1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#include "../lib/lib.h"
#include "../lib/lib2.h"
#include "../lib/lib3.h"
#include "../lib/lib4.h"
#include <time.h>
/**
* Assume same key AND same nonce, this leads to the same keystream
* every time. Than it is easy to discover the keystream with the edit
* function. Simple XOR cihertext agianst out inserted text.
*
* If the nonce change for each edit call, the above won't work. We have for
* every edit a new keystream, that makes it harder.
*
*
**/
int main()
{
generate_random_bytes(key, 16);
generate_random_bytes(nonce, 16);
char *file_content;
int file_length = read_base64_file("25.txt", &file_content);
char *base64_decoded = malloc(file_length);
int base64_decoded_length = decode_base64(file_content, base64_decoded);
// the file ist AES-ECB encrypted
char *plain_tmp = malloc(base64_decoded_length);
aes_ecb(base64_decoded, base64_decoded_length, plain_tmp, "YELLOW SUBMARINE",
16, 0);
char *ciphertext = malloc(base64_decoded_length);
aes_ctr(plain_tmp, base64_decoded_length, ciphertext, key, nonce);
// start the attack
// recover 4-byte-keystream in each iteration
char *org_ciphertext = malloc(base64_decoded_length);
memcpy(org_ciphertext, ciphertext, base64_decoded_length);
int i, j;
char keystream[16];
char *plaintext = malloc(base64_decoded_length);
char newtext[16] = "ABABABABABABABAB";
for(i=0;i<(base64_decoded_length/16);i++) {
aes_ctr_edit(ciphertext, base64_decoded_length, (i*16), newtext);
for(j=0;j<16;j++) {
keystream[j] = newtext[j] ^ ciphertext[i*16+j];
plaintext[i*16+j] = keystream[j] ^ org_ciphertext[i*16+j];
}
}
printf("Recovered plaintext: %s\n", plaintext);
}
|
