blindFS · July 24, 2014 05:22
diff --git a/w4.py b/w4.py
 import urllib2
 import copy

 TARGET = 'http://crypto-class.appspot.com/po?er='
 cipher_text = 'f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4'.decode('hex')
 IV = cipher_text[:16]
 c_blocks = [IV, cipher_text[16:32], cipher_text[32:48], cipher_text[48:64]]
 m_blocks = [[0]*16, [0]*16, [0]*16]


 class PaddingOracle(object):
    def query(self, q):
        target = TARGET + urllib2.quote(q)    # Create query URL
        req = urllib2.Request(target)         # Send HTTP request to server
        try:
            urllib2.urlopen(req)              # Wait for response
            return True
        except urllib2.HTTPError, e:
            print "We got: %d" % e.code       # Print response code
            if e.code == 404:
                return True                   # good padding
            return False                      # bad padding


 def decrypt_block(index):
    c = ''.join(c_blocks[:index+2])
    m = m_blocks[index]
    for bi in xrange(16):
        decrypt_byte(c, m, bi)


 def decrypt_byte(c, m, b_index):
    po = PaddingOracle()
    cc = copy.copy(c)
    tail = ""
    for j in xrange(b_index):
        old_char = ord(c[-17-j]) ^ (b_index+1) ^ m[-1-j]
        tail = chr(old_char)+tail

    for i in xrange(256):
        # i = 127-i
        i = i+9
        query = cc[:-17-b_index]
        char = ord(c[-17-b_index]) ^ (b_index+1) ^ i
        query += chr(char)
        query += tail
        query += cc[-16:]
        q = "".join("{:02x}".format(ord(c)) for c in query)
        if po.query(q):
            print "index "+str(b_index)+" OK!"
            print "char:"+str(i)
            m[-1-b_index] = i
            return


 def dec():
    for i in xrange(3):
        decrypt_block(i)
        print ''.join(map(chr, m_blocks[i]))
	import urllib2
	import copy

	TARGET = 'http://crypto-class.appspot.com/po?er='
	cipher_text = 'f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4'.decode('hex')
	IV = cipher_text[:16]
	c_blocks = [IV, cipher_text[16:32], cipher_text[32:48], cipher_text[48:64]]
	m_blocks = [[0]16, [0]16, [0]*16]


	class PaddingOracle(object):
	def query(self, q):
	target = TARGET + urllib2.quote(q) # Create query URL
	req = urllib2.Request(target) # Send HTTP request to server
	try:
	urllib2.urlopen(req) # Wait for response
	return True
	except urllib2.HTTPError, e:
	print "We got: %d" % e.code # Print response code
	if e.code == 404:
	return True # good padding
	return False # bad padding


	def decrypt_block(index):
	c = ''.join(c_blocks[:index+2])
	m = m_blocks[index]
	for bi in xrange(16):
	decrypt_byte(c, m, bi)


	def decrypt_byte(c, m, b_index):
	po = PaddingOracle()
	cc = copy.copy(c)
	tail = ""
	for j in xrange(b_index):
	old_char = ord(c[-17-j]) ^ (b_index+1) ^ m[-1-j]
	tail = chr(old_char)+tail

	for i in xrange(256):
	# i = 127-i
	i = i+9
	query = cc[:-17-b_index]
	char = ord(c[-17-b_index]) ^ (b_index+1) ^ i
	query += chr(char)
	query += tail
	query += cc[-16:]
	q = "".join("{:02x}".format(ord(c)) for c in query)
	if po.query(q):
	print "index "+str(b_index)+" OK!"
	print "char:"+str(i)
	m[-1-b_index] = i
	return


	def dec():
	for i in xrange(3):
	decrypt_block(i)
	print ''.join(map(chr, m_blocks[i]))