From cbc decryption:
P0 = iv xor block_decryption(C0)
P0 --> "admin=False" P' --> "admin=True" (what we want)
"admin=True" = iv' xor block_decryption(C0)
iv' = "admin=True" xor block_decryption(C0)
block_decryption(C0) = "admin=False" xor iv
iv' = iv xor "admin=False" xor "admin=True"
Code:
from Crypto.Util.number import *
import requests
import json
from pwn import xor
def get_ciphertext():
url = "http://aes.cryptohack.org/flipping_cookie/get_cookie/"
r = requests.get(url)
ct = (json.loads(r.text))['cookie']
return ct
def check_cookie(cookie, iv):
url = "http://aes.cryptohack.org/flipping_cookie/check_admin/"+cookie+"/"+iv
r = requests.get(url)
try:
flag = (json.loads(r.text))['flag']
except:
flag = (json.loads(r.text))['error']
return flag
c = get_ciphertext()
iv = bytes.fromhex((c[:32]))
ct = c[32:]
iv1 = xor(iv,b'admin=False',b'admin=True;').hex()
flag = check_cookie(ct, iv1)
print(flag)
Flag = crypto{4u7h3n71c4710n_15_3553n714l}
note: in cbc bit flipping attack the number of bytes of P0 and P' must be equal