Shouldn't test.py add the IV to the ciphertext?

Hi, the readme suggests running python test.py -m mysecretmessage to test the package, but this doesn't work because the cipher given to run does not include the IV:

Padding-oracle-attack/test.py

Lines 251 to 255 in 94526ce

    
           cipher, iv = encrypt(bytearray(args.message, "UTF-8"), b"1234567812345678") 
        
           print("[+] %s ---> %s" % (args.message, cipher.hex())) 
        
           plaintext = decrypt(cipher, iv) 
        
           run(cipher.hex(), 16)

I think an oracle usually assumes that the ciphertext includes the IV as the first block? This is just a nuance of the test file, which allows the user to pass a plaintext message, which test.py encrypts with a fixed IV, before passing it to run.

Prepending the IV to the cipher passed to run resolves this:

run(iv.hex() + cipher.hex(), 16)

and recovers the entire plaintext:

$ python test.py -m mysecretmessage
[+] Encrypt mysecretmessage
[+] mysecretmessage ---> fc6df3bb5a6995d6ffa35c8df315a4c6
[+] Search value block :  1

[+] Found 2 bytes : 6501

[+] Found 3 bytes : 676501

[+] Found 4 bytes : 61676501

[+] Found 5 bytes : 7361676501

[+] Found 6 bytes : 737361676501

[+] Found 7 bytes : 65737361676501

[+] Found 8 bytes : 6d65737361676501

[+] Found 9 bytes : 746d65737361676501

[+] Found 10 bytes : 65746d65737361676501

[+] Found 11 bytes : 7265746d65737361676501

[+] Found 12 bytes : 637265746d65737361676501

[+] Found 13 bytes : 65637265746d65737361676501

[+] Found 14 bytes : 7365637265746d65737361676501

[+] Found 15 bytes : 797365637265746d65737361676501

[+] Found 16 bytes : 6d797365637265746d65737361676501


[+] Decrypted value (HEX): 6D797365637265746D65737361676501
[+] Decrypted value (ASCII): mysecretmessage

Although perhaps it would be better to show in the printed message that the IV is being prepended:

if __name__ == "__main__":

    parser = argparse.ArgumentParser(description="Exploit of Padding Oracle Attack")
    parser.add_argument("-m", "--message", required=True, help="message to pown")
    parser.add_argument(
        "-v",
        "--verbose",
        help="debug mode, you need a large screen",
        action="store_true",
    )
    args = parser.parse_args()

    iv = b"1234567812345678"

    print("[+] Encrypt", args.message, "with IV", iv)
    cipher, iv = encrypt(bytearray(args.message, "UTF-8"), iv)

    print("[+] Ciphertext ---> %s" % (iv.hex() + cipher.hex()))
    plaintext = decrypt(cipher, iv)


    run(iv.hex() + cipher.hex(), 16)

$ python test.py -m mysecretmessage
[+] Encrypt mysecretmessage with IV b'1234567812345678'
[+] Ciphertext ---> 31323334353637383132333435363738fc6df3bb5a6995d6ffa35c8df315a4c6
[+] Search value block :  1

[+] Found 2 bytes : 6501

[+] Found 3 bytes : 676501

[+] Found 4 bytes : 61676501

[+] Found 5 bytes : 7361676501

[+] Found 6 bytes : 737361676501

[+] Found 7 bytes : 65737361676501

[+] Found 8 bytes : 6d65737361676501

[+] Found 9 bytes : 746d65737361676501

[+] Found 10 bytes : 65746d65737361676501

[+] Found 11 bytes : 7265746d65737361676501

[+] Found 12 bytes : 637265746d65737361676501

[+] Found 13 bytes : 65637265746d65737361676501

[+] Found 14 bytes : 7365637265746d65737361676501

[+] Found 15 bytes : 797365637265746d65737361676501

[+] Found 16 bytes : 6d797365637265746d65737361676501


[+] Decrypted value (HEX): 6D797365637265746D65737361676501
[+] Decrypted value (ASCII): mysecretmessage

	cipher, iv = encrypt(bytearray(args.message, "UTF-8"), b"1234567812345678")
	print("[+] %s ---> %s" % (args.message, cipher.hex()))
	plaintext = decrypt(cipher, iv)

	run(cipher.hex(), 16)