In this challenge, the server uses AES in CBC mode to encrypt and decrypt user-provided data. The goal is to forge an IV that forces the server to decrypt a ciphertext into a specific value. The chall.py file simulates the server's behavior. Here's a breakdown of its functionality:
- AES-CBC Encryption: The server encrypts and decrypts 16-byte blocks using AES in CBC mode.
- Forbidden Value: The server prevents users from encrypting or using a specific value (
leak) as the plaintext or IV. - IV Manipulation: By manipulating the IV, we can control the decrypted plaintext.
Key points in chall.py:
- The
encryptfunction encrypts user-provided plaintext and returns the IV and ciphertext. - The
decryptfunction decrypts user-provided ciphertext and IV, then checks if the decrypted value matches the forbidden value (leak).
The main logic for solving this challenge is:
- Encrypt a block of null bytes to obtain the original IV and ciphertext.
- XOR the original IV with the forbidden value to compute the forged IV.
- Send the forged IV and the original ciphertext to the server to force the decryption to the forbidden value.
- Retrieve the flag from the server.
To solve the challenge:
- Connect to the server and encrypt 16 null bytes to get the original IV and ciphertext.
- Compute the forged IV by XORing the original IV with the forbidden value:
forged_IV = original_IV ⊕ forbidden_value- This ensures that the decrypted value matches the forbidden value.
- Send the forged IV and the original ciphertext to the server.
- Retrieve the flag from the server.
The solve.py script includes error handling for unexpected server responses, such as empty or malformed outputs. This ensures the script can handle edge cases gracefully.
The script retrieves the flag from the server's response:
result = s.recv(4096)
print(result.decode())By following this structured approach, the script successfully forces the server to decrypt the ciphertext into the forbidden value and retrieves the flag.