Home PicoCTF 2018 Cryptography 450: Magic Padding Oracle
Writeup
Cancel

Cryptography 450: Magic Padding Oracle

Challenge

Can you help us retreive the flag from this crypto service?

Connect with nc 2018shell1.picoctf.com 4966.

We were able to recover some Source Code.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/python2
import os
import json
import sys
import time

from Crypto.Cipher import AES

cookiefile = open("cookie", "r").read().strip()
flag = open("flag", "r").read().strip()
key = open("key", "r").read().strip()

welcome = """
Welcome to Secure Encryption Service version 1.1
"""
def pad(s):
  return s + (16 - len(s) % 16) * chr(16 - len(s) % 16)

def isvalidpad(s):
  return ord(s[-1])*s[-1:]==s[-ord(s[-1]):]

def unpad(s):
  return s[:-ord(s[len(s)-1:])]

def encrypt(m):
  IV="This is an IV456"
  cipher = AES.new(key.decode('hex'), AES.MODE_CBC, IV)
  return IV.encode("hex")+cipher.encrypt(pad(m)).encode("hex")

def decrypt(m):
  cipher = AES.new(key.decode('hex'), AES.MODE_CBC, m[0:32].decode("hex"))
  return cipher.decrypt(m[32:].decode("hex"))


# flush output immediately
sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
print welcome
print "Here is a sample cookie: " + encrypt(cookiefile)

# Get their cookie
print "What is your cookie?"
cookie2 = sys.stdin.readline()
# decrypt, but remove the trailing newline first
cookie2decoded = decrypt(cookie2[:-1])

if isvalidpad(cookie2decoded):
   d=json.loads(unpad(cookie2decoded))
   print "username: " + d["username"]
   print "Admin? " + d["is_admin"]
   exptime=time.strptime(d["expires"],"%Y-%m-%d")
   if exptime > time.localtime():
      print "Cookie is not expired"
   else:
      print "Cookie is expired"
   if d["is_admin"]=="true" and exptime > time.localtime():
      print "The flag is: " + flag
else:
   print "invalid padding"

Solution

Flag