Created
July 12, 2012 01:56
-
-
Save tarcieri/3095168 to your computer and use it in GitHub Desktop.
An chosen plaintext attack on ECB mode allowing recovery of encrypted messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'openssl' | |
# Don't use this | |
module Encryption | |
def self.cipher(mode) | |
cipher = OpenSSL::Cipher::Cipher.new("aes-256-ecb") | |
cipher.send mode | |
cipher.key = "ABANDON ALL HOPE YE WHO USE ECB!" | |
cipher.padding = 0 | |
cipher | |
end | |
def self.encrypt(text) | |
return unless text | |
# lolpadding courtesy the fastaes gem | |
block_size = 16 | |
padding_length = block_size - (text.length % block_size) | |
text += "\0" * padding_length | |
aes = cipher(:encrypt) | |
aes.update(text) << aes.final | |
end | |
end | |
# We assume the attacker has access to some kind of encryption oracle somewhere | |
# in the system. An example of this would be an encrypted cookie where the | |
# attacker can control a portion of the plaintext. | |
def oracle(chosen_plaintext) | |
Encryption.encrypt(chosen_plaintext + TARGET_MESSAGE) | |
end | |
PAD = "A" | |
BLOCK_SIZE = 16 | |
TARGET_MESSAGE = "secret message" | |
# LENGTH can be determined automatically but I'm lazy | |
LENGTH = TARGET_MESSAGE.size | |
plaintext = "" | |
LENGTH.times do | |
pad_size = BLOCK_SIZE - plaintext.size - 1 | |
prefix = PAD * pad_size | |
target_ciphertext = oracle(prefix) | |
prefix << plaintext | |
n = -1 | |
begin | |
n += 1 | |
guess = prefix + n.chr | |
encrypted_guess = oracle(guess)[0...BLOCK_SIZE] | |
puts "Guessing: #{guess.inspect}\t(encrypted: #{encrypted_guess.unpack("H*").first[0..8]}, target: #{target_ciphertext[0...BLOCK_SIZE].unpack("H*").first[0..8]})" | |
end until encrypted_guess == target_ciphertext[0...BLOCK_SIZE] | |
plaintext << n.chr | |
puts "LOCK! We now have: #{plaintext}" | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sweet! There was a pretty cool assignment in Udacity's CS 387 where you were supposed to perform a BEAST-like attack on CBC. You might enjoy that, too :)