2

I have an Encryption key which is 32-bits in Hexadecimal format. But I'm only given 22 bits. I have to find the Plaintext. My thought process is to do a brute-force attack and find the other 10 bits. I am also given the Ciphertext. The Encryption used is AES in 128-bit ECB Mode. I am using Python, but I just started learning it so I am not an expert yet.

My approach is to take the 22-bit key and concatenate the other 10 bits, feed that into AES along with the Ciphertext and Decrypt to check if one of the resulting phrases resembles a proper sentence. The only part that I am stuck on is generating the 10 bit Hexadecimal string.

This is the output that I want:

0000000000
0000000001
0000000002
...
000000000F
...
FFFFFFFFFF

What is an approach I could use to do this? I tried making a dictionary and assigning numerical values to all Hexadecimal values but I am stuck on how to write a loop that could give the sequence I want as an output.

ss1111
  • 239
  • 1
  • 9
  • 20
  • 1
    So you want a way to generate strings of length 10 of all possible hexadecimal numbers? – James Nov 17 '16 at 18:15

2 Answers2

6
def gen_all_hex():
    i = 0
    while i < 16**10:
        yield "{:010X}".format(i)
        i += 1

for s in gen_all_hex():
    print(s)

Result:

0000000000
0000000001
0000000002
0000000003
0000000004
0000000005
0000000006
0000000007
0000000008
0000000009
000000000A
000000000B
000000000C
000000000D
000000000E
000000000F
0000000010
0000000011
0000000012
0000000013
0000000014
0000000015
0000000016
0000000017
0000000018
0000000019
000000001A
...

Note that it's going to take a long time to iterate through all 1,099,511,627,776 values.

Kevin
  • 74,910
  • 12
  • 133
  • 166
  • 2
    Addendum: I considered doing `for i in range(16**10):` instead of a while loop, but then it isn't cross-version compatible. You'd get `OverflowError: range() result has too many items` in Python 2.7. – Kevin Nov 17 '16 at 18:18
  • This is exactly what I wanted to do. Could you explain what the "yield "{:010x}".format(i).upper()" does? Because I want to understand what the code is doing before using it. – ss1111 Nov 17 '16 at 21:35
  • Ok. "{:010x}" is a format specifier. When you call `format(i)` on it, it produces a string version of `i` according to the parameters in the specifier. the first 0 means "pad the string with zeroes if it isn't the maximum width". the 10 after that means "the maximum width is 10". The x means "convert this number to hexadecimal". The trailing `upper` call converts the number to upper case. [`yield`](http://stackoverflow.com/questions/231767/what-does-the-yield-keyword-do) takes the value and passes it up into the `for s in gen_all_hex():` scope so we can print it. – Kevin Nov 18 '16 at 13:05
  • In hindsight, the `upper` call isn't strictly necessary if you use `X` instead of `x`... I always forget both options exist. – Kevin Nov 18 '16 at 13:06
5
from itertools import product

print(map(''.join, product('0123456789ABCDEF', repeat=2)))

repeat=2 is for demo purposes, obviously increase that to 10.

For Python 3, if you actually want to see things printed, use list(map(...)).

Output:

['00', '01', '02', '03', '04', '05', '06', '07', '08', '09', '0A', '0B', '0C', '0D', '0E', '0F', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '1A', '1B', '1C', '1D', '1E', '1F', '20', '21', '22', '23', '24', '25', '26', '27', '28', '29', '2A', '2B', '2C', '2D', '2E', '2F', '30', '31', '32', '33', '34', '35', '36', '37', '38', '39', '3A', '3B', '3C', '3D', '3E', '3F', '40', '41', '42', '43', '44', '45', '46', '47', '48', '49', '4A', '4B', '4C', '4D', '4E', '4F', '50', '51', '52', '53', '54', '55', '56', '57', '58', '59', '5A', '5B', '5C', '5D', '5E', '5F', '60', '61', '62', '63', '64', '65', '66', '67', '68', '69', '6A', '6B', '6C', '6D', '6E', '6F', '70', '71', '72', '73', '74', '75', '76', '77', '78', '79', '7A', '7B', '7C', '7D', '7E', '7F', '80', '81', '82', '83', '84', '85', '86', '87', '88', '89', '8A', '8B', '8C', '8D', '8E', '8F', '90', '91', '92', '93', '94', '95', '96', '97', '98', '99', '9A', '9B', '9C', '9D', '9E', '9F', 'A0', 'A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9', 'AA', 'AB', 'AC', 'AD', 'AE', 'AF', 'B0', 'B1', 'B2', 'B3', 'B4', 'B5', 'B6', 'B7', 'B8', 'B9', 'BA', 'BB', 'BC', 'BD', 'BE', 'BF', 'C0', 'C1', 'C2', 'C3', 'C4', 'C5', 'C6', 'C7', 'C8', 'C9', 'CA', 'CB', 'CC', 'CD', 'CE', 'CF', 'D0', 'D1', 'D2', 'D3', 'D4', 'D5', 'D6', 'D7', 'D8', 'D9', 'DA', 'DB', 'DC', 'DD', 'DE', 'DF', 'E0', 'E1', 'E2', 'E3', 'E4', 'E5', 'E6', 'E7', 'E8', 'E9', 'EA', 'EB', 'EC', 'ED', 'EE', 'EF', 'F0', 'F1', 'F2', 'F3', 'F4', 'F5', 'F6', 'F7', 'F8', 'F9', 'FA', 'FB', 'FC', 'FD', 'FE', 'FF']
Alex Hall
  • 34,833
  • 5
  • 57
  • 89