Level 8: Detect AES in ECB mode
Task
In this file are a bunch of hex-encoded ciphertexts.
One of them has been encrypted with ECB.
Detect it.
Remember that the problem with ECB is that it is stateless and deterministic; the same 16 byte plaintext block will always produce the same 16 byte ciphertext.
Explanation
Now, we already know that AES-128-ECB operates with 16-byte blocks. So, for this exercise, we need to:
Read the file.
Convert each line from hexadecimal to bytes.
Split each ciphertext into 16-byte blocks.
Count the repeated blocks. The most repetitive block is the ECB cipher block.
Resolution
First, we are going to create a file named task8.py
Understanding the code
Two libraries are imported
Counter to count occurrences.
base64 for base64 encoding and decoding functions.
The file 8.txt is read using
open()
and stored in the variableciphertexts
.splitlines()
is then used to separate the lines.
The function
detect_ecb(ciphertext_hex)
is defined.ciphertext_bytes
is assigned the value ofciphertext_hex
converted into bytes.blocks
is initialized with 16-byte blocks.unique_blocks
uses thelen(set())
functions where:set()
converts the list into a set, removing duplicates.len()
returns the number of unique blocks.
The function returns the ECB ciphertext with most repetitive blocks.
most_likely_ecb
stores the result ofdetect_ecb()
, which is then printed.
Result
Last updated