Guest User

Untitled

a guest
Oct 9th, 2012
1,369
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Padding Oracle decryption 
  2. import binascii
  3. import urllib2
  4. import string
  5.  
  6. target="http://crypto-class.appspot.com/po?er="
  7.  
  8. plain_text=[]
  9.  
  10. def padding_oracle(iv,ct):
  11.     global target,plain_text
  12.     #print "iv=",iv
  13.     iv=binascii.unhexlify(iv)
  14.     iv=list(iv) #because string is immutable,convert to a string first
  15.     iv_index=len(iv)-1
  16.  
  17.     j=0x1
  18.     bf_range=list(" "+string.ascii_letters)
  19.     for k in range(16):
  20.         #print "orig =0x%02x " %ord(iv[iv_index])
  21.         temp=iv[iv_index]
  22.         for i in bf_range:
  23.  
  24.             iv[iv_index]=chr(ord(iv[iv_index]) ^ ord(i) ^ j)
  25.             final_target=target+"".join(iv).encode("hex")+ct
  26.          #   if i == 's' and k==1:
  27.          #       print final_target
  28.          #       print iv[iv_index],iv_index,i,j
  29.  
  30.             request=urllib2.Request(final_target) #create a HTTP Request
  31.             try:
  32.                 resp=urllib2.urlopen(request) #capture the Response
  33.             except urllib2.HTTPError,e:
  34.                 if e.code == 404: #valid pad
  35.                     #print final_target
  36.                     print "Got the %d byte and it is 0x%02x" %(iv_index+1,ord(i))
  37.                     plain_text.append("%c" % i)
  38.                     #print plain_text
  39.  
  40.                     break
  41.  
  42.                 elif e.code == 403: #invalid pad, iterate
  43.                     print "403:Forbidden"
  44.  
  45.                 else:
  46.                     print "unknown code :%d" % e.code
  47.             iv[iv_index]=temp #restore the value back
  48.         #print final_target
  49.         #print "modified=0x%02x" % ord(iv[iv_index])
  50.         iv_index-=1
  51.         j+=1
  52.         list_index=0
  53.         end_index=len(iv)-1
  54.  
  55.         while end_index > iv_index and list_index < len(plain_text): #this is to take care of further padding
  56.             if k==15: #skip the last iteration
  57.                 break
  58.             iv[end_index]=chr(ord(iv[end_index]) ^  j ^ (j-1))
  59.             #print "pad modified=0x%02x" % ord(iv[end_index])
  60.             end_index-=1
  61.             list_index+=1
  62.  
  63.     print "Padding Oracle Attack successful"
  64.     print "Decrypted text : ","".join(plain_text)[::-1] #print the decrypted text
  65.  
  66. if __name__ == "__main__":
  67.  
  68.  
  69.     cipher_text="f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4"
  70.     print "len of cipher text = %d" % len(cipher_text)
  71.  
  72.     iv=cipher_text[:32]
  73.     ct=cipher_text[32:64]
  74.     padding_oracle(iv,ct)
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×