HostageOfCode Posted April 29 Posted April 29 (edited) int i = 0; unsigned char input_buffer[BINSIZE + 1] = {0}; unsigned char output_buffer[BINSIZE * 2] = {0}; DWORD data_size = BINSIZE; for(i = 0; i < data_size; i = i + 16) { Decrypt(AESKey, input_buffer + i, output_buffer + i, 16); } for(i = 0; i < data_size - 16; i++) { output_buffer[i + 16] = output_buffer[i + 16] ^ input_buffer[i]; } The goal is to reverse the algorithm and obtain input_buffer if we have only the output_buffer after the xor manipulation and the AESKey outsource for the Encrypt function. Looks easy but it is not that easy after all. Edited April 29 by HostageOfCode 1
aIjundi Posted April 29 Posted April 29 Key details to solving this challenge: The block size is 16 bytes. The first block is only Decrypted, not xor'ed. Each of the following blocks is Decrypted then xor'ed with the previous block Solving it would boil down to Encrypting a block then xor'ing it with the next block, which would roughly be as below unsigned char output_buffer[BINSIZE * 2] = {0}; unsigned char result_buffer[BINSIZE + 1] = {0}; DWORD data_size = BINSIZE; for(int i = 0; i < data_size; i = i + 16) { Encrypt(AESKey, result_buffer + i, output_buffer + i, 16); for(int j = i; j < i + 16; j++) { output_buffer[j + 16] = output_buffer[j + 16] ^ result_buffer[j]; } } 1 1
HostageOfCode Posted April 29 Author Posted April 29 int count = 0; memcpy(output_buffer, input_buffer, data_size); Encrypt(AESKey, output_buffer, output_buffer, 16); for (i = 0; i < data_size - 16; i++) { output_buffer[i + 16] = input_buffer[i + 16] ^ output_buffer[i]; count++; if (count == 16) { Encrypt(AESKey, output_buffer+ i + 1, output_buffer+ i + 1, 16); count = 0; } } This is my solution. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now