API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 9th, 2012
1,797
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.45 KB | None | 0 0
raw download clone embed print report
  1. #Padding Oracle decryption 
  2. import binascii
  3. import urllib2
  4. import string
  5.  
  6. target="http://crypto-class.appspot.com/po?er="
  7.  
  8. plain_text=[]
  9.  
  10. def padding_oracle(iv,ct):
  11.     global target,plain_text
  12.     #print "iv=",iv
  13.     iv=binascii.unhexlify(iv)
  14.     iv=list(iv) #because string is immutable,convert to a string first
  15.     iv_index=len(iv)-1
  16.  
  17.     j=0x1
  18.     bf_range=list(" "+string.ascii_letters)
  19.     for k in range(16):
  20.         #print "orig =0x%02x " %ord(iv[iv_index])
  21.         temp=iv[iv_index]
  22.         for i in bf_range:
  23.  
  24.             iv[iv_index]=chr(ord(iv[iv_index]) ^ ord(i) ^ j)
  25.             final_target=target+"".join(iv).encode("hex")+ct
  26.          #   if i == 's' and k==1:
  27.          #       print final_target
  28.          #       print iv[iv_index],iv_index,i,j
  29.  
  30.             request=urllib2.Request(final_target) #create a HTTP Request
  31.             try:
  32.                 resp=urllib2.urlopen(request) #capture the Response
  33.             except urllib2.HTTPError,e:
  34.                 if e.code == 404: #valid pad
  35.                     #print final_target
  36.                     print "Got the %d byte and it is 0x%02x" %(iv_index+1,ord(i))
  37.                     plain_text.append("%c" % i)
  38.                     #print plain_text
  39.  
  40.                     break
  41.  
  42.                 elif e.code == 403: #invalid pad, iterate
  43.                     print "403:Forbidden"
  44.  
  45.                 else:
  46.                     print "unknown code :%d" % e.code
  47.             iv[iv_index]=temp #restore the value back
  48.         #print final_target
  49.         #print "modified=0x%02x" % ord(iv[iv_index])
  50.         iv_index-=1
  51.         j+=1
  52.         list_index=0
  53.         end_index=len(iv)-1
  54.  
  55.         while end_index > iv_index and list_index < len(plain_text): #this is to take care of further padding
  56.             if k==15: #skip the last iteration
  57.                 break
  58.             iv[end_index]=chr(ord(iv[end_index]) ^  j ^ (j-1))
  59.             #print "pad modified=0x%02x" % ord(iv[end_index])
  60.             end_index-=1
  61.             list_index+=1
  62.  
  63.     print "Padding Oracle Attack successful"
  64.     print "Decrypted text : ","".join(plain_text)[::-1] #print the decrypted text
  65.  
  66. if __name__ == "__main__":
  67.  
  68.  
  69.     cipher_text="f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4"
  70.     print "len of cipher text = %d" % len(cipher_text)
  71.  
  72.     iv=cipher_text[:32]
  73.     ct=cipher_text[32:64]
  74.     padding_oracle(iv,ct)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!