daily pastebin goal
85%
SHARE
TWEET

Untitled

a guest Oct 9th, 2012 1,093 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Padding Oracle decryption 
  2. import binascii
  3. import urllib2
  4. import string
  5.  
  6. target="http://crypto-class.appspot.com/po?er="
  7.  
  8. plain_text=[]
  9.  
  10. def padding_oracle(iv,ct):
  11.     global target,plain_text
  12.     #print "iv=",iv
  13.     iv=binascii.unhexlify(iv)
  14.     iv=list(iv) #because string is immutable,convert to a string first
  15.     iv_index=len(iv)-1
  16.  
  17.     j=0x1
  18.     bf_range=list(" "+string.ascii_letters)
  19.     for k in range(16):
  20.         #print "orig =0x%02x " %ord(iv[iv_index])
  21.         temp=iv[iv_index]
  22.         for i in bf_range:
  23.  
  24.             iv[iv_index]=chr(ord(iv[iv_index]) ^ ord(i) ^ j)
  25.             final_target=target+"".join(iv).encode("hex")+ct
  26.          #   if i == 's' and k==1:
  27.          #       print final_target
  28.          #       print iv[iv_index],iv_index,i,j
  29.  
  30.             request=urllib2.Request(final_target) #create a HTTP Request
  31.             try:
  32.                 resp=urllib2.urlopen(request) #capture the Response
  33.             except urllib2.HTTPError,e:
  34.                 if e.code == 404: #valid pad
  35.                     #print final_target
  36.                     print "Got the %d byte and it is 0x%02x" %(iv_index+1,ord(i))
  37.                     plain_text.append("%c" % i)
  38.                     #print plain_text
  39.  
  40.                     break
  41.  
  42.                 elif e.code == 403: #invalid pad, iterate
  43.                     print "403:Forbidden"
  44.  
  45.                 else:
  46.                     print "unknown code :%d" % e.code
  47.             iv[iv_index]=temp #restore the value back
  48.         #print final_target
  49.         #print "modified=0x%02x" % ord(iv[iv_index])
  50.         iv_index-=1
  51.         j+=1
  52.         list_index=0
  53.         end_index=len(iv)-1
  54.  
  55.         while end_index > iv_index and list_index < len(plain_text): #this is to take care of further padding
  56.             if k==15: #skip the last iteration
  57.                 break
  58.             iv[end_index]=chr(ord(iv[end_index]) ^  j ^ (j-1))
  59.             #print "pad modified=0x%02x" % ord(iv[end_index])
  60.             end_index-=1
  61.             list_index+=1
  62.  
  63.     print "Padding Oracle Attack successful"
  64.     print "Decrypted text : ","".join(plain_text)[::-1] #print the decrypted text
  65.  
  66. if __name__ == "__main__":
  67.  
  68.  
  69.     cipher_text="f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4"
  70.     print "len of cipher text = %d" % len(cipher_text)
  71.  
  72.     iv=cipher_text[:32]
  73.     ct=cipher_text[32:64]
  74.     padding_oracle(iv,ct)
RAW Paste Data
Top