拿 https://aes.cryptohack.org/ecb_oracle 这道题来做示范。
由于这个链接的本地服务器在外国,因此我们很容易就会连接超时。
如下一个脚本:
import requests
from tqdm import *
from Crypto.Util.number import *
known = b''
for i in range(31, 0, -1):
text = hex(bytes_to_long(b'0' * i))[2:]
result = s.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{text}')
t1 = result.json()["ciphertext"]
print(t1)
for j in range(0x31, 0x80):
n = b'0' * i + known + long_to_bytes(j)
text = hex(bytes_to_long(n))[2:]
# print(text)
guess = s.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{text}')
t2 = guess.json()["ciphertext"]
print(t2)
if t1[32:64] == t2[32:64]:
known += long_to_bytes(j)
print(known)
break
if known[len(known) - 1] == b'}':
break
print(known)
我们可以通过修改 requests 参数来修改重连次数,超时时间。
# 修改最大重连次数
requests.adapters.DEFAULT_RETRIES = 100000
# 新建一个容器
s = requests.Session()
# 将 timeout 变量中连接超时时间和接收超时时间改变(默认为10)
s.timeout = (1000.0, 1000.0)
于是下面这份代码就可以较为稳定的连接了。
import requests
from tqdm import *
from Crypto.Util.number import *
known = b''
requests.adapters.DEFAULT_RETRIES = 100000
s = requests.Session()
s.timeout = (1000.0, 1000.0)
for i in range(31, 0, -1):
text = hex(bytes_to_long(b'0' * i))[2:]
result = s.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{text}')
t1 = result.json()["ciphertext"]
print(t1)
for j in range(0x31, 0x80):
n = b'0' * i + known + long_to_bytes(j)
text = hex(bytes_to_long(n))[2:]
# print(text)
guess = s.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{text}')
t2 = guess.json()["ciphertext"]
print(t2)
if t1[32:64] == t2[32:64]:
known += long_to_bytes(j)
print(known)
break
if known[len(known) - 1] == b'}':
break
print(known)
# crypto{p3n6u1n5_h473_3cb}