CBC Padding Attack

CBC is one of the best modes of operation for block ciphers, but even leaking a tiny amount of information is enough to completely undermine its security.


Discuss The Problem

You've intercepted some cipher text being sent to a server:

c6574d8a54c952a7f298673ee7063c16ecf5f6d6405e2ad74254ff211635e390
It consists of a 128 bit random IV prepended to a 128 bit block of cipher text. The encryption scheme being used is CBC, and luckily the server will return a 500 error if it's sent a message that has invalid PKCS7 padding when decrypted. Recover and submit the ASCII message (strip any PKCS7 padding).

The Server

To send a message to the server, send it to the URL http://id0-rsa.pub/problem/cbc_padding_oracle/[message]. The message should be encoded as lower-case hex as shown above.