Attacking AES ECB
in this post, i will explain how we can attacking AES ECB, according to this diagram:
if we use the same key to encrypt a plaintext, we can actual get the same cipher. in aes, there’s 16 byte each block. for example:
plaintext = AAAAAAAAAAAAAAAA <------- represent 1 blockcipher (16 byte length)
so if we use the same plaintext as our input and will encrypted with the same key. the return value will be the same value. for example:
key= ..... plaintext = AAAAAAAAAAAAAAAA will be: cipher = BBBBBBBBBBBBBBBB
at this time, our goals to get the secret encrypted string by bruteforcing the last byte. for example: we encrypted our known plaintext 15 byte :
plaintext = AAAAAAAAAAAAAAA
so the last byte of our plaintext is the secret string that will fit on the first blockcipher
plaintext = AAAAAAAAAAAAAAAS
at this time, we have to encrypt another
plaintext and brute our last byte with a char and
comparing with the first one.
plaintext = AAAAAAAAAAAAAAA<brute here>
if we have the same encrypted string as the first one. it mean that was the correct string.
for example i will use my latest CTF problem
ECB GAME from my university. we are given a source
code , and a listen server:
nc core.ccug.my.id 39002,
our goal to get the flag string, as you can see the key is randomly choosen with 16 byte length. so every time we connect to the server, the key will change. but we can always doing encrypt because the
now,in the encrypt function, our flag will appended with our input plaintext
so the flag will be located on our last plaintext.
plaintext = AAAAAAAAAAAAAAAH
note: H is the first byte of the flag String.
now we have to check the first encrypted text with our brute encrypted text, if
we found the same encrypted text, that means we found the correct string of flag.
after we found the correct string, we have to substract the padding in this case
AAAAAAAAAAAAAAA with length of the that we found
'A' * (len(flag_found)). so it will looks
AAAAAAAAAAAAAAAH AAAAAAAAAAAAAAHA AAAAAAAAAAAAAHAC AAAAAAAAAAAAHACK AAAAAAAAAAAHACKF AAAAAAAAAAHACKFE AAAAAAAAAHACKFES AAAAAAAAHACKFEST
here is my solver to get the full flag: