Working Method:
from binascii import hexlify
import requests
import json
from string import printable
def encrypt(pt):
p = hexlify(pt).decode()
url = "http://aes.cryptohack.org/ecb_oracle/encrypt/"+p
r = requests.get(url)
ct = (json.loads(r.text))['ciphertext']
return ct
flag = ""
n = 31
while 1:
payload = b'1'*(n-len(flag))
comp = encrypt(payload)
for i in printable:
enc = encrypt(payload + flag.encode() + i.encode())
if comp[32:64] == enc[32:64]:
flag += i
print("flag letter: ", i)
break
if flag[-1] == '}':
break
print(flag)
flag = crypto{p3n6u1n5_h473_3cb}
reference = https://yidaotus.medium.com/breaking-ecb-by-prepending-your-own-message-b7b376d5efbb
Alternate Method that doesn't work:
from binascii import hexlify
import requests
import json
from string import printable
def encrypt(pt):
p = hexlify(pt).decode()
url = "http://aes.cryptohack.org/ecb_oracle/encrypt/"+p
r = requests.get(url)
ct = (json.loads(r.text))['ciphertext']
return ct
flag = ""
n = 31
while 1:
payload = b'1'*(n-len(flag)) + flag.encode()
comp = encrypt(payload)
for i in printable:
enc = encrypt(payload + i.encode())
if comp[32:64] == enc[32:64]:
flag += i
print("flag letter: ", i)
break
if flag[-1] == '}':
break
print(flag)
Reason why the alternate method doesn't work:
In the payload initialising part, in working method payload = b'1'*(n-len(flag))
and in alternate method payload = b'1'*(n-len(flag)) + flag.encode()
. The challenge encrypts user entered plain text using padded = pad(plaintext + FLAG.encode(), 16)
, the isuue with the alternate method is that we would be giving the flag twice (pt+flag+flag) so we wont be getting the entire flag with this method, we will only get the first character