-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path26.py
More file actions
50 lines (41 loc) · 1.58 KB
/
26.py
File metadata and controls
50 lines (41 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import aes
import ecboracle
import kvparser
import random
import xor
persistentKey = ""
persistentNonce = ""
def oracle(plaintext):
global persistentKey
global persistentNonce
if persistentKey == "":
persistentKey = ecboracle.generateRandomKey()
persistentNonce = random.randint(0, 2**64-1)
plaintext = plaintext.replace(";", "").replace("=", "")
fullPlaintext = "comment1=cooking%20MCs;userdata="+plaintext+";comment2=%20like%20a%20pound%20of%20bacon"
return aes.aesCTREncrypt(fullPlaintext, persistentKey, persistentNonce)
def validateAdmin(ciphertext):
global persistentKey
global persistentNonce
plaintext = aes.aesCTRDecrypt(ciphertext, persistentKey, persistentNonce)
return ";admin=true;" in plaintext
#returns a ciphertext that will validate based only on the encryption oracle
def breakValidation(oracle):
stringToInsert = ";admin=true;"
bytesToInsert = 'a'*len(stringToInsert)
insertionPoint = findCTRInsertionPoint(oracle)
ciphertextToModify = oracle(bytesToInsert)
xorValue = xor.xorByteStrings(stringToInsert, bytesToInsert)
modifiedCiphertext = xor.xorByteStrings((chr(0)*insertionPoint)+xorValue+(chr(0)*(len(oracle(""))-insertionPoint)), ciphertextToModify)
return modifiedCiphertext
#returns the position into which plaintext provided to the oracle is inserted
def findCTRInsertionPoint(oracle):
defaultText = oracle("")
comparisonText = oracle(chr(0))
for i in range(len(defaultText)):
if defaultText[i] != comparisonText[i]:
return i
if __name__ == "__main__":
test = oracle(";admin=true;")
print validateAdmin(test)
print validateAdmin(breakValidation(oracle))