2

I have written this little function for a padding oracle CTF and gotten lost along the way, could someone help?

I am trying to update a bytestring byte by byte from the back. Howvever when I run it it does it from the front newbyte: looks like b"x00/x00... " iv[0:x] doesnt get smaller somehow

def test_new_bytes(stringX, stringRest, c0, x):

    print("iv 0:x", iv[0 : x - 2])

    if x > 1:
        for i in range(0, 256):

            if i < 16:
                HEX_I = hex(i)[2:]
                #   print(HEX_I)
                newbyte = bytes.fromhex("0" + HEX_I) + stringRest
                print(i, newbyte)

                iv_new = stringX + newbyte
                print("check", stringX, newbyte, stringRest)
                print(iv_new)
                if checkPadding(xor(iv_new, c0) + c0):
                    print("Correckt padding woohoo", xor(iv_new, c0))
                    test_new_bytes(iv[0 : x - 1], newbyte, c0, x=x - 1)
                    print("your i is ", i)

            #   return iv_new

            else:
                HEX_I = hex(i)[2:]
                #   print(HEX_I)
                newbyte = bytes.fromhex(HEX_I) + stringRest
                print(i, newbyte)
                iv_new = stringX + newbyte
                print(iv_new)
                if checkPadding(xor(iv_new, c0) + c0):
                    print(
                        "Correckt padding woohoo at i, x", i, x, xor(iv_new, c0)
                    )
                    print("check", stringX, newbyte)
                    test_new_bytes(iv[0 : x - 1], newbyte, c0, x=x - 1)
                    print("your i is ", i)  #   return iv_new


print(iv[0:16], b"", c0)
test_new_bytes(iv[0:15], b"", c0, 15)
test_new_bytes(c0[0:15], b"", c1, 15)
AKX
  • 152,115
  • 15
  • 115
  • 172
Arwa Lucky
  • 19
  • 4
  • Did you test the checkPadding(xor(iv_new, c0) + c0) bit? Also, what's the difference between i < 16 and i >= 16 (why do you pad the hex string with 0)? Side note: use logging or f-strings for better debugging experience ;) – Lodinn Nov 25 '21 at 14:46
  • Shouldn't newbyte be concatenated in the opposite order? You''re adding hex representation of i from the front of the string, not the back which is the opposite of what you should do for oracle ctf iirc.... – Lodinn Nov 25 '21 at 14:58
  • i<16 and i>16 are essentially the same thing, for some reason that's just how the hex padding works when converting, under 16 you need a 0 bcz byte and such.. – Arwa Lucky Nov 25 '21 at 15:11
  • Alrighty update: the function was alright, I was using a lot of print statemnets and losing track of priorities. However now I have the issue with recursion not breaking at x<1 – Arwa Lucky Nov 25 '21 at 16:45
  • Assign newbyte only once given the rest is the same. Bugs are lot harder to catch if you copy&paste blocks like these. More general solution for byte-aligning hex values would be something like '0' * (len(hex_str) % 2) + hex_str[2:]. Alternatively, struct.pack could be used. As for the core of the question, could you provide a minimal reproducible example with the oracle mockup and IV? – Lodinn Nov 25 '21 at 20:53

0 Answers0