fix wording and typo
This commit is contained in:
aaron
@@ -15,13 +15,14 @@ HTB{4ff1n3_c1ph3r_15_51mpl3_m47h5}
|
|||||||
|
|
||||||
## How to solve
|
## How to solve
|
||||||
|
|
||||||
- It's a known plaintext attack.
|
- The vulnerability is a known plaintext attack.
|
||||||
- The encryption works by applying `(a*byte+b)%n` for each byte of the pdf.
|
- The encryption works by applying `(a*byte+b)%n` for each byte of the pdf.
|
||||||
- Where `a` and `b` remain static during the entire encryption process.
|
- Where `a` and `b` remain static during the entire encryption process.
|
||||||
- The PDFv5 Header is known (`00000000: 2550 4446 2d31 2e35 0a25 e2e3 cfd3 0a37 %PDF-1.5.%.....7`)
|
- The PDFv5 Header is known (`00000000: 2550 4446 2d31 2e35 0a25 e2e3 cfd3 0a37 %PDF-1.5.%.....7`)
|
||||||
|
- From the encryption algorithm the followin constraints can be derived:
|
||||||
- Constraint 1: Factor `a` has to be a number between 1..256 while not sharing a common divisor with 256
|
- Constraint 1: Factor `a` has to be a number between 1..256 while not sharing a common divisor with 256
|
||||||
- Constraitn 2: Factor `b` has to be a number between 1..256
|
- Constraint 2: Factor `b` has to be a number between 1..256
|
||||||
- So it's possible to attack the encryption by iterating and trying to create a pair (a, b) that matches the entire encrypted pdf header.
|
- So it's possible to attack the ciphertext by iterating and trying to create a pair (a, b) that encrypts the pdf5 header bites in such a way that it matches the ciphertext.
|
||||||
|
|
||||||
```python
|
```python
|
||||||
def get_factors(ct:bytes, n:int=256) -> (int, int):
|
def get_factors(ct:bytes, n:int=256) -> (int, int):
|
||||||
|
|||||||
Reference in New Issue
Block a user