-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchal16.pl
executable file
·56 lines (42 loc) · 1.58 KB
/
chal16.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/perl -w
# chal16.pl - CBC bitflipping
#
# Copyright (C) 2015 Andrew J. Zimolzak <andyzimolzak@gmail.com>
# Full notice is found in the file 'LICENSE' in the same directory
# as this file.
use strict;
use Cryptopals;
use ProfileParsing;
use CBCBitflip;
use BreakECB qw(magic_nums_of_infix find_ecb_blocksize);
my $hello = cbc_str_with_comments("hello");
my $nice_try = cbc_str_with_comments(";admin=true");
die unless cbc_cheat($hello) =~ /hello/;
die if cipher_is_admin($hello);
die if cipher_is_admin($nice_try);
# prelim
my $blocksize = find_ecb_blocksize(\&cbc_str_with_comments);
print "Algorithm block size is :\t** ", $blocksize, " **\n";
my $pre = "Hello!" x 200;
print "Algorithm mode is:\t\t** ",
encryption_oracle(cbc_str_with_comments($pre)), " **\n";
## break crypto
my ($junk, $throw) = magic_nums_cbc(\&cbc_str_with_comments, $blocksize);
my $better_try = cbc_str_with_comments(("Q" x $junk) . "aadminatruea");
# 0.....6....11
my @byte = (0,6,11);
my @ini_char = qw(a a a);
my @fin_char = qw(; = ;);
for my $i (0..$#byte) {
$better_try = flip_mask($better_try, ($throw-1) * $blocksize + $byte[$i],
$ini_char[$i] ^ $fin_char[$i]);
}
if (cipher_is_admin($better_try)){
print "\nBroke CBC! with:\n";
print "Plaintext: ", cbc_cheat($better_try), "\n";
print "Plaintext: ", ascii2hex_blocks(cbc_cheat($better_try), $blocksize)
, "\n";
print "Ciphertext: ", ascii2hex_blocks($better_try, $blocksize), "\n";
}
die unless cipher_is_admin($better_try);
warn "Passed assertions ($0)\n";