public static byte[] AESEncryptionOracle(byte[] input, out bool isECB)
{
var randomPrefixLength = random.Next(5, 11);
var randomPrefixBuffer = new byte[randomPrefixLength];
random.NextBytes(randomPrefixBuffer);
var randomSuffixLength = random.Next(5, 11);
var randomSuffixBuffer = new byte[randomSuffixLength];
random.NextBytes(randomSuffixBuffer);
var paddedInput = new byte[randomPrefixLength + input.Length + randomSuffixLength];
Array.Copy(randomPrefixBuffer, 0, paddedInput, 0, randomPrefixLength);
Array.Copy(input, 0, paddedInput, randomPrefixLength, input.Length);
Array.Copy(randomSuffixBuffer, 0, paddedInput, randomPrefixLength + input.Length, randomSuffixLength);
if (paddedInput.Length % 16 != 0)
{
paddedInput = BlockPad(paddedInput, paddedInput.Length + (16 - paddedInput.Length % 16));
}
isECB = random.Next(0, 2) == 1;
if (isECB)
{
return(AES128.EncryptECB(paddedInput, randomKey));
}
else
{
var iv = RandomAES128Key();
return(AES128.EncryptCBC(paddedInput, randomKey, iv));
}
}
public static byte[] CBCBitflipOracle(string payload)
{
var prefix = "comment1=cooking%20MCs;userdata=";
var suffix = ";comment2=%20like%20a%20pound%20of%20bacon";
//note that if you Escape all values you can't bitflip attack
//payload = Uri.EscapeDataString(payload)
payload = payload.Replace(";", "%3b").Replace("=", "%3d");
var newSource = string.Concat(prefix, payload, suffix);
var paddedSource = Pad16(Encoding.UTF8.GetBytes(newSource));
var iv = Encoding.UTF8.GetBytes("YELLOW SUBMARINE");
return(AES128.EncryptCBC(paddedSource, randomKey, iv));
}
public static byte[] ECBOracle(byte[] randomPrefix, byte[] input)
{
var prefixLength = randomPrefix == null ? 0 : randomPrefix.Length;
var unknown = Convert.FromBase64String("Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK");
var payload = new byte[prefixLength + input.Length + unknown.Length];
if (prefixLength > 0)
{
randomPrefix.CopyTo(payload, 0);
}
input.CopyTo(payload, prefixLength);
unknown.CopyTo(payload, prefixLength + input.Length);
return(AES128.EncryptECB(payload, randomKey));
}
public static byte[] EncryptProfileFor(string email)
{
var profile = ProfileFor(email);
var encodedProfile = EncodeProfileAsKeyVal(profile);
var profileBytes = Encoding.UTF8.GetBytes(encodedProfile);
var profileBlocks = BlockPad(profileBytes, profileBytes.Length + 16 - profileBytes.Length % 16);
var output = new byte[profileBlocks.Length];
for (var i = 0; i < profileBlocks.Length / 16; i++)
{
var profileBlock = new ArraySegment <byte>(profileBlocks, i * 16, 16).ToArray();
var outputBlock = AES128.EncryptBlock(profileBlock, profileForOracleExtendedKey);
Array.Copy(outputBlock, 0, output, i * 16, 16);
}
return(output);
}
public static bool IsAdmin(byte[] encrypted)
{
var iv = Encoding.UTF8.GetBytes("YELLOW SUBMARINE");
var decrypted = AES128.DecryptCBC(encrypted, randomKey, iv);
var items = Encoding.UTF8.GetString(decrypted).Split(';');
var dict = new Dictionary <string, string>();
foreach (var item in items)
{
var keyValSplit = item.Split('=');
var val = Encoding.UTF8.GetString(StripPadding(Encoding.UTF8.GetBytes(keyValSplit[1])));
dict.Add(keyValSplit[0], Uri.UnescapeDataString(val));
}
string isAdmin;
dict.TryGetValue("admin", out isAdmin);
return(bool.Parse(isAdmin ?? bool.FalseString));
}
public static Dictionary <string, string> DecryptProfileFor(byte[] encrypted)
{
var decrypted = new byte[encrypted.Length];
for (var i = 0; i < encrypted.Length / 16; i++)
{
var block = new ArraySegment <byte>(encrypted, i * 16, 16).ToArray();
var decryptedBlock = AES128.DecryptBlock(block, profileForOracleExtendedKey);
Array.Copy(decryptedBlock, 0, decrypted, i * 16, 16);
}
var encoded = Encoding.UTF8.GetString(decrypted);
var pad = (int)decrypted[decrypted.Length - 1];
if (pad < 0x0f)
{
encoded = encoded.Substring(0, encoded.Length - pad);
}
return(ParseQuerystringToDictionary(encoded));
}