AES Electronic code book

RootMe Challenge: AES-ECB: Find the password in this file and use it to validate the challenge.

The given ch25.zip attachment contains a file called mylogin.cnf. The .mylogin.cnf file generated by mysql_config_editor does not securely store the password used to log in to the database. It just obfuscates it. The format of the file:

  • 4 Bytes Zero (Version Information)

  • 20 Bytes Key Generation Matter

  • Repeated:

    • 4 Bytes Length information

    • Length bytes crypted matter. The crypt is done using the AES ENCRYPT function, which in itself is insecure: It is an aes-128-ecb with a NULL IV.

The key used by AES 128 needs to be CHAR(16), but the function accepts any string as a key generation matter. It generates the key from the key generation matter by XORing the key generation matter onto itself in a 16 byte loop, starting with a buffer of NULL bytes.

[safelogin]
user = root
password = xxxxxxxxxx
host = localhost