problem 27

author: Jesse Luehrs <doy@tozt.net> 2015-04-18 02:19:02 -0400
committer: Jesse Luehrs <doy@tozt.net> 2015-04-18 02:19:02 -0400
commit: b4210c80d347e3d3d7aafe17349e7bf54448994f (patch)
tree: 3170b1e688d3e7d3411ea9b35ee368a522fa9d7e /src
parent: a16eee14a18d4c345d6485593d3543e342c86af3 (diff)
download: matasano-b4210c80d347e3d3d7aafe17349e7bf54448994f.tar.gz
matasano-b4210c80d347e3d3d7aafe17349e7bf54448994f.zip
2 files changed, 28 insertions, 0 deletions
diff --git a/src/crack.rs b/src/crack.rs
index b5ff9ff..5b387bb 100644
--- a/src/crack.rs
+++ b/src/crack.rs
@@ -3,6 +3,7 @@ use std::borrow::ToOwned;
 use std::collections::{HashMap, HashSet};
 use rand::{Rng, SeedableRng};
 
+use aes::encrypt_aes_128_cbc;
 use data::ENGLISH_FREQUENCIES;
 use primitives::{fixed_xor, unpad_pkcs7, hamming, repeating_key_xor};
 use random::MersenneTwister;
@@ -446,6 +447,32 @@ pub fn crack_ctr_bitflipping<F> (f: &F) -> Vec<u8> where F: Fn(&str) -> Vec<u8>
         .collect();
 }
 
+pub fn crack_cbc_iv_key<F1, F2> (encrypt: &F1, verify: &F2) -> Vec<u8> where F1: Fn(&str) -> Vec<u8>, F2: Fn(&[u8]) -> Result<bool, Vec<u8>> {
+    loop {
+        let plaintext_bytes: Vec<u8> = ::rand::thread_rng()
+            .gen_iter()
+            .filter(|&c| c >= 32 && c < 127)
+            .take(16*5)
+            .collect();
+        let plaintext = ::std::str::from_utf8(&plaintext_bytes).unwrap();
+        let ciphertext = encrypt(plaintext);
+        let modified_ciphertext: Vec<u8> = ciphertext[..16]
+            .iter()
+            .map(|x| *x)
+            .chain(::std::iter::repeat(0).take(16))
+            .chain(ciphertext[..16].iter().map(|x| *x))
+            .chain(ciphertext[48..].iter().map(|x| *x))
+            .collect();
+        if let Err(modified_plaintext) = verify(&modified_ciphertext[..]) {
+            let key = fixed_xor(
+                &modified_plaintext[..16],
+                &modified_plaintext[32..48]
+            );
+            let desired_plaintext = b"comment1=cooking%20MCs;userdata=;admin=true;comment2=%20like%20a%20pound%20of%20bacon";
+            return encrypt_aes_128_cbc(desired_plaintext, &key[..], &key[..]);
+        }
+    }
+}
 
 fn crack_single_byte_xor_with_confidence (input: &[u8]) -> (u8, f64) {
     let mut min_diff = 100.0;
diff --git a/src/lib.rs b/src/lib.rs
index 4209c0d..40a9773 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -44,3 +44,4 @@ pub use crack::recover_16_bit_mt19937_key;
 pub use crack::recover_mt19937_key_from_time;
 pub use crack::crack_aes_128_ctr_random_access;
 pub use crack::crack_ctr_bitflipping;
+pub use crack::crack_cbc_iv_key;
author	Jesse Luehrs <doy@tozt.net>	2015-04-18 02:19:02 -0400
committer	Jesse Luehrs <doy@tozt.net>	2015-04-18 02:19:02 -0400
commit	b4210c80d347e3d3d7aafe17349e7bf54448994f (patch)
tree	3170b1e688d3e7d3411ea9b35ee368a522fa9d7e /src
parent	a16eee14a18d4c345d6485593d3543e342c86af3 (diff)
download	matasano-b4210c80d347e3d3d7aafe17349e7bf54448994f.tar.gz matasano-b4210c80d347e3d3d7aafe17349e7bf54448994f.zip