def c17_decryptor_good_padding(block_size, key, iv, cipher_text):
padded_plain_text = aes128_cbc_decode(key, iv, cipher_text)
try:
pkcs7_unpad(padded_plain_text, block_size)
# Good padding :-)
return True
except RuntimeError:
# Bad padding :-(
return False
def test_pkcs7_unpad():
block_size = 16
assert (pkcs7_unpad(b"ICE ICE BABY\x04\x04\x04\x04",
block_size) == b"ICE ICE BABY")
with pytest.raises(RuntimeError):
pkcs7_unpad(b"ICE ICE BABY\x05\x05\x05\x05", block_size)
with pytest.raises(RuntimeError):
pkcs7_unpad(b"ICE ICE BABY\x01\x02\x03\x04", block_size)
with pytest.raises(RuntimeError):
pkcs7_unpad(b"ICE ICE BABY\x01", block_size)
def c12():
unknown_key = get_random_bytes(16)
def oracle(pt):
return c12_encryption_oracle(unknown_key, pt)
# Shim is number of bytes to fill a block
(block_size, shim_size) = c12_discover_block_and_shim_sizes(oracle)
print("S2C12 - found block size {}".format(block_size))
is_ecb = c12_detect_ecb(oracle, block_size)
print("S2C12 - is ECB?: {}".format(is_ecb))
known_bytes = bytearray()
for index in range(0, 10 * block_size):
# block_index = index // block_size
chunk_index = index % block_size
# print("block_index {} chunk_index {}".format(block_index, chunk_index))
needed_pad_len = (block_size - 1) - chunk_index
needed_pad = bytes(needed_pad_len)
trick_block = bytearray(block_size) + known_bytes
trick_block = trick_block[-(block_size - 1):]
block_dictionary = c12_make_block_dictionary(oracle, block_size,
trick_block)
cipher_text = oracle(needed_pad)
cipher_chunks = chunk(cipher_text, block_size)
interesting_chunk = cipher_chunks[index // block_size]
# print("C0: {}".format(interesting_chunk))
try:
plain_text_byte = block_dictionary[interesting_chunk]
except KeyError:
break
known_bytes.append(plain_text_byte)
# print("Got byte: {}".format(plain_text_byte))
# print("Got known bytes: {}".format(known_bytes))
plain_text = pkcs7_unpad(known_bytes, block_size)
print("S2C12 - got msg: {}", plain_text.decode('ascii'))
def c17():
block_size = 16
random_key = get_random_bytes(block_size)
random_iv = get_random_bytes(block_size)
cipher_text = c17_encryptor(block_size, random_key, random_iv)
cipher_blocks = chunk(cipher_text, block_size)
cipher_blocks.insert(0, random_iv)
def c17_decryptor(cipher_text):
return c17_decryptor_good_padding(block_size, random_key, random_iv,
cipher_text)
def break_one_block(i):
return c17_break_block(cipher_blocks[i], cipher_blocks[i + 1],
c17_decryptor)
plain_text = b''.join((map(break_one_block,
range(0,
len(cipher_blocks) - 1))))
plain_text = pkcs7_unpad(plain_text, block_size)
print("S3C17: {}".format(plain_text))
def c16_decryptor(block_size, key, iv, cipher_text) -> bool:
padded_plain_text = aes128_cbc_decode(key, iv, cipher_text)
plain_text = pkcs7_unpad(padded_plain_text, block_size)
return b";admin=true;" in plain_text
def decryptor(cipher_text):
return c13_parse_kv(
pkcs7_unpad(aes128_ecb_decode(secret_key, cipher_text),
block_size))