From 23f5f88ff8a7dbddf5249d72cafae3d3d5e14294 Mon Sep 17 00:00:00 2001
From: Benedict <benedict@0xb8000.de>
Date: Thu, 18 Aug 2016 21:47:49 +0200
Subject: set2, completed 12 and 14

---
 set2/task12.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 set2/task14.c | 45 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 set2/task12.c
 create mode 100644 set2/task14.c

(limited to 'set2')

diff --git a/set2/task12.c b/set2/task12.c
new file mode 100644
index 0000000..de6bba5
--- /dev/null
+++ b/set2/task12.c
@@ -0,0 +1,66 @@
+#include "../lib/lib.h"
+#include "../lib/lib2.h"
+#include <time.h>
+/**
+  * So what are we doing here?
+  * We do not know the key. But we can ask Alice to encrypt with here key
+  * an arbritrary plaintext we give here. From the ciphertext she gives us
+  * we can infer the original plaintext. A is attacker controlled plaintext.
+  * P stands for plaintext we don't now.
+  * K is plaintext we alredy know.
+  *
+  *	with block size 16 we do:
+  *		AAAAAAAAAAAAAAAP
+  *	in the next round we know P,
+  *		AAAAAAAAAAAAAAKP
+  *	and next round:
+  *		AAAAAAAAAAAAAKKP
+  *	and so one until we know the complete block
+  *	
+  * 	crack the second block: you now already the first block:
+  *		AAAAAAAAAAAAAAAK KKKKKKKKKKKKKKKP
+  *	you are not interested in the first block now, but in the P of
+  *	the last block. Since you now all the other K's in the second block
+  *	already you can crak P now. And so on.
+  *	
+  * It is sufficient to make BLOCKSIZE encryption request to Alice to break
+  * a plaintext of arbitrary length.
+  */
+
+
+int main(int argc, char **argv)
+{
+
+	int i;
+
+	srand(time(NULL));
+	char *base64_task_string = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK";
+
+	// generate random key once
+	generate_random_bytes(key, 16);
+
+	char *task_string = malloc(strlen(base64_task_string));
+	char *plaintext;
+	// unbases it
+	int length_cleartext = decode_base64(base64_task_string, task_string);
+	// cleartext + maybe an additional block
+	char *ciphertext = malloc(length_cleartext+17);
+	// encrypt
+	aes_ecb(task_string, length_cleartext, ciphertext, key, 16, 1);
+
+	// discover the block size of the cipher
+	int blocksize = detect_blocksize_ecb(task_string, length_cleartext, key);
+	printf("Detected blocksize: %i\n", blocksize);
+
+	// detect if it uses ECB
+	printf("REAL PLAINTEXT:\n%s\n", task_string);
+	char *test_string = "Benedict ist ein wirklicher, echter Mensch mit Wurzeln im Boden";
+	crack_aes_ecb(&plaintext, blocksize, 0);
+
+	printf("Recovered plaintext:\n%s\n", plaintext);
+	// make dictionary of every possible last byte by feedind different
+	// string to the oracle function, e.g. AAAAAAAA, AAAAAAAB, AAAAAAAC
+	//Match the output of the one-byte-short input to one of the 
+	// entries in your dictionary. 
+	return 0;
+}
diff --git a/set2/task14.c b/set2/task14.c
new file mode 100644
index 0000000..586d174
--- /dev/null
+++ b/set2/task14.c
@@ -0,0 +1,45 @@
+#include "../lib/lib.h"
+#include "../lib/lib2.h"
+#include <time.h>
+
+/**
+ * This time there is a random amount of random data before our
+ * data. This is that annoys us. If we would one where our data
+ * would begin all would be fine, we would do the same as in task12
+ * But since we are using ECB blocks din't change with the random data.
+ * So we make a first request with our data empty and than make a second
+ * request with one byte. Than we compere the results. The blocks which 
+ * contain the random data keep the same, exceot the last, because we
+ * probably append our byte into that block instead of the first byte of
+ * our target string. Now we now how many blocks of random data are before 
+ * our data.
+ * To get the excat number of bytes, we add two blocksof A's. So one block is
+ * for sure filled just with A's. Than we remove A's until the block of A's
+ * change because our traget data get into it. Then blocksize-Removed A's
+ * is the offset block where our data start.
+ *	16*unchanged_blocks + BLOKCSIZE-RemovedA's
+ *
+ *
+**/
+#define BLOCKSIZE 16
+int main(int argc, char **argv)
+{
+	srand(time(NULL));
+	generate_random_bytes(key, 16);
+	// cleartext + maybe an additional block
+	
+	int prepended_data_len = aes_ecb_detect_prepended_data();
+
+	printf("prepended data len: %i\n", prepended_data_len);
+
+	// so now we now the offset where our data get inserted
+	// ignoring everything befor offset we now have to do the same 
+	// as in task12
+	// well in task13 we make the assumtion that we start at a fresh block
+	// so maybe at some garbage to fill the rest block
+	
+	char *plaintext;
+	crack_aes_ecb(&plaintext, 16, prepended_data_len);
+
+	printf("recovered data:\n%s\n", plaintext);
+}
-- 
cgit v1.2.3-70-g09d2