Description
We have access to a server that encrypts random messages using the AES algorithm. Since this server has been used to encrypt important messages, we want to recover its encryption key. Our expert in fault attacks has developed a system to inject faults into the internal state of AES. Unfortunately, the secure chip performing the encryption has a redundant implementation of AES and we are able to fault only a single instance at a time, as shown in the following diagram:
Msg
|
+----+----+
| |
v v
+---+ +---+
|AES| |AES|<--Fault
+---+ +---+
| |
| +-----+ |
+-| ==? |-+
+-----+
|
v
Res
In fact, the faults are detected. Nevertheless, our expert is formal: it should be possible to find the key using a SIFA attack (for Statistically Ineffective Fault Attack). He has implemented an interface that allows to target precisely which byte of the internal state of the AES to fault when the server is asked to encrypt a message according to the following indexing:
+--+--+--+--+
| 0| 4| 8|12|
+--+--+--+--+
| 1| 5| 9|13|
+--+--+--+--+
| 2| 6|10|14|
+--+--+--+--+
| 3| 7|11|15|
+--+--+--+--+
However, he informs us that it is not possible to obtain more than 200 ciphertexts. Finally, the expert warns you that such an attack may require several hours of computations.
Your goal is to decrypt the message that the server sends when we initiate a connexion.
Files
Author
Challenge Instructions
- First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2022-hardware-not-so-secure-aes/docker-compose.public.yml -o docker-compose.yml - Launch the challenge by executing in the same folder:
docker compose up - Then, in another console, access the challenge with Netcat:
nc localhost 4000
In case you encounter problems, please consult the FAQ.
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.