PadDown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.

• Using PadDown is as easy as implementing PadChecker class containing the hasValidPadding(...) method retuning a bool. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation return True if you receive no padding error and False otherwise.

• Now you are ready to instatiate the DecryptEngine(...) class, and start decrypting your ciphertext.

Examples can be found in the PadDown/examples directory.

The project can be setup with

python3 -m venv .venv
.venv/bin/activate
pip install -r requirements/dev.txt

We are open to pull requests.

We use black, flake8 and isort for linting, and implement unit testing using pytest. A pre-commit configuration file has been added, for checking against these linters before comitting.

Please squash all commits before submitting a pull request.

To run the unittests, simply run pytest.