CreateRemoteThread/gctf-bruter.py

## gctf-bruter.py
#!/usr/bin/env python3

import subprocess

rebuildDb = {}

for char_pos in range(0,8):
  for byte_pos in range(0,7):
    out = ["9","9","9","9","9","9","9","9"]
    out[char_pos] = ("%d" % byte_pos)
    outstr = "".join(out)
    p = subprocess.run(["./main", outstr], capture_output=True)
    # print("%d:%d:%s" % (char_pos,byte_pos,outstr))
    x = bin(int(p.stdout.rstrip()))[2:]
    if len(x) != 56:
      x = (56 - len(x)) * "0" + x
    print(x)
    q = x.index('1')
    rebuildDb[q] = (char_pos,byte_pos)
    # print(q)

key = "0000" + bin(3008192072309708)[2:]
print(key)

in_array = [0,0,0,0,0,0,0,0]
print("OK, let's go!")
for i in range(0,len(key)):
  if key[i] == '1':
    (cpos,bpos) = rebuildDb[i]
    in_array[cpos] += (1 << bpos)

print([chr(c) for c in in_array])
	#!/usr/bin/env python3

	import subprocess

	rebuildDb = {}

	for char_pos in range(0,8):
	for byte_pos in range(0,7):
	out = ["9","9","9","9","9","9","9","9"]
	out[char_pos] = ("%d" % byte_pos)
	outstr = "".join(out)
	p = subprocess.run(["./main", outstr], capture_output=True)
	# print("%d:%d:%s" % (char_pos,byte_pos,outstr))
	x = bin(int(p.stdout.rstrip()))[2:]
	if len(x) != 56:
	x = (56 - len(x)) * "0" + x
	print(x)
	q = x.index('1')
	rebuildDb[q] = (char_pos,byte_pos)
	# print(q)

	key = "0000" + bin(3008192072309708)[2:]
	print(key)

	in_array = [0,0,0,0,0,0,0,0]
	print("OK, let's go!")
	for i in range(0,len(key)):
	if key[i] == '1':
	(cpos,bpos) = rebuildDb[i]
	in_array[cpos] += (1 << bpos)

	print([chr(c) for c in in_array])