commit 9782852d4d776f5896414b4cefbd789ac37384eb
parent fe7eb3c653e1221b2a752ab9b42823210669a2e6
Author: mpizzzle <michael.770211@gmail.com>
Date: Tue, 24 Oct 2017 18:59:25 +0100
correcting pkcs7 padding implementation, now checking for padding length
Diffstat:
3 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/set2/byte_at_a_time_ecb_decryption.py b/set2/byte_at_a_time_ecb_decryption.py
@@ -11,11 +11,17 @@ key = Random.new().read(AES.block_size)
plaintext = str(pt1 + pt2 + pt3 + pt4).decode("base64") # no peeking!
def encryption_oracle(msg):
- return AES.new(key, AES.MODE_ECB).encrypt(msg + plaintext + ''.join(['\x04' for i in range(AES.block_size - (len(msg + plaintext) % AES.block_size))]) if len(msg + plaintext) % AES.block_size != 0 else msg + plaintext)
+ pad_len = AES.block_size - (len(msg + plaintext) % AES.block_size)
+ return AES.new(key, AES.MODE_ECB).encrypt(msg + plaintext + ''.join([chr(pad_len) for i in range(pad_len)]))
+
+def find_len_of_padding():
+ for i in range(AES.block_size):
+ if len(encryption_oracle(''.join('\x00' for j in range(i)))) != len(encryption_oracle(''.join('\x00' for j in range(i + 1)))):
+ return i + 1
aaa = buf = "AAAAAAAAAAAAAAA"
-for i in range(len(encryption_oracle(''))):
+for i in range(len(encryption_oracle('')) - find_len_of_padding()):
dict = {encryption_oracle(aaa[i:] + chr(j))[:AES.block_size] : chr(j) for j in range(0xff)}
cipher = encryption_oracle(buf[i % AES.block_size:])
aaa += dict[cipher[AES.block_size * (i / AES.block_size) : AES.block_size * ((i + AES.block_size) / AES.block_size)]]
diff --git a/set2/byte_at_a_time_ecb_decryption_harder.py b/set2/byte_at_a_time_ecb_decryption_harder.py
@@ -13,14 +13,10 @@ plaintext = str(pt1 + pt2 + pt3 + pt4).decode("base64") # no peeking!
rand_buffer = Random.new().read(random.randint(0, 100))
def encryption_oracle(msg):
- padding = ''
+ pad_len = AES.block_size - (len(rand_buffer + msg + plaintext) % AES.block_size)
+ return AES.new(key, AES.MODE_ECB).encrypt(rand_buffer + msg + plaintext + ''.join([chr(pad_len) for i in range(pad_len)]))
- if len(rand_buffer + msg + plaintext) % AES.block_size != 0:
- padding = ''.join(['\x04' for i in range(AES.block_size - (len(rand_buffer + msg + plaintext) % AES.block_size))])
-
- return AES.new(key, AES.MODE_ECB).encrypt(rand_buffer + msg + plaintext + padding)
-
-def find_len_of_random_prefix():
+def len_of_prefix():
prefix_len = -1
a_blocks = b_blocks = []
@@ -43,12 +39,17 @@ def find_len_of_random_prefix():
return sum([AES.block_size if a == b else 0 for a, b in zip(a_blocks, b_blocks)])
-prefix = find_len_of_random_prefix()
+def len_of_padding():
+ for i in range(AES.block_size):
+ if len(encryption_oracle(''.join('\x00' for j in range(i)))) != len(encryption_oracle(''.join('\x00' for j in range(i + 1)))):
+ return i + 1
+
+prefix = len_of_prefix()
mod = AES.block_size - prefix % AES.block_size
buf = aaa = "AAAAAAAAAAAAAAA"
aa = ''.join("A" for i in range(mod))
-for i in range(len(encryption_oracle('')) - prefix):
+for i in range(len(encryption_oracle('')) - prefix - len_of_padding()):
dict = {encryption_oracle(aa + aaa[i:] + chr(j))[mod + prefix : mod + prefix + AES.block_size] : chr(j) for j in range(0xff)}
cipher = encryption_oracle(aa + buf[i % AES.block_size:])
aaa += dict[cipher[mod + prefix + (AES.block_size * (i / AES.block_size)) : mod + prefix + (AES.block_size * ((i + AES.block_size) / AES.block_size))]]
diff --git a/set2/pkcs7_padding.py b/set2/pkcs7_padding.py
@@ -1,6 +1,6 @@
def pkcs7_padding(block, block_length):
- return block + ''.join([chr(4) for x in range(block_length - len(block))])
+ return block + ''.join([chr(block_length - len(block)) for x in range(block_length - len(block))])
block = "YELLOW SUBMARINE"
-print pkcs7_padding(block, 32)
+print pkcs7_padding(block, 69)
