# symmetric cryptography lab

### lab setup
* after building and running the docker image a server starts on localhost:5000
* the server contains 8 labs named as 

| Lab Code | Lab Name               | File Name in Docker Image               | Path           |
|----------|------------------------|----------------------------------------|----------------|
| Lab 00   | Setup                  | -                                      | -              |
| Lab 01   | Block size detection   | Lab_01_Block_size_detection.py         | /lab1_algo1 , /lab1_algo2 |
| Lab 02   | Mode detection         | Lab_02_Mode_detection.py               | /lab2_algo1 , /lab2_algo2          |
| Lab 03   | ECB byte at a time     | Lab_03_ECB_byte_at_a_time.py           | /lab3          |
| Lab 04   | CBC IV detection       | Lab_04_CBC_IV_detection.py             | /lab4_enc , /lab4_dec         |
| Lab 05   | CBC bit flipping       | Lab_05_CBC_bit_flipping.py             | /lab5_generate_cookie , /lab5_login           |
| Lab 06   | CBC byte at a time     | Lab_06_CBC_byte_at_a_time.py           | /lab6          |
| Lab 07   | CBC padding            | Lab_07_CBC_padding.py                  | /lab7          |
| Lab 08   | CTR Bit flipping       | Lab_08_CTR_Bit_flipping.py             | /lab8          |



* to access any lab we will use `get_result(lab_name , input_data , byte_object = False)` function below
* use the lab code listed in the table above to access the lab as `get_result("lab3" , 'plain text' , byte_object=True)`
* the function connects to the server, send a requests' payload and return the resuld
* the result is formated in text format represents hex values as `e0 38 06 01 7a 30 bb 37 e9 9d 4c 89 ed 3a 0e 8b`
* to convert the hex string to byte object for easier calculations `byte_object` to `True`

In [2]:
import requests

def get_result(lab_name , input_data , byte_object = False):
    try:
        url = f'http://localhost:5000/{lab_name}'
        input_string = input_data
        payload = {'text': input_string}
        response = requests.post(url, data=payload)
        if byte_object == False:
            return response.text
        else:
            return bytes.fromhex(response.text.replace(' ', ''))
    except:
        pass

# example of dealing with lab environment
print("hex as string" , get_result("lab3" , "plain text"))
print("byte objct   " , get_result("lab3" , "plain text" , byte_object=True ))

hex as string f4 1e 89 34 80 36 bc 84 b1 c7 55 17 7e 05 40 75 78 de 0b 21 eb 3b c5 9a 01 36 15 cd 18 2f 24 8b
byte objct    b'\xf4\x1e\x894\x806\xbc\x84\xb1\xc7U\x17~\x05@ux\xde\x0b!\xeb;\xc5\x9a\x016\x15\xcd\x18/$\x8b'


# Lab 01 : Block size detection

## 01 - Detect block size 
* this lab has 2 algorithms whict can be accessed as 
    * lab1_algo1
    * lab1_algo2

### 01 - detect block size of algorithem 1

In [173]:
for i in range(5 , 20):
    cipher_text = get_result("lab1_algo1" , 'A'*i , byte_object=True)
    print("plain text length\t" , i , "\tcipher text length\t" , len(cipher_text))

plain text length	 5 	cipher text length	 16
plain text length	 6 	cipher text length	 16
plain text length	 7 	cipher text length	 16
plain text length	 8 	cipher text length	 16
plain text length	 9 	cipher text length	 16
plain text length	 10 	cipher text length	 16
plain text length	 11 	cipher text length	 16
plain text length	 12 	cipher text length	 16
plain text length	 13 	cipher text length	 16
plain text length	 14 	cipher text length	 16
plain text length	 15 	cipher text length	 16
plain text length	 16 	cipher text length	 16
plain text length	 17 	cipher text length	 32
plain text length	 18 	cipher text length	 32
plain text length	 19 	cipher text length	 32


* the algorithem is mostly AES due to the block size and the wide use of AES

### 01 - detect block size of algorithem 2

In [174]:
for i in range(5 , 20):
    cipher_text = get_result("lab1_algo2" , 'A'*i , byte_object=True)
    print("plain text length\t" , i , "\tcipher text length\t" , len(cipher_text))

plain text length	 5 	cipher text length	 8
plain text length	 6 	cipher text length	 8
plain text length	 7 	cipher text length	 8
plain text length	 8 	cipher text length	 8
plain text length	 9 	cipher text length	 16
plain text length	 10 	cipher text length	 16
plain text length	 11 	cipher text length	 16
plain text length	 12 	cipher text length	 16
plain text length	 13 	cipher text length	 16
plain text length	 14 	cipher text length	 16
plain text length	 15 	cipher text length	 16
plain text length	 16 	cipher text length	 16
plain text length	 17 	cipher text length	 24
plain text length	 18 	cipher text length	 24
plain text length	 19 	cipher text length	 24


* the algorithem is DES due to the 8 bytes block size

#### here are some of block cipher encryption algorithms and it's corresponding block size and key size
| Algorithm                                   | Block Size (bytes) | Key Size (bits) |
|---------------------------------------------|--------------------|-----------------|
| AES (Advanced Encryption Standard)           | 16                 | 128, 192, 256   |
| DES (Data Encryption Standard)               | 8                  | 56               |
| Triple DES (3DES)                            | 8                  | 168              |
| Blowfish                                     | 8                  | 32 to 448        |
| Twofish                                      | 16                 | 128, 192, 256   |
| Camellia                                     | 16                 | 128, 192, 256   |
| Serpent                                      | 16                 | 128, 192, 256   |
| IDEA (International Data Encryption Algorithm)| 8                  | 128              |
| CAST-128                                     | 8                  | 40 to 128        |


# Lab 02 : mode detection

In [175]:
print('ECB-mode      ' , get_result("lab2_algo1" , b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) # 2 block encrypted with ECB
print('noneECB-mode  ' , get_result("lab2_algo2" , b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) # 2 block encrypted with CBC

ECB-mode       87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95 87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95
noneECB-mode   12 09 72 eb 83 c8 5f b4 81 db c8 88 38 99 f5 89 35 e8 4b e1 2b 35 ae ae ea 37 0f 0b 00 c9 80 7d


the 2 blocks resulted the same cipher text in ECB mode


* AES-ECB-mode <span style="color: gray;">87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95</span>
               <span style="color: gray;">87 4a de 45 9a da aa 84 45 f2 e7 5c e9 68 26 95</span>

the 2 blocks resulted the diffrent cipher text in ECB mode
* AES-CBC-mode <span style="color: green;">ed 11 7c 6a 33 12 7a 6c cc f8 8e df 4e f5 7a 7e </span>
               <span style="color: blue;">41 d0 12 0f 5f b8 df 2f 5b 42 70 2b e4 34 ab 38</span>

# Lab 03 : ECB byte at a time

#### 1 - get block size

![Alt Text](Asset1.png)

In [176]:
for i in range(1,20):
    cipher_text = get_result("lab3" , "a"*i  , byte_object=True)
    print(i , "  " , len(cipher_text), "  " , cipher_text)
#     print(len(cipher_text))

1    32    b"\xe8\xc6\x97\xeb\xa3#'b\xbdb\x86\xdb\x813zR\xe24\xfd\xe5\xb3\xc0U\xd8\x17?k\xd6q%\xc3\x8d"
2    32    b'\x89\xc0\xb53\x03\x8co\x1d\xfcZ":\xe5\xf0\x94\xc6\xce\xa8\xc2W}\rF\x8b\xd4\x93:]\xac7\xbbM'
3    32    b'\xfb\xc5\xd3\xbb\x81\x85\xc7:\xe1\xb6+>\x11f\xaf7\x19\x7fWkM\x954?az\x9f%5e\xe5n'
4    32    b"\xaf\x84Q`\xc8\x95\xe9'\xd3\x05\xd6\x8a\xec\xc0C\xb3\xe9\x1e\xc0\xe0\xf4k`\xec\xd0\x81/f\x98\xf2\xf1c"
5    32    b'\r\x8f\xb9A\xca\xb8w\x1f\x16g.\xf9\x91\x11\x80\x16\\\xf9\xd9C\xb8w\xdcH5JT\x98\xe5\xd4\xc4('
6    32    b'(\x91\x84tM-\x96\xa0\xed;\x91\xbfD\xf8\xa6\x9d\x90\xa7\xe4QRBgP\tSFg\xe7aD\xaa'
7    32    b'\x0b\xb1U\x05\xdd\x06j\xf4\x9b\xa7\x19\x93&\x1d\x8c-\x9f\x80|\xe1OF*\xbd%\x8f\x92:I\x16\x8e\xcd'
8    32    b'#\xee\xb0\x9e\x96\xee\x86\xca\xb2"\xff:\xbf\xde\x8b\xb9n=\x12\xe48\x15\xed\x9fn\x98\xd0\x91^\xaf\xa0\xa2'
9    32    b'SY\xee\xb9\xfd0\xc1\xf7\x87\xcbr\xcda\xd9\x15j\x046[\x1a\xe7(\xd8\xa5\xebiU\xb3\x89\xa0\x16\xf8'
10    32    b'\xb9\x033\xc1\xe2<\x1a-\x99\

* block size = 16
* secret size is 16 byte also (because the number of cipher block starts to increase when the plain text size was 16)
* the mode is ECB , note the first cipher block when plain text length is more than 16


#### 2 - get first the cipher block for data length from 0 to 16

In [17]:
secret_string_length = 16
first_cipher_blocks = []
for i in range(0,secret_string_length):
    first_cipher_blocks.append(get_result("lab3" , 'a'*i , byte_object=True)[:16])

first_cipher_blocks

[b'\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b',
 b"\xe8\xc6\x97\xeb\xa3#'b\xbdb\x86\xdb\x813zR",
 b'\x89\xc0\xb53\x03\x8co\x1d\xfcZ":\xe5\xf0\x94\xc6',
 b'\xfb\xc5\xd3\xbb\x81\x85\xc7:\xe1\xb6+>\x11f\xaf7',
 b"\xaf\x84Q`\xc8\x95\xe9'\xd3\x05\xd6\x8a\xec\xc0C\xb3",
 b'\r\x8f\xb9A\xca\xb8w\x1f\x16g.\xf9\x91\x11\x80\x16',
 b'(\x91\x84tM-\x96\xa0\xed;\x91\xbfD\xf8\xa6\x9d',
 b'\x0b\xb1U\x05\xdd\x06j\xf4\x9b\xa7\x19\x93&\x1d\x8c-',
 b'#\xee\xb0\x9e\x96\xee\x86\xca\xb2"\xff:\xbf\xde\x8b\xb9',
 b'SY\xee\xb9\xfd0\xc1\xf7\x87\xcbr\xcda\xd9\x15j',
 b'\xb9\x033\xc1\xe2<\x1a-\x99\xc2o\xba\x9cb|\xff',
 b"\xf4j\x8e\xd6\x04\xd1\x0c\xdd\x9cD'i\xaf\xdb\xa0\x88",
 b'[\x1c\x19h%w\xefh\xc6\xd48\x9b:u\xf9@',
 b'V\t4\x8e\xd7\x99\xc7\x85\x85Z\x0c\x8e\xef\x8b\xd34',
 b'EM\xc1\xc2\x97\x95\xbd/\xc9\xb7w\xb9f\xd4tI',
 b"\x8e\xf0\x9f\xee\xad\x0bES\xf2a8\xb2\xb2<'\xcf"]

#### 3 - try to brute force the secret string

In [19]:
block_size = 16
secret = b''
for j in range(secret_string_length , -1 , -1):
    for i in range(255):
        plain_text = b"a"*j + secret + i.to_bytes(1, 'big')
        generated_ciphertext = get_result("lab3" , plain_text , byte_object=True)
        if generated_ciphertext[:block_size] in first_cipher_blocks:
            secret = secret + i.to_bytes(1 , 'big')
            print(plain_text , generated_ciphertext)
            break
secret

b'aaaaaaaaaaaaaaaM' b"\x8e\xf0\x9f\xee\xad\x0bES\xf2a8\xb2\xb2<'\xcf\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b"
b'aaaaaaaaaaaaaaMA' b'EM\xc1\xc2\x97\x95\xbd/\xc9\xb7w\xb9f\xd4tI\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaaaaaaaMAH' b'V\t4\x8e\xd7\x99\xc7\x85\x85Z\x0c\x8e\xef\x8b\xd34\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaaaaaaMAHA' b'[\x1c\x19h%w\xefh\xc6\xd48\x9b:u\xf9@\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaaaaaMAHAR' b"\xf4j\x8e\xd6\x04\xd1\x0c\xdd\x9cD'i\xaf\xdb\xa0\x88\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b"
b'aaaaaaaaaaMAHARA' b'\xb9\x033\xc1\xe2<\x1a-\x99\xc2o\xba\x9cb|\xff\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaaaMAHARA_' b'SY\xee\xb9\xfd0\xc1\xf7\x87\xcbr\xcda\xd9\x15j\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaaMAHARA_T' b'#\xee\xb0\x9e\x96\xee\x86\xca\xb2"\xff:\xbf\xde\x8b\xb9\xe08\x06\x01z0\xbb7\xe9\x9dL\x89\xed:\x0e\x8b'
b'aaaaaaaMAHARA_TE' b'\x0b\xb1U\x05\xdd\x06j\xf4\x9b\xa7\x19\x93&

b'MAHARA_TECH_2023'

# Lab 04 : CBC IV detection

In [20]:
get_result('lab4_enc' , "salah")

'3e 86 ef 3d 06 c7 ad 1c 1a 07 a2 ae 50 2f 73 ef'

In [21]:
byte_obj = b'a'*16 + b"\x00"*16 + b'a'*16
hex_string = byte_obj.hex()

# Insert a space between each pair of characters
spaced_hex_string = ' '.join(hex_string[i:i+2] for i in range(0, len(hex_string), 2))

d = get_result('lab4_dec' , spaced_hex_string , byte_object=True)
d

b'\x02\x17\x17\xbd\xaf}r\x83.\x1c\xa0\xf4\xefr@\xb71\xc5x\xcc\\Q+Kn\xa5rM7/\x94\xffov\x7f\xdc\xdd\x1c\x1a\xa3Zy\xc3\x9cd\xd7\x93r'

In [22]:
p1 = d[:16]
p3 = d[-16:]
bytes([a ^ b for a, b in zip(p1, p3)])

b'maharah tech\x8b\xa5\xd3\xc5'

# lab 05 : CBC bit flipping

#### 0- cant access admin due to the replacement of the ; and = 

In [261]:
c = get_result('lab5_generate_cookie' , ";admin=true;" )
get_result('lab5_login' , c , byte_object=True)

b'logged in as user'

#### 1 - get the start location of the payload in the cipher text (2 blocks then the block changes)

In [194]:
for i in range(20):
    c = get_result('lab5_generate_cookie' , "a"*i)
    print(c)

c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4e e9 fb 5e a8 41 74 ff 8c ca 68 c0 da b6 7d 7a bb 13 4c d7 df 71 6a a2 aa 64 74 d3 8a 54 af a8 32 14 4f db 7b 11 61 4c 03 92 57 e8 db e3 47 a9 d9 c0 44 3d c2 18 98 59 bc db 43 78 df 85 a3 9c 0c aa 8f
c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4e e9 fb 5e a8 41 74 ff 8c ca 68 c0 da b6 7d 7a bb 13 4c fa b3 63 62 04 19 35 51 f2 3d 56 f4 7e 4a e0 70 aa 58 e3 73 cf 36 f8 5d 27 57 e2 5b 42 e7 d3 b5 36 a0 d5 76 b3 95 2a 0b 26 b9 7e 5c c5 01 6f a7
c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4e e9 fb 5e a8 41 74 ff 8c ca 68 c0 da b6 7d 7a bb 13 4c ad 46 c5 89 1d c4 6a 78 12 55 a9 94 f6 a7 ac cd 4d 1a 73 70 58 2f f3 05 29 40 34 39 db f1 78 36 9f 8a 16 20 b9 1f 2b 16 bc e0 ca b5 42 ef 4b 52
c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4e e9 fb 5e a8 41 74 ff 8c ca 68 c0 da b6 7d 7a bb 13 4c 91 6f 3b 4e a0 8f 8f 2e a3 a8 a6 3e 55 34 df 28 48 bd 38 8c 75 d2 5d 11 78 54 35 e4 3a 97 db 9a f9 cf d1 e1 43 23 fa 43 7f 8c 94 1c df d5 50 f6
c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4

#### 2- start the flipping attack
* get the cookie string(the cipher text of the ;admin=true; payload)

In [263]:
c = get_result('lab5_generate_cookie' , ";admin=true;" , byte_object=True)
c

b"\xc3\xfd\x03\x9e\x91KLU\x9c-\x04\x82\xefN\xe9\xfb^\xa8At\xff\x8c\xcah\xc0\xda\xb6}z\xbb\x13L/z\xd0\xc8\xb6\x1eN\x83\xa3q\xbby\xf9\xef\xc5\xbaP@z\xca\x07\x93'O\x84\x0b\x04\xb8\xdb\xf6\xdd\xf1\xdfL*\xe5\xed\xe6l%A8\xd0\xea\xdc\x9dC\xde_(4}ZD\xf1u<\xed\xe3\x17\x055D\xa6"

* separate each block to deal with the block under attack only (the second block [index 1])

In [264]:
cipher_list = []
i = 0
while i*16 <= len(c):
    cipher_list.append(c[i*16: 16 + (i*16)])
    i += 1
cipher_list.remove(cipher_list[6]) # because it is empty
cipher_list

[b'\xc3\xfd\x03\x9e\x91KLU\x9c-\x04\x82\xefN\xe9\xfb',
 b'^\xa8At\xff\x8c\xcah\xc0\xda\xb6}z\xbb\x13L',
 b'/z\xd0\xc8\xb6\x1eN\x83\xa3q\xbby\xf9\xef\xc5\xba',
 b"P@z\xca\x07\x93'O\x84\x0b\x04\xb8\xdb\xf6\xdd\xf1",
 b'\xdfL*\xe5\xed\xe6l%A8\xd0\xea\xdc\x9dC\xde',
 b'_(4}ZD\xf1u<\xed\xe3\x17\x055D\xa6']

* flip the 0, 6 and 11 location to the desired values

In [266]:
attack_block = 1
bytearray_object = bytearray(cipher_list[attack_block])
print("2nd cipher block before flipping: " , bytearray_object)
bytearray_object[0] = bytearray_object[0] ^ int.from_bytes(b"?", byteorder='big') ^ int.from_bytes(b";", byteorder='big')
bytearray_object[6] = bytearray_object[6] ^ int.from_bytes(b"?", byteorder='big') ^ int.from_bytes(b"=", byteorder='big')
bytearray_object[11] = bytearray_object[11] ^ int.from_bytes(b"?", byteorder='big') ^ int.from_bytes(b";", byteorder='big')
print("2nd cipher block after  flipping: " , bytearray_object)

2nd cipher block before flipping:  bytearray(b'^\xa8At\xff\x8c\xcah\xc0\xda\xb6}z\xbb\x13L')
2nd cipher block after  flipping:  bytearray(b'Z\xa8At\xff\x8c\xc8h\xc0\xda\xb6yz\xbb\x13L')


* rejoin the modified block with other cipher blocks

In [267]:
cipher_list [1] = bytes(bytearray_object)
cipher_list
cipher_text = b''
for i in cipher_list:
    cipher_text += i

# convert it to hex string
hex_string =  ' '.join([format(byte, '02x') for byte in cipher_text])
hex_string

'c3 fd 03 9e 91 4b 4c 55 9c 2d 04 82 ef 4e e9 fb 5a a8 41 74 ff 8c c8 68 c0 da b6 79 7a bb 13 4c 2f 7a d0 c8 b6 1e 4e 83 a3 71 bb 79 f9 ef c5 ba 50 40 7a ca 07 93 27 4f 84 0b 04 b8 db f6 dd f1 df 4c 2a e5 ed e6 6c 25 41 38 d0 ea dc 9d 43 de 5f 28 34 7d 5a 44 f1 75 3c ed e3 17 05 35 44 a6'

* try to send the modified cookie to the server

In [258]:
get_result('lab5_login' , hex_string , byte_object=True)

b'logged in as admin'

# lab 06 : CBC byte at a time

# lab 07 : CBC padding

In [124]:
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import get_random_bytes

class test():
    def __init__(self):
        self.key = b'0123456789ABCDEF'
        self.iv = b'IVIVIVIVIVIVIVIV'

    # def pad(self , text):
    #     pad_length = AES.block_size - (len(text) % AES.block_size)
    #     padding = bytes([pad_length] * pad_length)
    #     return text + padding

    # def unpad(self, text):
    #     pad_length = text[-1]
    #     return text[:-pad_length]
    
    
    def encrypt(self , payload):
        obj = AES.new(self.key, AES.MODE_CBC, self.iv)
        padded_payload = pad(payload , 16)
        ciphertext = obj.encrypt(padded_payload)
        return ciphertext
    

    def decrypt(self, ciphertext):
        obj1 = AES.new(self.key,AES.MODE_CBC,self.iv)
        plaintext = obj1.decrypt(ciphertext)
        return plaintext
        

    def checkPadding(self , decrypted_text):
        counter = 0
        if decrypted_text[-1] == 0:
            return False
        if len(decrypted_text) <= decrypted_text[-1]:
            return False
        for i in range(-1 , (decrypted_text[-1]+1)*-1 , -1):
            if(decrypted_text[i] == decrypted_text[-1]):
                counter += 1
            else:
                pass
        if counter == decrypted_text[-1]:
            return True
        return False
        
    def check(self , cipher_text):
        padded_text = self.decrypt(cipher_text)
        # print(padded_text)
        res = self.checkPadding(padded_text)
        if res: 
            print(padded_text)
            return b"access granted"
        else: return b"access denied [padding error]"




In [125]:
t = test()
ct = t.encrypt(b"a"*16+b"b"*16)
ct

b'ax\x12RD\xab\x8b\xa41#w\x08\xf6\xd1\xaf\xf5\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4m\xdb\xdaJ\x04\xba\xe9"\x88\xb9\x84$\xc6u\xe1\xcd'

In [126]:
cipher_list = []
i = 0
while i*16 <= len(ct):
    cipher_list.append(ct[i*16: 16 + (i*16)])
    i += 1
cipher_list.remove(cipher_list[-1]) # because it is empty
cipher_list

[b'ax\x12RD\xab\x8b\xa41#w\x08\xf6\xd1\xaf\xf5',
 b'\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4',
 b'm\xdb\xdaJ\x04\xba\xe9"\x88\xb9\x84$\xc6u\xe1\xcd']

In [127]:
cipher_text = b"\x00"*16 + cipher_list[1]# + cipher_list[2] 
cipher_text

b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4'

In [128]:
t.check(cipher_text)

b'access denied [padding error]'

In [146]:
cla = [bytearray(i) for i in cipher_list]
cla

[bytearray(b'ax\x12RD\xab\x8b\xa41#w\x08\xf6\xd1\xaf\xf5'),
 bytearray(b'\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4'),
 bytearray(b'm\xdb\xdaJ\x04\xba\xe9"\x88\xb9\x84$\xc6u\xe1\xcd')]

In [144]:
# cla[0] = bytearray(b'\x00'*16)
# for i in range(256):
#     cla[0][-1] = int.from_bytes(b"\x01", byteorder='big') ^ cipher_list[0][-1] ^ i

[bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'),
 bytearray(b'\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4'),
 bytearray(b'm\xdb\xdaJ\x04\xba\xe9"\x88\xb9\x84$\xc6u\xe1\xcd')]

In [169]:

character = 0
for i in range(256):
    # current_guess = int.from_bytes(b'\x96' , 'big')
    current_guess = i
    C_prime = (16 - character) ^ (cipher_list[0][character]) ^ (current_guess)
    C_prime.to_bytes(1 , 'big')
    cla[0] = b'\x00'*14 + b'\x00' + C_prime.to_bytes(1 , 'big')
    ct = cla[0] + cla[1]
    if t.check(ct) == b'access granted':
        print(i.to_bytes(1 , 'big'))

b"d:\xc3]\x91\xef\xd6\xdb7M\xe9'\xfb\xf9\xd0\xa6\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x94\xb3\xcd\x01"
b'\xe7'


In [168]:
for i in range(256):
    cipher_text = b"\x00"*15 + i.to_bytes(1 , 'big') + cipher_list[1]# + cipher_list[2] 
    if(t.check(cipher_text) == b'access granted'):
        print(i.to_bytes(1 , 'big'))
        p_2 = int.from_bytes(b"\x01", byteorder='big') ^ cipher_list[0][-1] ^ i
        print(p_2.to_bytes(1 , 'big'))
    else:
        pass

b"d:\xc3]\x91\xef\xd6\xdb7M\xe9'\xfb\xf9\xd0\xa6\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x94\xb3\xcd\x01"
b'\x96'
b'b'


In [138]:
for i in range(256):
    cipher_text = b"\x00"*14 + i.to_bytes(1 , 'big') + b"\x00"  + cipher_list[1]# + cipher_list[2] 
    if(t.check(cipher_text) == b'access granted'):
        print(i.to_bytes(1 , 'big'))
        p_2 = int.from_bytes(b"\x01", byteorder='big') ^ cipher_list[0][-2] ^ i
        print(p_2.to_bytes(1 , 'big'))
    else:
        pass

In [135]:

for j in range(15 , -1 , -1):
    for i in range(256):
        cipher_text = b"\x00"*j + i.to_bytes(1 , 'big')*(16-j) + cipher_list[1]# + cipher_list[2] 
        if(t.check(cipher_text) == b'access granted'):
            print(i.to_bytes(1 , 'big'))
            p_2 = int.from_bytes(b"\x01", byteorder='big') ^ cipher_list[0][j] ^ i
            # p_2 = (16-j) ^ cipher_list[0][j] ^ i
            print(p_2.to_bytes(1 , 'big'))
        else:
            pass
    print("--"*10)

b"d:\xc3]\x91\xef\xd6\xdb7M\xe9'\xfb\xf9\xd0\xa6\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x94\xb3\xcd\x01"
b'\x96'
b'b'
--------------------
b'\xd4\xf3\xfeU\xad<\xa8\xb3>\xdf\xb0T9\x8f\xc9\xe1\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x94\xb3[\x01'
b'\x96'
b'8'
--------------------
b"t\xf4\x9c\x01e\x1c5M>\xd1\x1c\xadu'\xd8\xa5\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x94%[\x01"
b'\x96'
b'F'
--------------------
b'\xb0\xe7@\x9d\x18\xe8t\xfcE\x82\x85\xa8\xf9\xaaz\xd7\x03\x1ap0&\xc9\xe9\xc6SA\x15j\x02%[\x01'
b'\x96'
b'a'
--------------------
b'\x9e@liPBxN\x88\xaf\x99\xd3\x8f9\xa9\xc2\x03\x1ap0&\xc9\xe9\xc6SA\x15\xfc\x02%[\x01'
b'\x96'
b'\x9f'
--------------------
b'05\xf3$E\x08\x87\xa26\xd7HT\xa2Q\x82`\x03\x1ap0&\xc9\xe9\xc6SA\x83\xfc\x02%[\x01'
b'\x96'
b'\xe0'
--------------------
b'U\x1dB\x18\xbe|\xdf+i=\xf6O\xc3\xc5\x9e\xbf\x03\x1ap0&\xc9\xe9\xc6S\xd7\x83\xfc\x02%[\x01'
b'\x96'
b'\xb4'
--------------------
b'\xa9\xaaj\xed\x82\x0fZV%\xd4(\x9d\x80\x15+\r\x03\x1ap0&\xc9\xe9\xc6\xc5\xd7\x83\xfc\x02%[\x01'
b'\x96'
b'\xa6'
-

In [87]:
print(int.from_bytes(b"\x01", byteorder='big'))

1


In [64]:
t.check(b'ax\x12RD\xab\x8b\xa41#w\x08\xf6\xd1\xaf\xf5b\xaf\xeb\xb9\xf3\x99\xad\x12\xf8H\xa9\xbcMY\x18*')

b'aaaaaaaaaaaaaaaa\xe0\x8e\xb3\x02(\xcb\xa1n\x95D\x90\xb3BMS['


b'access denied [padding error]'

In [None]:
blockprime[character] = chr((blocksize - character) ^ ord(previous[character]) ^ ord(current_guess))




In [171]:
blocksize = 15
plaintext = b'ax\x12RD\xab\x8b\xa41#w\x08\xf6\xd1\xaf\xf5',
previous = b'\xe6>\xaac\x1b\xe1\xe32j\xb7\xd3!o\x1d\xad\xb4',
b'm\xdb\xdaJ\x04\xba\xe9"\x88\xb9\x84$\xc6u\xe1\xcd'
blockprime = b"\x00" * blocksize
for i in range(blocksize - 1, character, -1):
    blockprime[i] = chr(ord(plaintext[i]) ^ (blocksize - character) ^ ord(previous[i]))


IndexError: tuple index out of range

# lab 08 : CTR Bit flipping

In [52]:
c = get_result('lab8_generate_cookie' , ";admin=true;" )
get_result('lab8_login' , c , byte_object=True)

b'logged in as user'

#### 1 - get the start location of the payload in the cipher text (2 blocks then the block changes)

In [51]:
for i in range(16):
    c = get_result('lab8_generate_cookie' , "a"*i , byte_object=True)
    
    # change this to get the block of interest
    printed_block = 2
    print(i, "\t" , c[16*printed_block : 16*(printed_block+1)])

0 	 b'\x9d"/\xa6\x92Rr\xa8\xe6@U\xd33\xf52-'
1 	 b'\xc7z#\xa4\x92Zy\xb2\xa0OM\xc41\xa97/'
2 	 b'\xc7 {\xa8\x90Zq\xb9\xba\tB\xdc&\xabk*'
3 	 b'\xc7 !\xf0\x9cXq\xb1\xb1\x13\x04\xd3>\xbciv'
4 	 b'\xc7 !\xaa\xc4Ts\xb1\xb9\x18\x1e\x951\xa4~t'
5 	 b'\xc7 !\xaa\x9e\x0c\x7f\xb3\xb9\x10\x15\x8fw\xabfc'
6 	 b"\xc7 !\xaa\x9eV'\xbf\xbb\x10\x1d\x84m\xedi{"
7 	 b'\xc7 !\xaa\x9eV}\xe7\xb7\x12\x1d\x8cf\xf7/t'
8 	 b'\xc7 !\xaa\x9eV}\xbd\xef\x1e\x1f\x8cn\xfc52'
9 	 b'\xc7 !\xaa\x9eV}\xbd\xb5F\x13\x8en\xf4>('
10 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1cK\x82l\xf46#'
11 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1c\x11\xda`\xf66+'
12 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1c\x11\x808\xfa4+'
13 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1c\x11\x80b\xa28)'
14 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1c\x11\x80b\xf8`%'
15 	 b'\xc7 !\xaa\x9eV}\xbd\xb5\x1c\x11\x80b\xf8:}'


* so the first 2 blocks are always the same so the third block is the block of interest
* if we look to the diagonal pattern we an asay that the A's starts from the start of the block
* so if we want to flip the `?` sign in `;admin?true;` into `=` we are interisted in index `6` of the cipher text 

In [68]:
c = get_result('lab8_generate_cookie' , ";admin=true;" , byte_object=True)
block_of_interst = 2 
flipping_byte_index = 6
cipher_text_byte_array = bytearray(c)
c_n = cipher_text_byte_array[block_of_interst*16 + flipping_byte_index]
print("c[n] = " , c_n)
c_dash_n = c_n ^ int.from_bytes(b'?', 'big') ^ int.from_bytes(b'=', 'big')
print("c`[n] = " ,c_dash_n)
cipher_text_byte_array[block_of_interst*16 + flipping_byte_index] = c_dash_n

# convert byte array to hex string to send to the server
hex_string =  ' '.join([format(byte, '02x') for byte in bytes(cipher_text_byte_array)])
hex_string


c[n] =  35
c`[n] =  33


'c6 c9 22 36 ee 38 d3 6d b3 54 68 ac b4 3c b4 a8 6c b0 0c 09 d6 d4 a8 36 9b f2 09 54 84 db a0 6d 9d 20 24 a6 96 59 21 a8 a6 08 15 da 38 fa 34 2b c3 9e dd ea 3f 6b a5 b2 13 4a 5c 7c e6 b0 29 8e fd 39 d7 8d 40 7c 29 fe 41 bd ff 44 21 7a b3 e4 75 23 0c 5e 64 f2 32 94 2c 38 88 f7 65 60 4b b6'

In [67]:
# try to login with the new manipulated cipher text
get_result('lab8_login' , hex_string , byte_object=True)

b'logged in as admin'