Points: 200

Tags: cbc crypto 

Poll rating:

The folowing plaintext has been encrypted using an unknown key, with AES-128 CBC:
Original: Pass: sup3r31337. Don't loose it!
Encrypted: 4f3a0e1791e8c8e5fefe93f50df4d8061fee884bcc5ea90503b6ac1422bda2b2b7e6a975bfc555f44f7dbcc30aa1fd5e
IV: 19a9d10c3b155b55982a54439cb05dce

How would you modify it so that it now decrypts to: "Pass: notAs3cre7. Don't loose it!"

This challenge does not have a specific flag format.


ActionRatingAuthor team
Read writeup
not rated
Read writeup
not rated
Read writeup
not rated
Read writeup
not rated
You need to authenticate and join a team to post writeups x0w1Oct. 5, 2015, 8:49 a.m.

We are given a cyphertext encrypted with AES-CBC, IV and the beginning of the plaintext. The task is to mangle it so that after decryption the beginning of the plaintext would begin with another given string.
All bits that have to be changed are in the 1st block (128 bit). in cbc mode the first block is encrypted this way:
CT[0] = enc(PT[0] ^ IV)
and decrypted:
PT[0] = dec(CT[0]) ^ IV
So if the n-th bit of IV is changed, the n-th bit of PT is changed too. We can calculate IV` = IV ^ PT[0] ^ PT`[0]. And if we provide the user with IV` instead of IV he will get PT` instead of PT after decrypting.
The flag is IV`