Skip to content

Redtropig/AES-CBC-Padding-Oracle-Attack-Interactive-Tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
padding_oracle.py
padding_oracle.py
 
 

Repository files navigation

AES-CBC Padding Oracle Attack Interactive Tool

An interactive command-line tool for performing Padding Oracle Attacks against AES-CBC encrypted ciphertext. This tool generates attack vectors and guides you through the byte-by-byte decryption process.

Overview

A Padding Oracle Attack is a side-channel attack that exploits the padding validation of block ciphers operating in CBC (Cipher Block Chaining) mode. By observing whether decrypted ciphertext has valid padding, an attacker can iteratively reveal the plaintext without knowing the encryption key.

This tool assists in the attack by:

  • Generating 256 attack vectors for each byte position
  • Writing the vectors to files for testing against the target oracle
  • Interactively collecting feedback on which vector produced valid padding
  • Progressively revealing intermediate values and plaintext bytes

Features

  • 🔐 AES-128-CBC Support — Works with 16-byte block size
  • 📦 Multi-block Decryption — Handles ciphertexts of arbitrary length
  • 🧮 Automatic Vector Generation — Creates all 256 test cases per byte
  • 📄 File-based Output — Writes ciphertexts.txt and IVs.txt for easy integration
  • 🖥️ Interactive CLI — Step-by-step guided attack process
  • 📊 Real-time Progress — Displays revealed bytes as ASCII and hex

Requirements

  • Python 3.6+
  • No external dependencies (uses only standard library)

Installation

git clone https://github.com/yourusername/AES-CBC-Padding-Oracle-Attack-Interactive-Tool.git
cd AES-CBC-Padding-Oracle-Attack-Interactive-Tool

Usage

Running the Tool

python padding_oracle.py

Input Format

When prompted, provide:

  • Ciphertext: Hexadecimal string (no spaces), must be a multiple of 16 bytes
  • IV (Initialization Vector): Hexadecimal string, exactly 16 bytes (32 hex characters)

Attack Workflow

  1. Enter the ciphertext and IV in hexadecimal format
  2. For each byte position (right to left, 256 guesses per byte):
    • The tool generates 256 attack vectors
    • Vectors are saved to ciphertexts.txt and IVs.txt
    • Test each vector against the padding oracle
    • Enter the ordinal number (1-256) of the vector that produced valid padding
  3. The tool reveals the intermediate value and plaintext byte
  4. Repeat until all bytes in all blocks are decrypted

Example Session

============================================================
AES-CBC Padding Oracle Attack Helper
============================================================

Enter the ciphertext (hex, no spaces): a1b2c3d4e5f6...
Enter the IV (hex, no spaces): 00112233445566778899aabbccddeeff

Ciphertext has 2 block(s) (32 bytes)

============================================================
Attacking Block 1 of 2
============================================================

--- Attacking byte 1/16 (position 15) ---
Generated 256 attack vectors.

Enter the ordinal number [1, 256] with valid padding: 142

Intermediate byte revealed: 0x8d
Plaintext byte revealed: 0x48 ('H')

Block 1 plaintext so far (hex): 48
Block 1 plaintext so far (ASCII): H

How It Works

Padding Oracle Attack Theory

In AES-CBC mode:

Plaintext[i] = Decrypt(Ciphertext[i]) XOR Ciphertext[i-1]

The attack exploits PKCS#7 padding validation:

  1. Modify the previous ciphertext block to manipulate the decrypted padding
  2. If the oracle indicates valid padding, we can deduce the intermediate value
  3. XOR the intermediate value with the original previous block to get plaintext

Attack Vector Generation

For each byte position, the tool:

  1. Creates a modified previous block with a guess value at the target position
  2. Sets subsequent bytes to produce the expected padding value
  3. Generates all 256 possible guesses (0x00 to 0xFF)

File Output

File Description
ciphertexts.txt 256 lines, each containing the target ciphertext block (hex)
IVs.txt 256 lines, each containing a modified previous block (hex)

Use these files to batch-test against your padding oracle.

Security Disclaimer

⚠️ This tool is intended for educational purposes and authorized security testing only.

  • Only use this tool on systems you own or have explicit permission to test
  • Padding oracle vulnerabilities can exist in production systems — responsible disclosure is essential
  • Understanding this attack helps developers build more secure systems

Technical Details

Parameter Value
Block Size 16 bytes (AES-128)
Padding Scheme PKCS#7
Attack Direction Right-to-left (byte 15 → byte 0)
Vectors per Byte 256

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

This project is licensed under the MIT License — see the LICENSE file for details.

References

Built for learning cryptographic attacks and improving security awareness.

About

An interactive AES-CBC Padding Oracle Attack Helper to calculate & prepare the 256 attack vectors <(ciphertext, IV) pair> for each byte attack round

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages