=b86c1c94acc93136799e536a244f7ed03c85ca1c53ea10c6299b1684dadef6f61256e0f3674ef8a14bdad427210cb6b1fea35ff9a741363f4264a2f1f092659cf3507f9acbd3069b9581ba8aa340b3978bc4b7725398e89c150ab440e509c0b4"
cipher_text = sr_request(text, url)
print("cipher_text: ", len(cipher_text))
offset = 2 * (block_size + 13)
cipher_list = [
cipher_text[i * (2 * block_size):(i + 1) * (2 * block_size)]
for i in range(0, len(cipher_text), 64)
]
print(len(cipher_list))
xo1 = useful_functions.xor(bytearray("0"), bytearray("1"))
cipher_text[offset] = bytes(
useful_functions.xor(bytearray(chr(cipher_text[offset])), xo1))
return cipher_text
def aes_128_cbc_dec(cipher_text, key, iv):
plain_text = bytearray(len(cipher_text))
prev_one = iv
for i in range(0, len(plain_text), AES.block_size):
#print('hi')
cur_sec = cipher_text[i:i + AES.block_size]
dec_sec = aes_128_ecb_dec(bytes(cur_sec), key)
xor_sec = useful_functions.xor(dec_sec, prev_one)
plain_text[i:i + AES.block_size] = xor_sec
prev_one = cipher_text[i:i + AES.block_size]
return useful_functions.unpad_pkcs7(plain_text)
def aes_128_cbc_enc(buffer, key, iv):
plain_text = useful_functions.pad_pkcs7(buffer, AES.block_size)
cipher_text = bytearray(len(plain_text))
prev_one = iv
for i in range(0, len(plain_text), AES.block_size):
cur_sec = plain_text[i:i + AES.block_size]
xor_sec = useful_functions.xor(bytes(cur_sec), prev_one)
enc_sec = aes_128_ecb_enc(xor_sec, key)
cipher_text[i:i + AES.block_size] = enc_sec
prev_one = cipher_text[i:i + AES.block_size]
return cipher_text
def crack():
first_block = bytearray('A' * AES.block_size)
second_block = bytearray("AadminAtrueA")
plaintext = first_block + second_block
ciphertext = encryption_oracle(plaintext)
# We 'know' the prefix is two blocks long
offset = 32
# Change the first byte in first_block 'A' so we change the first byte in
# second_block to be ';'
ciphertext[offset] = bytes(
useful_functions.xor(
bytearray(chr(ciphertext[offset])),
useful_functions.xor(bytearray("A"), bytearray(";"))
)
)
# Change the 7th byte in first_block 'A' so we change the first byte in
# second_block to be '='
ciphertext[offset + 6] = bytes(
useful_functions.xor(
bytearray(chr(ciphertext[offset + 6])),
useful_functions.xor(bytearray("A"), bytearray("="))
)
)
# Change the 12th byte in first_block 'A' so we change the first byte in
# second_block to be ';'
ciphertext[offset + 11] = bytes(
useful_functions.xor(
bytearray(chr(ciphertext[offset + 11])),
useful_functions.xor(bytearray("A"), bytearray(";"))
)
)
return is_admin(ciphertext)
def aes_128_cbc_enc(buffer, key, iv):
plain_text = useful_functions.pad_pkcs7(buffer, AES.block_size)
cipher_text = bytearray(len(plain_text))
prev_one = iv
#print('plaintext',type(plain_text))
#print('buffer',type(buffer))
#print('iv',type(iv))
#print('key',type(key))
for i in range(0, len(plain_text), AES.block_size):
#print(i)
cur_sec = plain_text[i:i + AES.block_size]
xor_sec = useful_functions.xor(cur_sec, prev_one)
#print('about to encrypt')
enc_sec = aes_128_ecb_enc(xor_sec, key)
cipher_text[i:i + AES.block_size] = enc_sec
prev_one = cipher_text[i:i + AES.block_size]
#print("finished")
return cipher_text