# ECB vs CBC: Confidentiality issues

Create a Python program that reads in the image file “tux.bmp” and encrypts everything except the first 54 bytes, using AES-128-ECB. 

The reason we’re not encrypting the first 54 bytes is because this program is going to encrypt the contents of a bitmap file (BMP) and the header is 54 bytes in length.

Write out the concatenation of the first 54 bytes and the encrypted body in an output image file.

Open the resulting image and see if you can still understand what the image could be.

Now repeat the same process using AES-128-CBC. Can you still understand what the image could be? For both encryption processes used above you can use a key and IV of your choosing.

Padding should not be considered for this exercise.

In [1]:
import secrets
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes


In [2]:
def encrypt_ECB(plain: bytes, key: bytes):
    cipher = Cipher(algorithms.AES128(key), modes.ECB())
    encryptor = cipher.encryptor()
    return encryptor.update(plain) + encryptor.finalize()


def encrypt_CBC(plain: bytes, key: bytes, iv: bytes):
    cipher = Cipher(algorithms.AES128(key), modes.CBC(iv))
    encryptor = cipher.encryptor()
    return encryptor.update(plain) + encryptor.finalize()


![Source Image](tux.bmp)


In [3]:
def main():
    with open("tux.bmp", "rb") as tux:
        image = tux.read()

    header = image[:54]

    key = secrets.token_bytes(16)
    iv = secrets.token_bytes(16)

    encr_ECB = encrypt_ECB(image[54:-((len(image)-54) % 16)], key)
    encr_CBC = encrypt_CBC(image[54:-12], key, iv)

    print(f"Key: {key.hex()}")
    print(f"IV: {iv.hex()}")

    with open("tux-ECB.bmp", "wb") as tux_ECB:
        tux_ECB.write(header+encr_ECB)

    with open("tux-CBC.bmp", "wb") as tux_CBC:
        tux_CBC.write(header+encr_CBC)


if __name__ == "__main__":
    main()

Key: 973acab60ddd7ebca1337fbb67a031d6
IV: 6d6d1e87b1c9e379c1caf18adfb721c8


![Processed Image](tux-ECB.bmp)

![Processed Image](tux-CBC.bmp)