In this exercise you will use CyberChef to experiment with simple symmetric encryption and decryption operations involving the AES cipher.
Run CyberChef in your browser. At the bottom of the UI, make sure that the ‘Auto Bake’ checkbox is ticked.
In the Operations menu on the left of the CyberChef UI, click on the ‘Encryption / Encoding’ menu item to open up a submenu listing a large number of cryptographic operations. Find the ‘AES Encrypt’ operation and hover the cursor over it to read the description. Then click and drag the operation onto the Recipe panel.
Use the dropdown boxes to the right of the Key and IV input fields to set the key and IV format to Hex. Then set both the key and IV to the following string of 32 hex digits1:
Set the cipher mode to CBC, then set the input and output formats to Raw.
Examine the contents of the file
message.txt in your
browser, or download the file and open it in a text editor. Copy
the entire contents of this text file and paste them into the Input panel
of CyberChef. The Output panel will update to show the ciphertext
generated by AES. You can see clearly that the original plaintext input
has been thoroughly scrambled by the cipher.
Compare the length of the ciphertext with the length of the plaintext. (Lengths are reported next to the buttons on the Input and Output panels.) You should see that the ciphertext is longer – due to the need to pad out the input to a multiple of the cipher block size (which is 16 bytes for AES).
Now try decrypting to recover the original plaintext. Find ‘AES Decrypt’ in the ‘Encryption / Encoding’ submenu. Click and drag this operation onto the Recipe panel, below the encryption operation. Set all the decryption parameters to the same values that were used for encryption. If you compare the Input and Output panel contents, you should see that they are identical.
Remove the ‘AES Decrypt’ operation by dragging it off the Recipe panel. Then click the trashcan icon above the Input panel, to remove the current input and output.
Examine the contents of the file
x.txt in your browser, or
download the file and open it in a text editor. This file contains
a lengthy sequence of the same character, ‘x’. Paste the contents of
the file into the Input panel.
Examine the ciphertext in the Output panel, then change the cipher mode from CBC to ECB. Notice the pattern that appears. In ECB mode, the repeating blocks of plaintext have become repeating blocks of ciphertext. The persistence of this repetition leaks information to an attacker, which might help them to break the encryption.
Change the cipher mode from ECB back to CBC mode and the pattern will disappear. In CBC mode, repetition in the plaintext does not lead to a corresponding repetition in the ciphertext, because each block of plaintext is XORed with the previous block of ciphertext before being fed to the cipher.
As noted above, in CBC mode, the results of encrypting the current block of plaintext depend in part on the previous block of ciphertext. This causes a problem when encrypting the first block of plaintext, for which there will be no previous block of ciphertext. The initialization vector (IV) plays the role of the previous block of ciphertext when encrypting the first block of plaintext.
Drag the ‘AES Decrypt’ operation back onto the Recipe panel and set all
of its parameters to be the same as ‘AES Encrypt’. Then paste the
message.txt into the Input panel. An exact copy of the
message should appear in the Output panel.
Now alter the value of the IV in the ‘AES Decrypt’ operation, changing
the first two bytes from
2222. Observe the effect on the
Change the remaining bytes of the IV so they all have the value
How much of the original message is now unintelligible?
Finally, change the IV back to its original value of all zeroes, then
change the first two bytes of the cipher key from
again, observe the effect on the Output panel.
Failing to use the correct IV has only a limited impact on our ability to decrypt a message; failing to use the correct key, on the other hand, leads to the complete failure of decryption.
32 hex digits = 16 bytes = 128 bits.
All bits of the key and the IV are set to zero here, for the purposes of experimentation, but in practical applications involving AES they would both have random values. ↩︎