CTF AES attack (ECB, CBC, CFB, OFB, CTR)

Daniele Linguaglossa

10/25/23, 6:15 PM

Hi I'm trying to understand the logic behind a CTF challenge basically we are given a program which encrypt some data, we have the following options:

Select encryption mode (EBC, CBC, CTR, OFB, CFB)
Encrypt the flag and see the resulting ciphertext
Encrypt a choosen plaintext and see the resulting ciphertext

Now I think the weakest alg here is ECB, but bruteforce block of 128 bits seems not feasible at all to me.

Each time a plaintext is encrypted a new random IV is used (when needed so for CBC, CBF and OFB).

Which could be a good strategy to attach such program? My objective is finding the plaintext for the flag.

616

0 + 5

aes

attack

fgrieu

10/25/23, 6:28 PM

Temporarily leaving my moderator hat aside (CTFs tend to be off-topic; and in any case you should only expect a hint), some generic ideas applicable to some AES encryption CTFs: Guess the flag, and check the guess. Find a way to make the RNG used to generate the IV fail to perform it's duty. Guess a poorly generated key, and check the guess. Extract the key from an implementation side channel. If some ciphertext can be obtained before the full plaintext is given, exploit that.

Daniele Linguaglossa

10/25/23, 6:39 PM

Oh I was unaware that CTF are off-topic, anyway I don't think those methods are actually possible I can interact with the program only in those 3 ways, also the IV is generated using urandom. I also forgot to say that I know first 4 bytes of the flag and that I can interact more than once with this program.

fgrieu

10/25/23, 6:41 PM

I'll give only a single more hint: the weakest alg here is not ECB. Note: CTFs are not fully off-topic (see [these meta](https://crypto.meta.stackexchange.com/search?tab=votes&q=CTF)), especially above a certain threshold of difficulty. However, giving a straight answer to an ongoing CTF, or to this (not so difficult) one would be poor taste. Perhaps I have already said too much.

poncho

10/25/23, 6:53 PM

What is the goal here? What is it that, if you recover it, you've met the CTF challenge?

Daniele Linguaglossa

10/25/23, 6:56 PM

Thanks @fgrieu :) let me try google a bit for other attack vectors on different modes

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: CTF AES attack (ECB, CBC, CFB, OFB, CTR)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.