Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
An chosen plaintext attack on ECB mode allowing recovery of encrypted messages
require 'openssl'
# Don't use this
module Encryption
def self.cipher(mode)
cipher = OpenSSL::Cipher::Cipher.new("aes-256-ecb")
cipher.send mode
cipher.key = "ABANDON ALL HOPE YE WHO USE ECB!"
cipher.padding = 0
cipher
end
def self.encrypt(text)
return unless text
# lolpadding courtesy the fastaes gem
block_size = 16
padding_length = block_size - (text.length % block_size)
text += "\0" * padding_length
aes = cipher(:encrypt)
aes.update(text) << aes.final
end
end
# We assume the attacker has access to some kind of encryption oracle somewhere
# in the system. An example of this would be an encrypted cookie where the
# attacker can control a portion of the plaintext.
def oracle(chosen_plaintext)
Encryption.encrypt(chosen_plaintext + TARGET_MESSAGE)
end
PAD = "A"
BLOCK_SIZE = 16
TARGET_MESSAGE = "secret message"
# LENGTH can be determined automatically but I'm lazy
LENGTH = TARGET_MESSAGE.size
plaintext = ""
LENGTH.times do
pad_size = BLOCK_SIZE - plaintext.size - 1
prefix = PAD * pad_size
target_ciphertext = oracle(prefix)
prefix << plaintext
n = -1
begin
n += 1
guess = prefix + n.chr
encrypted_guess = oracle(guess)[0...BLOCK_SIZE]
puts "Guessing: #{guess.inspect}\t(encrypted: #{encrypted_guess.unpack("H*").first[0..8]}, target: #{target_ciphertext[0...BLOCK_SIZE].unpack("H*").first[0..8]})"
end until encrypted_guess == target_ciphertext[0...BLOCK_SIZE]
plaintext << n.chr
puts "LOCK! We now have: #{plaintext}"
end
@tqbf

Now, make it work if your oracle starts from some arbitrary point in the middle of the ciphertext (that's the common case with cookies).

@tqbf

Also: once you have the code from this, you are very close to having the code for the CBC- with- chained- IV bug that the TLS BEAST attack exploits.

(That's how I learned about this attack: from Thai's frustrated attempts to explain the BEAST attack to me while he was working on it at Matasano)

@emboss

Sweet! There was a pretty cool assignment in Udacity's CS 387 where you were supposed to perform a BEAST-like attack on CBC. You might enjoy that, too :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.