CTFs and solutions

fool-the-oracle/attack.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+
+from Cryptodome.Cipher import AES
+from pwn import *
+import math
+os.environ['PWNLIB_NOTERM'] = 'True'
+os.environ['PWNLIB_SILENT'] = 'True'
+HOST = "130.192.5.212"
+PORT = "6541"
+server = remote(HOST, PORT)
+sleepT = 0.1
+# First block
+#discoveringFlag=b"CRYPTO25{96ce8a93-d548-4f88-bc6"
+firstBlock=b"CRYPTO25{96ce8a9"
+secondBlock=b"3-d548-4f88-bc6c"
+thirdBlock=b"-db6eb3c96382}"
+
+print(firstBlock+secondBlock+thirdBlock)
+sleep(1000)
+
+flagGuessed=b""
+"""for i in range(15):
+    pad =  b'A'*(16 - (len(flagGuessed)+1) )
+    fPayload = pad + flagGuessed
+    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
+    #fPayload = fBlock[(i+1):]+flagGuessed
+    for guess in string.printable:
+        guess = bytes(guess,'utf-8')
+        server.send(b'enc\n')
+        server.recv(1024)
+        sleep(sleepT)
+        toSend = fPayload+guess+pad
+        #toSend = fPayload+guess+fPayload[i:]
+        #print(len(fPayload[i:]))
+        print(f"Sending {toSend} with len {len(toSend)}")
+        server.send( toSend.hex())
+        server.send(b'\n')
+        sleep(sleepT)
+        #print(server.recv(1024))
+        ciphertext = server.recv(1024)
+        #print(f"Ciphertext:{ciphertext}")
+        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
+        if ciphertext[0:16] == ciphertext[16:32]:
+            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
+            print(f"Matched guess: {guess}")
+            flagGuessed += guess
+            print(f"Already Guessed: {flagGuessed}")
+            break
+        sleep(sleepT)
+            #ciphertext//AES.blocksize
+"""
+for i in range(16):
+    pad = secondBlock[(i+1):]
+    #pad =  b'A'*(16 - (len(flagGuessed)+1) )
+    fPayload = pad + flagGuessed
+    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
+    #fPayload = fBlock[(i+1):]+flagGuessed
+    for guess in string.printable:
+        guess = bytes(guess,'utf-8')
+        server.send(b'enc\n')
+        server.recv(1024)
+        sleep(sleepT)
+        #The second pad can be whatever
+        toSend = fPayload+guess+pad
+        print(f"Sending {toSend} with len {len(toSend)}")
+        server.send( toSend.hex())
+        server.send(b'\n')
+        sleep(sleepT)
+        #print(server.recv(1024))
+        ciphertext = server.recv(1024)
+        #print(f"Ciphertext:{ciphertext}")
+        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
+        if ciphertext[0:16] == ciphertext[48:64]:
+            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
+            print(f"Matched guess: {guess}")
+            flagGuessed += guess
+            print(f"Already Guessed: {flagGuessed}")
+            break
+        sleep(sleepT)
+            #ciphertext//AES.blocksize
+
+server.close()
+# CRYPTO25{flag} total length of 46, almost 3 blocks less 2 bytes
+# One block is 16 bytes
+#flag = CRYPTO25{CCCCCC

fool-the-oracle/chall.py

@@ -0,0 +1,43 @@
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad, unpad
+from Cryptodome.Random import get_random_bytes
+#from secret import flag
+
+flag = f"CRYPTO25({'A'*36})"
+#Total flag len is 46
+#The block size is 16
+#16 32 48
+assert (len(flag) == len("CRYPTO25{}") + 36)
+key = get_random_bytes(24)
+flag = flag.encode()
+
+# the encrypted payload is the given Data + Flag
+def encrypt() -> bytes:
+    data = bytes.fromhex(input("> "))
+    payload = data + flag
+
+    cipher = AES.new(key=key, mode=AES.MODE_ECB)
+    print(cipher.encrypt(pad(payload, AES.block_size)).hex())
+
+
+def main():
+    menu = \
+        "What do you want to do?\n" + \
+        "quit - quit the program\n" + \
+        "enc - encrypt something\n" + \
+        "help - show this menu again\n" + \
+        "> "
+
+    while True:
+        cmd = input(menu).strip()
+
+        if cmd == "quit":
+            break
+        elif cmd == "help":
+            continue
+        elif cmd == "enc":
+            encrypt()
+
+
+if __name__ == '__main__':
+    main()

fool-the-oracle/lecture.py

@@ -0,0 +1,67 @@
+import os
+os.environ['PWNLIB_NOTERM'] = 'True'
+os.environ['PWNLIB_SILENT'] = 'True'
+
+if __name__ == '__main__':
+    #server = remote(HOST, PORT)
+    #server.send(iv)
+    #server.send(ciphertext)
+    #response = server.recv(1024)
+    #print(response)
+    #server.close()
+
+    #server = remote(HOST, PORT)
+    #server.send(iv)
+
+    #edt = bytearray(ciphertext)
+    #edt[-1] = 0
+    #server.send(edt)
+    #response = server.recv(1024)
+    #print(response)
+    #server.close()
+#---------------
+    print(len(ciphertext)//AES.block_size)
+    N = len(ciphertext)//AES.block_size)
+    #This initial part will be non modifiabke
+    #We put all the block except the last one 
+    initial_part = ciphertext[:(N-2)*AES.block_size]
+    #The second to last block is the one swapped in CBC then it is not dependent from the others(?)
+    block_to_modify =  bytearray(ciphertext[(N-2)*AES.block_size:(N-1)*AES.block_size])
+    last_block = ciphertext[(N-1]*AES.block_size:]
+
+    byte_index = AES.block_size - 1
+    c15 = block_to_modify[byte_index]
+
+    for c_prime_15 in range(256):
+
+        block_to_modify[byte_index] = c_prime_15
+        to_send = initial_part + block_to_modify + last_block
+
+        server = remote(HOST, PORT)
+        server.send(iv)
+        server.send(to_send)
+        response = server.recv(1024)
+        #print(response)
+        server.close()
+   
+        if response = b'OK':
+            print("c_prime_15"+str(c_prime_15))
+            p_prime_15 = c_prime_15 ^ 1
+            p_15 = p_prime_15 ^ c_15
+            print("p_prime_15"+str(p_prime_15))  
+            print("p_15"+str(p_15))
+    p_prime_15 = 191
+    
+    c_second_15 = p_prime_15 ^ 2
+    block_to_modify[byte_index] = c_second_15
+
+    byte_index -= 1
+    c_14 = block_to_modify[byte_index]
+    
+    for c_prime_14 in range(256):
+        
+        block_to_modify[byte_index] = c_prime_14
+        to_send = initial_part + block_to_modify + last_block
+
+        ##connect to the server etc
+