白盒AES

clev1L Lv3
  2025-05-07 21:37 2025-05-07 21:37 Created   2025-05-07 21:09:11 2025-05-07 21:09:11 Updated  3.3k Words  20 Mins  

aes chow实现将密钥隐藏在了tyibox和tbox,所以求解的时候也是主要获得这两个表就行了

aes chow实现代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#include <stdio.h>
#include <string.h>
typedef unsigned char u8;
typedef unsigned int u32;
static u8 SBOX[16][16] = {
    {0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76},
    {0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0},
    {0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15},
    {0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75},
    {0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84},
    {0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF},
    {0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8},
    {0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2},
    {0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73},
    {0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB},
    {0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79},
    {0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08},
    {0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A},
    {0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E},
    {0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF},
    {0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16}
};
void expandKey(u8 key[16], u32 expandedKey[44]) {
    static u32 rcon[] = {
        0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 
        0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000
    };
    for (int i = 0; i < 4; i++) {
        expandedKey[i] = (key[4 * i] << 24) | (key[4 * i + 1] << 16) | (key[4 * i + 2] << 8) | key[4 * i + 3];
    }
    for (int i = 4; i < 44; i++) {
        u32 temp = expandedKey[i - 1];
        if (i % 4 == 0) {
            temp = (temp << 8) | (temp >> 24);
            temp = SBOX[(temp >> 28) & 0xF][(temp >> 24) & 0xF] << 24 |
                   SBOX[(temp >> 20) & 0xF][(temp >> 16) & 0xF] << 16 |
                   SBOX[(temp >> 12) & 0xF][(temp >> 8) & 0xF] << 8 |
                   SBOX[(temp >> 4) & 0xF][temp & 0xF];
            temp ^= rcon[i / 4 - 1];
        }
        expandedKey[i] = expandedKey[i - 4] ^ temp;
    }
}
u8 gmul(u8 ap, u8 bp) {
    u8 p = 0, a = ap, b = bp;
    while (a != 0 && b != 0) {
        if (b & 1 != 0) p ^= a;
        if ((a & 0x80) != 0)
            a = (a << 1) ^ 0x1b;
        else
            a <<= 1;
        b >>= 1;
    }
    return p & 0xFF;
}
u8 subByte(u8 byte[16]) {
    for (int i = 0; i < 4; i++)
        for (int j = 0; j < 4; j++)
            byte[i * 4 + j] = SBOX[byte[i * 4 + j] >> 4][byte[i * 4 + j] & 0xF];
}
void shiftRows(u8 state[16]) {
    u8 tmp = state[1];
    state[1] = state[5];
    state[5] = state[9];
    state[9] = state[13];
    state[13] = tmp;
    tmp = state[2];
    state[2] = state[10];
    state[10] = tmp;
    tmp = state[6];
    state[6] = state[14];
    state[14] = tmp;
    tmp = state[15];
    state[15] = state[11];
    state[11] = state[7];
    state[7] = state[3];
    state[3] = tmp;
}
void add_round_shiftkey(u8 state[16], u32 expandedKey[4]) {
    for (int i = 0; i < 4; i++)
        for (int j = 0; j < 4; j++)
            state[i * 4 + j] ^= (expandedKey[(j + i) % 4] >> (24 - 8 * j)) & 0xFF;
}
void add_round_key(u8 state[16], u32 expandedKey[4]) {
    for (int i = 0; i < 4; i++)
        for (int j = 0; j < 4; j++)
            state[i * 4 + j] ^= (expandedKey[i] >> (24 - 8 * j)) & 0xFF;
}
void getTbox(u32 expandedKey[44], u8 tbox[10][16][256]) {
    for (int i = 0; i < 10; i++) {
        for (int x = 0; x < 256; x++) {
            u8 state[16] = {x};
            memset(state, x, 16);
            add_round_shiftkey(state, expandedKey + 4 * i);
            subByte(state);
            if (i == 9)
                add_round_key(state, expandedKey + 40);
            for (int z = 0; z < 16; z++)
                tbox[i][z][x] = state[z];
        }
    }
}
void getXorTable(u8 table[16][16]) {
    for (int i = 0; i < 16; i++)
        for (int j = 0; j < 16; j++)
            table[i][j] = i ^ j;
}
void getTyiTable(u8 table[4][256][4]) {
    for (int i = 0; i < 256; i++)
    {
        table[0][i][0] = gmul(i, 0x02);
        table[0][i][1] = gmul(i, 0x03);
        table[0][i][2] = i;
        table[0][i][3] = i;
        table[1][i][0] = i;
        table[1][i][1] = gmul(i, 0x02);
        table[1][i][2] = gmul(i, 0x03);
        table[1][i][3] = i;
        table[2][i][0] = i;
        table[2][i][1] = i;
        table[2][i][2] = gmul(i, 0x02);
        table[2][i][3] = gmul(i, 0x03);
        table[3][i][0] = gmul(i, 0x03);
        table[3][i][1] = i;
        table[3][i][2] = i;
        table[3][i][3] = gmul(i, 0x02);
    }
}
void getTyiBox(u8 tbox[10][16][256], u32 tyibox[9][16][256]) {
    u8 tyitable[4][256][4] = {0};
    getTyiTable(tyitable);
    for (int r = 0; r < 9; r++)
        for (int x = 0; x < 256; x++)
            for (int j = 0; j < 4; j++)
                for (int i = 0; i < 4; i++) {
                    u32 v0 = tyitable[0][tbox[r][j * 4 + i][x]][i];
                    u32 v1 = tyitable[1][tbox[r][j * 4 + i][x]][i];
                    u32 v2 = tyitable[2][tbox[r][j * 4 + i][x]][i];
                    u32 v3 = tyitable[3][tbox[r][j * 4 + i][x]][i];
                    tyibox[r][j * 4 + i][x] = (v0 << 24) | (v1 << 16) | (v2 << 8) | v3;
                }
}

void aes_encrypt_by_table(u8 input[16], u8 key[16]) {
    u32 a, b, c, d, aa, bb, cc, dd;
    u8 result[16] = {0};
    u8 tbox[10][16][256] = {0}, xortable[16][16] = {0};
    u32 expandedKey[44] = {0}, tyibox[9][16][256] = {0};
    expandKey(key, expandedKey);
    getTbox(expandedKey, tbox);
    getTyiBox(tbox, tyibox);
    getXorTable(xortable);

    for (int i = 0; i < 9; i++)
    {
        shiftRows(input);
        for (int j = 0; j < 4; j++)
        {
            a = tyibox[i][4 * j + 0][input[4 * j + 0]];
            b = tyibox[i][4 * j + 1][input[4 * j + 1]];
            c = tyibox[i][4 * j + 2][input[4 * j + 2]];
            d = tyibox[i][4 * j + 3][input[4 * j + 3]];
            aa = xortable[(a >> 28) & 0xf][(b >> 28) & 0xf];
            bb = xortable[(c >> 28) & 0xf][(d >> 28) & 0xf];
            cc = xortable[(a >> 24) & 0xf][(b >> 24) & 0xf];
            dd = xortable[(c >> 24) & 0xf][(d >> 24) & 0xf];
            input[4 * j + 0] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 20) & 0xf][(b >> 20) & 0xf];
            bb = xortable[(c >> 20) & 0xf][(d >> 20) & 0xf];
            cc = xortable[(a >> 16) & 0xf][(b >> 16) & 0xf];
            dd = xortable[(c >> 16) & 0xf][(d >> 16) & 0xf];
            input[4 * j + 1] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 12) & 0xf][(b >> 12) & 0xf];
            bb = xortable[(c >> 12) & 0xf][(d >> 12) & 0xf];
            cc = xortable[(a >> 8) & 0xf][(b >> 8) & 0xf];
            dd = xortable[(c >> 8) & 0xf][(d >> 8) & 0xf];
            input[4 * j + 2] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 4) & 0xf][(b >> 4) & 0xf];
            bb = xortable[(c >> 4) & 0xf][(d >> 4) & 0xf];
            cc = xortable[a & 0xf][b & 0xf];
            dd = xortable[c & 0xf][d & 0xf];
            input[4 * j + 3] = ((aa ^ bb) << 4) | (cc ^ dd);
        }
    }
    shiftRows(input);
    for (int j = 0; j < 16; j++)
    {
        input[j] = tbox[9][j][input[j]];
    }
}

在最后一轮加密开始前构造缺陷数据

实现代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
#include <stdio.h>
#include <string.h>
typedef unsigned char u8;
typedef unsigned int u32;
u8 tbox[10][16][256];
u32 tyibox[9][16][256] = {0};

void getbox(){
    FILE *fp = fopen("tyibox.bin", "rb");
    fread(tyibox, sizeof(tyibox), 1, fp);
    fclose(fp);
    fp = fopen("tbox.bin", "rb");
    fread(tbox, sizeof(tbox), 1, fp);
    fclose(fp);
}

static u8 SBOX[16][16] = {
    {0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76},
    {0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0},
    {0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15},
    {0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75},
    {0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84},
    {0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF},
    {0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8},
    {0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2},
    {0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73},
    {0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB},
    {0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79},
    {0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08},
    {0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A},
    {0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E},
    {0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF},
    {0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16}
};
// void expandKey(u8 key[16], u32 expandedKey[44]) {
//     static u32 rcon[] = {
//         0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 
//         0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000
//     };
//     for (int i = 0; i < 4; i++) {
//         expandedKey[i] = (key[4 * i] << 24) | (key[4 * i + 1] << 16) | (key[4 * i + 2] << 8) | key[4 * i + 3];
//     }
//     for (int i = 4; i < 44; i++) {
//         u32 temp = expandedKey[i - 1];
//         if (i % 4 == 0) {
//             temp = (temp << 8) | (temp >> 24);
//             temp = SBOX[(temp >> 28) & 0xF][(temp >> 24) & 0xF] << 24 |
//                    SBOX[(temp >> 20) & 0xF][(temp >> 16) & 0xF] << 16 |
//                    SBOX[(temp >> 12) & 0xF][(temp >> 8) & 0xF] << 8 |
//                    SBOX[(temp >> 4) & 0xF][temp & 0xF];
//             temp ^= rcon[i / 4 - 1];
//         }
//         expandedKey[i] = expandedKey[i - 4] ^ temp;
//     }
// }
// u8 gmul(u8 ap, u8 bp) {
//     u8 p = 0, a = ap, b = bp;
//     while (a != 0 && b != 0) {
//         if (b & 1 != 0) p ^= a;
//         if ((a & 0x80) != 0)
//             a = (a << 1) ^ 0x1b;
//         else
//             a <<= 1;
//         b >>= 1;
//     }
//     return p & 0xFF;
// }
// u8 subByte(u8 byte[16]) {
//     for (int i = 0; i < 4; i++)
//         for (int j = 0; j < 4; j++)
//             byte[i * 4 + j] = SBOX[byte[i * 4 + j] >> 4][byte[i * 4 + j] & 0xF];
// }
void shiftRows(u8 state[16]) {
    u8 tmp = state[1];
    state[1] = state[5];
    state[5] = state[9];
    state[9] = state[13];
    state[13] = tmp;
    tmp = state[2];
    state[2] = state[10];
    state[10] = tmp;
    tmp = state[6];
    state[6] = state[14];
    state[14] = tmp;
    tmp = state[15];
    state[15] = state[11];
    state[11] = state[7];
    state[7] = state[3];
    state[3] = tmp;
}
// void add_round_shiftkey(u8 state[16], u32 expandedKey[4]) {
//     for (int i = 0; i < 4; i++)
//         for (int j = 0; j < 4; j++)
//             state[i * 4 + j] ^= (expandedKey[(j + i) % 4] >> (24 - 8 * j)) & 0xFF;
// }
// void add_round_key(u8 state[16], u32 expandedKey[4]) {
//     for (int i = 0; i < 4; i++)
//         for (int j = 0; j < 4; j++)
//             state[i * 4 + j] ^= (expandedKey[i] >> (24 - 8 * j)) & 0xFF;
// }
// void getTbox(u32 expandedKey[44], u8 tbox[10][16][256]) {
//     for (int i = 0; i < 10; i++) {
//         for (int x = 0; x < 256; x++) {
//             u8 state[16] = {x};
//             memset(state, x, 16);
//             add_round_shiftkey(state, expandedKey + 4 * i);
//             subByte(state);
//             if (i == 9)
//                 add_round_key(state, expandedKey + 40);
//             for (int z = 0; z < 16; z++)
//                 tbox[i][z][x] = state[z];
//         }
//     }
// }
void getXorTable(u8 table[16][16]) {
    for (int i = 0; i < 16; i++)
        for (int j = 0; j < 16; j++)
            table[i][j] = i ^ j;
}
// void getTyiTable(u8 table[4][256][4]) {
//     for (int i = 0; i < 256; i++)
//     {
//         table[0][i][0] = gmul(i, 0x02);
//         table[0][i][1] = gmul(i, 0x03);
//         table[0][i][2] = i;
//         table[0][i][3] = i;
//         table[1][i][0] = i;
//         table[1][i][1] = gmul(i, 0x02);
//         table[1][i][2] = gmul(i, 0x03);
//         table[1][i][3] = i;
//         table[2][i][0] = i;
//         table[2][i][1] = i;
//         table[2][i][2] = gmul(i, 0x02);
//         table[2][i][3] = gmul(i, 0x03);
//         table[3][i][0] = gmul(i, 0x03);
//         table[3][i][1] = i;
//         table[3][i][2] = i;
//         table[3][i][3] = gmul(i, 0x02);
//     }
// }
// void getTyiBox(u8 tbox[10][16][256], u32 tyibox[9][16][256]) {
//     u8 tyitable[4][256][4] = {0};
//     getTyiTable(tyitable);
//     for (int r = 0; r < 9; r++)
//         for (int x = 0; x < 256; x++)
//             for (int j = 0; j < 4; j++)
//                 for (int i = 0; i < 4; i++) {
//                     u32 v0 = tyitable[0][tbox[r][j * 4 + i][x]][i];
//                     u32 v1 = tyitable[1][tbox[r][j * 4 + i][x]][i];
//                     u32 v2 = tyitable[2][tbox[r][j * 4 + i][x]][i];
//                     u32 v3 = tyitable[3][tbox[r][j * 4 + i][x]][i];
//                     tyibox[r][j * 4 + i][x] = (v0 << 24) | (v1 << 16) | (v2 << 8) | v3;
//                 }
// }

// void writeTboxAndTyiBoxToSeparateFiles(u8 tbox[10][16][256], u32 tyibox[9][16][256]) {
//     // 1. 写入 tbox 到 tbox.bin
//     FILE *tbox_file = fopen("tbox.bin", "wb");
//     if (tbox_file == NULL) {
//         perror("Failed to open tbox.bin");
//         return;
//     }

//     if (fwrite(tbox, sizeof(u8), 10 * 16 * 256, tbox_file) != 10 * 16 * 256) {
//         perror("Failed to write tbox");
//         fclose(tbox_file);
//         return;
//     }
//     fclose(tbox_file);

//     // 2. 写入 tyibox 到 tyibox.bin
//     FILE *tyibox_file = fopen("tyibox.bin", "wb");
//     if (tyibox_file == NULL) {
//         perror("Failed to open tyibox.bin");
//         return;
//     }

//     if (fwrite(tyibox, sizeof(u32), 9 * 16 * 256, tyibox_file) != 9 * 16 * 256) {
//         perror("Failed to write tyibox");
//         fclose(tyibox_file);
//         return;
//     }
//     fclose(tyibox_file);

//     printf("Successfully wrote tbox.bin and tyibox.bin\n");
// }

void aes_encrypt_by_table(u8 input[16], u8 key[16],int whiteip) {
    u32 a, b, c, d, aa, bb, cc, dd;
    u8 result[16] = {0};
    // expandKey(key, expandedKey);
    // getTbox(expandedKey, tbox);
    // getTyiBox(tbox, tyibox);
    // writeTboxAndTyiBoxToSeparateFiles(tbox, tyibox);
    u8  xortable[16][16] = {0};
    getXorTable(xortable);

    for (int i = 0; i < 9; i++)
    {
        if (whiteip!=-1 && i==8) {
            input[whiteip] = 1;
        }
        shiftRows(input);   
        for (int j = 0; j < 4; j++)
        {
            a = tyibox[i][4 * j + 0][input[4 * j + 0]];
            b = tyibox[i][4 * j + 1][input[4 * j + 1]];
            c = tyibox[i][4 * j + 2][input[4 * j + 2]];
            d = tyibox[i][4 * j + 3][input[4 * j + 3]];
            aa = xortable[(a >> 28) & 0xf][(b >> 28) & 0xf];
            bb = xortable[(c >> 28) & 0xf][(d >> 28) & 0xf];
            cc = xortable[(a >> 24) & 0xf][(b >> 24) & 0xf];
            dd = xortable[(c >> 24) & 0xf][(d >> 24) & 0xf];
            input[4 * j + 0] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 20) & 0xf][(b >> 20) & 0xf];
            bb = xortable[(c >> 20) & 0xf][(d >> 20) & 0xf];
            cc = xortable[(a >> 16) & 0xf][(b >> 16) & 0xf];
            dd = xortable[(c >> 16) & 0xf][(d >> 16) & 0xf];
            input[4 * j + 1] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 12) & 0xf][(b >> 12) & 0xf];
            bb = xortable[(c >> 12) & 0xf][(d >> 12) & 0xf];
            cc = xortable[(a >> 8) & 0xf][(b >> 8) & 0xf];
            dd = xortable[(c >> 8) & 0xf][(d >> 8) & 0xf];
            input[4 * j + 2] = ((aa ^ bb) << 4) | (cc ^ dd);
            aa = xortable[(a >> 4) & 0xf][(b >> 4) & 0xf];
            bb = xortable[(c >> 4) & 0xf][(d >> 4) & 0xf];
            cc = xortable[a & 0xf][b & 0xf];
            dd = xortable[c & 0xf][d & 0xf];
            input[4 * j + 3] = ((aa ^ bb) << 4) | (cc ^ dd);
        }
    }
    shiftRows(input);
    for (int j = 0; j < 16; j++)
    {
        input[j] = tbox[9][j][input[j]];
    }
    for(int j=0;j<16;j++){
        printf("%02x",input[j]);
    }
    puts("");
}

int main(){
    getbox();
    for(int i=-1;i<16;i++){
        u8 input[]={49, 50, 51, 52, 49, 50, 51, 52, 49, 50, 51, 52, 49, 50, 51, 52};
        u8 key[]={49, 50, 51, 52, 49, 50, 51, 52, 49, 50, 51, 52, 49, 50, 51, 52};
        aes_encrypt_by_table(input,key,i);
    }
}

得到17组密文,然后用phoenixAES和aeskeyschedule求一下密钥即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import phoenixAES
from aeskeyschedule import *

data = """c4ebba606297fc5984dc75e2e5f70430
aeebba606297fcdf84dcf8e2e5000430
c4ebbae96297c75984cb75e2a6f70430
c4eb9d6062d1fc59fedc75e2e5f7043c
c429ba60c897fc5984dc7524e5f7e430
c4e4ba601797fc5984dc7515e5f71d30
f1ebba606297fc6884dc68e2e51c0430
c4ebbaa462977359840975e2eff70430
c4eb516062cdfc59f7dc75e2e5f70435
c4eb56606257fc593ddc75e2e5f704f4
c430ba606b97fc5984dc75f7e5f7b630
a9ebba606297fcf084dc98e2e59a0430
c4ebbae26297fb59844275e23bf70430
c4ebbad662970359842075e2c8f70430
c4eb346062a7fc599bdc75e2e5f704e5
c467ba600697fc5984dc7504e5f76b30
77ebba606297fc7884dcace2e5700430"""

with open('crackfile', 'w') as fp:
    fp.write(data)

ret=phoenixAES.crack_file('crackfile', [], True, False, verbose=0)


base_key = reverse_key_schedule(bytes.fromhex(ret),10)
print(base_key)
  • Title: 白盒AES
  • Author: clev1L
  • Created at : 2025-05-07 21:00:37
  • Updated at : 2025-05-07 21:09:11
  • Link: https://github.com/clev1l/2025/05/07/白盒AES/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments
On this page
白盒AES