crypto2025/force-decryption/attack.py

#!/usr/bin/env python3
from pwn import *
from Cryptodome.Cipher import AES
from Cryptodome.Random import get_random_bytes
import os
HOST = "130.192.5.212"
PORT = "6523"
server = remote(HOST, PORT)
# I cant encrypt iamsuperadmin
# I can encrypt a xorred version of it
# I can generate a different IV to obtain the original iamsuperadmin?
# (iamsuperadmin XOR something) XOR IV -> Encrypted
# Encrypted -> Decrypted XORRED
# P XOR S XOR IV = P'
# S XOR IV = IV'? To give in decryption phase?
sleepT = 1
print(server.recv(1024))
server.send(b'enc')
server.send(b'\n')
sleep(sleepT)
print(server.recv(1024))

leak = b"mynamesuperadmin"
#XOR the leak
payload = bytes([l ^ 1 for l in leak])
print(f"Sending payload {payload.hex()}")
server.send(payload.hex())
server.send(b'\n')
sleep(sleepT)
mres = server.recv(1024).split(b'\n')
print(mres)
iv = mres[0].split(b':')[1].strip()
iv = bytes.fromhex(iv.decode('utf-8'))
enc = mres[1].split(b':')[1].strip()
print(f"Received IV {iv.hex()} enc {enc}")
#Do not touch encrypted block
ivm = bytes([i ^ 1 for i in iv])
print(f"Malicious IV:{ivm.hex()} len:{len(ivm)}")
sleep(sleepT)
server.send(b'dec\n')
print(server.recv(1024))
sleep(sleepT)
server.send(enc)
server.send(b'\n')
sleep(sleepT)
print(server.recv(1024))
server.send(ivm.hex())
server.send(b'\n')
sleep(sleepT)
print(server.recv(1024))
#string = "6c786f606c64727471647360656c686\n"
#string = bytes.fromhex(string)
#Maybe like an inverse known text attack?
# I can decrypt with the same key and IV multiple given cipherblock
 #to obtain the key?
# P ----> C1
# P2 ----> C2 L

"""leak = b"mynamesuperadmin"
#XOR the leak
payload = bytes([l ^ 1 for l in leak])
print(f"leak:{leak.hex()} len:{len(leak)}")
print(f"payload:{bytes.fromhex(payload.hex())}")
#XOR the original IV
iv = b""
ivm = bytes([i ^ 1 for i in iv])
print(f"Malicious IV:{ivm.hex()} len:{len(ivm)}")
"""