Created
May 23, 2022 22:04
-
-
Save JackMc/a8b96a176c17412e0f763f7aae7a5979 to your computer and use it in GitHub Desktop.
Bruteforcing script for The Legend of Shiitakoin from the NSec 2022 CTF.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
int main() { | |
uint32_t input_bytes[4]; | |
uint32_t first_item, second_item, third_item, fourth_item; | |
bool values_match_rules = false; | |
for (first_item = 0; first_item < 255; first_item++) { | |
if ((first_item ^ 0x47) != 0xe4) { | |
continue; | |
} | |
for (second_item = 0; second_item < 255; second_item++) { | |
if ((second_item ^ 0xbd) != 0xe3) { | |
continue; | |
} | |
uint32_t xored_one_and_two = first_item ^ second_item; | |
if ((xored_one_and_two & 0xf0) != 0xf0) { | |
continue; | |
} | |
if ((xored_one_and_two & 0xf) != 0xd) { | |
continue; | |
} | |
for (third_item = 0; third_item < 255; third_item++) { | |
if ((third_item ^ 0x81) != 0xc) { | |
continue; | |
} | |
if ((third_item >> (first_item & 0b11)) != 0x11) { | |
continue; | |
} | |
values_match_rules = true; | |
break; | |
} | |
if (values_match_rules) { | |
break; | |
} | |
} | |
if (values_match_rules) { | |
input_bytes[0] = first_item; | |
input_bytes[1] = second_item; | |
input_bytes[2] = third_item; | |
break; | |
} | |
} | |
for (fourth_item = 0; fourth_item < 255; fourth_item++) { | |
uint32_t bitmasked_fourth_item = fourth_item; | |
for (uint32_t loop_counter = 0; loop_counter < 3; loop_counter++) { | |
bitmasked_fourth_item = (bitmasked_fourth_item & 0xe5) | (loop_counter + 0x2c); | |
} | |
if (bitmasked_fourth_item == 0x2f && (fourth_item ^ 0xd3) == 0xec) { | |
break; | |
} | |
} | |
printf("%02x %02x %02x %02x\n", first_item, second_item, third_item, fourth_item); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment