def crack_block(padding_oracle, iv, block): assert (len(iv) == 16) assert (len(block) == 16) def do_pad(iv, suffix): l = len(suffix) t = 'x' * (16 - l) r = xor_str(xor_str(t + chr(l) * l, t + suffix), iv) return r rev = '' if padding_oracle(iv, block): # Pre-padded block for i in range(16): a = 'x' * i + '\xff' + 'x' * (16 - i - 1) b = 'x' * i + '\x00' + 'x' * (16 - i - 1) test_iv = xor_str(xor_str(a, b), iv) if not padding_oracle(test_iv, block): rev = chr(16 - i) * (16 - i) break for i in range(16 - len(rev)): for j in range(256): guess = (rev + chr(j))[::-1] new_iv = do_pad(iv, guess) # print repr(iv), repr(new_iv), repr(block) if padding_oracle(new_iv, block): rev += chr(j) break return rev[::-1]
def main(): prefix_only = encryption_oracle("") value = encryption_oracle("A" * (16 * 3)) for i in range(0, len(prefix_only), 16): if prefix_only[i:i + 16] != value[i:i + 16]: attack = value[:i] attack += xor_str(value[i:i + 16], xor_str(';admin=true;xxxx', 'A' * 16)) attack += value[i + 16:] break if decryption_oracle(attack): print "[+] Admin access granted" else: print "[-] Attack failed"
def break_ctr(edit): from common import xor_str enc = ciphertext[:] edit(0, '\x00' * len(enc)) keystream = ciphertext[:] dec = xor_str(enc, keystream) edit(0, dec) # Fix the original ciphertext, so that # no malicious work is seen. Keep your # actions hidden :) return dec
def solve(enc): mlen = min(len(a) for a in enc) enc = [a[:mlen] for a in enc] key = '' for i in range(mlen): e = ''.join(a[i] for a in enc) scorer = lambda k: score(xor_str(e, cycle(chr(k)))) scores = [scorer(k) for k in range(256)] key += chr(max(range(256), key=lambda k: scores[k])) return key
def main(): injection_string = ';admin=true;' part1 = encryption_oracle('X' * len(injection_string)) part2 = encryption_oracle('Y' * len(injection_string)) part3 = xor_str('X' * len(injection_string), injection_string) locationing = xor_str(part1, part2) prefix_pos = locationing.index('\x01') suffix_pos = prefix_pos + len(injection_string) prefix = part1[:prefix_pos] mid = part1[prefix_pos:suffix_pos] suffix = part1[suffix_pos:] attack = prefix + xor_str(mid, part3) + suffix if decryption_oracle(attack): print "[+] Admin access granted" else: print "[-] Attack failed"
data = [a.decode('base64') for a in data] key = randstr(16) nonce = randint(0, 2**64 - 1) enc = [AES_CTR(a, key, nonce) for a in data] return enc def solve(enc): mlen = min(len(a) for a in enc) enc = [a[:mlen] for a in enc] key = '' for i in range(mlen): e = ''.join(a[i] for a in enc) scorer = lambda k: score(xor_str(e, cycle(chr(k)))) scores = [scorer(k) for k in range(256)] key += chr(max(range(256), key=lambda k: scores[k])) return key enc = get_enc() key = solve(enc) print "Effective Key:", repr(key) print "Decryptions:", [xor_str(e, key) for e in enc]
def do_pad(iv, suffix): l = len(suffix) t = 'x' * (16 - l) r = xor_str(xor_str(t + chr(l) * l, t + suffix), iv) return r