Level 8: Detect AES in ECB mode

Task

In this file are a bunch of hex-encoded ciphertexts.

One of them has been encrypted with ECB.

Detect it.

Remember that the problem with ECB is that it is stateless and deterministic; the same 16 byte plaintext block will always produce the same 16 byte ciphertext.

Explanation

Now, we already know that AES-128-ECB operates with 16-byte blocks. So, for this exercise, we need to:

  • Read the file.

  • Convert each line from hexadecimal to bytes.

  • Split each ciphertext into 16-byte blocks.

  • Count the repeated blocks. The most repetitive block is the ECB cipher block.

Resolution

First, we are going to create a file named task8.py

Understanding the code

  • Two libraries are imported

    • Counter to count occurrences.

    • base64 for base64 encoding and decoding functions.

  • The file 8.txt is read using open() and stored in the variable ciphertexts.

    • splitlines() is then used to separate the lines.

  • The function detect_ecb(ciphertext_hex) is defined.

    • ciphertext_bytes is assigned the value of ciphertext_hex converted into bytes.

    • blocks is initialized with 16-byte blocks.

    • unique_blocks uses the len(set()) functions where:

      • set() converts the list into a set, removing duplicates.

      • len() returns the number of unique blocks.

    • The function returns the ECB ciphertext with most repetitive blocks.

  • most_likely_ecb stores the result of detect_ecb() , which is then printed.

Result

PreviousLevel 7: AES in ECB modeNextFlaws Cloud 1

Last updated