Skip to content

Instantly share code, notes, and snippets.

@DavidMah

DavidMah/solve.py

Created September 21, 2013 07:57
Show Gist options
  • Save DavidMah/6648344 to your computer and use it in GitHub Desktop.
Save DavidMah/6648344 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
solve.py
#!/usr/bin/env python
import binascii
from hashlib import sha1, sha512
from itertools import product
import re
import struct
import socket
import sys
def generate(prefix):
attempt_number = 0
prefix_data = list(prefix)
possible_bytes = [chr(int("".join(byte), 2)) for byte in product("10", repeat=8)]
for suffix in product(possible_bytes, repeat=5):
attempt = prefix + "".join(suffix)
ha = sha1()
ha.update(attempt)
if ha.digest()[-3:] == "\xff\xff\xff":
print binascii.hexlify(ha.digest())
return attempt
attempt_number += 1
def sha_brute_force(sock):
print "sha1 brute force stage..."
data = sock.recv(1024)
print_game_output(data)
prefix = re.search(".*starting with (.*)", data).groups(0)[0]
print prefix
hash_input = generate(prefix)
sock.send(hash_input)
def hashToInt(*params):
sha=sha512()
for el in params:
sha.update("%r"%el)
return int(sha.hexdigest(), 16)
def print_game_output(output):
print "\033[33m%s\033[0m" % output
# Connect
TCP_IP = "localhost"
TCP_PORT = 9001
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((TCP_IP, TCP_PORT))
# sha_brute_force(sock)
print "Agent number crap"
data = sock.recv(1024)
print_game_output(data)
agent_number = "d34db33f"
agent_number_length = len(agent_number)
agent_number_length_formatted = struct.pack("H", agent_number_length)
sock.send(agent_number_length_formatted)
sock.send(agent_number)
print "Ephemeral Key"
data = sock.recv(1024)
print_game_output(data)
ephemeral_key = "1"
ephemeral_key_length = len(ephemeral_key)
ephemeral_key_length_formatted = struct.pack("H", ephemeral_key_length)
sock.send(ephemeral_key_length_formatted)
sock.send(ephemeral_key)
salt = int(sock.recv(1024), 16)
print_game_output(salt)
sEphemeral = int(sock.recv(1024), 16)
print_game_output(sEphemeral)
cEphemeral = ephemeral_key
slush = hashToInt(cEphemeral, sEphemeral)
password = ""
N = 59244860562241836037412967740090202129129493209028128777608075105340045576269119581606482976574497977007826166502644772626633024570441729436559376092540137133423133727302575949573761665758712151467911366235364142212961105408972344133228752133405884706571372774484384452551216417305613197930780130560424424943100169162129296770713102943256911159434397670875927197768487154862841806112741324720583453986631649607781487954360670817072076325212351448760497872482740542034951413536329940050886314722210271560696533722492893515961159297492975432439922689444585637489674895803176632819896331235057103813705143408943511591629
index = int(agent_number, 16)
agreedKey = hashToInt(1 * pow(storedKey, slush, N))
storedKey = pow(index, hashToInt(salt, password), N)
gennedKey=hashToInt(hashToInt(N) ^ hashToInt(index), hashToInt(index), salt, cEphemeral, sEphemeral, agreedKey)
print gennedKey
hex_genned_key = hex(gennedKey)[2:-1]
genned_key_length = len(hex_genned_key)
genned_key_length_formatted = struct.pack("H", genned_key_length)
sock.send(genned_key_length_formatted)
sock.send(hex_genned_key)
data = sock.recv(1024)
print_game_output(data)
data = sock.recv(1024)
print_game_output(data)
data = sock.recv(1024)
print_game_output(data)
print "cEphemeral: %s" % cEphemeral
print "index: %s" % index
print "salt: %s" % salt
print "sEphemeral: %s" % sEphemeral
print "agreedKey: %s" % agreedKey
print "gennedKey: %s" % gennedKey
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment