This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def str_to_dict(string): | |
obj = {} | |
for kv in string.split("&"): | |
kv = kv.split("=") | |
obj[kv[0]] = kv[1] | |
return obj | |
def profile_for(email_buffer): | |
email = bytes(email_buffer) | |
email = email.replace("&", "").replace("=", "") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
key = bytes(random_key(AES.block_size)) | |
def create_admin_profile(): | |
block_size = get_block_size(profile_for) | |
# Let's make the length of "email=...&uid=10&role=" a multiple of block_size | |
# so that "user" is block aligned | |
mandatory_bytes = "email=&uid=10&role=" | |
remaining_bytes = (len(mandatory_bytes) / block_size + 1) * block_size | |
email_len = remaining_bytes - len(mandatory_bytes) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_unknown_string(oracle): | |
block_size = get_block_size(oracle) | |
is_ecb = is_ecb_mode( | |
oracle(bytearray("YELLOW SUBMARINE" * 2)), | |
block_size, | |
) | |
assert is_ecb | |
unknown_string_size = get_unknown_string_size(oracle) | |
unknown_string = bytearray() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
from random import randint | |
from collections import defaultdict | |
def repeated_blocks(buffer, block_length=16): | |
reps = defaultdict(lambda: -1) | |
for i in range(0, len(buffer), block_length): | |
block = bytes(buffer[i:i + block_length]) | |
reps[block] += 1 | |
return sum(reps.values()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_unknown_string_size(oracle): | |
ciphertext_length = len(oracle(bytearray())) | |
i = 1 | |
while True: | |
data = bytearray("A" * i) | |
new_ciphertext_length = len(oracle(data)) | |
if ciphertext_length != new_ciphertext_length: | |
return new_ciphertext_length - i | |
i += 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<root xmlns="urn:schemas-upnp-org:device-1-0"> | |
<specVersion> | |
<major>1</major> | |
<minor>0</minor> | |
</specVersion> | |
<device> | |
<deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType> | |
<friendlyName>...</friendlyName> | |
<manufacturer>Sony Corporation</manufacturer> | |
<manufacturerURL>http://www.sony.net/</manufacturerURL> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET /dd.xml HTTP/1.1 | |
Host: XXX.XXX.XXX.XXX:43214 | |
User-Agent: Spotify/105300758 OSX/0 (MacBookPro10,1) | |
Keep-Alive: 0 | |
Connection: keep-alive | |
Accept-Encoding: gzip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_block_size(oracle): | |
ciphertext_length = len(oracle(bytearray())) | |
i = 1 | |
while True: | |
data = bytearray("A" * i) | |
new_ciphertext_length = len(oracle(data)) | |
block_size = new_ciphertext_length - ciphertext_length | |
if block_size: | |
return block_size | |
i += 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
from random import randint | |
def pad_pkcs7(buffer, block_size): | |
if len(buffer) % block_size: | |
padding = (len(buffer) / block_size + 1) * block_size - len(buffer) | |
else: | |
padding = 0 | |
# Padding size must be less than a byte | |
assert 0 <= padding <= 255 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
key = bytes(random_key(16)) | |
def encryption_oracle(data): | |
unknown_string = bytearray(( | |
"Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg\n" + | |
"aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq\n" + | |
"dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg\n" + | |
"YnkK" | |
).decode("base64")) | |
plaintext = pad_pkcs7( |