-
Notifications
You must be signed in to change notification settings - Fork 0
/
Task2.py
144 lines (98 loc) · 3.38 KB
/
Task2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
from operator import truediv
from pydoc import plain
from tarfile import BLOCKSIZE
from tarfile import BLOCKSIZE
import os
from typing import final
from Crypto.Util.Padding import pad, unpad
import urllib
import urllib.parse
import binascii
import codecs
BLOCKSIZE = 16
#generate key 16 bytes
key = bytearray(os.urandom(BLOCKSIZE))
print (key)
iv = bytearray(os.urandom(BLOCKSIZE))
def splitArrayInBlocks(givenArray, initSize, endSize):
givenArray = givenArray[initSize:endSize]
return givenArray
# performing XOR operation on each value of bytearray
def decryptString(givenBytearray):
print("DECRYPTING......")
print("GivenArray length: ", len(givenBytearray))
initCounter = 0
count = 16
tempArray = bytearray()
newIV = iv
for index in range(int(len(givenBytearray)/16)):
tempIV = bytearray()
splitArray = splitArrayInBlocks(givenBytearray, initCounter, count)
for i in range(len(splitArray)):
#get plaintext
x1 = splitArray[i] ^ key[i]
m1 = x1 ^ newIV[i]
tempArray.append(m1)
#get new IV for next round
tempIV.append(splitArray[i])
newIV = tempIV
initCounter = count
count = count + 16
print("Decrypt tempArray Length", len(tempArray))
return tempArray
def encryptString(givenBytearray):
print("ENCRYPTING......")
print("GivenArray length: ", len(givenBytearray))
initCounter = 0
count = 16
tempArray = bytearray()
newIV = iv
splitArray = splitArrayInBlocks(givenBytearray,0, count)
for index in range(int(len(givenBytearray)/16)):
tempIV = bytearray()
splitArray = splitArrayInBlocks(givenBytearray, initCounter, count)
for i in range(len(splitArray)):
x1 = splitArray[i] ^ newIV[i]
y1 = x1 ^ key[i]
tempIV.append(y1)
tempArray.append(y1)
newIV = tempIV
initCounter = count
count = count + 16
return tempArray
def flipBit(ciphertext):
#the byte you change in a ciphertext will ONLY affect a byte at the same offset of next plaintext. Our target is at offset 10
preBlock = splitArrayInBlocks(ciphertext, 0,16)
decryptBlock = preBlock[10] ^ 97 # a in ascii table
newCipher = decryptBlock ^ 59
ciphertext[10] = newCipher
#for second semicollon offset => 6 OFFSET
preBlock2 = splitArrayInBlocks(ciphertext, 16,32)
decryptBlock2 = preBlock2[5] ^ 97 # a in ascii table
newCipher2 = decryptBlock2 ^ 59 #semicollon in ascii table
ciphertext[21] = newCipher2
return ciphertext
def submit():
stringArray = "userid=456;userdata="
userInput = "aadmin-truea"
appendString = ";session-id=31337"
finalString = stringArray + userInput + appendString
finalString = urllib.parse.quote(finalString)
print('finalString', finalString)
plaintext = bytearray(finalString, 'utf-8')
print(plaintext)
ciphertext = encryptString(pad(plaintext, BLOCKSIZE))
return ciphertext
def verify():
ciphertext= submit()
ciphertext = flipBit(ciphertext)
newPlaintext = decryptString(ciphertext)
print("26.stelle",newPlaintext[26])
print("Plaintext", newPlaintext)
if b';admin-true;' in newPlaintext:
print("TRUE")
return True
else:
print("FALSE")
return False
verify()