**1.Keyed Permutations**

La palabra matemática para una correspondencia uno a uno es biyección. En matemáticas, una biyección, también conocida como función biyectiva, correspondencia uno a uno o función invertible.

crypto{bijection}

**2. Resisting Bruteforce**

El nombre del mejor ataque de clave única contra AES es biclique. Este ataque reduce el nivel de seguridad de AES-128 a 126.1 bits.

crypto{biclique}

**3.Structure of AES**

El cifrado AES es un estándar de cifrado simétrico ampliamente utilizado que utiliza una clave de 128 bits para cifrar bloques de datos de 128 bits. A pesar de la existencia de un ataque ligeramente más eficiente que la fuerza bruta, AES-128 sigue siendo considerado seguro debido a su amplio margen de seguridad y la falta de avances significativos en su vulnerabilidad.

In [None]:
def bytes2matrix(text):
    """ Converts a 16-byte array into a 4x4 matrix.  """
    return [list(text[i:i+4]) for i in range(0, len(text), 4)]

def matrix2bytes(matrix):
    """ Converts a 4x4 matrix into a 16-byte array.  """
    return bytes(sum(matrix, []))

matrix = [
    [99, 114, 121, 112],
    [116, 111, 123, 105],
    [110, 109, 97, 116],
    [114, 105, 120, 125],
]

print(str(matrix2bytes(matrix).decode('utf-8')))

crypto{inmatrix}


**4. Round Keys**

El algoritmo se basa en el cifrado AES, que es un estándar de cifrado simétrico ampliamente utilizado. Este algoritmo utiliza operaciones como la sustitución de bytes, permutaciones de filas, mezcla de columnas y la adición de claves de ronda para cifrar y descifrar datos de manera segura.

In [None]:
state = [
    [206, 243, 61, 34],
    [171, 11, 93, 31],
    [16, 200, 91, 108],
    [150, 3, 194, 51],
]

round_key = [
    [173, 129, 68, 82],
    [223, 100, 38, 109],
    [32, 189, 53, 8],
    [253, 48, 187, 78],
]

def add_round_key(s, k):
    """XOR the state with the round key."""
    return [[s_byte ^ k_byte for s_byte, k_byte in zip(s_row, k_row)] for s_row, k_row in zip(s, k)]

def matrix2bytes(matrix):
    """ Converts a 4x4 matrix into a 16-byte array.  """
    return [byte for row in matrix for byte in row]

result_matrix = add_round_key(state, round_key)
result_bytes = matrix2bytes(result_matrix)
flag = ''.join(chr(byte) for byte in result_bytes)

print(flag)

crypto{r0undk3y}


**5. Confusion through Substitution**

El código proporcionado realiza una sustitución de bytes utilizando la caja de sustitución (S-box) inversa del algoritmo AES. La función sub_bytes toma una matriz de estado y realiza la sustitución de bytes utilizando la S-box inversa proporcionada.

Al ejecutar la función sub_bytes con la matriz de estado y la S-box inversa, se obtiene un resultado en forma de texto. Este resultado representa la salida de la sustitución de bytes utilizando la S-box inversa del algoritmo AES.

In [None]:

s_box = (
    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
)

inv_s_box = (
    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,
)

state = [
    [251, 64, 182, 81],
    [146, 168, 33, 80],
    [199, 159, 195, 24],
    [64, 80, 182, 255],
]


def sub_bytes(s, sbox=s_box):
    s = sum(s, [])
    for i in range(len(s)):
        s[i] = inv_s_box[s[i]]
    return bytes(s).decode()

print(sub_bytes(state, sbox=inv_s_box))

crypto{l1n34rly}


**6. Diffusion through Permutation**

El código proporcionado implementa operaciones de difusión a través de permutaciones para una matriz de estado en el contexto del algoritmo de cifrado AES (Advanced Encryption Standard). Estas operaciones son parte de las transformaciones que se aplican en cada ronda del cifrado AES para garantizar la difusión de los datos y aumentar la seguridad del algoritmo.

In [None]:
import numpy as np


def shift_rows(s):
    s[0][1], s[1][1], s[2][1], s[3][1] = s[1][1], s[2][1], s[3][1], s[0][1]
    s[0][2], s[1][2], s[2][2], s[3][2] = s[2][2], s[3][2], s[0][2], s[1][2]
    s[0][3], s[1][3], s[2][3], s[3][3] = s[3][3], s[0][3], s[1][3], s[2][3]


def inv_shift_rows(s):
    # Works for any square matrix, not just 4x4
    s = np.array(s)
    _, num_cols = s.shape
    for i in range(num_cols):
        s[:, i] = np.concatenate((s[-i:, i], s[:-i, i]), axis=0)
    return s


# learned from http://cs.ucsb.edu/~koc/cs178/projects/JT/aes.c
xtime = lambda a: (((a << 1) ^ 0x1B) & 0xFF) if (a & 0x80) else (a << 1)


def mix_single_column(a):
    # see Sec 4.1.2 in The Design of Rijndael
    t = a[0] ^ a[1] ^ a[2] ^ a[3]
    u = a[0]
    a[0] ^= t ^ xtime(a[0] ^ a[1])
    a[1] ^= t ^ xtime(a[1] ^ a[2])
    a[2] ^= t ^ xtime(a[2] ^ a[3])
    a[3] ^= t ^ xtime(a[3] ^ u)


def mix_columns(s):
    for i in range(4):
        mix_single_column(s[i])


def inv_mix_columns(s):
    # see Sec 4.1.3 in The Design of Rijndael
    for i in range(4):
        u = xtime(xtime(s[i][0] ^ s[i][2]))
        v = xtime(xtime(s[i][1] ^ s[i][3]))
        s[i][0] ^= u
        s[i][1] ^= v
        s[i][2] ^= u
        s[i][3] ^= v

    mix_columns(s)


def matrix2bytes(matrix):
    """Converts a 4x4 matrix into a 16-byte array."""
    if type(matrix) == list:
        matrix = np.array(matrix)
    plaintext_bytes = matrix.flatten()
    return "".join([chr(i) for i in plaintext_bytes])


state = [
    [108, 106, 71, 86],
    [96, 62, 38, 72],
    [42, 184, 92, 209],
    [94, 79, 8, 54],
]

inv_mix_columns(state)
state = inv_shift_rows(state)
print(matrix2bytes(state))

crypto{d1ffUs3R}


**7. Bringing It All Together**

El código proporcionado implementa el algoritmo de descifrado para el cifrado AES (Advanced Encryption Standard). El algoritmo de descifrado AES consta de varias etapas, incluyendo la expansión de la clave, la operación de clave de ronda, y las transformaciones inversas de difusión y sustitución.

In [None]:
N_ROUNDS = 10

key        = b'\xc3,\\\xa6\xb5\x80^\x0c\xdb\x8d\xa5z*\xb6\xfe\\'
ciphertext = b'\xd1O\x14j\xa4+O\xb6\xa1\xc4\x08B)\x8f\x12\xdd'

s_box = (
    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
)

inv_s_box = (
    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,
)

def bytes2matrix(text):
    """ Converts a 16-byte array into a 4x4 matrix.  """
    return [list(text[i:i+4]) for i in range(0, len(text), 4)]

def matrix2bytes(matrix):
    """ Converts a 4x4 matrix into a 16-byte array.  """
    # flatten the matrix to a list of a single dimension and then convert it to bytes
    return bytes(sum(matrix, []))


def sub_bytes(s, sbox=inv_s_box):

    for i in range(4):
        for j in range(4):
            s[i][j] = sbox[s[i][j]]
    return s


def inv_shift_rows(s):
    s[1][1], s[2][1], s[3][1], s[0][1] = s[0][1], s[1][1], s[2][1], s[3][1]
    s[2][2], s[3][2], s[0][2], s[1][2] = s[0][2], s[1][2], s[2][2], s[3][2]
    s[3][3], s[0][3], s[1][3], s[2][3] = s[0][3], s[1][3], s[2][3], s[3][3]
    return s

xtime = lambda a: (((a << 1) ^ 0x1B) & 0xFF) if (a & 0x80) else (a << 1)

def mix_single_column(a):
    # see Sec 4.1.2 in The Design of Rijndael
    t = a[0] ^ a[1] ^ a[2] ^ a[3]
    u = a[0]
    a[0] ^= t ^ xtime(a[0] ^ a[1])
    a[1] ^= t ^ xtime(a[1] ^ a[2])
    a[2] ^= t ^ xtime(a[2] ^ a[3])
    a[3] ^= t ^ xtime(a[3] ^ u)


def mix_columns(s):
    for i in range(4):
        mix_single_column(s[i])


def inv_mix_columns(s):
    # see Sec 4.1.3 in The Design of Rijndael
    for i in range(4):
        u = xtime(xtime(s[i][0] ^ s[i][2]))
        v = xtime(xtime(s[i][1] ^ s[i][3]))
        s[i][0] ^= u
        s[i][1] ^= v
        s[i][2] ^= u
        s[i][3] ^= v

    mix_columns(s)
    return s

def matrix2bytes(matrix):
    return bytes(sum(matrix, [])).decode("utf-8")

def add_round_key(s, k):
    result = [[0 for i in range(4)] for j in range(4)]
    for i in range(4):
        for j in range(4):
            result[i][j] = s[i][j] ^ k[i][j]
    return result


def expand_key(master_key):
    r_con = (
        0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40,
        0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A,
        0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A,
        0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39,
    )

    # Initialize round keys with raw key material.
    key_columns = bytes2matrix(master_key)
    iteration_size = len(master_key) // 4

    # Each iteration has exactly as many columns as the key material.
    i = 1
    while len(key_columns) < (N_ROUNDS + 1) * 4:
        # Copy previous word.
        word = list(key_columns[-1])

        # Perform schedule_core once every "row".
        if len(key_columns) % iteration_size == 0:
            # Circular shift.
            word.append(word.pop(0))
            # Map to S-BOX.
            word = [s_box[b] for b in word]
            # XOR with first byte of R-CON, since the others bytes of R-CON are 0.
            word[0] ^= r_con[i]
            i += 1
        elif len(master_key) == 32 and len(key_columns) % iteration_size == 4:
            # Run word through S-box in the fourth iteration when using a
            # 256-bit key.
            word = [s_box[b] for b in word]

        # XOR with equivalent word from previous iteration.
        word = bytes(i^j for i, j in zip(word, key_columns[-iteration_size]))
        key_columns.append(word)

    # Group key words in 4x4 byte matrices.
    return [key_columns[4*i : 4*(i+1)] for i in range(len(key_columns) // 4)]


def decrypt(key, ciphertext):
    round_keys = expand_key(key) # Remember to start from the last round key and work backwards through them when decrypting


    # Convert ciphertext to state matrix
    state = bytes2matrix(ciphertext)

    # Initial add round key step
    state = add_round_key(state, round_keys[-1])


    for i in range(N_ROUNDS - 1, 0, -1):
        state = inv_shift_rows(state)
        state = sub_bytes(state)
        state = add_round_key(state, round_keys[i])
        state = inv_mix_columns(state)

    state = inv_shift_rows(state)
    state = sub_bytes(state)
    state = add_round_key(state, round_keys[0])
    plaintext = matrix2bytes(state)
    return plaintext


print(decrypt(key, ciphertext))

crypto{MYAES128}


**8. Modes of Operation Starter**

El código proporcionado utiliza el modo de operación de cifrado de bloques para cifrar y descifrar datos utilizando el algoritmo AES (Advanced Encryption Standard). El modo de operación utilizado en este caso es el modo ECB (Electronic Codebook), que cifra cada bloque de datos de forma independiente.

In [None]:

import requests

def decrypt(ciphertext):
	url = "https://aes.cryptohack.org/block_cipher_starter/decrypt/" + ciphertext + "/"
	response = requests.get(url)
	return response.json()['plaintext']

def get_enc_flag():
	url = "https://aes.cryptohack.org/block_cipher_starter/encrypt_flag/"
	response = requests.get(url)
	return response.json()['ciphertext']

enc_flag = get_enc_flag()
print(f"Enc. Flag (hex): {enc_flag}")
dec_flag = decrypt(enc_flag)
print(f"Dec. Flag (hex): {dec_flag}")
print(f"Dec. Flag (bytes): {bytes.fromhex(dec_flag).decode()}")

Enc. Flag (hex): 188bc9522883a992cd99f9b2b8ec84fb150c1abe17e7a8ed04a768ad1d11fc07
Dec. Flag (hex): 63727970746f7b626c30636b5f633170683372355f3472335f663435375f217d
Dec. Flag (bytes): crypto{bl0ck_c1ph3r5_4r3_f457_!}


**9. Passwords as Keys**

El código proporcionado implementa un ataque de fuerza bruta para descifrar un texto cifrado utilizando el algoritmo AES (Advanced Encryption Standard) en el modo de operación ECB (Electronic Codebook).

In [None]:
from Crypto.Cipher import AES
import hashlib
import random
import requests

wordlist_url = "https://gist.githubusercontent.com/wchargin/8927565/raw/d9783627c731268fb2935a731a618aa8e95cf465/words"
response = requests.get(wordlist_url)
wordlist = response.text.split('\n')


ciphertext = 'c92b7734070205bdf6c0087a751466ec13ae15e6f1bcdd3f3a535ec0f4bbae66'
ciphertext = bytes.fromhex(ciphertext)


for key in wordlist:
    key = hashlib.md5(key.encode()).digest()

    cipher = AES.new(key, AES.MODE_ECB)

    try:
        decrypted = cipher.decrypt(ciphertext)
    except:
        pass


    try:

        print(bytearray.fromhex(decrypted.hex()).decode())
    except:
        pass

crypto{k3y5__r__n07__p455w0rdz?}


**10. Block Ciphers - ECB CBC WTF**

El algoritmo proporcionado realiza una serie de operaciones para descifrar el texto cifrado utilizando el modo de operación CBC (Cipher Block Chaining) y el modo de operación ECB (Electronic Codebook) del algoritmo AES (Advanced Encryption Standard).

In [None]:
import requests
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Util.number import long_to_bytes, bytes_to_long

def response(byte_string):
	url = "http://aes.cryptohack.org/ecbcbcwtf/decrypt/"
	url += byte_string.hex()
	url += "/"
	r = requests.get(url)
	js = r.json()
	return bytes.fromhex(js["plaintext"])

def encrypt_flag():
	url = "http://aes.cryptohack.org/ecbcbcwtf/encrypt_flag/"
	r = requests.get(url)
	js = r.json()
	return bytes.fromhex(js["ciphertext"])

def xor(a, b):
	return long_to_bytes(bytes_to_long(a) ^ bytes_to_long(b))

enc = encrypt_flag()

iv = enc[:16]
block1 = enc[16:32]
block2 = enc[32:]

decrypt_block1 = xor(response(block1), iv)
decrypt_block2 = xor(response(block2), block1)
print(decrypt_block1 + decrypt_block2)

b'crypto{3cb_5uck5_4v01d_17_!!!!!}'


**11. ECB ORACLE**

El algoritmo implementa un ataque de oracle de cifrado en modo de operación ECB (Electronic Codebook) para descifrar un texto cifrado de forma iterativa.

In [None]:
import string
import requests

def encrypt(plainhex):
    r = requests.get(f"https://aes.cryptohack.org/ecb_oracle/encrypt/{plainhex}")
    return bytes.fromhex(r.json()['ciphertext'])

ciphers = []
for i in range(1,17):
    garbage = i*b'?'.hex()
    ct = encrypt(garbage)
    ciphers.append(ct)
    print(f"Garbage ({len(garbage)//2} bytes): {bytes.fromhex(garbage).decode()}")
    print(f"Ciphertext ({len(ct.hex())//2} bytes): {ct.hex()}")

flag_len = [len(i.hex())//2 - x - 2 for x, (i,j) in enumerate(zip(ciphers,ciphers[1:])) if len(j.hex())>len(i.hex())][0]

alpha = list(dict.fromkeys("crypto{eainshr_}" + string.ascii_lowercase + string.digits + string.ascii_uppercase))
flag = b""
print("Brute forcing flag...\n")
for i in range(31, 31-flag_len, -1):
    for char in alpha:
        char = char.encode()
        ct = encrypt((i*b"?"+flag+char).hex())[:32]
        exp = encrypt((i*b"?").hex())[:32]
        if ct == exp:
            flag += char
            print(f"{char.decode()}", flush=True, end='')
            break

Garbage (1 bytes): ?
Ciphertext (32 bytes): 8a592ce86ab7e1c19456a119302c7b4e81d3ee34f577b2513c9024395d1cb55f
Garbage (2 bytes): ??
Ciphertext (32 bytes): 92892b5c67ddb1a1a0ff86d555900d1d2e0777368e1642fc6342e9e4a8833734
Garbage (3 bytes): ???
Ciphertext (32 bytes): 0dc5f1ab23a10fc51a4b5b03ac0fd3855ad30da3da512d1afeff44971eadc6bb
Garbage (4 bytes): ????
Ciphertext (32 bytes): f9f1f7a47219a01b4e4ebd370a11fa5173c9f852fe3f3a10fa6a03fb42dff7cf
Garbage (5 bytes): ?????
Ciphertext (32 bytes): a98595182f6a8666eca9abc02e9ae3dc835916cd1527c86401cc140fe5a1226d
Garbage (6 bytes): ??????
Ciphertext (32 bytes): 9c05bedcbc6c4751fba1549b74878dd123167185f5c0719c529f094b6f0d3fc0
Garbage (7 bytes): ???????
Ciphertext (48 bytes): 5099e1269b96bf7fcc9718f1aa555a6d973e3df6f87f32614f5ddbe5e6cabde7c1511dbc19f27396337d05c2dc9d182f
Garbage (8 bytes): ????????
Ciphertext (48 bytes): aecb7c17ff96321b553c581e8e34082efabf29a193a7718dbd9f6862ef124cd48a2efd094439f5b33a5fcd9de53ae257
Garbage (9 bytes): ?????????
Ciphert

**12. FLIPPING COOKIE**

El algoritmo proporcionado está diseñado para realizar un ataque de modificación de cookies utilizando el modo de operación CBC (Cipher Block Chaining) del algoritmo AES (Advanced Encryption Standard).

In [None]:
def get_cookie():
    url = "http://aes.cryptohack.org/flipping_cookie/get_cookie/"
    r = requests.get(url)
    js = r.json()
    return bytes.fromhex(js["cookie"])

def response(cookie, iv):
    url = "http://aes.cryptohack.org/flipping_cookie/check_admin/"
    url += cookie.hex()
    url += "/"
    url += iv.hex()
    url += "/"
    r = requests.get(url)
    js = r.json()
    print(js)

def xor(a, b):
    return long_to_bytes(bytes_to_long(a) ^ bytes_to_long(b))

cookie = get_cookie()

origin = b'admin=False;expi'
goal = b'admin=True;\x05\x05\x05\x05\x05'

iv = cookie[:16]
block1 = cookie[16:32]
block2 = cookie[32:]

send_iv = xor(xor(origin, goal), iv)

response(block1, send_iv)

{'flag': 'crypto{4u7h3n71c4710n_15_3553n714l}'}


**13. LAZY_CBC**

El algoritmo proporcionado realiza un ataque al modo de operación CBC (Cipher Block Chaining) para AES (Advanced Encryption Standard) al explotar la relación XOR entre dos bloques de texto cifrado consecutivos.

In [None]:
import requests
from Crypto.Util.Padding import pad, unpad
from Crypto.Util.number import long_to_bytes, bytes_to_long

def get_flag(key):
    url = "http://aes.cryptohack.org/lazy_cbc/get_flag/"
    url += key.hex()
    url += "/"
    r = requests.get(url)
    js = r.json()
    return bytes.fromhex(js["plaintext"])

def response(ciphertext):
    url = "http://aes.cryptohack.org/lazy_cbc/receive/"
    url += ciphertext.hex()
    url += "/"
    r = requests.get(url)
    js = r.json()
    return bytes.fromhex(js["error"][len("Invalid plaintext: "):])

def xor(a, b):
    return long_to_bytes(bytes_to_long(a) ^ bytes_to_long(b))

ciphertext = b"\x00" * 32

CD = response(ciphertext)
C = CD[:16]
D = CD[16:]
print(get_flag(xor(C, D)))

b'crypto{50m3_p30pl3_d0n7_7h1nk_IV_15_1mp0r74n7_?}'


**14. Triple DES**

El algoritmo Triple DES, también conocido como 3DES, es una forma de cifrado de bloques que aplica el algoritmo de Data Encryption Standard (DES) tres veces a cada bloque de datos.Triple DES es una mejora del algoritmo original DES, que se volvió vulnerable a los ataques de fuerza bruta debido a su tamaño de clave relativamente pequeño. Con Triple DES, el mensaje se cifra tres veces utilizando tres claves diferentes, lo que proporciona una mayor seguridad.

In [None]:
import requests
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Util.number import long_to_bytes, bytes_to_long

def encrypt(key, plain):
    url = "http://aes.cryptohack.org/triple_des/encrypt/"
    url += key
    url += "/"
    url += plain.hex()
    url += "/"
    r = requests.get(url).json()
    return bytes.fromhex(r["ciphertext"])

def encrypt_flag(key):
    url = "http://aes.cryptohack.org/triple_des/encrypt_flag/"
    r = requests.get(url + key + '/').json()
    return bytes.fromhex(r["ciphertext"])

key = b'\x00'*8 + b'\xff'*8
flag = encrypt_flag(key.hex())
cipher = encrypt(key.hex(), flag)
print(cipher)

b'crypto{n0t_4ll_k3ys_4r3_g00d_k3ys}\x06\x06\x06\x06\x06\x06'


In [None]:
import math

# Parte 1: Obtener parámetros de RSA
def obtener_parametros(clave_publica):
    n, e = clave_publica

    # Factorización de n para obtener los números primos originales: p, q
    p, q = factorizar_n(n)

    # Calcular el coprimo: k
    k = calcular_coprimo(p, q)

    # Calcular el valor de Totient: z
    z = calcular_totient(p, q)

    # Exponente privado: j
    j = calcular_exponente_privado(e, k)

    return p, q, k, z, n, j

def factorizar_n(n):
    # Función simple para factorizar n en dos números primos
    for i in range(2, int(math.sqrt(n)) + 1):
        if n % i == 0:
            return i, n // i

def calcular_coprimo(p, q):
    # Calcular coprimo k
    return (p - 1) * (q - 1)

def calcular_totient(p, q):
    # Calcular Totient: z
    return (p - 1) * (q - 1)

def calcular_exponente_privado(e, k):
    # Calcular exponente privado j usando el algoritmo extendido de Euclides
    d = extended_gcd(e, k)[1]
    return d % k

def extended_gcd(a, b):
    if a == 0:
        return b, 0, 1
    else:
        g, x, y = extended_gcd(b % a, a)
        return g, y - (b // a) * x, x

# Parte 2: Función para encriptar mensaje
def encriptar_mensaje(mensaje, clave_publica):
    p, q, k, z, n, j = obtener_parametros(clave_publica)
    mensaje_encriptado = [(ord(char) ** j) % n for char in mensaje]
    return mensaje_encriptado

# Parte 3: Función para desencriptar mensaje
def desencriptar_mensaje(mensaje_encriptado, clave_publica):
    p, q, k, z, n, j = obtener_parametros(clave_publica)
    mensaje_desencriptado = ''.join([chr((char ** j) % n) for char in mensaje_encriptado])
    return mensaje_desencriptado

# Uso de las funciones
clave_publica = (1071087367, 10007)
texto_plano = 'Hola, ¿Cómo te va, todo bien mi ñaño? Afirmativo, pasaré todo el día viajando'

# Parte 1: Obtener parámetros
p, q, k, z, n, j = obtener_parametros(clave_publica)
print(f'p: {p}, q: {q}, k: {k}, z: {z}, n: {n}, j: {j}')

# Parte 2: Encriptar mensaje
mensaje_encriptado = encriptar_mensaje(texto_plano, clave_publica)
print(f'Mensaje encriptado: {mensaje_encriptado}')

# Parte 3: Desencriptar mensaje
mensaje_desencriptado = desencriptar_mensaje(mensaje_encriptado, clave_publica)
print(f'Mensaje desencriptado: {mensaje_desencriptado}')


In [None]:
!pip install pycryptodome


Collecting pycryptodome
  Downloading pycryptodome-3.19.1-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.1/2.1 MB[0m [31m10.2 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodome
Successfully installed pycryptodome-3.19.1
