-
-
Save mimoo/8d8c02b9fe299f0ed10bff63092052e8 to your computer and use it in GitHub Desktop.
CS challenge 2 - Submarine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
from Crypto.Cipher import AES | |
class AES_CBC_Cipher: | |
def __init__( self, key ): | |
self.key = key | |
def pad(self, s): | |
return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size) | |
def unpad(self, s): | |
return s[:-ord(s[len(s)-1:])] | |
def encrypt( self, iv, raw ): | |
raw = self.pad(raw) | |
cipher = AES.new( self.key, AES.MODE_CBC, iv ) | |
return base64.b64encode( iv + cipher.encrypt( raw ) ) | |
def decrypt( self, enc ): | |
enc = base64.b64decode(enc) | |
iv = enc[:16] | |
cipher = AES.new(self.key, AES.MODE_CBC, iv ) | |
return self.unpad(cipher.decrypt( enc[16:] )) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from aes_cbc_cipher import AES_CBC_Cipher | |
from Crypto import Random | |
secret_key = "abcdefghijklmnop" # not the real one =) | |
def validate_credentials(user, password): | |
if user == "qwerty" and password == "asdf": | |
return True | |
else: | |
return False | |
def login(user, password): | |
if not validate_credentials(user, password): | |
return False | |
cipher = AES_CBC_Cipher(secret_key) | |
IV = Random.new().read(16) | |
return cipher.encrypt(IV, user) | |
def main(): | |
token = raw_input("Do you have a token? (y/n)\n") | |
if token == "y": | |
ciphertext = raw_input("token?\n") | |
cipher = AES_CBC_Cipher(secret_key) | |
user = cipher.decrypt(ciphertext) | |
print "You are logged in as", user | |
else: | |
user = raw_input("user?\n") | |
password = raw_input("password?\n") | |
token = login(user, password) | |
if not token: | |
print "Wrong credentials\n" | |
else: | |
print "Success. here's your token:" | |
print token | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Any hint?. Is it along the lines of padding oracle attack?