Menu
What is a good way to count up in hex and append the result to the end of a larger hex string? I am trying to format a string to be used in a padding oracle attack. The strings will be concatenated together to form an HTTP request.
I have a two 32 character hex strings. 'g' is a guess, pad is the padding oracle. Basically what I need to do is have the last byte of g count up in hex from 0x00 to 0xff.The code I have so far is:
split = [value[x:x+32] for x in range (0, len(value), 32)] #Split the CT into 16 byte chunks
IV = unhexlify(split[0])
c0 = unhexlify(split[1])
c1 = unhexlify(split[2])
c2 = unhexlify(split[3])
g = unhexlify("00000000000000000000000000000000")
pad = unhexlify("00000000000000000000000000000001")
pad_xor_guess = xorb(g, pad)
c1_prime = xorb(pad_xor_guess, c1)
attack = str(hexlify(c1_prime + c2).decode())
'attack' will be passed into the query method that will append the attack string to the web address. Now the part I am stuck on is that I have to basically send up to 256 HTTP requests to guess one byte of the plaintext. How can I use a for loop to "count up" from 00 to ff, appending the result to g in such a way that it can be xor'd with the pad and the chosen ciphertext block? SO far I have been going down this path, but I am stuck on how to make this work with the hex strings.
for i in range(0, 20):
#g = bytes([i])
print(bytes([i]),end=' ')
#print(g, end=' ')
698
FYI the decimal value 1 is equal to the hex value 0x01 . For example to say 15 + 1 = 16 , that is identical to 0x0f + 0x01 = 0x10 . So you can increment literally any base by adding 1.
The address of a hex dump counts tracks the number of bytes in the data and offsets each line by that number. So the first line starts at offset 0, and the second line represents the number 16, which is how many bytes precede the current line.
Python hex() function is used to convert an integer to a lowercase hexadecimal string prefixed with “0x”. We can also pass an object to hex() function, in that case the object must have __index__() function defined that returns integer.
For given int value, hex function will give you the hex string preceded with 0x, so hex(i)[2:] gives you the hex number itself, zfill will make sure you get two digits for the single digits numbers
for i in range(256):
print(hex(i)[2:].zfill(2))
You might also want to consider making it all caps, since some parsers rely on hex being written in capital letters, so the example will be:
for i in range(256):
print(hex(i)[2:].zfill(2).upper())
And if you just need the full string, you don't need to append them one by one, you can create the string in one go:
hex_str = "".join([hex(i)[2:].zfill(2).upper() for i in range(256)])
I guess you mean something like:
>>> for i in range(256):
print "{:02x}".format(i) # or X for uppercase
00
01
02
...
fd
fe
ff
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
