From e85d43bc50ad023ff0921ae952462dcc0b38ff99 Mon Sep 17 00:00:00 2001
From: Dimitar Rusev <mitikodev@gmail.com>
Date: Sun, 30 Jun 2024 03:51:21 +0300
Subject: [PATCH] Solve challenge 18

---
 src/set2.rs  | 11 ++---------
 src/set3.rs  | 14 +++++++++++---
 src/tests.rs |  2 +-
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/set2.rs b/src/set2.rs
index 6a3441e..3180b1b 100644
--- a/src/set2.rs
+++ b/src/set2.rs
@@ -104,11 +104,7 @@ YnkK";
 
 // vulnerable function
 fn ecb_random(plaintext: &[u8]) -> Vec<u8> {
-    // only for consistency (not actually required to use a seed)
-    let mut rng = rand::rngs::StdRng::from_seed([57; 32]);
-
-    // random key
-    let key = rng.gen();
+    let key = rand::rngs::StdRng::from_seed([57; 32]).gen();
     let suffix = base64_to_raw(SECRET);
 
     let data = {
@@ -158,10 +154,7 @@ where
 fn test_suffix_len_detection() {
     let vuln_fn_generator = |suffix_len: usize| {
         move |plaintext: &[u8]| {
-            let mut rng = rand::rngs::StdRng::from_seed([57; 32]);
-
-            // random key
-            let key = rng.gen();
+            let key = rand::rngs::StdRng::from_seed([57; 32]).gen();
             let suffix = b"A".repeat(suffix_len);
 
             let data = {
diff --git a/src/set3.rs b/src/set3.rs
index 2bcecff..40317f6 100644
--- a/src/set3.rs
+++ b/src/set3.rs
@@ -1,4 +1,4 @@
-use crate::{cbc::*, ecb::*, utils::io::*};
+use crate::{cbc::*, ctr::aes128_ctr_decrypt, ecb::*, utils::{conversions::base64_to_raw, io::*}};
 use lazy_static::lazy_static;
 use rand::{Rng, SeedableRng};
 
@@ -58,7 +58,7 @@ fn crack_last_block(ciphertext: &[u8]) -> Vec<u8> {
                 let idx = n - usize::from(guess_pad) - 16;
                 mutated_ciphertext[idx] ^= 0x01;
                 let is_padded = leak_padding_error(&mutated_ciphertext);
-                mutated_ciphertext[idx] ^= 0x01;
+                mutated_ciphertext[idx] ^= 0x01; // undo xor to restore state
                 !is_padded
             })
             .unwrap();
@@ -98,7 +98,7 @@ fn crack_last_block(ciphertext: &[u8]) -> Vec<u8> {
                     mutated_ciphertext[idx] ^= byte;
                     mutated_ciphertext[idx - 1] ^= 0x01;
                     is_padded = leak_padding_error(&mutated_ciphertext);
-                    mutated_ciphertext[idx - 1] ^= 0x01;
+                    mutated_ciphertext[idx - 1] ^= 0x01; // undo xor to restore state
                     mutated_ciphertext[idx] ^= byte;
                 }
                 is_padded
@@ -136,3 +136,11 @@ fn challange17() {
         assert_eq!(data, &plaintext);
     }
 }
+
+#[test]
+fn challange18() {
+    let ciphertext = base64_to_raw("L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==");
+    let key = b"YELLOW SUBMARINE";
+    let plaintext = aes128_ctr_decrypt(&ciphertext, key, 0, 0);
+    assert!(String::from_utf8_lossy(&plaintext).contains("Ice, Ice, baby"));
+}
diff --git a/src/tests.rs b/src/tests.rs
index dd13d8a..4ce9247 100644
--- a/src/tests.rs
+++ b/src/tests.rs
@@ -86,7 +86,7 @@ fn aes128_ctr_multi_iteration() {
 #[test]
 fn aes128_ctr_multi_decrypt() {
     let key = b"YELLOW SUBMARINE";
-    let data = b"Lorem ipsum dolor sit amet";
+    let data = b"Lorem ipsum dolor sit amet, consectetur adipiscing elit.";
     let (nonce, counter) = (3 << 32, 33);
     let ciphertext = aes128_ctr_encrypt(data, key, nonce, counter);
     assert_eq!(aes128_ctr_decrypt(&ciphertext, key, nonce, counter), data);