# CTR: Reuse key and nonce

Create a Python program that takes as inputs two ciphertexts, encrypted with the same key, IV combination using AES-256-CTR and the plaintext for one of those ciphertexts.
Your program should be able to find and print on the console all or part of the other plaintext, using the two ciphertexts and the known plaintext for one of those ciphertexts.

Your program should support the following arguments:

    ● -ca ciphertext file: Ciphertext file A
    ● -cb ciphertext file: Ciphertext file B
    ● -pa plaintext file: Plaintext file containing the decrypted content of ciphertext file A

In [None]:
import argparse
import sys

In [None]:
def xor(a: bytes, b: bytes):
    return bytes([char_a ^ char_b for char_a, char_b in zip(a, b)])


def cryptanalysis(pa: str, ca: str, cb: str):
    pa_blocks = [pa[i:i+16].encode() for i in range(0, len(pa), 16)]
    ca_blocks = [bytes.fromhex(ca[i:i+32]) for i in range(0, len(ca), 32)]
    cb_blocks = [bytes.fromhex(cb[i:i+32]) for i in range(0, len(cb), 32)]

    generated_keys = [xor(a_block, b_block)
                      for a_block, b_block in zip(pa_blocks, ca_blocks)]

    return "".join([xor(cb_block, key).decode() for cb_block, key in zip(cb_blocks, generated_keys)])


def main(arguments):
    parser = argparse.ArgumentParser(
        formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument(
        "-ca", help="Ciphertext file A", type=str, required=True)
    parser.add_argument(
        "-cb", help="Ciphertext file B", type=str, required=True)
    parser.add_argument(
        "-pa", help="Plaintext file A", type=str, required=True)

    args = parser.parse_args(arguments)

    ca = args.ca
    pa = args.pa
    cb = args.cb

    pb = cryptanalysis(pa, ca, cb)
    print(pb)


In [None]:
sys.argv = ["", "-ca",  "f948cbbacdd1b7526ad3a025727353defce955ac90b81c4d7092900b38805d1b89af9dbec54617102710b9625a3bdaecbb522950b16a7da2ac072c03edeedb6904f60a1c004eb60a824469e0fbf5d80198b0126abdc3c43577cc7de7d21e117160e9d7645946ad1f719cf49f767f8cadf321c0a92314e52d0407401bc6e6bfac817c",
            "-cb", "ff4fdbb68c92ed033484e969267a428af2e452a690af060e7d9897583f81455a9ab1dfa6c4505f162a40b0735c7ad8f4e8136855bc6270baf8453713a4eedc720cba5e35306eb61c95532caee7e89c16d0bf1b7fb6c9812d388d6afac3151f7060f5dc275f5ba90e28cfe58935728fa2f96fcca07311ee601501515ad1e3b1b1813b4615e1daac892bdee346db13f4501d1447e54c1232a5bf98af280f1dd1cbe17db79ecb858e997fbb5f0b0c",
            "-pa", "Until 2009, the only successful published attacks against the full AES were side-channel attacks on some specific implementations."
        ]
main(sys.argv[1:])