padding_oracle_attack/connect.py at master · zim123abc/padding_oracle_attack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
import socket
import math as m

def parse_encryption(x):
    temp1 = x.split("b'Encryption: ")
    temp2 = temp1[1].split("\\n")
    total_length = int(temp2[0])
    encrypted_string = list(temp2[1].split(" "))
    del encrypted_string[len(encrypted_string)-1]
    IV = (temp2[2].split("b'"))[1].split("'")[0]
    return total_length, encrypted_string, IV

def encryption_query(pad):
    query_txt = "-e " + pad
    r.send(query_txt.encode())     # Encryption of the secret message
    x = r.recv(1024).decode()
    return x

def encryption_query_parse(pad):
    x = encryption_query(pad)
    return parse_encryption(x)

def decryption_query(ciphertext, iv):
    query = "-V " + ciphertext + " " + iv
    r.send(query.encode()) # Valid ciphertext and IV
    x = r.recv(1024).decode()
    return x

def extract_last_byte(x, y, z):
    return chr(int(hex(int(x, 16) ^ int(y, 16) ^ int(z, 16))[-3:-1], 16))


def find_plaintext_length():
    x = encryption_query("")
    total_length, encrypted_string, IV = parse_encryption(x)
    temp_length = total_length
    counter = 1
    while (total_length == temp_length):
        pad = ""
        for i in range(counter):
            pad += "00"
        x = encryption_query(pad)
        temp_length, encrypted_string, IV = parse_encryption(x)
        counter += 1
    plaintext_length = (total_length - (counter-1)) - 16
    return plaintext_length, counter

def parse_into_blocks(encrypted_string):
    blocks = []
    j = 0
    i = 0
    while j < len(encrypted_string):
        i = 0
        tempstr = ""
        while i < 16:
            tempstr += encrypted_string[i+j]
            i += 1
        blocks.append(tempstr)
        j += 16
    return blocks

r = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
r.connect(("192.168.122.57", 31336))

print("Encryption of the secret message:\n")
r.send("-e".encode())     # Encryption of the secret message
x = r.recv(1024).decode()
print x

total_length, encrypted_string, IV = parse_encryption(x)

#====================== Print Encrypted Info =============================#
#print "\nTotal Length: ",
#print total_length
#print "Encrypted String: ",
#print encrypted_string
#print "IV: " + IV
#====================== End of Print =====================================#

#====================== Parse into Individual Blocks =====================#
#blocks = parse_into_blocks(encrypted_string)
#print "\nBlocks: ",
#print blocks
#====================== End of Parse ====================================#

#====================== Determine Length of Plain Text =================#
plaintext_length, prefix_padding = find_plaintext_length()
print "\nPlaintext Length: ",
print plaintext_length
#====================== End of Determining Block Length ==================#
fifteen = "0000000000000000000000000000000f"
bytes_found = 0
plaintext = []
if plaintext_length % 16 != 0:
    pad = "00"*(16-plaintext_length)
else:
    pad = ''
print pad
start_block  = int(m.ceil(float(plaintext_length / 16.0))) #figure out what is the last block of the message
print "Last block of plaintext is ",
print start_block
start_block_index = start_block - 1
original_iv = ""
original_blocks = []
newblocks = []
total_length = 0
encrypted_string = ""
IV = ""
blocks = []
ciphertext = ""
tempblocks = []
while bytes_found < plaintext_length:
    print pad
    while True:
        if bytes_found == 0:
            total_length, encrypted_string, IV = encryption_query_parse(pad)
            blocks = parse_into_blocks(encrypted_string)
            blocks[len(blocks)-1] = blocks[start_block-1]
            tempblocks = blocks
            ciphertext = "".join(blocks)
            success_flag = decryption_query(ciphertext, IV)
        else:
            total_length, encrypted_string, IV = encryption_query_parse(pad)
            blocks = parse_into_blocks(encrypted_string)
            newblocks = original_blocks
            newblocks[len(newblocks)-1] = blocks[start_block_index]
            tempblocks = blocks
            blocks = newblocks
            ciphertext = "".join(blocks)
            success_flag = decryption_query(ciphertext, original_iv)
        if success_flag == "Valid":
            if bytes_found == 0:
                original_iv = IV
                original_blocks = blocks
                print success_flag
                print "Blocks: ",
                print blocks
                print "IV: ",
                print IV
            else:
                print success_flag
                print "Original Blocks: ",
                print original_blocks
                print "New Blocks: ",
                print blocks
                print "Original IV: ",
                print original_iv
                print "IV: ",
                print IV
            xor_block = ""
            if start_block_index == 0:
                xor_block = IV
            else:
                xor_block = tempblocks[start_block_index - 1]
            captured_byte = extract_last_byte(blocks[len(blocks)-2], fifteen, xor_block)
            plaintext.insert(0,captured_byte)
            print plaintext
            print "\n"
            break
    bytes_found += 1
    pad += "00"
    #print new_cipher_query

print ''.join(plaintext)

r.close()