The folowing plaintext has been encrypted using an unknown key, with AES-128 CBC:

Original: Pass: sup3r31337. Don’t loose it!

Encrypted: 4f3a0e1791e8c8e5fefe93f50df4d8061fee884bcc5ea90503b6ac1422bda2b2b7e6a975bfc555f44f7dbcc30aa1fd5e

IV: 19a9d10c3b155b55982a54439cb05dce

How would you modify it so that it now decrypts to: “Pass: notAs3cre7. Don’t loose it!”

This challenge does not have a specific flag format.


This is going to be an AES-CBC byte flipping attack.

Just take the IV, XOR the first block of the original plaintext with the first of the target plaintext, and patch the IV.

See the differences?

Pass: sup3r31337
. Don't loose it
Pass: notAs3cre7
. Don't loose it

And here’s the code:

def sxor(s1,s2):    
	# xor strings
    return ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))

iv_h = "19a9d10c3b155b55982a54439cb05dce"
iv = iv_h.decode("hex")
init_string = "Pass: sup3r31337"
target_string = "Pass: notAs3cre7"
patch = sxor(iv, sxor(init_string, target_string))
print patch.encode('hex')