|
@David3141593 | |||||
|
I implemented AES128 in 69 bytes of x86 assembly. (from @OverTheWireCTF challenge 0). Can anyone beat that? :P pic.twitter.com/VD7FUTD8Ii
|
||||||
|
||||||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
(for the pedantic: yes, this assumes bit 7 of AL is 0)
|
||
|
|
||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
For anyone saying "uSinG aEs-Ni iS cHeAtInG":
a) AESKEYGENASSIST only supports round constants as immediate arguments, so every other implementation I saw unrolls the key expansion loop.
b) I tricked a lot of smart CTF players into thinking this was a non-standard AES impl :P
|
||
|
|
||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
c) Explain the round loop exit condition.
d) Make the code smaller :P (I think this is possible, the shuffling stage was kinda optimised for obscurity rather than size)
|
||
|
|
||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
|
||
|
Kristy-Leigh Minehan
@OhGodAGirl
|
27. pro |
|
This is hot. >.>
|
||
|
|
||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
Normally people tell me my code is cursed
|
||
|
|
||
|
Tony “Abolish ICE” Arcieri 🦀
@bascule
|
27. pro |
|
I'm guessing it isn't bitsliced and therefore isn't constant time?
|
||
|
|
||
|
Dаvіd Вucһаnаn
@David3141593
|
27. pro |
|
It uses AES-NI, which should be constant time, I think? That said, I wouldn't use this code for anything important...
|
||
|
|
||
|
iximeow
@iximeow
|
27. pro |
|
(nice)
|
||
|
|
||
|
iximeow
@iximeow
|
27. pro |
|
wow i just realized you need to do the self-modification to make it it, when i first looked at the challenge thought it was just to make it harder for the reader
|
||
|
|
||