# ECB

In ECB mode, each block of plaintext is encrypted independently using the same key and encryption algorithm, producing a corresponding block of ciphertext.

The encryption process is deterministic, meaning that <mark style="color:red;">**for a given key and plaintext block, the resulting ciphertext block will always be the same**</mark>.

<figure><img src="https://github.com/Hakumarachi/theCTFRecipe/blob/master/.gitbook/assets/Schema_ecb.png" alt=""><figcaption></figcaption></figure>

## How to detect ECB mode ?

If the user can supply a plaintext that is cipher by the application, then by sending a plaintext of 3 times the block size it's possible to see if ECB is used.

{% hint style="info" %}
As explained before, ECB encrypt each block independently. By sending multiple exact same blocks, the result will be exactly the same for each blocks.
{% endhint %}

Why sending 3 blocks instead of 2 ? It's cause possible misalignment.

```
+------+------+------+------+------+
| aaaa | aaaa | .... | .... | .... | plaintext
+------+------+------+------+------+
       |
       v
+------+------+------+------+------+
| xxxx | xxxx | .... | .... | .... | ciphertext
+------+------+------+------+------+       
```

but if the data is concat with non arbitrary values we can have :

```
+------+------+------+------+------+
| ..aa | aaaa | aa.. | .... | .... | plaintext
+------+------+------+------+------+
          |
          V
+------+------+------+------+------+
| xyza | xxxx | hdxz | .... | .... | ciphertext
+------+------+------+------+------+ 
```

All block are differents. The workaround is to submit a 3 times block size input.

```
       always aligned
+------+------+------+------+------+
| ..aa | aaaa | aaaa | aa.. | .... | plaintext
+------+------+------+------+------+
              |
              V
+------+------+------+------+------+
| xyza | xxxx | xxxx | hdxz  | .... | ciphertext
+------+------+------+------+------+ 
          Duplicated blocks
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.ctfrecipes.com/cryptography/symmetric-cryptography/aes/mode-of-operation/ecb.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.