CIS 700, Fall 2014
Homework 3: CBC-mode padding oracle

The web application located at attempts to decrypt the url-encoded string passed into it using 128-bit AES in CBC mode with a fixed key, remove the PKCS 7 padding, and confirm whether the decrypted plaintext corresponds to the location of your next homework assignment. It will throw an error if it encounters any problems in this process.

Your task is to use the technique described in Vaudenay's 2002 paper to recover the plaintext from the above link in order to reach the rest of your homework.

You may use any programming language you like.

Please submit your code and a short description of how you solved the problem along with a PDF of your LaTeXed solutions to the other problems to Canvas before class on September 29. You may discuss this assignment in small groups with classmates, but please code and write up your solutions yourself. Please credit any collaborators you discussed with and any references you used.

For reference, the following Python function will load a url and print the http status code:

import urllib2

def get_status(u):
    req = urllib2.Request(u)
        f = urllib2.urlopen(req)
        print f.code
    except urllib2.HTTPError, e:
        print e.code