Created
April 17, 2020 13:17
-
-
Save Yidaotus/8ab5f2c8f30880c3906ec409495ff591 to your computer and use it in GitHub Desktop.
Break ecb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import math | |
| flag = [] | |
| bytestocrunch = 32 # Get it with a block_size long pattern. bytes to crunch will be the (responce - (block_size*2))/2. *2 because we get a hexstring | |
| block_size = 16 # Get it by appending n bytes until the output increases. Ater it increased count the bytes until it increases again | |
| apattern = [0x61] * math.ceil(bytestocrunch/block_size) * block_size # Any byte will be sufficient | |
| for y in range(1, bytestocrunch+1): | |
| pattern = ''.join([hex(b)[2:].zfill(2) for b in apattern[:-y]]) # Convert 0:-y to a hex string | |
| flag_enc = requests.get('http://aes.cryptohack.org/ecb_oracle/encrypt/{}/'.format(pattern)).json()['ciphertext'] | |
| reference = flag_enc[0:len(apattern*2)] | |
| # Test every possible byte (2^8 bits) | |
| for x in range(0, 256): | |
| testbyte = hex(x)[2:].zfill(2) # Convert byte to hexstring | |
| testpattern = pattern + ''.join([hex(b)[2:].zfill(2) for b in flag]) + testbyte | |
| testenc = requests.get('http://aes.cryptohack.org/ecb_oracle/encrypt/{}/'.format(testpattern)).json()['ciphertext'] | |
| if(testenc[0:len(apattern*2)] == reference): | |
| flag.append(int(testbyte, 16)) | |
| break | |
| print(''.join([chr(n) for n in flag])) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment