How to crack the AES JavaScript cryto algorithm?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

How to crack the AES JavaScript cryto algorithm?

Post by ghostheadx2 on Mon May 18, 2015 11:33 pm
([msg=88105]see How to crack the AES JavaScript cryto algorithm?[/msg])

So, I need to decrypt the key on this hacking challenge from a hacking game called picoCTF. I downloaded the HTML source code, which included some JS in a <script></script> tag. I managed to find the AES encryption algorithm and some other helpful results through Google:

https://code.google.com/p/crypto-js/

http://stackoverflow.com/questions/14958103/how-to-decrypt-message-with-cryptojs-aes-i-have-a-working-ruby-example

So, I tried adding on an imitation of the guy's code in the forum post to my attempt at getting the key:

Code: Select all
            var key; // Global variable.
           
            // Since the key is generated when the page
            // is loaded, no one will be able to steal it
            // by looking at the source! This must be secure!
            function generateKey() {
                var i = 1;
                var x = 37;
                var n = 5493;
                while (i <= 25) {
                    x = (x * i) % n;
                    i++;
                }
                key = "flag_" + Math.abs(x);
            }
           
            generateKey();
           
            // Encode the message using the 'key'
            function encode() {                                                       
                var input = $("#inputmessage").val();
                var output = CryptoJS.AES.encrypt(input, key);
                $("#outputmessage").val(output);
            } 

         var plainTextArray = CryptoJS.AES.decrypt(
         {
            ciphertext: CryptoJS.enc.Base64.parse(crypttext),
            salt: ""
         },
         CryptoJS.enc.Hex.parse(key),
         {iv: CryptoJS.enc.Base64.parse(iv)}
         );
         
         function hex2a(hex){
         var str = '';
         for (var i = 0; i < hex.length; i += 2)
            str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
         return str;
         }
         console.log(hex2a(plaintextArray.toString()));



What am I doing wrong?

-- Mon May 18, 2015 11:40 pm --

I made it work. Lol. Nvrmind.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests