The folowing plaintext has been encrypted using an unknown key, with AES-128 CBC:
Original: Pass: sup3r31337. Don't loose it!
How would you modify it so that it now decrypts to: "Pass: notAs3cre7. Don't loose it!"
This challenge does not have a specific flag format.
We are given a cyphertext encrypted with AES-CBC, IV and the beginning of the plaintext. The task is to mangle it so that after decryption the beginning of the plaintext would begin with another given string.
All bits that have to be changed are in the 1st block (128 bit). in cbc mode the first block is encrypted this way:
CT = enc(PT ^ IV)
PT = dec(CT) ^ IV
So if the n-th bit of IV is changed, the n-th bit of PT is changed too. We can calculate IV` = IV ^ PT ^ PT`. And if we provide the user with IV` instead of IV he will get PT` instead of PT after decrypting.
The flag is IV`