crypto2025/crypto-simmetric/fool-the-oracle/attack.py

#!/usr/bin/env python3

from Cryptodome.Cipher import AES
from pwn import *
import math
os.environ['PWNLIB_NOTERM'] = 'True'
os.environ['PWNLIB_SILENT'] = 'True'
HOST = "130.192.5.212"
PORT = "6541"
server = remote(HOST, PORT)
sleepT = 0.1
# First block
#discoveringFlag=b"CRYPTO25{96ce8a93-d548-4f88-bc6"
firstBlock=b"CRYPTO25{96ce8a9"
secondBlock=b"3-d548-4f88-bc6c"
thirdBlock=b"-db6eb3c96382}"

#print(firstBlock+secondBlock+thirdBlock)
#sleep(1000)

flagGuessed=b""
"""for i in range(15):
    pad =  b'A'*(16 - (len(flagGuessed)+1) )
    fPayload = pad + flagGuessed
    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
    #fPayload = fBlock[(i+1):]+flagGuessed
    for guess in string.printable:
        guess = bytes(guess,'utf-8')
        server.send(b'enc\n')
        server.recv(1024)
        sleep(sleepT)
        toSend = fPayload+guess+pad
        #toSend = fPayload+guess+fPayload[i:]
        #print(len(fPayload[i:]))
        print(f"Sending {toSend} with len {len(toSend)}")
        server.send( toSend.hex())
        server.send(b'\n')
        sleep(sleepT)
        #print(server.recv(1024))
        ciphertext = server.recv(1024)
        #print(f"Ciphertext:{ciphertext}")
        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
        if ciphertext[0:16] == ciphertext[16:32]:
            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
            print(f"Matched guess: {guess}")
            flagGuessed += guess
            print(f"Already Guessed: {flagGuessed}")
            break
        sleep(sleepT)
            #ciphertext//AES.blocksize
"""
for i in range(16):
    pad = secondBlock[(i+1):]
    #pad =  b'A'*(16 - (len(flagGuessed)+1) )
    fPayload = pad + flagGuessed
    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
    #fPayload = fBlock[(i+1):]+flagGuessed
    for guess in string.printable:
        guess = bytes(guess,'utf-8')
        server.send(b'enc\n')
        server.recv(1024)
        sleep(sleepT)
        #The second pad can be whatever
        toSend = fPayload+guess+pad
        print(f"Sending {toSend} with len {len(toSend)}")
        server.send( toSend.hex())
        server.send(b'\n')
        sleep(sleepT)
        #print(server.recv(1024))
        ciphertext = server.recv(1024)
        #print(f"Ciphertext:{ciphertext}")
        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
        if ciphertext[0:16] == ciphertext[48:64]:
            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
            print(f"Matched guess: {guess}")
            flagGuessed += guess
            print(f"Already Guessed: {flagGuessed}")
            break
        sleep(sleepT)
            #ciphertext//AES.blocksize

server.close()
# CRYPTO25{flag} total length of 46, almost 3 blocks less 2 bytes
# One block is 16 bytes
#flag = CRYPTO25{CCCCCC