Tags: cryptography 

Rating:

Without specifying the block cipher mode to PyCrypto's Crypto.Cipher.AES.AESCipher, ECB mode is used. ECB mode has a number of problems, but one of them involves being able to determine a secret suffix appended to data of your choice encrypted in ECB mode when you are provided with the encrypted data. This is exactly the case in this challenge.

The Cryptanalib library of FeatherDuster (https://github.com/nccgroup/featherduster) is capable of performing this attack. In conjunction with binjitsu (https://github.com/binjitsu/binjitsu), the script is relatively easy to write:

<span>from pwn import *
import cryptanalib as ca

def oracle(pt):
<span>   tube = remote('107.170.122.6', 7765, level=logging.ERROR)
</span><span>   tube.recvuntil('Send me some hex-encoded data to encrypt:\n')
</span><span>   tube.sendline(pt.encode('hex'))
</span><span>   tube.recvuntil('Here you go:')
</span><span>   response = tube.recvline().strip().decode('hex')
</span><span>   tube.close()
</span><span>   return response
</span>
print ca.ecb_cpa_decrypt(oracle, 16, verbose=True, hollywood=False)</span>