Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Ciphertexts are sent back and forth as ASCII Encoded Hex Strings. 0xFF will be sent as
- # "FF" (2 Bytes), not as "\xff" (1 Byte).
- # You can use python's string.encode('hex') and string.decode('hex') to quickly convert between
- # raw data and string representation if you need/want to.
- from twisted.internet import reactor, protocol
- from Crypto.Cipher import AES
- import os
- import random
- PORT = 9001
- KEYSIZE = 16
- KEY = "AAA" + "BBB" + "CCC" + '\x01' + "\x80" * 6
- IV = "\x00" * KEYSIZE
- SECRET = "lolnotflaglol"
- prefix = "comment1=wowsuch%20CBC;userdata="
- suffix = ";coment2=%20suchsafe%20very%20encryptwowww"
- key = os.urandom(16)
- iv = os.urandom(16)
- def parse_profile( data):
- ptxt = decrypt_cbc(key, iv, data.encode('hex'))
- ptxt = ptxt.replace(" ","")
- print ptxt
- if ";admin=true" in ptxt:
- return 1
- return 0
- def mkprofile( email):
- if((";" in email)):
- return -1
- prefix = "comment1=wowsuch%20CBC;userdata="
- suffix = ";coment2=%20suchsafe%20very%20encryptwowww"
- ptxt = prefix + email + suffix
- return encrypt_cbc(key, iv, ptxt)
- class bcolors:
- HEADER = '\033[95m'
- OKBLUE = '\033[94m'
- OKGREEN = '\033[92m'
- WARNING = '\033[93m'
- FAIL = '\033[91m'
- ENDC = '\033[0m'
- BOLD = '\033[1m'
- UNDERLINE = '\033[4m'
- CLEAR = '\x1b[2J\x1b[1;1H'
- BANNER = bcolors.OKBLUE + """
- .--------------------------------------------.
- |+ [ BLACKBOX ] PUBLIC API DOCS v1.33.7 + |
- '--------------------------------------------'""" + bcolors.ENDC
- DOCS = """
- | |
- | |
- |getapikey: Get an Account |
- |getflag:<admin_apikey> Get a Flag!!!! |
- | |
- | |
- '--------------------------------------------'
- """
- def pad(instr, length):
- if(length == None):
- print "Supply a length to pad to"
- elif(len(instr) % length == 0):
- print "No Padding Needed"
- return instr
- else:
- return instr + ' ' * (length - (len(instr) % length ))
- def encrypt_block(key, plaintext):
- encobj = AES.new(key, AES.MODE_ECB)
- return encobj.encrypt(plaintext).encode('hex')
- def decrypt_block(key, ctxt):
- decobj = AES.new(key, AES.MODE_ECB)
- return decobj.decrypt(ctxt).encode('hex')
- def xor_block(first,second):
- '''
- Return a string containing a XOR of bytes in first with second
- '''
- if(len(first) != len(second)):
- print "Blocks need to be the same length!"
- return -1
- first = list(first)
- second = list(second)
- for i in range(0,len(first)):
- first[i] = chr(ord(first[i]) ^ ord(second[i]))
- return ''.join(first)
- def encrypt_cbc(key,IV, plaintext):
- '''
- High Level Function to encrypt things in AES CBC Mode.
- 1: Pad plaintext if necessary.
- 2: Split plaintext into blocks of length <keysize>
- 3: XOR Block 1 w/ IV
- 4: Encrypt Blocks, XOR-ing them w/ the previous block.
- '''
- if(len(plaintext) % len(key) != 0):
- plaintext = pad(plaintext,len(key))
- blocks = [plaintext[x:x+len(key)] for x in range(0,len(plaintext),len(key))]
- for i in range(0,len(blocks)):
- if (i == 0):
- ctxt = xor_block(blocks[i],IV)
- ctxt = encrypt_block(key,ctxt)
- else:
- tmp = xor_block(blocks[i],ctxt[-1 * (len(key) * 2):].decode('hex')) #len(key) * 2 because ctxt is an ASCII string that we convert to "raw" binary.
- print tmp
- ctxt = ctxt + encrypt_block(key,tmp)
- return ctxt
- def decrypt_cbc(key,IV,ctxt):
- '''
- High Level function to decrypt thins in AES CBC mode.
- 1: Split Ciphertext into blocks of len(Key)
- 2: Decrypt block.
- 3: For the first block, xor w/ IV. For the others, xor with last ciphertext block.
- '''
- ctxt = ctxt.decode('hex') # Plain text
- if(len(ctxt) % len(key) != 0):
- print "Invalid Key."
- return -1
- blocks = [ctxt[x:x+len(key)] for x in range(0,len(ctxt),len(key))] # Blocks of plain
- for i in range(0,len(blocks)):
- if (i == 0): # For first, send plaint vs key
- ptxt = decrypt_block(key,blocks[i])
- ptxt = xor_block(ptxt.decode('hex'),IV)
- else: # For rest, decrypt plain
- tmp = decrypt_block(key,blocks[i]) # decrypt the plain w/ key
- tmp = xor_block(tmp.decode('hex'),blocks[i-1]) # XOR the decoded stuff and comp vs prev block
- ptxt = ptxt + tmp
- return ptxt
- def decrypt(cipher):
- cipher = cipher.decode('hex')
- if (len(cipher) % 32 != 0):
- print len(cipher) % 32
- print ("[BLACKBOX] Invalid Length for API Endpoint\n")
- return
- if (parse_profile(cipher) == 1):
- print ("Congratulations!\nThe Secret is: ")
- else:
- print("[BLACKBOX] You are a normal user.\n")
- def encrypt(aString):
- return mkprofile(aString)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement