Could you help me with the decryption?

#$!/$usr$/$bin$/$python$3$

# Run me like this:

# $ python$3$ padding$\_$oracle.py "WEBSITE" $"5$a$7793$d$3..."$

# or select "Padding Oracle" from the VS Code debugger

import json

import sys

import time

from typing import Union, Dict, List

import requests

# Create one session for each oracle request to share. This allows the

# underlying connection to be re$-$used, which speeds up subsequent requests!

s $=$ requests.session$()$

def oracle$($url: str$,$ messages: List$[$bytes$])->$ List$[$Dict$[$str$,$ str$]]$:

while True:

try:

r $=$ s$.$post$($url$,$ data$=\{"$message$"$: $[$m$.$hex$()$ for m in messages$]\})$

r$.$raise$\_$for$\_$status$()$

return r$.$json$()$

# Under heavy server load, your request might time out. If this happens,

# the function will automatically retry in $10$ seconds for you.

except requests.exceptions.RequestException as e:

sys$.$stderr.write$($str$($e$))$

sys$.$stderr.write$("$

Retrying in $10$ seconds...

$")$

time.sleep$(10)$

continue

except json.JSONDecodeError as e:

sys$.$stderr.write$("$It$\text{'}$s possible that the oracle server is overloaded right now, or that provided URL is wrong.

$")$

sys$.$stderr.write$("$If this keeps happening, check the URL. Perhaps your uniqname is not set.

$")$

sys$.$stderr.write$("$Retrying in $10$ seconds...

$")$

time.sleep$(10)$

continue

def main$()$:

if len$($sys$.$argv$)!=3$:

print$($f$"$usage: $\{$sys$.$argv$[0]\}$ ORACLE$\_$URL CIPHERTEXT$\_$HEX", file$=$sys$.$stderr$)$

sys$.$exit$(-1)$

oracle$\_$url, message $=$ sys$.$argv$[1],$ bytes.fromhex$($sys$.$argv$[2])$

if oracle$($oracle$\_$url, $[$message$])[0]["$status$"]!=$ "valid":

print$("$Message invalid", file$=$sys$.$stderr$)$

#

# TODO: Decrypt the message

#

decrypted $=$ "TODO"

print$($decrypted$)$

if $\_\_$name$\_\_==\text{'}\_\_$main$\_\_\text{'}$:

main$()$

Here is some Python code representing what we suspect the server does when the $/$verify

endpoint is accessed:

from Crypto.Cipher import AES

from Crypto.Hash import HMAC, SHA$256$

from Crypto.Random import get$\_$random$\_$bytes

def pad$($message$)$:

n $=$ AES.block$\_$size $-$ len$($message$)\%$ AES.block$\_$size

if n $==0$: n $=$ AES.block$\_$size

return message $+$ bytes$([$n$]*$n$)$

def unpad$($message$)$:

n $=$ message$[-1]$

if n $<1$ or n $>$ AES.block$\_$size or message$[-$n:$]!=$ bytes$([$n$]*$n$)$:

raise Exception$(\text{'}$invalid$\_$padding'$)$

return message$[$:$-$n$]$

def encrypt$($message$,$ key$)$:

iv $=$ get$\_$random$\_$bytes$($AES$.$block$\_$size$)$

cipher $=$ AES.new$($key$,$ AES.MODE$\_$CBC$,$ iv$)$

return iv $+$ cipher.encrypt$($pad$($message$))$

def decrypt$($ciphertext$,$ key$)$:

if len$($ciphertext$)\%$ AES.block$\_$size: raise Exception$(\text{'}$invalid$\_$len'$)$

if len$($ciphertext$)<2*$AES$.$block$\_$size: raise Exception$(\text{'}$invalid$\_$iv$\text{'})$

iv $=$ ciphertext$[$:AES.block$\_$size$]$

cipher $=$ AES.new$($key$,$ AES.MODE$\_$CBC$,$ iv$)$

return unpad$($cipher$.$decrypt$($ciphertext$[$AES$.$block$\_$size:$]))$

Page $3$

def hmac$($message$,$ mac$\_$key$)$:

h $=$ HMAC.new$($mac$\_$key, digestmod$=$SHA$256)$

h$.$update$($message$)$

return h$.$digest$()$

def verify$($message$,$ mac, mac$\_$key$)$:

if mac $!=$ hmac$($message$,$ mac$\_$key$)$:

raise Exception$(\text{'}$invalid$\_$mac'$)$

def macThenEncrypt$($message$,$ key, mac$\_$key$)$:

return encrypt$($message $+$ hmac$($message$,$ mac$\_$key$),$ key$)$

def decryptThenVerify$($ciphertext$,$ key, mac$\_$key$)$:

plaintext $=$ decrypt$($ciphertext$,$ key$)$

message, mac $=$ plaintext$[$:$-$SHA$256.$digest$\_$size$],$

plaintext$[-$SHA$256.$digest$\_$size:$]$

verify$($message$,$ mac, mac$\_$key$)$

return message

@app.route$(\text{'}/$verify$\text{'},$ methods$=[\text{'}$POST$\text{'}])$

def dec$\_$oracle$\_$route$()$:

ciphertext $=$ bytes.fromhex$($request$.$form$[\text{'}$message$\text{'}])$

try:

decryptThenVerify$($ciphertext$,$ KEY, MAC$\_$KEY$)$

except$($e$)$:

return $\{\text{'}$status$\text{'}$: e$\}$

return $\{\text{'}$status$\text{'}$: 'valid'$\}$

Hint: The real verify endpoint is a bit more powerful. It can accept multiple message

arguments, in which case it returns the results as a JSON array, in the same order as the

arguments. See the oracle function in the starter code for more details.