AES Electronic code book
RootMe Challenge: AES-ECB: Find the password in this file and use it to validate the challenge.
The given ch25.zip attachment contains a file called mylogin.cnf. The .mylogin.cnf file generated by mysql_config_editor does not securely store the password used to log in to the database. It just obfuscates it. The format of the file:
4 Bytes Zero (Version Information)
20 Bytes Key Generation Matter
Repeated:
4 Bytes Length information
Length bytes crypted matter. The crypt is done using the AES ENCRYPT function, which in itself is insecure: It is an aes-128-ecb with a
NULLIV.
The key used by AES 128 needs to be CHAR(16), but the function accepts any string as a key generation matter. It generates the key from the key generation matter by XORing the key generation matter onto itself in a 16 byte loop, starting with a buffer of NULL bytes.
[safelogin]
user = root
password = xxxxxxxxxx
host = localhost