A website authenticates its users by asking for a login$/$password$,$ and sends them a cookie C$,$ valid for one minute, to keep track of their authentication status. The cookie C is formed such as C $=$

Enc$("$user$=$username, tmstmp$=$timestamp"$),$ with username $=$ "anonymous" for unauthenticated users,

or the name of the user when authenticated; and timestamp is a Unix$-$formated timestamp' representing the time up to which the user is authenticated $($current time plus one minute$).$ Enc$($:$)$ designates the AES$256$ encryption in OFB$-$mode using i as a random IV and k as a random key; both k and iv are unknown to us$.$ The OFB mode of operation for encryption is described in Figure $1.$

In this exercise, we consider cookies delivered on February $1$st$,2024$ at $00$:$00$am UTC. At that time, an unauthenticated user coming to the website will receive a cookie:

Cu $=$ AES$256-$OFBk, iv$("$user$=$anonymous, tmstmp$=1706745660")$

The value $1706745660$ corresponds to $00$:$01$am on February $1$st$.$ We denote by Pu the plaintext version of the cookie.

Denoted PA$,$ that corresponds to the authenticated admin user if he logged in at the same timeYou may rethink about the value of Pa so that Pu and Pa have the same length. Note that the cookie may authenticate the user admin for as long as you want $($but at least the original one minute duration$).$

A $)$Implement in Python the attack that would turn CU into a valid CA for at least the original duration. Prepare a single Python file named exercise$1.$py that contains a function modifycookie$()$ that takes as argument a base$64-$encoded cookie and returns the base$64-$encoded modified cookie. Your attack should work for different timestamps.You will get full marks if$,$ given an encrypted cookieissued at any later date than February $1$st this year, you are able to turn this cookie into a valid admin cookie for at least the original duration. Make sure your code uses meaningful variable names, consistent indenting scheme, and comments.