Skip to content

Instantly share code, notes, and snippets.

@zer0tonin
Created June 22, 2019 19:26
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zer0tonin/556e92dcc44650a4a6fc1c58aaac2e50 to your computer and use it in GitHub Desktop.
Save zer0tonin/556e92dcc44650a4a6fc1c58aaac2e50 to your computer and use it in GitHub Desktop.
AES-CBC exploit
package main
import (
"encoding/hex"
"fmt"
"os"
"github.com/gdamore/encoding"
)
func main() {
if os.Args[1] == "get-diff" {
xor(toASCII(os.Args[2]), toASCII(os.Args[3]))
} else if os.Args[1] == "apply-diff" {
iv, _ := hex.DecodeString(os.Args[2])
diff, _ := hex.DecodeString(os.Args[3])
xor(iv, diff)
}
}
func toASCII(plaintext string) []byte {
encoder := encoding.ASCII.NewEncoder()
result, _ := encoder.Bytes([]byte(plaintext))
return result
}
func xor(plaintext, malicious []byte) {
output := make([]byte, len(plaintext))
for i := 0; i < len(plaintext); i++ {
output[i] = plaintext[i] ^ malicious[i]
}
fmt.Printf("%x\n", output)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment