A Bit Flipping Attack is a type of attack where an attacker modifies the ciphertext in such a way that it results in a specific change in the decrypted plaintext. In the case of AES CBC, the attacker can modify specific bits in the ciphertext to flip the corresponding bits in the decrypted plaintext.

How it works ?

In AES CBC, each block of plaintext is XORed with the previous block of ciphertext before being encrypted.

This means that if an attacker modifies a bit in the ciphertext of one block, it will result in the corresponding bit in the decrypted plaintext of the next block being flipped. This is because the modified ciphertext block will be XORed with the next block of plaintext during decryption, resulting in the bit flip.

In order to determine the value to puts as ciphertext to flip to an arbitrary value the following operation can be done :

xor(ciphertext_block, original_data, arbitrary_value)