def test_fixed_nonce_ctr(self): from base64 import b64decode texts = list(map(b64decode, open("res/19.txt", "r").read().split("\n"))) key = cryplib.random_bytes(16) ciphertexts = [ cryplib.aes_ctr(text, key, bytes([0]) * 8) for text in texts ] maximum_len = max(list(map(len, ciphertexts))) # for debug plain = bytes([0]) * maximum_len encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8) keystream = cryplib.xor(plain, encrypted_plain) # end for debug # p1 + k = c1 # c1 + c2 = p1 + p2 decrypted_keystream = b"" # decrypted_keystream = cryplib.xor(ciphertexts[0], b"I ")[:2] # decrypted_keystream = cryplib.xor(ciphertexts[27], b"He ")[2:3] # decrypted_keystream = cryplib.xor(ciphertexts[20], b"What ")[:len(b"What ")] # decrypted_keystream = cryplib.xor(ciphertexts[1], b"Coming ")[:len(b"Coming ")] # decrypted_keystream = cryplib.xor(ciphertexts[21], b"When you")[:len(b"When you")] # decrypted_keystream = cryplib.xor(ciphertexts[28], b"So sensitive")[:len(b"So sensitive")] # decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have")[:len(b"He might have")] # decrypted_keystream = cryplib.xor(ciphertexts[13], b"But lived where")[:len(b"But lived where")] # decrypted_keystream = cryplib.xor(ciphertexts[0], b"I have met them ")[:len(b"I have met them ")] # decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with")[:len(b"I have passed with")] # decrypted_keystream = cryplib.xor(ciphertexts[12], b"Being certain that ")[:len(b"Being certain that ")] # decrypted_keystream = cryplib.xor(ciphertexts[34], b"Yet I number him in ")[:len(b"Yet I number him in ")] # decrypted_keystream = cryplib.xor(ciphertexts[15], b"A terrible beauty is ")[:len(b"A terrible beauty is ")] # decrypted_keystream = cryplib.xor(ciphertexts[11], b"Around the fire at the")[:len(b"Around the fire at the")] # decrypted_keystream = cryplib.xor(ciphertexts[16], b"That woman's days were ")[:len(b"That woman's days were ")] # decrypted_keystream = cryplib.xor(ciphertexts[12], b"Being certain that they ")[:len(b"Being certain that they ")] # decrypted_keystream = cryplib.xor(ciphertexts[8], b"And thought before I had ")[:len(b"And thought before I had ")] # decrypted_keystream = cryplib.xor(ciphertexts[35], b"He, too, has resigned his ")[:len(b"He, too, has resigned his ")] # decrypted_keystream = cryplib.xor(ciphertexts[8], b"And thought before I had done")[:len(b"And thought before I had done")] # decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have won fame in the ")[:len(b"He might have won fame in the ")] # decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with a nod of the")[:len(b"I have passed with a nod of the")] # decrypted_keystream = cryplib.xor(ciphertexts[25], b"This other his helper and friend")[:len(b"This other his helper and friend")] # decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have won fame in the end")[:len(b"He might have won fame in the end")] # decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with a nod of the head")[:len(b"I have passed with a nod of the head")] decrypted_keystream = cryplib.xor( ciphertexts[37], b"He, too, has been changed in his turn," )[:len(b"He, too, has been changed in his turn,")] assert decrypted_keystream == keystream
def test_random_access_ctr(self): plain = open("res/7_result.txt", "rb").read() oracle = cryplib.CtrOracle() ciphertext = oracle.encrypt(plain) keystream = oracle.edit(ciphertext, 0, bytes([0]) * len(ciphertext)) decrypted_plain = cryplib.xor(ciphertext, keystream) print(decrypted_plain)
def test_repeatxor(self): answ = cryplib.xor( b"Burning 'em, if you ain't quick and nimble\nI go crazy when I hear a cymbal", b"ICE") assert ( bytes.hex(answ) == "0b3637272a2b2e63622c2e69692a23693a2a3c6324202d623d63343c2a2622632427276527" "2a282b2f20430a652e2c652a3124333a653e2b2027630c692b20283165286326302e27282f" )
def test_fixed_nonce_ctr_(self): from base64 import b64decode texts = list(map(b64decode, open("res/19.txt", "r").read().split("\n"))) key = cryplib.random_bytes(16) ciphertext = [ cryplib.aes_ctr(text, key, bytes([0]) * 8) for text in texts ] maximum_len = max(list(map(len, ciphertext))) plain = bytes([0]) * maximum_len encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8) keystream = cryplib.xor(plain, encrypted_plain) flag = True for i in range(len(ciphertext)): hacked = cryplib.xor(ciphertext[i], keystream) if hacked != texts[i]: flag = False assert flag is True
def test_recover_key_attack(self): oracle = cryplib.RecoverKeyOracle() block_size = cryplib.AES.block_size ciphertext = oracle.encrypt(b's' * block_size + b'c' * block_size + b'r' * block_size) status, fail_plain = oracle.decrypt(ciphertext[:block_size] + bytes([0]) * block_size + ciphertext[:block_size]) if not status: key = cryplib.xor(fail_plain[:block_size], fail_plain[-block_size:]) assert key == oracle.key
def test_fixed_nonce_ctr_stat(self): from base64 import b64decode, b64encode texts = list(map(b64decode, open("res/19.txt", "r").read().split("\n"))) key = cryplib.random_bytes(16) ciphertexts = { texts.index(text): cryplib.aes_ctr(text, key, bytes([0]) * 8) for text in texts } # for debug maximum_len = max(list(map(len, ciphertexts.values()))) plain = bytes([0]) * maximum_len encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8) keystream = cryplib.xor(plain, encrypted_plain) # end for debug answer = {i: b'' for i in range(len(ciphertexts.values()))} not_empty_ciphertexts = { k: v for k, v in ciphertexts.items() if len(v) != 0 } my_keystream = bytes() prev_min_len = 0 for _ in range(len(ciphertexts.values())): not_empty_ciphertexts = { k: v for k, v in not_empty_ciphertexts.items() if len(v) != 0 } try: min_len = min(map(len, not_empty_ciphertexts.values())) except ValueError: break concated = bytes() used_indexes = list() for k, v in not_empty_ciphertexts.items(): concated += v[:min_len] used_indexes.append(k) concated_decrypted = cryplib.attack_repeatingxor( b64encode(concated)) list_decrypted = [ concated_decrypted['plain'][i:i + min_len] for i in range(0, len(concated_decrypted['plain']), min_len) ] j = 0 for i in used_indexes: answer[i] += list_decrypted[j] j += 1 not_empty_ciphertexts = { k: (v if len(v) > min_len else '') for k, v in not_empty_ciphertexts.items() } my_keystream += concated_decrypted['key'][prev_min_len:] prev_min_len = min_len assert keystream[:20] == my_keystream[:20]