Some Tricks of Symmetric Cryptography

Symmetric Cryptography means this encryption algorithm use the same key for encryption and decryption. Although I am a web dog, encryption algorithm in some web question recently let me broken heart.

1. Some Symmetric Encryption Algorithm

DES、3DES、TDEA、Blowfish、RC2、RC4、RC5、IDEA、SKIPJACK

Here is another blog for S-DES which i wrote before.

2. Symmetric Cryptography in CTF-WEB

here are some crypto in ctf.which i know most is Padding Oracle or Cbc Flipped Ciphertext Bits.
for example CBC in NJCTF or shiyanba easy login question and so on . some i want introduce some Padding Oracle Tricks in ctf_web.

3. Some Encryption mode

Symmetric encryption has two types of encryption modes, namely block encryption and stream encryption.but in AES algorithm has five modes.if you want to find a aes decrypto/encrypto online mabey you need choice which mode you want use.
for example

Electronic Codebook Book (ECB)
Cipher Block Chaining (CBC)
Counter (CTR)
Cipher FeedBack (CFB)
Output FeedBack (OFB)

3.1. Electronic Codebook Book (ECB)

ECB is the simplest mode is encryption modes.

As we can see,we just need block the plaintext.Encryto every piece,than split joint every ciphertext.this is ECB encryption mode.

3.2. Cipher Block Chaining (CBC)

In this mode, the plaintext is first divided into several segments, and then each segment is XOR with the initial block(first segments) or the ciphertext segment of the previous segment, and then encrypted with the key.

Explain this encryption flow chart:
• Ciphertext-0 = Encrypt(Plaintext XOR IV)—for first plaintext segment
• Ciphertext-N= Encrypt(Plaintext XOR Ciphertext-N-1)—othere plaintext segments
Decyption as same.

•Plaintext-0 = Decrypt(Ciphertext XOR IV) —for first ciphertext segment
•Plaintext-N= Decrypt(Ciphertext XOR Ciphertext-N-1)—othere ciphertext segments

4.CBC Byte Flipping Attack

Purpose of CBC Byte Flipping Attack:To change a byte in the plaintext by corrupting a byte in the ciphertext.

4.1.Working Principle

Note: The Ciphertext-N-1 is used to generate the plaintext of the next block; this is where the byte flipping attack comes into play. If we change one byte of the Ciphertext-N-1 then, by XORing with the net decrypted block, we will get a different plaintext! You got it? Do not worry, we will see a detailed example below. Meanwhile, below is a nice diagram explaining this attack

And this is we know in math

so if we want let answer become “a”,we just need  Last_Ciphertext ^ Now_Plantext ^ Now_Ciphertext ^ "A"

4.2.For example if we can change iv

This env len(vi==Key),so we just need  new_cipher=bytes([ord(chr(cipher[0]))^ord('a')^ord('b')])+cipher[1:]

In php we use those func for cbc

source_code

exp1 for py2

exp2 for py3