commit 4817ae8c1c653a71670777ad47d5fddb13f41c75
parent d770e4e07826a278ef15573a6bcade4936bf39e8
Author: mpizzzle <michael.770211@gmail.com>
Date: Mon, 30 Oct 2017 20:19:21 +0000
Set 3 Challenge 17 complete kind of, fucks up randomly
Diffstat:
1 file changed, 43 insertions(+), 40 deletions(-)
diff --git a/set3/cbc_padding_oracle.py b/set3/cbc_padding_oracle.py
@@ -8,6 +8,14 @@ iv = Random.new().read(AES.block_size)
with open('files/17.txt') as f:
split_file = f.read().splitlines()
+def encryption_oracle():
+ plaintext = split_file[random.randint(0, 9)]
+ pad_len = AES.block_size - (len(plaintext) % AES.block_size)
+ return AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext + ''.join([chr(pad_len) for i in range(pad_len)]))
+
+def decrypt_and_validate_padding(ciphertext):
+ return pkcs7_padding_validator(AES.new(key, AES.MODE_CBC, iv).decrypt(ciphertext))
+
def pkcs7_padding_validator(msg):
if ord(msg[len(msg) - 1]) > AES.block_size or ord(msg[len(msg) - 1]) == 0:
return False
@@ -16,51 +24,46 @@ def pkcs7_padding_validator(msg):
return False
return True
-qwer = random.randint(0, 9)
-def encryption_oracle():
- plaintext = split_file[3]
- pad_len = AES.block_size - (len(plaintext) % AES.block_size)
- return AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext + ''.join([chr(pad_len) for i in range(pad_len)]))
+def pkcs7_padding_stripper(msg):
+ if ord(msg[len(msg) - 1]) > AES.block_size or ord(msg[len(msg) - 1]) == 0:
+ raise Exception("invalid pkcs7 padding")
+ for c in msg[:len(msg) - ord(msg[len(msg) - 1]) - 1 : -1]:
+ if c != msg[len(msg) - 1]:
+ raise Exception("invalid pkcs7 padding")
+ return msg[:len(msg) - ord(msg[len(msg) - 1])]
-def decrypt_and_validate_padding(ciphertext):
- return pkcs7_padding_validator(AES.new(key, AES.MODE_CBC, iv).decrypt(ciphertext))
+ciphertext = iv + encryption_oracle()
+plaintext = ""
-ct1 = iv + encryption_oracle()
-blocks = [ct1[i:i + AES.block_size] for i in range(0, len(ct1), AES.block_size)]
-pt = ""
-#for block in blocks[::-1][:len(blocks) - 1]:
-#for x in reversed(range(len(blocks) - 2)):
-for x in range(len(blocks) - 1):
- blocks = [ct1[i:i + AES.block_size] for i in range(0, len(ct1), AES.block_size)]
- blocks_copy = blocks
- block = list(blocks_copy[len(blocks_copy) - (x + 2)])
- blep = []
+for b_idx in reversed(range((len(ciphertext) / AES.block_size) - 1)):
+ blocks = [ciphertext[i : i + AES.block_size] for i in range(0, len(ciphertext), AES.block_size)]
+ block = list(blocks[b_idx])
+ padding = []
for i in range(AES.block_size):
- ignore = block[AES.block_size - (i + 1)]
- br = False
+ byte = block[AES.block_size - i - 1]
+ found = False
for j in range(0xff):
- if chr(j) != ignore:
- block[AES.block_size - (i + 1)] = chr(j)
- blocks_copy[len(blocks) - (x + 2)] = ''.join(block)
-
- if decrypt_and_validate_padding(''.join(blocks_copy[:len(blocks_copy) - x])):
- pt += chr(j ^ ord(ignore) ^ (i + 1))
- print list(chr(j ^ ord(ignore) ^ (i + 1)))
- blep.append(j)
- for k in range(i + 1):
- block[AES.block_size - (k + 1)] = chr(blep[k] ^ (k + 1) ^ (i + 2))
- br = True
- break
-
- if not br:
- blep.append(ord(ignore))
+ if chr(j) != byte:
+ block[AES.block_size - i - 1] = chr(j)
+ blocks[b_idx] = ''.join(block)
+
+ if decrypt_and_validate_padding(''.join(blocks[:b_idx + 2])):
+ plaintext += chr(j ^ ord(byte) ^ (i + 1))
+ padding.append(j)
+
+ for k in range(i + 1):
+ block[AES.block_size - k - 1] = chr(padding[k] ^ (k + 1) ^ (i + 2))
+
+ found = True
+ break
+
+ if not found:
+ plaintext += chr(i + 1)
+ padding.append(ord(byte))
+
for k in range(i + 1):
- block[AES.block_size - (k + 1)] = chr(blep[k] ^ (k + 1) ^ (i + 2))
- print list("br" + chr(i + 1))
- pt += chr(i + 1)
+ block[AES.block_size - k - 1] = chr(padding[k] ^ (k + 1) ^ (i + 2))
-print pt[::-1]
-print split_file[3]
-#print pt[::-1].decode("base64")
+print pkcs7_padding_stripper(plaintext[::-1]).decode("base64")
