Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
ashutosh1206
GitHub Repository: ashutosh1206/crypton
 Path: blob/master/Message-Authentication-Code/Attack-Length-Extension-CBC-MAC/CBC-Length-Extension.py
1402 views
1
'''-----------------------------<Server-Side>-------------------------------'''

2
from Crypto.Util.number import *

3
from Crypto.Cipher import AES

4


5
# Secret values not known to the attacker

6
from key import AES_key, MAC_flag

7


8
AES_key = AES_key.decode("hex")

9
iv = "\x00" * 16

10
BLOCKSIZE = 16

11


12
def MAC_generation(plaintext):

13
	try:

14
		assert len(plaintext) % 16 == 0

15
		

16
		# Does not allow to generate MAC of the below plaintext

17
		if plaintext == "Check length extension attack!!!":

18
			print("Not allowed to calculate MAC of this string!")

19
			exit()

20


21
		obj1 = AES.new(AES_key, AES.MODE_CBC, iv)

22
		ciphertext = obj1.encrypt(plaintext)

23
		ciphertext = ciphertext[len(ciphertext) - 16:]

24


25
		return ciphertext.encode("hex")

26
	except:

27
		print "Invalid Input"

28


29
def MAC_authentication(auth_tag):

30
	if auth_tag == MAC_flag:

31
		print "Successful Exploit!"

32
	else:

33
		print "Exploit Failed!"

34
'''----------------------------</Server-Side>--------------------------------'''

35


36
'''---------------------------<Attacker-Side>--------------------------------'''

37
def xor_strings(s1, s2):

38
	assert len(s1) == len(s2)

39
	ct = "".join([chr(ord(s1[i]) ^ ord(s2[i])) for i in range(len(s1))])

40
	return ct

41


42


43
def exploit():

44
	target_string = "Check length extension attack!!!"

45
	assert len(target_string) == 32

46


47
	'''Direct Check: Calling the MAC_generation function by passing

48
	target_string as the parameter directly --> Not allowed by the server'''

49
	MAC_generation(target_string)

50


51
	# Exploit to bypass the plaintext check filter

52
	print "\n\nThe exploit!!"

53
	first_slice = target_string[:16]

54


55
	'''We are allowed to give input to the server, hence calling the

56
	MAC_generation function for illustration'''

57
	MAC_first_slice = MAC_generation(first_slice).decode("hex")

58
	# MAC_target_string = MAC(MAC(target_string[:16]) xor target_string[16:32])

59
	second_slice = xor_strings(MAC_first_slice, target_string[16:32])

60
	MAC_target_string = MAC_generation(second_slice)

61
	# Calling the MAC_authentication function to illustrate authentication

62
	MAC_authentication(MAC_target_string)

63


64
if __name__ == '__main__':

65
	exploit()

66
'''---------------------------</Attacker-Side>-------------------------------'''

67


68