Cracking AES (With Weak Keys) with CrypTool 2

What you need


To crack AES, when given partial information about the key. If the key is truly random and unknown, there is no known way to crack AES.

Getting CrypTool 2

On your Windows machine, in a Web browser, go to

On the right side, in the "FREE DOWNLOADS" section, click "CrypTool 2".

Download and install the latest stable version. When I did it, that version was Stable Build 6222.1.

Using the Wizard to Crack AES

Open CrypTool 2, as shown below.

On the left side, in the "Main Functions" section, click the Wand icon labelled "Use the wizard...", as shown below.

In the "TASK SELECTION" screen, on the left side, click Cryptanalysis. Then click Next.

In the "AGE SELECTION" screen, click "Modern Encryption" and click Next.

In the "TYPE SELECTION" screen, click "Symmetric Encryption" and click Next.

In the "ALGORITHM SELECTION" screen, select AES, and click Next.

In the next screen, accept the default selection of "Ciphertext-Only" and click Next.

In the "AES - CIPHERTEXT-ONLY ANALYSIS" screen, some example ciphertext appears, as shown below.

Notice the "Keypattern"--most of the key is known. Only the portion shown as "*" is unknown. This is the weakness that makes the attack possible. There are six asterisks, and each is a hexadecimal character, so there are only 16^6 = 16.8 million possible keys.

Notice that there is no setting for Language. This attack will use simple entropy--encrypted text is more chaotic than text in a language.

Also note the "Chaining Mode" option. The simplest is ECB--the others are more secure. For now, accept the default of ECB.

Click Next. The progress screen is very small and difficult to see, but I was able to expand it as shown below, and it is obvious how it works. It's testing about 500,000 keys per second, and the attack requires about 33 seconds, so it's testing all 16.8 million possible keys. It chooses the result with the lowest entropy, which is shown in the "Value" column. The correct cleartext has entropy 4.2, and all the others have entropy of 5.2 or larger.

It works, finding the cleartext, which is in German, as shown below.

Challenge 1

Decrypt this ciphertext. It's in ECB mode, and the key is all zeroes except for the last 24 bits.

Challenge 2

Decrypt this. The key is all "F" except the first 12 bits and the last 12 bits.


Don't assume it's in ECB mode.

Posted 8-1-16 by Sam Bowne