The Browser Exploit Against SSL/TLS (BEAST) attack leverages the weak IV in the AES-CBC encryption to obtain the value of an encrypted block. In this challenge, we will emulate the procedures of this attack.
We assume an AES-CBC oracle uses a weak IV generation scheme so that all IVs are predictable. Denote a plaintext block as m, the result of encrypting one block in AES-CBC mode as (iv1, c), and the next (fixed) IV as iv2. You will find some of these values in /challenge/transcript.txt
. You need to use these information to construct a series of plaintext queries which will result in a ciphertext that is identical to the previous ciphertext c.
To make the attack easier, you somehow know that the plaintext block starts with cse_539_2025
, and consists of only English letters.
To interact with the oracle, you need to generate a file query.txt
that contains all of your queries. Each line of your file consists of
your_guess_of_original_message_m your_query_plaintext_that_is_encrypted_with_iv2
The first element consists only English letters, and the second element is hexadecimal. You can check whether your query results in a successful attack by ./solve YOUR_PATH_TO_query.txt
.