{"id":35286413,"url":"https://github.com/johndoe31415/padding-oracle-helper","last_synced_at":"2026-04-08T15:31:14.159Z","repository":{"id":74119519,"uuid":"452701297","full_name":"johndoe31415/padding-oracle-helper","owner":"johndoe31415","description":"PKCS#7 CBC padding oracle command line interface helper","archived":false,"fork":false,"pushed_at":"2024-10-21T12:59:07.000Z","size":20,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-21T20:17:12.569Z","etag":null,"topics":["cbc","cryptography","education","oracle","padding"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/johndoe31415.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-27T13:51:07.000Z","updated_at":"2024-10-21T12:59:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"5a66e504-1050-447c-b26a-50a1a936cc75","html_url":"https://github.com/johndoe31415/padding-oracle-helper","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/johndoe31415/padding-oracle-helper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johndoe31415%2Fpadding-oracle-helper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johndoe31415%2Fpadding-oracle-helper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johndoe31415%2Fpadding-oracle-helper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johndoe31415%2Fpadding-oracle-helper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/johndoe31415","download_url":"https://codeload.github.com/johndoe31415/padding-oracle-helper/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johndoe31415%2Fpadding-oracle-helper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31562685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cbc","cryptography","education","oracle","padding"],"created_at":"2025-12-30T15:32:23.571Z","updated_at":"2026-04-08T15:31:14.134Z","avatar_url":"https://github.com/johndoe31415.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# padding-oracle-helper\nThis is a small command line utility that is intended to allow people to study\nthe behavior of a PKCS#7 CBC padding oracle \"by hand\". Consider two blocks Q\nand C, where Q is the IV for a CBC-encrypted ciphertext block C. Then Q can be\ngiven on the command line and the CLI will output if the PKCS#7 padding is\ncorrect.\n\nIt also supports bruteforcing of nibbles until a valid padding is found by\nusing the 'x' character within the Q block. Examples:\n\n```\n$ ./padding_ora_cli 00000000000000000000000000000000\n$ ./padding_ora_cli -vv 00000000000000000000000000000000\nInvalid padding at Q: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n               Q ^ P: 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 73 21\n\nFound 0 valid padding(s) and 1 invalid padding(s).\n```\n\nYou'll see that this Q block did not result in valid padding after decryption.\nLet's brute force the last byte:\n\n```\n$ ./padding_ora_cli 000000000000000000000000000000xx\nSuccessful padding at Q: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20\n                  Q ^ P: 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 73 01\n\nFound 1 valid padding(s) and 255 invalid padding(s).\n```\n\nYou'll see that if the last byte of Q is 0x20, the padding will be correct. We\nalso see what would be typically hidden from us: The actual Q ^ P on the\nserver, indicating that we actually found a padding of \"01\". We can also ask\nthe tool to infer the plaintext:\n\n```\n$ ./padding_ora_cli -v 000000000000000000000000000000xx\nSuccessful padding at Q: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20\n                  Q ^ P: 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 73 01\n                   D(C): 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 73 21\n\nFound 1 valid padding(s) and 255 invalid padding(s).\n```\n\nThe last byte of the plaintext therefore is 0x21. Let's manually set it to two:\n\n```\n$ python3 -c 'print(hex(0x21^0x02))'\n0x23\n$ ./padding_ora_cli -v 00000000000000000000000000000023\n```\n\nObviously, this again is a broken padding, because now Q^P ends in \"73 02\".\nLet's brute force the second to last byte:\n\n```\n$ ./padding_ora_cli -v 0000000000000000000000000000xx23\nSuccessful padding at Q: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71 23\n                  Q ^ P: 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 02 02\n                   D(C): 49 74 20 72 65 61 6c 6c 79 20 77 6f 72 6b 73 21\n\nFound 1 valid padding(s) and 255 invalid padding(s).\n```\n\nAnd so on and so on.\n\n## More challenging ciphertexts\nWith the default key (all 0), try this ciphertext: `8b 85 b4 13 d5 d8 e5 41 a6 bc 34 5a 56 0c 32 b9`\n\nTo check your effectiveness of validating/confirming that you've found the\ncorrect byte by inverting the byte before, use this block:\n`64 66 70 2e 1d c0 96 ed 77 34 77 9c 83 55 56 02`\n\nYou can simply do this by using the `-C` command line option.\n\n## License\nGNU GPL-3.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohndoe31415%2Fpadding-oracle-helper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjohndoe31415%2Fpadding-oracle-helper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohndoe31415%2Fpadding-oracle-helper/lists"}