byte_at_a_time_ecb_decryption.py - cryptopals - <a href="https://cryptopals.com/">https://cryptopals.com/</a>

byte_at_a_time_ecb_decryption.py (1237B)
      1 from Crypto.Cipher import AES
      2 from Crypto import Random
      3 
      4 pt1 = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgn"
      5 pt2 = "aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqn"
      6 pt3 = "dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgn"
      7 pt4 = "YnkK"
      8 
      9 key = Random.new().read(AES.block_size)
     10 plaintext = str(pt1 + pt2 + pt3 + pt4).decode("base64") # no peeking!
     11 
     12 def encryption_oracle(msg):
     13     pad_len = AES.block_size - (len(msg + plaintext) % AES.block_size)
     14     return AES.new(key, AES.MODE_ECB).encrypt(msg + plaintext + ''.join([chr(pad_len) for i in range(pad_len)]))
     15 
     16 def find_len_of_padding():
     17     for i in range(AES.block_size):
     18         if len(encryption_oracle(''.join('x00' for j in range(i)))) != len(encryption_oracle(''.join('x00' for j in range(i + 1)))):
     19             return i + 1
     20 
     21 aaa = buf = "AAAAAAAAAAAAAAA"
     22 
     23 for i in range(len(encryption_oracle('')) - find_len_of_padding()):
     24     dict = {encryption_oracle(aaa[i:] + chr(j))[:AES.block_size] : chr(j) for j in range(256)}
     25     cipher = encryption_oracle(buf[i % AES.block_size:])
     26     aaa += dict[cipher[AES.block_size * (i / AES.block_size) : AES.block_size * ((i + AES.block_size) / AES.block_size)]]
     27 
     28 print aaa[AES.block_size - 1:]