def challenge15() -> bool:
GOOD = b"ICE ICE BABY\x04\x04\x04\x04"
BAD_1 = b"ICE ICE BABY\x05\x05\x05\x05"
BAD_2 = b"ICE ICE BABY\x01\x02\x03\x04"
RESULT = b"ICE ICE BABY"
flag = True
if pkcs7_unpad(GOOD) != RESULT:
flag = False
try:
pkcs7_unpad(BAD_1)
except PKCS7Error:
pass
else:
flag = False
try:
pkcs7_unpad(BAD_2)
except PKCS7Error:
pass
else:
flag = False
return flag
def _oracle(iv: bytes, ct: bytes) -> bool:
cbc = AESCipher(AESCipher.MODE_CBC, _KEY, iv=iv)
try:
pkcs7_unpad(cbc.decrypt(ct))
except PKCS7Error:
return False
return True
def _g_equal_p_minus_one() -> bool:
g = _p - 1
a = DHClient(_p, g)
b = DHClient(a.p, a.g)
a.gen_session_key(b.public_key)
b.gen_session_key(a.public_key)
a_encrypted_msg = a.encrypt_msg(_msg)
b_encrypted_msg = b.encrypt_msg(_msg)
a_decrypted_msg = a.decrypt_msg(*b_encrypted_msg)
b_decrypted_msg = b.decrypt_msg(*a_encrypted_msg)
if a.public_key == g and b.public_key == g:
key = g
else:
key = 1
key = sha1(key.to_bytes(floor(key.bit_length() / 8) + 1, "big"))[:16]
iv = a_encrypted_msg[0]
cbc = AESCipher(AESCipher.MODE_CBC, key, iv=iv)
mitm_decrypted = pkcs7_unpad(cbc.decrypt(a_encrypted_msg[1]))
return mitm_decrypted == a_decrypted_msg == b_decrypted_msg == _msg
def _attack(iv: bytes, ct: bytes) -> bytes:
cipher_blocks = [iv] + get_blocks(ct)
pt = b""
for i in reversed(range(1, len(cipher_blocks))):
ct_block_previous = cipher_blocks[i - 1]
ct_block_current = cipher_blocks[i]
intermediate_block = b""
for j in reversed(range(16)):
ctb_prefix = gen_random_bytes(j)
ctb_suffix = b""
for k in range(len(intermediate_block)):
ctb_suffix += bytes([(16 - j) ^ intermediate_block[k]])
n = 0
for m in range(256):
ctb = ctb_prefix + bytes([m]) + ctb_suffix
if _oracle(ctb, ct_block_current):
n = m
break
intermediate_block = bytes([n ^ (16 - j)]) + intermediate_block
pt = bytes([ct_block_previous[j] ^ int(intermediate_block[0])
]) + pt
return pkcs7_unpad(pt)
def _is_admin(token: bytes) -> bool:
decrypted_token = pkcs7_unpad(_ctr.decrypt(token))
cookie = _parse_cookie(decrypted_token.decode("latin"))
if cookie.get("admin", False) == "true":
return True
else:
return False
def decrypt_msg(self, iv: bytes, msg: bytes) -> bytes:
key = sha1(
self._session_key.to_bytes(
floor(self._session_key.bit_length() / 8) + 1, "big"))[:16]
cbc = AESCipher(AESCipher.MODE_CBC, key, iv=iv)
return pkcs7_unpad(cbc.decrypt(msg))
def challenge13() -> bool:
cookie = _parse_cookie(
pkcs7_unpad(_ecb.decrypt(_attacker())).decode("ascii"))
if cookie["role"] == "admin":
return True
else:
return False
def challenge34() -> bool:
p = int.from_bytes(
bytes.fromhex("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024"
"e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd"
"3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec"
"6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f"
"24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361"
"c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552"
"bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff"
"fffffffffffff"),
"big",
)
g = 2
msg = b"test"
a = DHClient(p, g)
b = DHClient(a.p, a.g)
a.gen_session_key(b.p)
b.gen_session_key(a.p)
a_encrypted_msg = a.encrypt_msg(msg)
b_encrypted_msg = b.encrypt_msg(msg)
a_decrypted_msg = a.decrypt_msg(*b_encrypted_msg)
b_decrypted_msg = b.decrypt_msg(*a_encrypted_msg)
key = 0
key = sha1(key.to_bytes(floor(key.bit_length() / 8) + 1, "big"))[:16]
iv = a_encrypted_msg[0]
cbc = AESCipher(AESCipher.MODE_CBC, key, iv=iv)
mitm_decrypted = pkcs7_unpad(cbc.decrypt(a_encrypted_msg[1]))
return mitm_decrypted == a_decrypted_msg == b_decrypted_msg == msg
def test_pkcs7_padding_del_block(self):
a = gen_random_bytes()
b = Padding.pad(a, 16)
c = pkcs7_unpad(b)
assert c == a, "The result does not match the expected value"
