Created
April 17, 2018 04:56
-
-
Save CameronLonsdale/ecb4622585be35fad58742937ea833ba to your computer and use it in GitHub Desktop.
Exploit the block cipher more to recover the secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from Crypto.Cipher import AES | |
from binascii import hexlify | |
from base64 import b64decode | |
KEY = b64decode("WUVMTE9XIFNVQk1BUklORQ==") | |
cipher = AES.new(KEY, AES.MODE_ECB) | |
def pad(plaintext, block_size=AES.block_size): | |
"""PKCS#7 Padding""" | |
num_pad = block_size - (len(plaintext) % block_size) | |
return plaintext + bytearray([num_pad for x in range(num_pad)]) | |
def enterprise_grade_encryption(username): | |
"""You can see the key and postfix here, but don't cheat ;)""" | |
global cipher | |
secret = "ZWNiX3N1Y2tz" | |
return hexlify(cipher.encrypt(bytes(pad(username + ':' + b64decode(secret))))) | |
username = "A" * 14 | |
known_string = ":" | |
# Encrypt username to get the first letter of the secret | |
# For every byte value 0 to 255 | |
# Add this value to the end of your username and encrypt | |
# Check if this value matches the ciphertext that has the byte of the secret | |
# Repeat above steps again now knowing one more byte of the secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment