Score:0

Decryption considering AES OFB and ECB

sd flag

I have the following pseudo code considering a ransomware methodology to encrypt files:

cFile = AESEncrypt(sessionKey, pFile, OFB, iv)

keyBlob = AESEncrypt(masterKey, sessionKey, OFB, iv)

ivBlob = AESEncrypt(masterKey, iv, ECB, null)

Aes 128 bytes is used for sure.

I don’t have information about master key, session key or ivblog or keyblog. Ivblog and keyblog are used to encrypt /decrypt cfile.

In this case the only thing I have is the m1.enc message in which the first line is personal information.

Based on the above, Is there any way to decrypt cfile (m1.enc in this case)?

Score:1
us flag

Unless I am misunderstanding your pseudo code there is a way to obtain session key without knowing the master key from keyBlob and ivBlob if the iv used in ivBlob and keyBlob are the same (make sure that they are the same first). It helps because the key is in single block. In ECB mode single block cipher is just $E_k(iv)$ and in OFB mode key generates keystream from iv by repeatedly encrypting and first cipher text block is $E_k(iv) \oplus plain$. Just put them together and you can obtain sessionKey. Even if the key was 192 bits you would only need to brute force 64 bits which is feasible. Anyway I doubt a ransomware would make it this easy so I could be me misunderstanding your question or could be homework question so I am not writing full answer.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.