Fun with AES-128. Example Encryption with AES Trainer

The other advantage of having a VB tool is being able to single-step every individual operation of every round and inspect the variables in a nice, cushy IDE. So if you’d like to validate your own implementation, or are crazy like us and would like to try to do at least one encrypt/decrypt round by hand with pencil and paper – you have the “solution manual” right here. Or, if you just want to rip our tables for your own code – go ahead, but please include a link to this here article to expand your user’s minds.
The procedure used essentially follows FIPS197, but will be outlined here for completeness.

  1. Get Input and Key. This consists of fetching the Input (either cleartext or ciphertext depending on enc/dec) and key. Since we allow the user to input either, this section also processes the input into actual bytes and stuffs them into the working array: expkey(0-F) (expanded key) or state(0-F) for clear/ciphertext. Any short data is padded with 0′s at this time, and whichever input (txt/hex) the user did NOT use is now updated with the input the user did use.
  2. Expand Key. This is actually done before the above process, but since the textbox processing and padding for the key is so very similar to the processing and padding of the input data, it is easier to explain it in this order. Expanding the key generates a table of 11 subkeys from the user’s single input key. This table of 11 subkeys is implemented as a 176 byte array. The first 16 bytes of the table are literally, the user’s input. The next 160 bytes (ten, 16-byte keys) are expanded by simple lookups in the rcon (round constant) table and chaining XOR’s. By chaining, we mean a sliding xor where dword N is xor’d with dword N-16 (same position, previous row in the key table).
  3. Initial Round. The Initial Round is a short one – just xor the input data (eg. cleartext, the “state”) with the first key. When decrypting, it’s the last key as we are working backward through the rounds.
  4. Ten AES Rounds. Next, we repeat ten iterations of an encryption round consisting of:
    1. SubBytes - Substitute Bytes, implemented as an S-box lookup.
    2. ShiftRows - Simple byte order swapping for fun and entropy.
    3. MixColumns - The “Nonlinear Transform”. If you’re wondering why AES is hard to factor, it’s because of this bitch. Implemented as xors of the lookup tables of the Galois Multiplies.
    4. AddRoundKey - A simple Xor of one of the subkeys with the output of MixColumns and the round is done.

It’s actually very starightforward and simple to understand. Feel free to single-step the code if you need clarity in any individual section. It’s kind of nice to do, as you can feel close to the bytes and daydream about whether a mux or a LUT would be better here as the data passes you by.

One thing that we took out as it was never finished was the second implementation using T-boxes. T-boxes are bigger, precomputed tables consisting of the combination of the action of SubBytes, ShiftRows, and Mixcolumns. Using T-boxes reduces the entire algorithm to table lookups and xors. Maybe someday we’ll finish the T-box computing routine and build a new trainer for a T-box implementation.

Now before we upload the source and executable, we’d like to present you with a small puzzle to test your haxoring skills. When the program starts up, the ASCII ciphertext box is pre-loaded with a little secret phrase you’ll have to decode. The key and cleartext have obviously been removed. There are a few ways to solve this puzzle:

  1. Bribe Us. Not sure why it would be worth it, but bribing might get you the key.
  2. Get Lucky. Try a bunch of keys, maybe one would work. Luck is cool, but not terribly dependable.
  3. Brute Force. A gargantuan effort that would require an obscene amount of logic gates or time. Totally awesome and you’d be famous if you could do it fast, but probably overkill for this puzzle.
  4. Use Your Brain. Waaaah-waaaah, you knew it was going to be something like this. For those who choose to become familiar with the algorithm, and are even willing to do a little pencil and paper math, we will provide a hint. We really should have made it harder, but hell – you’re not getting anything but rep for solving it.


Screenshot of Openschemes AES puzzle clue
Fig 2 – Openschemes AES Challenge Hint


So there’s your hint. Once you’ve solved the challenge, post a comment with your answer and anything else you want to say. If you’re right, we will delete the answer and replace it with something like: {I’m the winner of the Openschemes AES Challenge}, or {I’m the 2nd winner of the Openschemes AES Challenge} so as not to give away the answer for future newbies that may want to play.

We’ll accept any number of winners, so go ahead and post your answer even if you come across this webpage ten years after this original publication. Hope you have some fun with it, and it increases the neural connections in your brain by at least 1.

Here’s the link to the long-awaited VB6 Source Code and Executable for the Openschemes AES-128 Trainer tool. Let us know if you find any bugs or errors, or you make improvements. Enjoy!


This entry was posted in Miscellaneous. Bookmark the permalink.

7 Responses to "Fun with AES-128. Example Encryption with AES Trainer"

Leave a reply