CreateRemoteThread/aeroctf-oldcryptosolve.py

## aeroctf-oldcryptosolve.py
#!/usr/bin/python

import pwn
import base64
import binascii

p = pwn.remote("tasks.aeroctf.com",44323)

def encryptWithKey(p,blk):
  p.recvuntil("> ")
  p.send("3\n")
  p.recvuntil(": ")
  p.send(blk + "\n")
  data = p.recvuntil("\n")
  (p1,p2,p3) = data.split("'")
  dx = binascii.hexlify(base64.b64decode(p2))
  parts = [dx[i:i+32] for i in range(0, len(dx), 32)]
  print(parts)
  return parts

def findLength(p):
  for i in range(0,16):
    par = encryptWithKey(p,"}" + "\x00" * 15 + "\00" * i)
    if par[0] == par[-1]:
      print "Found! %d" % i
      return i

# We know it's i * 11.
knownKeyBytes = "}"

import string
def findByte(p):
  for c in "0123456789abcdef":
    par = encryptWithKey(p,c + "5013a76ed3b98bae1e79169b3495f47a}" + "\x00" * 26)
    if par[0] == par[-3]:
      print "Found: %c" % c
      return c

# findLength(p)

findByte(p)

p.close()
	#!/usr/bin/python

	import pwn
	import base64
	import binascii

	p = pwn.remote("tasks.aeroctf.com",44323)

	def encryptWithKey(p,blk):
	p.recvuntil("> ")
	p.send("3\n")
	p.recvuntil(": ")
	p.send(blk + "\n")
	data = p.recvuntil("\n")
	(p1,p2,p3) = data.split("'")
	dx = binascii.hexlify(base64.b64decode(p2))
	parts = [dx[i:i+32] for i in range(0, len(dx), 32)]
	print(parts)
	return parts

	def findLength(p):
	for i in range(0,16):
	par = encryptWithKey(p,"}" + "\x00" * 15 + "\00" * i)
	if par[0] == par[-1]:
	print "Found! %d" % i
	return i

	# We know it's i * 11.
	knownKeyBytes = "}"

	import string
	def findByte(p):
	for c in "0123456789abcdef":
	par = encryptWithKey(p,c + "5013a76ed3b98bae1e79169b3495f47a}" + "\x00" * 26)
	if par[0] == par[-3]:
	print "Found: %c" % c
	return c

	# findLength(p)

	findByte(p)

	p.close()