Hello, I hope you're doing well.
For exercise 9, questions 3c and 3e, I implemented the attack by editing the XML code in visual studio. Since signatures would differ with every little change, visual studio might've added/removed whitespace or indentations to the original XML file, and hence my attacks appear to have 'failed'.
I would really appreciate it if you could please manually go through the attached XML files for both questions and grade them manually, as I have been graded 0 for both questions. My name is Anas Alhouria (alhouria@campus.uni-paderborn.de).
The idea behind the first question attack was to put the original transaction in the <Object> field of the signature, thereby pointing the verification to it and executing the attack. The idea behind the second question attack was to add the attack transaction at the beginning before the original transaction so that it is used for executing the malicious transaction ,whereas the second (original) transaction is used for the verification.
Thank you for your time and efforts.