ECB (Electronic Codebook) encrypts each 16-byte block independently with the same key. Identical plaintext blocks produce identical ciphertext blocks — pattern leakage.
# Why ECB is broken — visual proof: # Encrypt a bitmap image with AES-ECB # The Linux penguin (Tux) logo encrypted with ECB still shows the penguin shape # This is called the "ECB Penguin" — patterns in data survive encryption # Block structure: # Plaintext: [BLOCK 1: admin=false][BLOCK 2: user=ram ][BLOCK 3: role=user ] # ECB cipher: [AAA...AAA ][BBB...BBB ][CCC...CCC ] # Identical blocks → identical ciphertext → attacker can copy/swap blocks # Attack: Block Cutting and Pasting # App encrypts: "username=ram&role=user" # In ECB, you can swap the "role=user" block with a block containing "role=admin" # if you can craft input that aligns blocks correctly # Python demonstration: from Crypto.Cipher import AES import os key = os.urandom(16) cipher = AES.new(key, AES.MODE_ECB) msg1 = b"role=user " # 16 bytes exactly msg2 = b"role=admin " # 16 bytes exactly enc1 = cipher.encrypt(msg1) enc2 = cipher.encrypt(msg2) print(enc1.hex()) # different print(enc2.hex()) # different — but now you can splice enc2 into any ECB message # Real exploit: if registration form encrypts username in ECB blocks, # register as "AAAAAAAAAAAAAAAA" + "admin " to get the # ciphertext of the "admin" block alone, then paste it into your profile # DETECTION: # Look for repeated 16-byte blocks in ciphertext — dead giveaway of ECB # Fixed: use AES-CBC or AES-GCM with a random IV