import jsonimport requestsfrom Crypto.Cipher import AESBLOCK_SIZE = 16

1. import json
2. import requests
3. from Crypto.Cipher import AES
4.  
5. BLOCK_SIZE = 16
6.  
7. def ECBorCBC(text):
8.     text = str(text)[2:-1]
9.     for _ in range(len(text)):
10.         if text.count(text[int(len(text)/2) : int(len(text)/2) + BLOCK_SIZE]) > 1:
11.             return 'ECB'
12.         else:
13.             return 'CBC'
14.  
15. def get(url):
16.     return requests.get(url, headers={'Content-Type': 'application/json', 'charset': 'utf-8'})
17.  
18. def post(url, text):
19.     return requests.post(url, data = json.dumps(text), headers = {'Content-Type': 'application/json', 'charset':'utf-8'})
20.  
21. def get_data(data, number):
22.     return b64decode(post(URL + str(number) + '/noentropy', str(b64encode(data))[2:-1]))
23.  
24. def get_random_padding(encr_data, encr_data_2):
25.     for i in range(len(encr_data)):
26.         if encr_data[i] != encr_data_2[i]:
27.             return i
28.  
29. def get_addition(number, padding):
30.     initial_addition = 256
31.     control_addition = 256
32.     size = padding + BLOCK_SIZE
33.     for i in range(BLOCK_SIZE + 2):
34.         encr_data = get_data(b'\x00'*(BLOCK_SIZE + i), number)
35.         if initial_addition != encr_data[size]:
36.             initial_addition = encr_data[size]
37.             control_addition = encr_data[size + 1]
38.         else:
39.             if control_addition != encr_data[size + 1]:
40.                 control_addition = encr_data[size + 1]
41.             else:
42.                 return i - 1
43.     return 0
44.  
45. from base64 import b64encode, b64decode
46.  
47. CHALLENGES_ID = 15
48. COUNT_BYTES = 2048
49. VALUES_SIZE = 256
50. URL = 'http://192.168.56.103/api/EcbDecryption/Chumak/'
51.  
52. for number in range(1, CHALLENGES_ID + 1):
53.  
54.    
55.    
56.     encr_data = get_data(b'\x00' * COUNT_BYTES, number)
57.     encr_data_2 = get_data(b'\x01' * COUNT_BYTES, number)    
58.    
59.     if ECBorCBC(encr_data) == 'ECB':
60.         verify_data = get(URL + str(number) + '/verify')
61.         random_padding = get_random_padding(encr_data, encr_data_2)
62.         addition = get_addition(number, random_padding)
63.  
64.         target_data = b''
65.         target_data_len = len(encr_data) - (random_padding + COUNT_BYTES)
66.         sent_data = b'\x00' * (2 * BLOCK_SIZE + target_data_len + addition)
67.        
68.         for ind in range(target_data_len):            
69.             encr_data = get_data(sent_data[:-ind-1], number)            
70.             sent_data = sent_data[1:len(sent_data)] + bytes([0])
71.             for v in range(0, VALUES_SIZE):
72.                 sent_data = sent_data[0:len(sent_data)-1] + bytes([v])
73.                 encr_data_2 = get_data(sent_data, number)
74.                 size = random_padding + len(sent_data) + BLOCK_SIZE - addition
75.  
76.                 if encr_data[:size] == encr_data_2[:size]:
77.                     target_data += bytes([v])
78.                     break
79.            
80.             if len(target_data)%10 == 0:
81.                 print('Addition: ', addition)
82.                 print('Target data: ', target_data)
83.                 target_data = b64decode(verify_data.text)
84.                 print('The first bytes of verify data: ', target_data[:BLOCK_SIZE])
85.                 break
86.     else:
87.         print('There is not ECB chiper')