Eve The Magician Breaks AES, Again!
Eve The Magician Breaks AES, Again!
And, so, after a long time, Eve The Magician takes to the stage again, and says,
“Today, I will break AES encryption. Do you believe that AES is the best encryption that you can find?”.
The audience replies with a resounding “Yes!!!!”.
“I have Trent in the side wings to make sure that I do everything correct”. Eve introduces Trent to the stage, and who takes a bow. If there’s one person that the audience trust, it’s Trent.
“Well, I will break it tonight, and and change one dollar into two. All I need is some pixie dust, and my magic powers!”
The crowd gasp, and some even faint with surprise. First, she asks Bob to come up to the stage, and announces, “Now Bob, I am going to make one dollar into two. First, write a message as plaintext of ‘Pay Bob 1 dollar’”.
Bob as gulable as ever, does what Eve says. Eve then tells Bob, “Now I want you to encrypt the message with AES encryption and your own password. Don’t show me your password, and I will also not have any access to the encryption key that you use.”
And, so Bob selects a password of “bob123” using using a key derivation of PBKDF2 (just to make it even more difficult for Eve), and ciphers with OpenSSL to give:
echo "Pay Bob 1 dollar" | openssl enc -k bob123 -e -aes-128-ctr -pbkdf2 >ciphertextBob shows his cipher to the audience:
$ xxd ciphertext > data
$ cat data
00000000: 5361 6c74 6564 5f5f f354 1385 819d f1a3 Salted__.T......
00000010: 69fa 816b 3d65 80ed 136e a405 f02e 3307 i..k=e...n....3.
00000020: e6 Now, says Eve, “I want to you to double your money. I see that the number one is eight from the end — ignoring the last byte. So, now I want you to change “136e” to “106e”. Bob is a wiz with vi, and shows this to the audience:
(base) billbuchanan@ASecuritySite ~ % cat data
00000000: 5361 6c74 6564 5f5f f354 1385 819d f1a3 Salted__.T......
00000010: 69fa 816b 3d65 80ed 106e a405 f02e 3307 i..k=e...n....3.
00000020: e6“And, now, Bob. With my magic wand I will wave some pixie dust over the cipher, and you will now have two dollars. So please decrypt, my dear Bob”, says Eve.
Bob decrypts, and the audience gasps with surpise as he reveals:
% xxd -r data > ciphertext
% cat ciphertext
Salted__?T????i??k=e??n??.3?%
% cat ciphertext | openssl enc -k bob123 -d -aes-128-ctr -pbkdf2
Pay Bob 2 dollarEve turns to the audience, and says, “That’s the magic of Eve!”
She bows three times, and vanishes!
The trick
AES CTR as with other AES modes suffers from bit flippling. Here’s a demo:
In this article, I will not break the AES method (as it has yet to be broken), but breach its integrity. This is…billatnapier.medium.com
Here are some other tricks from Eve The Magician: