Created
October 15, 2018 05:21
-
-
Save ducnhse130201/ae6e860f7a611edddd4cb040e16856d5 to your computer and use it in GitHub Desktop.
aes_return(solve).py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
import binascii | |
def xor(a, b): | |
""" Returns a new byte array with the elements xor'ed. """ | |
return bytes(i^j for i, j in zip(a, b)) | |
def bytes2matrix(text): | |
""" Converts a 16-byte array into a 4x4 matrix. """ | |
return [list(text[i:i+4]) for i in range(0, len(text), 4)] | |
def matrix2bytes(matrix): | |
""" Converts a 4x4 matrix into a 16-byte array. """ | |
return bytes(sum(matrix, [])) | |
# get flag enc first | |
flag_enc = binascii.unhexlify('c6c87908b972e20af88175ea46785459c2ffef77d700db0912eb9169042cabf0e8fa72b85bd4e74f04c4bc05436ba7dec6065a19fba052142e5ad2c94308e178') | |
IV = flag_enc[:16] | |
flag_enc = flag_enc[16:] | |
# get flag enc with sbox = 0 to leak key | |
flag_sbox_0 = binascii.unhexlify('d80db7681e92c4838fbae619f7343e367af01e5f63a0b26966b8915498027a677af01e5f63a0b26966b8915498027a677af01e5f63a0b26966b8915498027a67') | |
flag_sbox_0 = flag_sbox_0[16:32] | |
leak_key = flag_sbox_0[:16] | |
leak_key = bytes2matrix(leak_key) | |
r_con = ( | |
0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, | |
0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, | |
0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, | |
0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, | |
) | |
def invert_schedule(key, round): | |
prev_key = [None] * 4 | |
prev_key[3] = xor(key[2], key[3]) | |
prev_key[2] = xor(key[1], key[2]) | |
prev_key[1] = xor(key[0], key[1]) | |
prev_key[0] = xor(key[0], [r_con[round], 0, 0, 0]) | |
return prev_key | |
for i in range(10, 0, -1): | |
leak_key = invert_schedule(leak_key, i) | |
key = b''.join(leak_key) | |
aes = AES.new(key,AES.MODE_CBC,IV) | |
print(aes.decrypt(flag_enc)) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment