Skip to content

Instantly share code, notes, and snippets.

@5unKn0wn

5unKn0wn/nobranch.sage Secret

Created December 20, 2020 17:34
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 5unKn0wn/39abff28f21f3d75ead33476e7e517e2 to your computer and use it in GitHub Desktop.
Save 5unKn0wn/39abff28f21f3d75ead33476e7e517e2 to your computer and use it in GitHub Desktop.
Download ZIP
hxp 2020 write-up
Raw
nobranch.sage
F.<x> = GF(2^8, modulus=GF(2^9).fetch_int((2^8) + 0x1b))
A = Matrix(F, 64, 64)
v = [137, 110, 79, 199, 218, 137, 20, 176, 83, 199, 244, 109, 98, 39, 156, 116, 86, 219, 77, 125, 243, 0, 101, 85, 143, 123, 124, 37, 120, 223, 213, 198, 67, 193, 214, 169, 213, 35, 156, 16, 56, 210, 166, 58, 207, 215, 37, 78, 77, 204, 32, 205, 154, 92, 207, 79, 233, 97, 252, 86, 190, 25, 139, 240]
matrix = [[16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79], [44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107], [29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92], [63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126], [31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94], [16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79], [9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72], [55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118], [54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117], [52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115], [37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100], [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64], [59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122], [36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99], [10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73], [53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116], [24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87], [6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69], [48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111], [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66], [38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101], [43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106], [39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63], [28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91], [14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77], [13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76], [8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71], [32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95], [23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86], [58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121], [11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74], [49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112], [42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105], [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88], [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93], [46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109], [19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82], [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68], [57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120], [50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113], [45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108], [40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103], [47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110], [4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67], [51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114], [56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119], [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65], [26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89], [60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123], [34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97], [22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85], [33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96], [12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75], [61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124], [35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98], [62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125], [27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90], [41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104], [7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70], [15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78], [20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83], [18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81], [17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80]]
# for avoiding det(A) == 0
matrix[0][-1] += 1
v[0] ^^=((F.fetch_int(ord('}')) * (F.fetch_int(matrix[0][-1] - 1))) + (F.fetch_int(ord('}')) * (F.fetch_int(matrix[0][-1])))).integer_representation()
v = vector([F.fetch_int(i) for i in v])
for i in range(len(matrix)):
A.set_row(i, [F.fetch_int(j) for j in matrix[i]])
flag = A.solve_right(v)
print(''.join([chr(i.integer_representation()) for i in flag]))
Raw
nobranch_parse.py
import angr # for capstone
import z3 # for BitVec
proj = angr.Project('nobranch7e4', use_sim_procedures=False)
addr = 0x401000
block = proj.factory.block(addr)
X86_OP_REG = 1
X86_OP_IMM = 2
X86_OP_MEM = 3
X86_REG_RIP = 41
X86_REG_RSP = 44
def convert_reg(r):
regs8 = ["al", "bl", "cl", "dl", "sil", "dil", "bpl", "r8b", "r9b", "r10b", "r11b", "r12b", "r13b", "r14b", "r15b"]
regs32 = ["eax", "ebx", "ecx", "edx", "esi", "edi", "ebp", "r8d", "r9d", "r10d", "r11d", "r12d", "r13d", "r14d", "r15d"]
regs64 = ["rax", "rbx", "rcx", "rdx", "rsi", "rdi", "rbp", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"]
if r.endswith("l") or r.endswith("b"):
return regs8.index(r)
elif r.endswith("d") or r.startswith("e"):
return regs32.index(r)
elif r.startswith("r"):
return regs64.index(r)
flag = [z3.BitVec('flag_%d' % i, 8) for i in range(64)]
stack = {}
regs = {}
expressions = []
compare_count = 0
while True:
inss = list(map(lambda x: x.insn, block.capstone.insns))
for ins in inss:
print(hex(ins.address), ins.mnemonic, ins.op_str)
if ins.mnemonic == "push" or ins.mnemonic == "sub":
continue
elif ins.mnemonic == "movzx" and ins.operands[1].type == X86_OP_MEM and ins.operands[1].mem.base == X86_REG_RIP:
flag_idx = ins.operands[1].mem.disp + ins.address + ins.size - 0x489000
regs[convert_reg(ins.reg_name(ins.operands[0].reg))] = flag[flag_idx]
elif ins.mnemonic == "movzx" and ins.operands[1].type == X86_OP_MEM and ins.operands[1].mem.base == X86_REG_RSP:
stack_off = ins.operands[1].mem.disp
regs[convert_reg(ins.reg_name(ins.operands[0].reg))] = stack[stack_off]
elif ins.mnemonic == "lea":
dst = convert_reg(ins.reg_name(ins.operands[0].reg))
src = convert_reg(ins.reg_name(ins.operands[1].mem.base))
regs[dst] = regs[src]
elif ins.mnemonic == "mov" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_REG:
dst = convert_reg(ins.reg_name(ins.operands[0].reg))
src = convert_reg(ins.reg_name(ins.operands[1].reg))
regs[dst] = regs[src]
elif ins.mnemonic == "xor" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_IMM and ins.operands[1].imm == 0x1b:
continue
elif ins.mnemonic == "xor" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_IMM:
v = ins.operands[1].imm & 0xff
r = convert_reg(ins.reg_name(ins.operands[0].reg))
regs[r] += v
elif ins.mnemonic == "xor" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_REG:
dst = convert_reg(ins.reg_name(ins.operands[0].reg))
src = convert_reg(ins.reg_name(ins.operands[1].reg))
regs[dst] += regs[src]
elif ins.mnemonic == "test":
assert ins.reg_name(ins.operands[0].reg) == ins.reg_name(ins.operands[1].reg)
elif ins.mnemonic == "cmovs" or ins.mnemonic == "cmovns":
reg = convert_reg(ins.reg_name(ins.operands[0].reg))
regs[reg] *= 2
elif ins.mnemonic == "mov" and ins.operands[0].type == X86_OP_MEM and ins.operands[0].mem.base == X86_REG_RSP and ins.operands[1].type == X86_OP_REG:
stack_off = ins.operands[0].mem.disp
reg = convert_reg(ins.reg_name(ins.operands[1].reg))
stack[stack_off] = regs[reg]
elif ins.mnemonic == "add" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_REG:
assert ins.operands[0].reg == ins.operands[1].reg
elif ins.mnemonic == "xor" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_MEM and ins.operands[1].mem.base == X86_REG_RSP:
dst = convert_reg(ins.reg_name(ins.operands[0].reg))
stack_off = ins.operands[1].mem.disp
regs[dst] += stack[stack_off]
elif ins.mnemonic == "cmp":
continue
elif ins.mnemonic == "or" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_REG:
r1 = convert_reg(ins.reg_name(ins.operands[0].reg))
r2 = convert_reg(ins.reg_name(ins.operands[1].reg))
if compare_count == 0:
expressions.append(z3.simplify(regs[r1]))
expressions.append(z3.simplify(regs[r2]))
compare_count += 1
elif ins.mnemonic == "or" and ins.operands[0].type == X86_OP_REG and ins.operands[1].type == X86_OP_MEM and ins.operands[1].mem.base == X86_REG_RSP:
r1 = convert_reg(ins.reg_name(ins.operands[0].reg))
r2 = stack[ins.operands[1].mem.disp]
if compare_count == 0:
expressions.append(z3.simplify(regs[r1]))
expressions.append(z3.simplify(r2))
compare_count += 1
addr += block.size
if addr == 0x486e00:
break
block = proj.factory.block(addr)
vector = []
matrix = []
for i in range(len(expressions)):
expr = expressions[i]
v = 0
m = [0 for i in range(64)]
for j in range(expr.num_args()):
val = expr.arg(j)
if type(val) == z3.BitVecNumRef:
v = expr.arg(j).as_long()
elif type(val) == z3.BitVecRef:
coeff, idx = 0, 0
if val.num_args() == 0:
coeff = 1
idx = flag.index(val)
elif val.num_args() == 2:
v0 = val.arg(0)
v1 = val.arg(1)
coeff = v0 if type(v0) == z3.BitVecNumRef else v1
bv = v0 if type(v0) == z3.BitVecRef else v1
idx = flag.index(bv)
m[idx] = coeff
vector.append(v)
matrix.append(m)
print()
print(vector)
print(matrix)
Raw
restless.py
'''
import ida_bytes
def patch_md5():
mask = lambda x: x & 0xffffffffffff
ea = mask(ida_bytes.get_qword(mask(get_reg_value("rsi"))))
md = bytearray("\x30\x6F\x03\x06\xBC\x6B\x9B\x57\x1A\x52\xF0\x59\x67\x98\xAE\x42")
for i in range(16):
ida_bytes.patch_byte(ea + i, md[i])
def follow_ptrs():
mask = lambda x: x & 0xffffffffffff
l = []
ea = here()
while True:
l.append((mask(ida_bytes.get_qword(ea)), ea))
next_ea = mask(ida_bytes.get_qword(ea + 8))
if next_ea == 0:
break
ea = next_ea
return l
'''
from z3 import *
import struct
state = (0x67452301,
0xefcdab89,
0x98badcfe,
0x10325476,)
a, b, c, d = state
S11 = 7
S12 = 12
S13 = 17
S14 = 22
S21 = 5
S22 = 9
S23 = 14
S24 = 20
S31 = 4
S32 = 11
S33 = 16
S34 = 23
S41 = 6
S42 = 10
S43 = 15
S44 = 21
rounds_leak = [0x33, 0x11c, 0x3f1, 0x2f, 0x176, 0x37d, 0x36f, 0x11c, 0xba, 0x1dc, 0x2cc, 0x31b, 0x3ff, 0x22f, 0x1ee, 0x159, 0x363, 0x1b4, 0x2a7, 0x2cb, 0x30b, 0x165, 0xc6, 0x25b, 0x186, 0x2c9, 0x2e8, 0x360, 0x1, 0x3e4, 0x104, 0x32c, 0x3a8, 0x1a8, 0x38d, 0x3ca, 0x2e7, 0x2c2, 0x1da, 0x100, 0x32f, 0x13c, 0x73, 0x399, 0x355, 0x245, 0x1dc, 0xb1, 0x287, 0x19e, 0xae, 0x275, 0x1d1, 0x82, 0x339, 0xb7, 0x2c2, 0x329, 0x87, 0x26, 0x1c, 0x36b, 0x153, 0x3ad][::-1]
def F(x, y, z): return (((x) & (y)) | ((~x) & (z)))
def I(x, y, z): return((y) ^ ((x) | (~z)))
def ROTATE_RIGHT(x, n):
return ROTATE_LEFT(x, 32-n)
def ROTATE_LEFT(x, n):
if isinstance(x, int):
x = x & 0xffffffff # make shift unsigned
return (((x) << (n)) | ((x) >> (32-(n)))) & 0xffffffff
return RotateLeft(x, n)
# FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
# Rotation is separate from addition to prevent recomputation.
def FF(a, b, c, d, x, s, ac):
a = a + F ((b), (c), (d)) + (x) + (ac)
a = ROTATE_LEFT ((a), (s))
a = a + b
return a # must assign this to a
def InvII(res, b, c, d, x, s, ac):
res = res - b
res = ROTATE_RIGHT ((res), (s))
res = res - I ((b), (c), (d)) - (x) - (ac)
return res & 0xffffffff
x = [BitVec('x_%d' % i, 32) for i in range(8)] + [0 for i in range(8)]
s = Solver()
def filtering_chars(v):
s.add(v != ord('`'))
s.add(v != ord('#'))
s.add(v != ord('$'))
s.add(v != ord('%'))
s.add(v != ord('^'))
s.add(v != ord('&'))
s.add(v != ord('*'))
s.add(v != ord('('))
s.add(v != ord(')'))
s.add(v != ord('='))
s.add(v != ord('+'))
s.add(v != ord('{'))
s.add(v != ord('}'))
s.add(v != ord('['))
s.add(v != ord(']'))
s.add(v != ord('|'))
s.add(v != ord('\\'))
s.add(v != ord('<'))
s.add(v != ord('>'))
s.add(v != ord('.'))
s.add(v != ord('/'))
s.add(v != ord('\''))
s.add(v != ord(','))
s.add(v != ord('"'))
s.add(v != ord(';'))
s.add(v != ord(':'))
s.add(v != ord('@'))
s.add(v != ord('Z'))
s.add(v != ord('q'))
s.add(v != ord('Q'))
s.add(v != ord('z'))
def add_constraints(v):
v0 = v & 0xff
v1 = (LShR(v, 8)) & 0xff
v2 = (LShR(v, 16)) & 0xff
v3 = (LShR(v, 24)) & 0xff
s.add(v0 & 0xff >= 0x20, v0 & 0xff <= 0x7e)
s.add(v1 & 0xff >= 0x20, v1 & 0xff <= 0x7e)
s.add(v2 & 0xff >= 0x20, v2 & 0xff <= 0x7e)
s.add(v3 & 0xff >= 0x20, v3 & 0xff <= 0x7e)
filtering_chars(v0)
filtering_chars(v1)
filtering_chars(v2)
filtering_chars(v3)
add_constraints(x[0])
add_constraints(x[1])
add_constraints(x[2])
add_constraints(x[3])
add_constraints(x[4])
add_constraints(x[5])
add_constraints(x[6])
a = FF (a, b, c, d, x[ 0], S11, 0xd76aa478) # 1
s.add(a & 0x3ff == rounds_leak[0])
d = FF (d, a, b, c, x[ 1], S12, 0xe8c7b756) # 2
s.add(d & 0x3ff == rounds_leak[1])
c = FF (c, d, a, b, x[ 2], S13, 0x242070db) # 3
s.add(c & 0x3ff == rounds_leak[2])
b = FF (b, c, d, a, x[ 3], S14, 0xc1bdceee) # 4
s.add(b & 0x3ff == rounds_leak[3])
a = FF (a, b, c, d, x[ 4], S11, 0xf57c0faf) # 5
s.add(a & 0x3ff == rounds_leak[4])
d = FF (d, a, b, c, x[ 5], S12, 0x4787c62a) # 6
s.add(d & 0x3ff == rounds_leak[5])
c = FF (c, d, a, b, x[ 6], S13, 0xa8304613) # 7
s.add(c & 0x3ff == rounds_leak[6])
b = FF (b, c, d, a, x[ 7], S14, 0xfd469501) # 8
s.add(b & 0x3ff == rounds_leak[7])
a = FF (a, b, c, d, x[ 8], S11, 0x698098d8) # 9
s.add(a & 0x3ff == rounds_leak[8])
d = FF (d, a, b, c, x[ 9], S12, 0x8b44f7af) # 10
s.add(d & 0x3ff == rounds_leak[9])
c = FF (c, d, a, b, x[10], S13, 0xffff5bb1) # 11
s.add(c & 0x3ff == rounds_leak[10])
b = FF (b, c, d, a, x[11], S14, 0x895cd7be) # 12
s.add(b & 0x3ff == rounds_leak[11])
a = FF (a, b, c, d, x[12], S11, 0x6b901122) # 13
s.add(a & 0x3ff == rounds_leak[12])
d = FF (d, a, b, c, x[13], S12, 0xfd987193) # 14
s.add(d & 0x3ff == rounds_leak[13])
a = 0x06036f30 - state[0] & 0xffffffff
b = 0x579b6bbc - state[1] & 0xffffffff
c = 0x59f0521a - state[2] & 0xffffffff
d = 0x42ae9867 - state[3] & 0xffffffff
assert a & 0x3ff == rounds_leak[-4]
assert b & 0x3ff == rounds_leak[-1]
assert c & 0x3ff == rounds_leak[-2]
assert d & 0x3ff == rounds_leak[-3]
b = InvII (b, c, d, a, x[ 9], S44, 0xeb86d391) # 64
s.add(b & 0x3ff == rounds_leak[-5])
c = InvII (c, d, a, b, x[ 2], S43, 0x2ad7d2bb) # 63
s.add(c & 0x3ff == rounds_leak[-6])
d = InvII (d, a, b, c, x[11], S42, 0xbd3af235) # 62
s.add(d & 0x3ff == rounds_leak[-7])
a = InvII (a, b, c, d, x[ 4], S41, 0xf7537e82) # 61
s.add(a & 0x3ff == rounds_leak[-8])
b = InvII (b, c, d, a, x[13], S44, 0x4e0811a1) # 60
s.add(b & 0x3ff == rounds_leak[-9])
c = InvII (c, d, a, b, x[ 6], S43, 0xa3014314) # 59
s.add(c & 0x3ff == rounds_leak[-10])
d = InvII (d, a, b, c, x[15], S42, 0xfe2ce6e0) # 58
s.add(d & 0x3ff == rounds_leak[-11])
a = InvII (a, b, c, d, x[ 8], S41, 0x6fa87e4f) # 57
s.add(a & 0x3ff == rounds_leak[-12])
b = InvII (b, c, d, a, x[ 1], S44, 0x85845dd1) # 56
s.add(b & 0x3ff == rounds_leak[-13])
c = InvII (c, d, a, b, x[10], S43, 0xffeff47d) # 55
s.add(c & 0x3ff == rounds_leak[-14])
d = InvII (d, a, b, c, x[ 3], S42, 0x8f0ccc92) # 54
s.add(d & 0x3ff == rounds_leak[-15])
a = InvII (a, b, c, d, x[12], S41, 0x655b59c3) # 53
s.add(a & 0x3ff == rounds_leak[-16])
b = InvII (b, c, d, a, x[ 5], S44, 0xfc93a039) # 52
s.add(b & 0x3ff == rounds_leak[-17])
assert s.check() == sat
m = s.model()
print(b''.join(struct.pack("<L", m[i].as_long()) for i in x[:8]))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment