commit 814fdcda46c0c9f20c1da3a6951b1e4a9794fba9 parent aa547d9e5852613ca58577c698e8e8d964ba17ed Author: mpizzzle <michael.770211@gmail.com> Date: Sat, 16 Feb 2019 23:03:05 +0000 challenge 26 complete Diffstat:
| A | set4/ctr_bitflipping_attacks.py | | | 23 | +++++++++++++++++++++++ |
1 file changed, 23 insertions(+), 0 deletions(-)
diff --git a/set4/ctr_bitflipping_attacks.py b/set4/ctr_bitflipping_attacks.py @@ -0,0 +1,23 @@ +import re +from Crypto.Cipher import AES +from Crypto import Random +from Crypto.Util import Counter + +key = Random.new().read(AES.block_size) + +def encrypt(plaintext): + return AES.new(key, AES.MODE_CTR, counter=Counter.new(128)).encrypt(plaintext) + +def decrypt_and_parse(cipher): + return ";admin=true;" in encrypt(cipher) + +def encryption_oracle(m): + return encrypt("comment1=cooking%20MCs;userdata=" + re.sub("[;|=]", '', m) + ";comment2=%20like%20a%20pound%20of%20bacon") + +plaintext = "hello-admin-true" +ciphertext = list(encryption_oracle(plaintext)) + +ciphertext[(2 * AES.block_size) + 5] = chr(ord('-') ^ ord(';') ^ ord(ciphertext[(2 * AES.block_size) + 5])) +ciphertext[(2 * AES.block_size) + 11] = chr(ord('-') ^ ord('=') ^ ord(ciphertext[(2 * AES.block_size) + 11])) + +print decrypt_and_parse(''.join(ciphertext))