rcombs/AesPaddingOracle.py

## AesPaddingOracle.py
'''
Created on Jul 4, 2010

@author: Eloi Sanfelix < eloi AT limited-entropy.com >
'''

from Crypto.Cipher import AES
from PaddingOracle.DecryptionOracle import DecryptionOracle
from PaddingOracle.CBCREncryptionOracle import CBCREncryptionOracle
import random
import struct
import socket

def hex_string(data):
	x = struct.unpack("B"*len(data),data)
	return "".join([ hex(i)+" " for i in x])
#Random key globally initialized
#key = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])

key = "cacacacacacacaca"

sock = socket.socket()
sock.connect(("vuln.picoctf.com", 4567))
sock.recv(1024)

def oracle(ctext):

#	sock.send("165047d37a95eb20028a88af4aa3527b7191209e799d4fdd24e631de95638a0a".decode("hex") + "\n")
 	sock.send(ctext + "\n")
 	buf = sock.recv(1024)

 	print buf

	return buf.find("incorrect padding") == -1

if __name__ == '__main__':

	#Random 4 block plaintext
#	 data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(64) ])
#	 data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])
	data="HERE_IS_COMMAND:flag\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"

	#print "Plaintext: "+hex_string(data)

	cipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
	#ctext = cipher.encrypt(data)
	ctext ="\xb6\x4e\x2c\x54\x08\x4d\x23\xbb\xd6\x40\xe0\x6e\xd5\x7f\x08\x08"
	print "Ciphertext: "+hex_string(ctext)

	decryptOracle = DecryptionOracle(oracle,16)
	encryptOracle = CBCREncryptionOracle(decryptOracle,16)

	ctext2 = encryptOracle.encrypt_message(data)
	print "Ciphertext using CBC-R (includes IV): "+hex_string(ctext2)
	#print "Encryption oracle says: " + hex_string(ctext2)
	cipher2 = AES.new(key,AES.MODE_CBC,ctext2[0:16])
	ptext = cipher2.decrypt(ctext2[16:])

	if(ptext == data):
		print "CORRECT decryption of CBC-R encrypted ctext!"
	else:
		print "INCORRECT decryption of CBC-R encrypted ctext"
	'''
	Created on Jul 4, 2010

	@author: Eloi Sanfelix < eloi AT limited-entropy.com >
	'''

	from Crypto.Cipher import AES
	from PaddingOracle.DecryptionOracle import DecryptionOracle
	from PaddingOracle.CBCREncryptionOracle import CBCREncryptionOracle
	import random
	import struct
	import socket

	def hex_string(data):
	x = struct.unpack("B"*len(data),data)
	return "".join([ hex(i)+" " for i in x])
	#Random key globally initialized
	#key = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])

	key = "cacacacacacacaca"

	sock = socket.socket()
	sock.connect(("vuln.picoctf.com", 4567))
	sock.recv(1024)

	def oracle(ctext):

	# sock.send("165047d37a95eb20028a88af4aa3527b7191209e799d4fdd24e631de95638a0a".decode("hex") + "\n")
	sock.send(ctext + "\n")
	buf = sock.recv(1024)

	print buf

	return buf.find("incorrect padding") == -1

	if __name__ == '__main__':

	#Random 4 block plaintext
	# data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(64) ])
	# data = "".join([struct.pack("B",random.getrandbits(8)) for i in range(16) ])
	data="HERE_IS_COMMAND:flag\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"

	#print "Plaintext: "+hex_string(data)

	cipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
	#ctext = cipher.encrypt(data)
	ctext ="\xb6\x4e\x2c\x54\x08\x4d\x23\xbb\xd6\x40\xe0\x6e\xd5\x7f\x08\x08"
	print "Ciphertext: "+hex_string(ctext)

	decryptOracle = DecryptionOracle(oracle,16)
	encryptOracle = CBCREncryptionOracle(decryptOracle,16)

	ctext2 = encryptOracle.encrypt_message(data)
	print "Ciphertext using CBC-R (includes IV): "+hex_string(ctext2)
	#print "Encryption oracle says: " + hex_string(ctext2)
	cipher2 = AES.new(key,AES.MODE_CBC,ctext2[0:16])
	ptext = cipher2.decrypt(ctext2[16:])

	if(ptext == data):
	print "CORRECT decryption of CBC-R encrypted ctext!"
	else:
	print "INCORRECT decryption of CBC-R encrypted ctext"