Break Me!, DownUnder CTF 2021, Writeup

ECB Oracle Attack

Prerequisites

For the ECB Oracle attack to apply there are two properties the system must have:

  1. The attacker needs to be able to send arbitrary plain texts and see the encrypted ciphertexts.
  2. Before encrypting the given message, server has to add secret data to the end of the message.

Solving the challenge

Now we almost have all the challenge solution covered. Although we should notice that the concatenation scheme is a bit different than the one I presented above. Instead of adding secret to the end of the message making

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store