rcombs · May 7, 2013 05:03 · rcombs · May 7, 2013
diff --git a/AesPaddingOracle.py b/AesPaddingOracle.py
 '''
 Created on Jul 4, 2010

 @author: Eloi Sanfelix < eloi AT limited-entropy.com >
 '''

 from Crypto.Cipher import AES
 from PaddingOracle.DecryptionOracle import DecryptionOracle
 from PaddingOracle.CBCREncryptionOracle import CBCREncryptionOracle
 import random
 import struct
 import socket

 def hex_string(data):
 	x = struct.unpack("B"*len(data),data)
 	return "".join([ hex(i)+" " for i in x])
 #Random key globally initialized 
 #key = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])

 key = "cacacacacacacaca"

 sock = socket.socket()
 sock.connect(("vuln.picoctf.com", 4567))
 sock.recv(1024)

 def oracle(ctext):
 	
 #	sock.send("165047d37a95eb20028a88af4aa3527b7191209e799d4fdd24e631de95638a0a".decode("hex") + "\n")
 	sock.send(ctext + "\n")
 	buf = sock.recv(1024)
 	
 	print buf

 	return buf.find("incorrect padding") == -1

 if __name__ == '__main__':
 	
 	#Random 4 block plaintext
 #	 data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(64) ])
 #	 data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])
 	data="HERE_IS_COMMAND:flag\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
 	
 	#print "Plaintext: "+hex_string(data)
 		
 	cipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
 	#ctext = cipher.encrypt(data)
 	ctext ="\xb6\x4e\x2c\x54\x08\x4d\x23\xbb\xd6\x40\xe0\x6e\xd5\x7f\x08\x08"
 	print "Ciphertext: "+hex_string(ctext)
 	
 	decryptOracle = DecryptionOracle(oracle,16)
 	encryptOracle = CBCREncryptionOracle(decryptOracle,16)
 	
 	ctext2 = encryptOracle.encrypt_message(data)
 	print "Ciphertext using CBC-R (includes IV): "+hex_string(ctext2)
 	#print "Encryption oracle says: " + hex_string(ctext2)
 	cipher2 = AES.new(key,AES.MODE_CBC,ctext2[0:16])
 	ptext = cipher2.decrypt(ctext2[16:])
 	
 	if(ptext == data):
 		print "CORRECT decryption of CBC-R encrypted ctext!"
 	else:
 		print "INCORRECT decryption of CBC-R encrypted ctext"
	'''
	Created on Jul 4, 2010

	@author: Eloi Sanfelix < eloi AT limited-entropy.com >
	'''

	from Crypto.Cipher import AES
	from PaddingOracle.DecryptionOracle import DecryptionOracle
	from PaddingOracle.CBCREncryptionOracle import CBCREncryptionOracle
	import random
	import struct
	import socket

	def hex_string(data):
	x = struct.unpack("B"*len(data),data)
	return "".join([ hex(i)+" " for i in x])
	#Random key globally initialized
	#key = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])

	key = "cacacacacacacaca"

	sock = socket.socket()
	sock.connect(("vuln.picoctf.com", 4567))
	sock.recv(1024)

	def oracle(ctext):

	# sock.send("165047d37a95eb20028a88af4aa3527b7191209e799d4fdd24e631de95638a0a".decode("hex") + "\n")
	sock.send(ctext + "\n")
	buf = sock.recv(1024)

	print buf

	return buf.find("incorrect padding") == -1

	if __name__ == '__main__':

	#Random 4 block plaintext
	# data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(64) ])
	# data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])
	data="HERE_IS_COMMAND:flag\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"

	#print "Plaintext: "+hex_string(data)

	cipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
	#ctext = cipher.encrypt(data)
	ctext ="\xb6\x4e\x2c\x54\x08\x4d\x23\xbb\xd6\x40\xe0\x6e\xd5\x7f\x08\x08"
	print "Ciphertext: "+hex_string(ctext)

	decryptOracle = DecryptionOracle(oracle,16)
	encryptOracle = CBCREncryptionOracle(decryptOracle,16)

	ctext2 = encryptOracle.encrypt_message(data)
	print "Ciphertext using CBC-R (includes IV): "+hex_string(ctext2)
	#print "Encryption oracle says: " + hex_string(ctext2)
	cipher2 = AES.new(key,AES.MODE_CBC,ctext2[0:16])
	ptext = cipher2.decrypt(ctext2[16:])

	if(ptext == data):
	print "CORRECT decryption of CBC-R encrypted ctext!"
	else:
	print "INCORRECT decryption of CBC-R encrypted ctext"