Module: Matasano::Sets::Set2

Included in:

Matasano::Solver

Defined in:

lib/crypto-toolbox/matasano/sets/set2.rb

Instance Method Summary

• #solve10(key, input, iv) ⇒ Object
• #solve11(oracle, plaintext) ⇒ Object
• #solve12(oracle) ⇒ Object
• #solve13(key = SecureRandom.random_bytes(16)) ⇒ Object
• #solve14(oracle) ⇒ Object
• #solve15(input) ⇒ Object
• #solve16(oracle) ⇒ Object
• #solve9(input) ⇒ Object

Instance Method Details

#solve10(key, input, iv) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 9

def solve10(key,input,iv)
  data  = CryptBuffer.from_base64(input).str
  Ciphers::Aes.new.decipher_cbc(key,data,iv: iv).str
end

#solve11(oracle, plaintext) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 14

def solve11(oracle,plaintext)
  puts "see tests"
end

#solve12(oracle) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 18

def solve12(oracle)
  Analyzers::EcbStringAppender.new(oracle).analyze
end

#solve13(key = SecureRandom.random_bytes(16)) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 22

def solve13(key = SecureRandom.random_bytes(16) )
  oracle = CryptoToolbox::Oracles::UserProfileEncryptionOracle.new(key)
  
  # blocks:
  # 1) email=[...]@xy.
  # 2) com&uid=10&role=
  # 3) (guest|admin)[...]

  block_size        = 16
  prefix            = "email="
  infix             = "&uid=10&role="
  email_suffix      = "@xy.com" 
  email_user_length = (2*block_size) - (prefix.length + infix.length + email_suffix.length)
  email_user        = ("a".."z").to_a.sample(email_user_length).join
  email_address     = email_user + email_suffix
  ciphertext        = oracle.encrypted_profile_for(email_address)

  # take the first to blocks of the meassage to have a ciphertext of everything up until role=
  forgery_blocks,_  = ciphertext.to_crypt_buffer[0,2*block_size]

  # Construct a ciphertext containinig three blocks, where the last block
  # only contains admin...... where . is a valid padding:
  # 1: email=aaaaaaaaaa
  # 2: admin...........    . = 0xb
  # 3: @whatever.com
  target_role         = "admin"
  padding_length      = (block_size - target_role.length())
  malicious_username  = "aaaaaaaaaa#{target_role}".to_crypt_buffer.pad(padding_length).str + email_suffix
  ciphertext2         = oracle.encrypted_profile_for(malicious_username)
  role_chunk          = ciphertext2[block_size,block_size]

  oracle.decrypt_profile(forgery_blocks.str + role_chunk)
end

#solve14(oracle) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 56

def solve14(oracle)
  Analyzers::EcbStringAppender.new(oracle).analyze
end

#solve15(input) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 60

def solve15(input)
  CryptBuffer(input).strip_padding!.str
end

#solve16(oracle) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 64

def solve16(oracle)
  analyzer   = CryptoToolbox::Analyzers::CbcMutatingEncryption.new(oracle)
  analyzer.assemble_attack_message
end

#solve9(input) ⇒ Object

# File 'lib/crypto-toolbox/matasano/sets/set2.rb', line 5

def solve9(input)
  CryptBuffer(input).pad(4).str
end