When AES (☢) = ☠ - cryptobinary focus

An expert in reverse engineering, Ange Albertini from Corkami, was jokingly asked if it was possible to generate a JPEG picture, which, after being processed with the AES cipher, would again become a valid JPEG. Ange accepted the challenge , and according to the results of the study published a presentation explaining how this is done with different formats.

“You don’t even need to know AES or JPEG, it’s too difficult,” writes Albertini. “We'll just play Lego cubes.”

AES is a block cipher that completely changes the ciphertext as a result of changing at least one byte in the original text. It seems that there is no way to control the contents of the ciphertext.
')
A file of a specific format usually begins with a signature (for JPG, the signature \ xFF or \ xD8 is used), followed by several sections, among which are the necessary sections, but there are optional, followed by a file termination marker. After the marker, you can add arbitrary content (junk).

The block cipher has several modes (CBC, OFB, CFD, etc.), for which the parameter IV is valid, which provides for the selection of external data for use in the encryption process. Although this data is assumed to be random, in practice we can slip such data that fragment A at the beginning of the source text will always turn into fragment B in a ciphertext. Thus, we can control the contents of the first block, that is, the signature of the file format.

We can also use the decrypt function to decrypt arbitrary text. If we need a certain type of ciphertext (a certain picture), then we simply pre-decrypt it with the X key, and then we encrypt the result with the same X key to get the desired text. We will inject this data in junk after the end of file marker.

The action algorithm looks something like this.



Albertini was able to encrypt PDF to PDF and JPG to JPG, PNG to PNG and FLV to FLV, and ZIP to PNG in this way. The relevant examples of files and code see here .