I was just trying to say that you should test your script/code/tool (that you use to decrypt+verify) with a sample data consisting of a key
with that specific pattern, the plaintext that you are searching for and the encrypted version of the plaintext.
Of course, just for testing if you approach/tool works, you do not need to try with all the 2^32 password candidates, but a very small subset of it (including the correct key) should suffice, just to make sure that your perl/python/C/whatever code works correctly.
... and yes, testing the decrypted data for a substring might work as well (but it shouldn't be too short, it should be at least 3-4 bytes long).
...
something like this might work to get an idea, linux bash shell script and/or perl version (don't blame me for this, it's just a very quickly coded POC, it could be that you might need to change some minor details about AES, padding etc)
with that specific pattern, the plaintext that you are searching for and the encrypted version of the plaintext.
Of course, just for testing if you approach/tool works, you do not need to try with all the 2^32 password candidates, but a very small subset of it (including the correct key) should suffice, just to make sure that your perl/python/C/whatever code works correctly.
... and yes, testing the decrypted data for a substring might work as well (but it shouldn't be too short, it should be at least 3-4 bytes long).
...
something like this might work to get an idea, linux bash shell script and/or perl version (don't blame me for this, it's just a very quickly coded POC, it could be that you might need to change some minor details about AES, padding etc)
Code:
#!/bin/bash
#
# Example (change these lines)
#
# example 1 (key is 7c6801007c6801007c6801007c6801007c6801007c6801007c6801007c680100):
#search_string="teststring"
#ciphertext="\x85\x8a\x32\xec\xea\xb9\x85\xdd\x89\x25\x47\xaa\xf6\x31\xe5\xb0"
# example 2 (key is 0000123400001234000012340000123400001234000012340000123400001234):
search_string="teststring"
ciphertext="\x29\x46\x14\x87\x62\x4a\xd4\x07\xcb\xbb\xb3\x6c\x87\x9c\x1c\xe4"
#
# Start
#
cores=$(grep -c ^processor /proc/cpuinfo)
keyspace=4294967296 # 2^32
part=$((${keyspace} / ${cores}))
offset=0
for i in $(seq 1 ${cores})
do
begin=${offset}
if [ "${i}" -eq ${cores} ]
then
end=${keyspace} # last one!
else
end=$((${offset} + ${part}))
fi
(
#j=${begin}
#while [ ${j} -le ${end} ]
#do
# word=$(printf "%08x" ${j})
# echo -en "${ciphertext}" | openssl enc -d -aes-256-ecb -K ${word}${word}${word}${word}${word}${word}${word}${word} 2>/dev/null | fgrep -q "${search_string}"
# if [ "${?}" -eq 0 ]
# then
# echo "key found: ${word}${word}${word}${word}${word}${word}${word}${word}"
# fi
# j=$((${j} + 1))
#done
perl -MCrypt::Mode::ECB -e "my \$c = Crypt::Mode::ECB->new ('AES'); for (my \$i = ${begin}; \$i <= ${end}; \$i++) { my \$word = sprintf ('%08x', \$i); my \$key = pack ('H*', \$word x 8); my \$out = \$c->decrypt (\"$ciphertext\", \$key); if (\$out =~ m/${search_string}/) { print 'key found: ' . (\$word x 8) . \"\n\"; last; }}"
) &
offset=$((${end} + 1))
done
echo "decrypting..."
for j in $(jobs -p)
do
wait ${j}
done