示例#1
0
 def testAESDecryptCBC(self):
     key = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
     clear_expected = bytes.fromhex('00112233445566778899aabbccddeeff')
     cipher = b'|\x99\xf4+n\xe5\x030\x9cl\x1ag\xe9z\xc2B'
     IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'
     clear = aes.aesDecrypt(cipher, key, 128, mode='cbc', bstr_IV=IV)
     self.assertEqual(clear, clear_expected)
示例#2
0
 def _cbcPaddingOracle(bstr_cipher):
     plain = aes.aesDecrypt(bstr_cipher, key, 128, mode='cbc', bstr_IV=IV)
     try:
         hasValidPKCS7(plain, 16)
     except InvalidPKCS7Error:
         raise
     else:
         return None
def _checkAdminPerm(bstr_cipher, bstr_key, bstr_IV):
    bstr_clear = aes.aesDecrypt(bstr_cipher,
                                bstr_key,
                                128,
                                mode='cbc',
                                bstr_IV=bstr_IV)
    print(bstr_clear[48:])
    # clear = bstr_clear.decode()
    clear = repr(bstr_clear)
    result = re.search(';admin=true;', clear)
    if result:
        return True
    else:
        return False
示例#4
0
def decryptCBCCheckASCII(bstr_cipher: bytes, bstr_key: bytes,
                         bstr_IV: bytes) -> bytes:
    """
    set 4 / ch. 27
    :param bstr_cipher:
    :param bstr_key:
    :param bstr_IV:
    :return:
    """
    res = aes.aesDecrypt(bstr_cipher,
                         bstr_key,
                         128,
                         mode='cbc',
                         bstr_IV=bstr_IV)
    res = misc.unpadPKCS7(res, 16)
    msg = _checkASCII(res)
    if msg:
        return msg
    return 'Decrypted Cipher...'
示例#5
0
if __name__ == '__main__':

    bstr_key = b'1234567812345678'
    bstr_IV = bstr_key
    secret_fn = setupCBCSecretMakerCheckASCII(bstr_key, bstr_IV)
    decryption_fn = decryption(bstr_key, bstr_IV)
    cipher = bytearray(secret_fn(b'x' * 48))
    print(decryption_fn(cipher))

    # first is decrypted normally -> IV is subtracted
    first_block = cipher[:16]
    # null block causes the last block (which is same as the first block)
    # not to be decrypted fully. Nothing is added after ECB
    # decryption so it leaves the "intermediate state" with the IV still in it
    null_block = b'\x00' * 16
    # flip bits here to trigger print clear text
    flip_block = bytearray(b'\x00' * 16)
    flip_block[13] ^= 1
    crafted_cipher = first_block + null_block + first_block + flip_block + cipher[16:]

    # -> xoring the last clear block (intermediate state of b. 1) with the clear
    # text of block 1 gives the IV

    msg = decryption_fn(crafted_cipher)
    clear = re.search(r"(b'.*')", msg).groups()[0]

    recovered_iv = cbc.recoverIV(eval(clear), 16)
    print(recovered_iv)
    print(aes.aesDecrypt(cipher, recovered_iv, 128, mode='cbc', bstr_IV=recovered_iv))
import numpy as np
from crypto_algos import aes

np.set_printoptions(formatter={'int': hex})
#cipher = aesEncrypt(bytes("ABCDEFGHIJKLMNOP", "ascii"), b'YELLOW SUBMARINE', 128)

#aesMixColumns(b'\x2b\x28\xab\x09\x7e\xae\xf7\xcf\x15\xd2\x15\x4f\x16\xa6\x88\x3c')
# 328831e0435a3137f6309807a88da234
# 2b28ab097eaef7cf15d2154f16a6883c
#cipher = aesEncrypt(b'\x32\x88\x31\xe0\x43\x5a\x31\x37\xf6\x30\x98\x07\xa8\x8d\xa2\x34', b'\x2b\x28\xab\x09\x7e\xae\xf7\xcf\x15\xd2\x15\x4f\x16\xa6\x88\x3c', 128)

#k = bytes.fromhex('2b7e151628aed2a6abf7158809cf4f3c')
#d = bytes.fromhex('3243f6a8885a308d313198a2e0370734')
#cipher = aesEncrypt(d, k, 128)

k = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
d = bytes.fromhex('00112233445566778899aabbccddeeff')
IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'
cipher = aes.aesEncrypt(d, k, 128)
print(cipher)
cipher = aes.aesEncrypt(d, k, 128, mode='cbc', bstr_IV=IV)
print(cipher)

k = b'YELLOW SUBMARINE'
f = open("7.txt", "rb")
cipher = f.read()
f.close()

clear = aes.aesDecrypt(cipher, k, 128)
print(clear)
示例#7
0
 def testAESDecryptECB(self):
     key = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
     clear_expected = bytes.fromhex('00112233445566778899aabbccddeeff')
     cipher = bytes.fromhex('69c4e0d86a7b0430d8cdb78070b4c55a')
     clear = aes.aesDecrypt(cipher, key, 128)
     self.assertEqual(clear, clear_expected)
示例#8
0
from crypto_algos import aes

k = b'YELLOW SUBMARINE'
f = open("10.txt", "rb")
cipher = f.read()
f.close()
IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
clear = aes.aesDecrypt(cipher, k, 128, mode='cbc', bstr_IV=IV)
print(clear)
示例#9
0
def _decryptProfile(encrypted_profile, bstr_key):
	return aes.aesDecrypt(encrypted_profile, bstr_key, 128, mode='ecb')
 def dec(cipher):
     return aes.aesDecrypt(cipher, key, 128, mode='cbc', bstr_IV=iv)
# cipher = aes.aesEncrypt(b'xxxxvvvvbbbbggggAAAAAAAAAAAAAAAA', bstr_key, 128, mode='cbc', bstr_IV=b'1234567887654321')

print(hex(cipher[padding_len + 32 + 5]))
print(hex(cipher[padding_len + 32 + 11]))

# for b in range(256):
# 	tmp = bytearray(cipher)
# 	#tmp[padding_len + 32 + 5] = b
# 	tmp[32 + 11] = b
# 	cipher = bytes(tmp)
# 	if _checkAdminPerm(cipher, bstr_key, bstr_IV):
# 		print('yes. byte: {0}'.format(b))
# 		break

b1 = 0xd8
b2 = 0xa8
tmp = bytearray(cipher)
tmp[32 + 5] = b1
tmp[32 + 11] = b2
cipher = bytes(tmp)

if _checkAdminPerm(cipher, bstr_key, bstr_IV):
    print('yes')
else:
    print('no')

clear = aes.aesDecrypt(cipher, bstr_key, 128, mode='cbc', bstr_IV=bstr_IV)

print(clear)