The principle of
packet-based encryption
encryption process
Plaintext: plaintext data to be encrypted.
IV: for randomizing the encrypted block of bits, even if a plurality of times to ensure the same encrypted plaintext can be obtained in different ciphertext, the initial vector used plaintext XOR operation with the first block.
Key: used by some symmetric encryption algorithm such as the AES.
Ciphertext: ciphertext encrypted data.
Here it is important that, the CBC operates in a fixed-length bit group, which is called block. In this paper, we will use the block contains 16 bytes.
• Ciphertext-0 = Encrypt (Plaintext XOR IV) - only for the first chunk
• Ciphertext-N = Encrypt (Plaintext XOR Ciphertext-N-1) - for the second block and the rest of the
XOR is an exclusive-OR operation, N is the N-th data block
------------------------------------------ ---------------------------------
formula above and may be simply described as:
1. CBC encrypted data to be is divided into N blocks, each block is 16 bytes
2. find a random IV (initial vector), size of each block of size (16 bytes), for performing an exclusive oR operation with the first block
3. the result of exclusive oR operation performed selected encryption encrypts
4. the resulting first ciphertext and a plaintext are XORed second block
encryption manner selected 5. XOR operation is encrypted
6 the obtained second and third blocks of ciphertext XORed plaintext
encrypted 7. the results of the exclusive oR operation for the selected encryption
8. the finally obtained ciphertext obtained by encrypting three
Note: As you can see, the first ciphertext block is used to generate the ciphertext block.
-------------------------------------------------- --------------------
decryption
decryption process
• Plaintext-0 = Decrypt (Ciphertext ) XOR IV- only used for the first chunk
• Plaintext-N = Decrypt (Ciphertext ) XOR Ciphertext-N-1- and a second remaining chunks
• --- -------------------------------------------------- ------------------------------
formula above and may be simply described as:
1. CBC encrypted data that has been divided into N blocks, each block is 16 bytes
2. the first block decrypting the encrypted data with the selected encryption
IV when encrypted 3. found, for performing XOR operation with the first block after the decryption, to obtain the first block of plaintext
4. decrypting the second encrypted data block
of ciphertext block is decrypted using the second encryption of the first block 5. XORed, the second plaintext block
6. the third block the encrypted data is decrypted
7. XOR with the decrypted block of the second block with a third block of encrypted data, the second plaintext block
may be estimated by the above-described decryption process:
If you want to modify the second block n-bytes of data, as long as the modifications of the n bytes of ciphertext block data of the ciphertext such that the first block and a second block decryption obtained Can be obtained when the data are XORed data they want, the data for the third and subsequent blocks has no effect (since the XOR operation is encrypted with the next block data, a second block the encrypted data is not changed), but the first modified block of data is encrypted, decrypted and IV after the XOR operation will produce an error data.
So, if you want to modify data in the third block, modify the encrypted information on the second block, will produce only the second block data error data, other data block is not an error.
If you want to modify the data of the first block, it can only modify the first piece of ciphertext, it needs to know what the IV is the process:
1. The first block of plaintext data into the desired modification
2. Modify and complete data XOR IV, and then encrypting the selected mode, the ciphertext data to obtain
the ciphertext data 3. the first block of the ciphertext data to be replaced
so bad block will be the second block, because the first a modified ciphertext generating error XOR with the decrypted data of the second block.
Solve the wrong way is to modify IV
------------------------------------------- ----------------------------------
Note: ciphertext-N-1 (ciphertext -N-1) is the next block is used to generate the plaintext; this is the byte attacks began flipping into play. If we change a byte Ciphertext-N-1 (ciphertext -N-1), and then the next group of blocks or a decryption exclusive, we can get a different plaintext it! You got it? Do not worry, here we will see a detailed example. At the same time, this can be well below FIG illustrate this attack:
0x02 example a (CBC Blocks of 16 bytes)
For example, we have the plaintext sequence:
A: 2: {S:. 4: "name "; s: 6:" sdsdsd "; s: 8:" greeting "; s: 20:" echo 'Hello sdsdsd!' ";}
our goal is to" s: 6 "converted from among the number 6 numeral" 7. " The first thing we need to do is divided into 16-byte plaintext blocks:
• Block. 1: A: 2: {S:. 4: "name";
• Block 2: S:. 6: "
Block 3 :: • "the Greeting"; S: 20
• Block 4 :: "echo 'the Hello SD
• Block 5:! Sdsd'";}
Therefore, our objective character located in block 2, which means that we need to change Block 1 plaintext to ciphertext change of the second block.
There is a rule of thumb (Note: The above described in conjunction with FIG available), you change in the ciphertext byte, only affect the next plaintext which has the same byte offset. Therefore, our goal is to offset 2:
• [0] = S
• [. 1] =:
• [2] =. 6
So we have to change the first ciphertext block in which the offset is 2 bytes. As you can see in the code which, in the second line we get the entire ciphertext data, then line 3, we change the block offset 1 byte 2, and finally we recall the decryption function.
1. $ v = "a: 2 : {s: 4:" name "; s: 6:" sdsdsd "; s: 8:" greeting "; s: 20:" echo 'Hello sdsdsd!' ";}" ;
2. ENC = @encrypt $ ($ V);
3. $ ENC [2] = CHR (the ord (ENC $ [2]) ^ the ord ( ". 6") ^ the ord ( ". 7"));
4. $ b = @decrypt ($ enc);
After running this code, we can become the number 6 7:
But we are in the third line, is how to change the byte values we want it to be?
Based on the above-described decryption process, and we know, A = Decrypt (Ciphertext) and B = the Ciphertext-N-1 to give a final XOR C = 6. It is equivalent to:
C = A B the XOR
Therefore, the only thing we do not know the value is A (Note: For B, C is) (block cipher decryption); by means of XOR, we can easily obtain the value of A:
A = B XOR C
Finally, A XOR B XOR C is equal to 0. With this formula, we can set our own value at the end of an XOR operation, like this:
A XOR B XOR C XOR ". 7" will block 2 among the plaintext, resulting offset bytes 2 7
------------------------------------------------- -------------------
XOR formula:
1.A the XOR B = C, C = the XOR B a, C a = B the XOR
2.A the XOR the XOR B = 0 C
3.0 A = the XOR A
------------------------------------------ ----------------------
Demo
Current test can only modify their own block and a second data
source:
function Login ($ info) {
$ get_random_iv IV = ();
$ = Plain the serialize ($ info);
$ cipher = openssl_encrypt ($ Plain, AES-128 -CBC, of SECRET_KEY, OPENSSL_RAW_DATA, $ IV);
$ _SESSION [ 'username'] = $ info [ 'username'];
the setcookie ( "IV", the base64_encode ($ IV));
the setcookie ( "cipher", the base64_encode ($ cipher ));
}
function check_login () {
IF (isset ($ _ COOKIE [ 'cipher']) && isset ($ _ COOKIE [ 'IV'])) {
$ cipher = base64_decode ($ _ COOKIE [ 'cipher']);
$ IV base64_decode = ($ _ COOKIE [ "IV"]);
IF ($ = Plain openssl_decrypt ($ cipher, the METHOD, of SECRET_KEY, OPENSSL_RAW_DATA, $ IV)) {
$info = unserialize($plain) or die("<p>base64_decode('".base64_encode($plain)."') can't unserialize</p>");
$_SESSION['username'] = $info['username'];
}else{
die("ERROR!");
}
}
}
if(isset($_POST['username']) && isset($_POST['password'])){
$username = (string)$_POST['username'];
$password = (string)$_POST['password'];
if($username === 'admin'){
exit('<p>admin are not allowed to login</p>');
}else{
$info = array('username'=>$username,'password'=>$password);
login($info);
show_homepage();
}
else{
IF (isset ($ _ the SESSION [ "username"])) {
check_login ();
show_homepage ();
}
enter a user name admir password 1, data capture content:
cookies:
the PHPSESSID = iq1lrnq2fhp235ndd4ke2njl73;
IV = XyP2qyLI00SzmCP8t766mA% 3D% 3D;
cipher = 8Rhxwqez6NPucPx4mKM4oytL0QCEM6YnRhjkPTjIVvDMp8HAF2% 2f8JjiWG8oSLqwgdGs4EV018W7SU63K3bYV9w% 3d% 3d
process: the XOR XOR, encryption CRYPT (unknown key), the encrypted en-
plain XOR iv -> after_plain CRYPT - > en-after_plain
added: AES encrypted data is 16 bytes integral multiple directly XOR
problem solving procedure:
<PHP?
$ = ENC base64_decode ( "+ smzh0pOdq7QrP3H9CN0MBfynL1eKtILs bIpgPK29vVQosJ / ayew1snTYbeYSIz8rQctkAUMORS76SWQHXwuKg ==");
$ ENC [13 is] = CHR (the ord ($ ENC [13 is]) ^ the ord ( "K") ^ the ord ( "n-"));
echo the base64_encode ($ ENC);
?>
? <PHP
$ base64_decode = ENC ( "4quudO PAeVPQfcFJ0bbm1lIjtzOjU6ImFkbWluIjtzOjg6InBhc3N3b3JkIjtzOjM6IjEyMyI7fQ ++ ==");
$ = base64_decode IV ( "+ EBqh28A TrphJjWLH37sj6 ==");
$ = cleartext, with 'A: 2: {S:. 8: "userna';
$ = newiv '';
for ($ I = 0; $ I <16; I ++ $) {
$ $ = newiv newiv.chr (the ord ($ IV [$ I]) ^ the ord ($ ENC [$ I]) ^ the ord ($ cleartext, with [$ I]));
}
echo the base64_encode ($ newiv);
?>
Explanation:
1. ENC = $ EN-after_plain
2. because the sequence of content
a: 2: {S:. 8: "userna
Me "; S:. 5:" admik ";
S:. 8:" password "; S
:. 1:". 1 ";}
so modifying block 13-bit data on two (starting at 0), thus modifying block-13-bit data (AES encryption)
3. modify data calculation:
1. Algorithm
ciphertext XOR plaintext = plain encrypted before xor
encrypted before xor plain XOR plaintext = ciphertext
So for example, to modify enc [23] at a value, the algorithm used is enc [7] ^ "before replacement" ^ "Override"
Note error: direct XOR encryption can not be used, an error from the process point of view it is
e.g. enc [23] ^ "H" is wrong, because the character encrypted original position after changing the XOR
2. About change the obtained after iv
since data can not be obtained resulting in change of the data sequence data of an exclusive oR, it is necessary (except iv i.e. a data block after modification, can not be decoded from Base64 serialized data page is returned after serialized data) are XORed to obtain a new iv
previous arithmetic same
iv the XOR page data returned = encrypted before xor Plain (serialization errors)
Plain the XOR Plain (the normal sequence before encryption after xor a) = new_iv
so get iv algorithm iv ^ wrong_plain ^ plain
supplement: Because encryption and decryption so the relationship was not just wrong character specific location, to be completely XOR