ALL the CTFS of Crypto2025 finally

crypto-simmetric/force-decryption/attack.py

@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+from pwn import *
+from Cryptodome.Cipher import AES
+from Cryptodome.Random import get_random_bytes
+import os
+HOST = "130.192.5.212"
+PORT = "6523"
+server = remote(HOST, PORT)
+# I cant encrypt iamsuperadmin
+# I can encrypt a xorred version of it
+# I can generate a different IV to obtain the original iamsuperadmin?
+# (iamsuperadmin XOR something) XOR IV -> Encrypted
+# Encrypted -> Decrypted XORRED
+# P XOR S XOR IV = P'
+# S XOR IV = IV'? To give in decryption phase?
+sleepT = 1
+print(server.recv(1024))
+server.send(b'enc')
+server.send(b'\n')
+sleep(sleepT)
+print(server.recv(1024))
+
+leak = b"mynamesuperadmin"
+#XOR the leak
+payload = bytes([l ^ 1 for l in leak])
+print(f"Sending payload {payload.hex()}")
+server.send(payload.hex())
+server.send(b'\n')
+sleep(sleepT)
+mres = server.recv(1024).split(b'\n')
+print(mres)
+iv = mres[0].split(b':')[1].strip()
+iv = bytes.fromhex(iv.decode('utf-8'))
+enc = mres[1].split(b':')[1].strip()
+print(f"Received IV {iv.hex()} enc {enc}")
+#Do not touch encrypted block
+ivm = bytes([i ^ 1 for i in iv])
+print(f"Malicious IV:{ivm.hex()} len:{len(ivm)}")
+sleep(sleepT)
+server.send(b'dec\n')
+print(server.recv(1024))
+sleep(sleepT)
+server.send(enc)
+server.send(b'\n')
+sleep(sleepT)
+print(server.recv(1024))
+server.send(ivm.hex())
+server.send(b'\n')
+sleep(sleepT)
+print(server.recv(1024))
+#string = "6c786f606c64727471647360656c686\n"
+#string = bytes.fromhex(string)
+#Maybe like an inverse known text attack?
+# I can decrypt with the same key and IV multiple given cipherblock
+ #to obtain the key?
+# P ----> C1
+# P2 ----> C2 L
+
+"""leak = b"mynamesuperadmin"
+#XOR the leak
+payload = bytes([l ^ 1 for l in leak])
+print(f"leak:{leak.hex()} len:{len(leak)}")
+print(f"payload:{bytes.fromhex(payload.hex())}")
+#XOR the original IV
+iv = b""
+ivm = bytes([i ^ 1 for i in iv])
+print(f"Malicious IV:{ivm.hex()} len:{len(ivm)}")
+"""