oracle
– Padding oracle attacks¶
This module provides a functions that, given an oracle function that returns
True
when a message is properly padded and False
otherwise, will
decrypt or encrypt a given message assuming that the underlying cipher
operates in CBC mode.
-
pwnypack.oracle.
padding_oracle_decrypt
(oracle, ciphertext, known_prefix=b'', known_suffix=b'', block_size=128, alphabet=None, pool=None, block_pool=None, progress=None)[source]¶ Decrypt ciphertext using an oracle function that returns
True
if the provided ciphertext is correctly PKCS#7 padded after decryption. The cipher needs to operate in CBC mode.Parameters: - oracle (callable) – The oracle function. Will be called repeatedly with a chunk of ciphertext.
- ciphertext (bytes) – The data to decrypt. Should include the IV at the start.
- known_prefix (bytes) – If the start of the plaintext is known, it can be provided to skip decrypting the known prefix.
- known_suffix (bytes) – If the end of the plaintext is known, it can be provided to skip decrypting the known suffix. Should include padding.
- block_size (int) – The cipher’s block size in bits.
- alphabet (bytes) – Optimize decryption if you know which characters the plaintext will consist of.
- pool (multiprocessing.Pool) – A multiprocessing pool to use to
parallelize the decryption. This pool is used to call the oracle
function. Fairly heavy due to the required inter-process state
synchronization. If
None
(the default), no multiprocessing will be used. - block_pool (multiprocessing.Pool) – A multiprocessing pool to use to
parallelize the decryption. This pool is used to decrypt entire
blocks in parallel. When decrypting ciphertext consisting of
multiple blocks, it is usually more efficient than using the
pool
argument. IfNone
(the default), no multiprocessing will be used. - progress (callable) – A callable that will be called each time a new byte is decrypted. Is called with the positition of the character in the plaintext result and the character itself.
Returns: The decrypted data with its PKCS#7 padding stripped.
Return type: bytes
Raises: RuntimeError
– Raised if the oracle behaves unpredictable.Example
>>> from pwny import * >>> with multiprocessing.Pool(5) as pool: >>> print(padding_oracle_decrypt(oracle_function, encrypted_data, pool=pool)) b'decrypted data'
-
pwnypack.oracle.
padding_oracle_encrypt
(oracle, plaintext, block_size=128, pool=None)[source]¶ Encrypt plaintext using an oracle function that returns
True
if the provided ciphertext is correctly PKCS#7 padded after decryption. The cipher needs to operate in CBC mode.Parameters: - oracle (callable) – The oracle function. Will be called repeatedly with a chunk of ciphertext.
- plaintext (bytes) – The plaintext data to encrypt.
- block_size (int) – The cipher’s block size in bits.
- pool (multiprocessing.Pool) – A multiprocessing pool to use to
parallelize the encryption. This pool is used to call the oracle
function. Fairly heavy due to the required inter-process state
synchronization. If
None
(the default), no multiprocessing will be used.
Returns: The encrypted data.
Return type: bytes
Raises: RuntimeError
– Raised if the oracle behaves unpredictable.