#!/usr/bin/python3 import sys import os from Crypto.Cipher import AES from base64 import b64encode bs = 16 # blocksize flag = open('flag.txt', 'rb').read().strip() key = open('key.txt', 'r').read().strip().encode() # my usual password def enc(pt): cipher = AES.new(key, AES.MODE_ECB) ct = cipher.encrypt(pad(pt+key)) res = b64encode(ct).decode('utf-8') return res def pad(pt): while len(pt) % bs: pt += b'0' return (pt) def main(): print('AES-128') while(1): msg = input('Enter plaintext:\n').strip() pt = flag + str.encode(msg) ct = enc(pt) print(ct) if __name__ == '__main__': main()
ECBモードの少しずつリークするあれ
from pwn import * import base64 charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklm!nopqrstuvwxyz_" def encrypt(pt): io.recvuntil(b"plaintext:\n") io.sendline(pt) c = io.recvuntil(b"\nEnter ").strip(b"\nEnter ") return base64.b64decode(c)[32:] def get_key(): known = b"!_SEC" for i in range(len(known), 16): pt = b"a"*(15 - i) ct = encrypt(pt) block = ct[:16] n_pt = b"" for c in charset: print("Trying char c #", c) if block == encrypt(pt + known + c.encode())[:16]: # print("char =", c) known += c.encode() print("known =", known) break host, port = "pwn-2021.duc.tf", 31914 io = remote(host, port) get_key()
