Skip to content

Commit

Permalink
Fixed : Padding Oracle
Browse files Browse the repository at this point in the history
  • Loading branch information
@maojui
maojui committed Dec 19, 2019
1 parent a2e165a commit 9d8505d
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 27 deletions.
29 changes: 3 additions & 26 deletions cytro/sym/cbc/PaddingOracle.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,6 @@
import logging as log
from cytro import *

# def block_xor(cipher, origin, to) :
# """
# Give :
# @cipher : CBC cipher
# @origin : origin plaintext
# @to : fake plaintext
# """
# print(cipher,origin,to)
# if len(cipher)%8 == 0 :
# raise Exception('Error block size')

# if not len(cipher) == len(origin) == len(to):
# raise Exception('cipher, origin plaintext, fake plaintext must be the same length.')

# return xor_string(xor_string(cipher,origin), to)


def xor(cipher, _from, _to):
print("XOR", cipher, _from , _to)
for target in [_from, _to] :
Expand All @@ -31,8 +14,8 @@ def xor(cipher, _from, _to):
class PaddingOracle:

def __init__(self, key_size=16):
if key_size % 8 != 0:
raise ValueError("Incorrect key length: %d", key_size)
# if key_size % 8 != 0:
# raise ValueError("Incorrect key length: %d", key_size)
self.key_size = key_size

def oracle(self, payload, iv, previous_resp, **kwargs):
Expand Down Expand Up @@ -62,11 +45,10 @@ def decrypt(self, ciphertext, iv=None, amount=0, is_correct=False, known_plainte

#prepare blocks
blocks = chunk(ciphertext,self.key_size)
print("FCDDDSFD", blocks)

resp = None
if iv != None:
log.info("Set iv")
# iv = h2B(iv)
iv = iv
log.info("iv is : %s"%iv)
blocks.insert(0,iv)
Expand Down Expand Up @@ -102,10 +84,7 @@ def decrypt(self, ciphertext, iv=None, amount=0, is_correct=False, known_plainte
payload_prefix = b''.join(blocks[:count_block-2])
if FIRST_MODIFY :
FIRST_MODIFY = False
# print(position_known)
# print(blocks)
print("origin",blocks[-2])
# payload_modify = blocks[-2][:-position_known]+xor(blocks[-2][-position_known:],kp[:position_known],position_known+1)
payload_modify = blocks[-2][:-position_known] + xor(blocks[-2][-position_known:],kp[:position_known],position_known+1)

else :
Expand All @@ -124,8 +103,6 @@ def decrypt(self, ciphertext, iv=None, amount=0, is_correct=False, known_plainte
payload = b''.join([payload_prefix, modified, payload_decrypt])
iv = payload[:self.key_size]
payload = payload[self.key_size:]
# iv = s2h(payload[:self.key_size])
# payload = s2h(payload[self.key_size:])
is_ok = False

correct, resp = self.oracle(payload=payload, iv=iv, previous_resp=resp, **kwargs)
Expand Down
21 changes: 20 additions & 1 deletion cytro/sym/cbc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,23 @@ In this module provides several methods to try with CBC encryption.

- Bitflips Attack
- Padding Oracle
- POODLE
- POODLE

Usage :

```python

class Exploit(PaddingOracle):

def oracle(self, payload, iv, previous_resp, **kwargs):
r = sendPayload(iv + payload)
if b'Padding decrypted OK:' in r:
return True, None
else :
return False, None

blocksize = 8
exp = Exploit(blocksize)
decrypted = exp.decrypt(ciphertext=raw_cipher, iv=raw_iv, is_correct=True, known_plaintext=b'\x02\x02')

```

0 comments on commit 9d8505d

Please sign in to comment.