-1

I'm trying to implement the padding oracle attack in DES. My understanding of the CBC decryption process (or at least what I was told in class) is this:

Say our cipher text is only two blocks, C0 and C1. The decryption process is then C0 XORed with C1, and then decrypted. Following that, the oracle checks the padding and returns either True or False.

My question is around the XOR, i'm not understanding how to XOR two string values in python (i'm very new to everything about this).

So if i have the values:

C0 = 'f20bdba6ff29eed7'
C1 = '58b1ffb4210a580'

How do i go about XORing the two so i can see if the oracle is returning the correct value or not?

EDIT: I've tried the code in: how to do bitwise exclusive or of two strings in python?

But i get a weird looking output, which is why i posted a separate question. Any help would be appreciated thanks

Terminal Output

Community
  • 1
  • 1
Ghazal
  • 101
  • 2
  • 13
  • 1
    Possible duplicate of [how to do bitwise exclusive or of two strings in python?](http://stackoverflow.com/questions/2612720/) or [how-to-xor-binary-with-python](http://stackoverflow.com/questions/19414093/) or [is-it-possible-to-do-bitwise-operations-on-a-string-in-python](http://stackoverflow.com/questions/6279134/) or [bitwise-xor-of-hex-numbers-in-python](http://stackoverflow.com/questions/11119632/) or [how-to-xor-two-strings-that-contain-hex-numbers-in-python](http://stackoverflow.com/questions/17388004/) – TessellatingHeckler Sep 26 '16 at 17:12

1 Answers1

1

Looking at the string, it looks like it is string of hex numbers. Firstly convert it to int, perform XOR and re-convert it to hex as:

>>> C0 = 'f20bdba6ff29eed7'
>>> C1 = '58b1ffb4210a580'
>>> str(hex(int(C0,16) ^ int(C1,16)))[2:]
'f780c45dbd394b57L'

I am not sure what Oracle Padding Attack is, but it is the way to perform XOR.

Moinuddin Quadri
  • 46,825
  • 13
  • 96
  • 126