1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#include "../lib/lib.h"
#include "../lib/lib2.h"
#include <time.h>
/**
* So what are we doing here?
* We do not know the key. But we can ask Alice to encrypt with here key
* an arbritrary plaintext we give here. From the ciphertext she gives us
* we can infer the original plaintext. A is attacker controlled plaintext.
* P stands for plaintext we don't now.
* K is plaintext we alredy know.
*
* with block size 16 we do:
* AAAAAAAAAAAAAAAP
* in the next round we know P,
* AAAAAAAAAAAAAAKP
* and next round:
* AAAAAAAAAAAAAKKP
* and so one until we know the complete block
*
* crack the second block: you now already the first block:
* AAAAAAAAAAAAAAAK KKKKKKKKKKKKKKKP
* you are not interested in the first block now, but in the P of
* the last block. Since you now all the other K's in the second block
* already you can crak P now. And so on.
*
* It is sufficient to make BLOCKSIZE encryption request to Alice to break
* a plaintext of arbitrary length.
*/
int main(int argc, char **argv)
{
int i;
srand(time(NULL));
char *base64_task_string = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK";
// generate random key once
generate_random_bytes(key, 16);
char *task_string = malloc(strlen(base64_task_string));
char *plaintext;
// unbases it
int length_cleartext = decode_base64(base64_task_string, task_string);
// cleartext + maybe an additional block
char *ciphertext = malloc(length_cleartext+17);
// encrypt
aes_ecb(task_string, length_cleartext, ciphertext, key, 16, 1);
// discover the block size of the cipher
int blocksize = detect_blocksize_ecb(task_string, length_cleartext, key);
printf("Detected blocksize: %i\n", blocksize);
// detect if it uses ECB
printf("REAL PLAINTEXT:\n%s\n", task_string);
char *test_string = "Benedict ist ein wirklicher, echter Mensch mit Wurzeln im Boden";
crack_aes_ecb(&plaintext, blocksize, 0);
printf("Recovered plaintext:\n%s\n", plaintext);
// make dictionary of every possible last byte by feedind different
// string to the oracle function, e.g. AAAAAAAA, AAAAAAAB, AAAAAAAC
//Match the output of the one-byte-short input to one of the
// entries in your dictionary.
return 0;
}
|
