Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /home/novocin/webapps/applied_crypto/public/class13/flag2.php on line 7

l439wJ7k453YS/2z0eXiYQi0DHWeHqk=


Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /home/novocin/webapps/applied_crypto/public/class13/flag2.php on line 7

8p2K3ZrvVRme7FmH1irnb9pM0QqM83Y=


Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /home/novocin/webapps/applied_crypto/public/class13/flag2.php on line 7

wiTL1qZCV0qAPXgxnmfHg+11dNH5bf02


<?php 
  
include("../../secret2.php");
  
assert(strlen($secret) == 32); 
  
define('AES_256_CBC''aes-256-cbc');
  function 
cbcmac($msg$key){
    
$ix="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
    
$ciphertext openssl_encrypt($msgAES_256_CBC$key0$iv);
    return 
substr($ciphertext, -32);
  }
  
print_r("<p>".cbcmac("the 1st message.",$key)."</p>");
  
print_r("<p>".cbcmac("the 2nd message.",$key)."</p>");
  
print_r("<p>".cbcmac("the 1st message.the 2nd message.",$key)."</p>");
  
print_r("<hr>");

  if (isset(
$_GET["msg"]) && isset($_GET["sig"])){
    if (
strlen(urldecode($_GET["msg"])) == 32 && strstr($_GET["msg"], "the 2nd message.")){
        if (
cbcmac(urldecode($_GET["msg"])) == $_GET["sig"]){
            
print_r("<p>".$flag."</p>");
        }
    }
  }

  
highlight_file(__FILE__);
?>