From c6d2859dd229d6ad058440feac910b9905a761d7 Mon Sep 17 00:00:00 2001
From: cyfraeviolae <cyfraeviolae>
Date: Sun, 28 Aug 2022 02:32:00 -0400
Subject: k1 for ffff, diagrams int ext

---
 aesgcmanalysis.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'aesgcmanalysis.py')

diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py
index 13bfca3..b73960e 100644
--- a/aesgcmanalysis.py
+++ b/aesgcmanalysis.py
@@ -828,25 +828,22 @@ def key_search(nonce, init_bytes1, init_bytes2):
 
 def att_merge_jpg_bmp(jpg, bmp, aad):
     # Precomputed with key_search; works for any files
-    k1 = unhexlify('5c3cb198432b0903e58de9c9647bd241')
-    k2 = unhexlify('df923ae8976230008a081d23205d7a4f')
+    k1 = unhexlify('8007941455b5af579bb12fff92ef31a3')
+    k2 = unhexlify('14ef746e8b1792e52b1d22ef124fae97')
     nonce = b'JORGELBORGES'
 
-    total_len = 6 + (0xff<<8) + 0xff + len(jpg)
+    total_len = 6 + (0xffff) + len(jpg) + 0xff # get some extra
     jpgstream, _ = gcm_encrypt(k1, nonce, aad, b'\x00'*total_len)
     bmpstream, _ = gcm_encrypt(k2, nonce, aad, b'\x00'*total_len)
 
-    # 5 bytes
-    r = xor(jpgstream, b'\xff\xd8\xff\xfe\xff')
-
-    # 1 byte
-    r += bmpstream[5:6]
+    # 6 bytes
+    r = xor(jpgstream, b'\xff\xd8\xff\xfe\xff\xff')
 
     # len(bmp) bytes
     bmpenc = xor(bmp[6:], bmpstream[6:6+len(bmp)])
     r += bmpenc
 
-    comlen = (0xff << 8) + (jpgstream[5] ^ bmpstream[5])
+    comlen = 0xffff
 
     # finish comment with padding
     r += b'\x00'*(comlen - len(bmpenc))
-- 
cgit v1.2.3