Ideone.com

fork download

copy

# Question 1
# An attacker intercepts the following ciphertext (hex encoded): 
 
#    20814804c1767293b99f1d9cab3bc3e7 ac1e37bfb15599e5f40eef805488281d 
 
# He knows that the plaintext is the ASCII encoding of the message "Pay Bob 100$" (excluding the quotes). 
# He also knows that the cipher used is CBC encryption with a random IV using AES as the underlying block cipher. 
# Show that the attacker can change the ciphertext so that it will decrypt to "Pay Bob 500$". What is the resulting ciphertext (hex encoded)? 
# This shows that CBC provides no integrity.
 
import sys
 
def main():
	# input
	cypherText = "20814804c1767293b99f1d9cab3bc3e7 ac1e37bfb15599e5f40eef805488281d".split(' ')
 
	# set the CBC parts. The first part is the IV
	cypherTextIV = cypherText[0].decode('hex')
	cypherTextC0 = cypherText[1].decode('hex')
 
	# define plaintexts
	plainText = "Pay Bob 100$"
	plainTextTarget = "Pay Bob 500$"
 
	# define paddings
	paddingNum1 = str(len(cypherTextC0) - len(plainText))
	padding1 = "".join([paddingNum1] * int(paddingNum1))
 
	paddingNum2 = str(len(cypherTextC0) - len(plainTextTarget))
	padding2 = "".join([paddingNum2] * int(paddingNum2))
 
	# append to plaintext the paddings
	plainText += padding1
	plainTextTarget += padding2
 
	# XOR the plaintext to determine the value to XOR with
	xorredPlainText = strxor(plainText, plainTextTarget)
 
	# Since the decription of c[0] is XORed with IV to retrieve the plaintext xor the IV with the desired mutation
	newIV = strxor(xorredPlainText, cypherTextIV)
 
	# new CBC 
	print "New CBC\n",newIV.encode('hex'), cypherText[1]
 
	# Output:
	# New CBC
	# 20814804c1767293bd9f1d9cab3bc3e7 ac1e37bfb15599e5f40eef805488281d
 
 
# xor two strings of different lengths
def strxor(a, b):     
    if len(a) > len(b):
        return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a[:len(b)], b)])
    else:
        return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b[:len(a)])])
 
 
main()

IyBRdWVzdGlvbiAxCiMgQW4gYXR0YWNrZXIgaW50ZXJjZXB0cyB0aGUgZm9sbG93aW5nIGNpcGhlcnRleHQgKGhleCBlbmNvZGVkKTogCgojICAgIDIwODE0ODA0YzE3NjcyOTNiOTlmMWQ5Y2FiM2JjM2U3IGFjMWUzN2JmYjE1NTk5ZTVmNDBlZWY4MDU0ODgyODFkIAoKIyBIZSBrbm93cyB0aGF0IHRoZSBwbGFpbnRleHQgaXMgdGhlIEFTQ0lJIGVuY29kaW5nIG9mIHRoZSBtZXNzYWdlICJQYXkgQm9iIDEwMCQiIChleGNsdWRpbmcgdGhlIHF1b3RlcykuIAojIEhlIGFsc28ga25vd3MgdGhhdCB0aGUgY2lwaGVyIHVzZWQgaXMgQ0JDIGVuY3J5cHRpb24gd2l0aCBhIHJhbmRvbSBJViB1c2luZyBBRVMgYXMgdGhlIHVuZGVybHlpbmcgYmxvY2sgY2lwaGVyLiAKIyBTaG93IHRoYXQgdGhlIGF0dGFja2VyIGNhbiBjaGFuZ2UgdGhlIGNpcGhlcnRleHQgc28gdGhhdCBpdCB3aWxsIGRlY3J5cHQgdG8gIlBheSBCb2IgNTAwJCIuIFdoYXQgaXMgdGhlIHJlc3VsdGluZyBjaXBoZXJ0ZXh0IChoZXggZW5jb2RlZCk/IAojIFRoaXMgc2hvd3MgdGhhdCBDQkMgcHJvdmlkZXMgbm8gaW50ZWdyaXR5LgoKaW1wb3J0IHN5cwoKZGVmIG1haW4oKToKCSMgaW5wdXQKCWN5cGhlclRleHQgPSAiMjA4MTQ4MDRjMTc2NzI5M2I5OWYxZDljYWIzYmMzZTcgYWMxZTM3YmZiMTU1OTllNWY0MGVlZjgwNTQ4ODI4MWQiLnNwbGl0KCcgJykKCQoJIyBzZXQgdGhlIENCQyBwYXJ0cy4gVGhlIGZpcnN0IHBhcnQgaXMgdGhlIElWCgljeXBoZXJUZXh0SVYgPSBjeXBoZXJUZXh0WzBdLmRlY29kZSgnaGV4JykKCWN5cGhlclRleHRDMCA9IGN5cGhlclRleHRbMV0uZGVjb2RlKCdoZXgnKQoJCgkjIGRlZmluZSBwbGFpbnRleHRzCglwbGFpblRleHQgPSAiUGF5IEJvYiAxMDAkIgoJcGxhaW5UZXh0VGFyZ2V0ID0gIlBheSBCb2IgNTAwJCIKCgkjIGRlZmluZSBwYWRkaW5ncwoJcGFkZGluZ051bTEgPSBzdHIobGVuKGN5cGhlclRleHRDMCkgLSBsZW4ocGxhaW5UZXh0KSkKCXBhZGRpbmcxID0gIiIuam9pbihbcGFkZGluZ051bTFdICogaW50KHBhZGRpbmdOdW0xKSkKCglwYWRkaW5nTnVtMiA9IHN0cihsZW4oY3lwaGVyVGV4dEMwKSAtIGxlbihwbGFpblRleHRUYXJnZXQpKQoJcGFkZGluZzIgPSAiIi5qb2luKFtwYWRkaW5nTnVtMl0gKiBpbnQocGFkZGluZ051bTIpKQoKCSMgYXBwZW5kIHRvIHBsYWludGV4dCB0aGUgcGFkZGluZ3MKCXBsYWluVGV4dCArPSBwYWRkaW5nMQoJcGxhaW5UZXh0VGFyZ2V0ICs9IHBhZGRpbmcyCgoJIyBYT1IgdGhlIHBsYWludGV4dCB0byBkZXRlcm1pbmUgdGhlIHZhbHVlIHRvIFhPUiB3aXRoCgl4b3JyZWRQbGFpblRleHQgPSBzdHJ4b3IocGxhaW5UZXh0LCBwbGFpblRleHRUYXJnZXQpCgoJIyBTaW5jZSB0aGUgZGVjcmlwdGlvbiBvZiBjWzBdIGlzIFhPUmVkIHdpdGggSVYgdG8gcmV0cmlldmUgdGhlIHBsYWludGV4dCB4b3IgdGhlIElWIHdpdGggdGhlIGRlc2lyZWQgbXV0YXRpb24KCW5ld0lWID0gc3RyeG9yKHhvcnJlZFBsYWluVGV4dCwgY3lwaGVyVGV4dElWKQoKCSMgbmV3IENCQyAKCXByaW50ICJOZXcgQ0JDXG4iLG5ld0lWLmVuY29kZSgnaGV4JyksIGN5cGhlclRleHRbMV0KCgkjIE91dHB1dDoKCSMgTmV3IENCQwoJIyAyMDgxNDgwNGMxNzY3MjkzYmQ5ZjFkOWNhYjNiYzNlNyBhYzFlMzdiZmIxNTU5OWU1ZjQwZWVmODA1NDg4MjgxZAoKCiMgeG9yIHR3byBzdHJpbmdzIG9mIGRpZmZlcmVudCBsZW5ndGhzCmRlZiBzdHJ4b3IoYSwgYik6ICAgICAKICAgIGlmIGxlbihhKSA+IGxlbihiKToKICAgICAgICByZXR1cm4gIiIuam9pbihbY2hyKG9yZCh4KSBeIG9yZCh5KSkgZm9yICh4LCB5KSBpbiB6aXAoYVs6bGVuKGIpXSwgYildKQogICAgZWxzZToKICAgICAgICByZXR1cm4gIiIuam9pbihbY2hyKG9yZCh4KSBeIG9yZCh5KSkgZm9yICh4LCB5KSBpbiB6aXAoYSwgYls6bGVuKGEpXSldKQoKCm1haW4oKQ==

Success #stdin #stdout 0.04s 63912KB

stdin

copy

Standard input is empty

stdout

copy

New CBC
20814804c1767293bd9f1d9cab3bc3e7 ac1e37bfb15599e5f40eef805488281d

https://ideone.com/DMUk4s

language:

Python (PyPy 2.7.13)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language