Skip to content

Instantly share code, notes, and snippets.

View JuliaPoo's full-sized avatar

Jules JuliaPoo

156 followers · 16 following
View GitHub Profile
@JuliaPoo
JuliaPoo / Hackbash 2024 Finals Solutions - Jules.md
Created March 17, 2024 03:59
Hackbash 2024 Finals Solutions - Jules

Xor Key

The challenge encrypts a very long plaintext with a short (30 byte) key by simply XOR-ing the key with the plaintext. The key thing to note here is that the plaintext isn't random, and we can use this to recover the key.

Challenge Files

import string
from secrets import choice, os, randbelow
from itertools import cycle
@JuliaPoo
JuliaPoo / README.md
Last active March 16, 2024 06:13
Hackbash 2024 Finals Baby RSA Bleichenbacher's attack Hint

Let $m$ be the message (flag), $n$ be the public modulus and $c$ be the encrypted_flag. We are going to perform a Binary Search to compute the value of $t = \frac{n}{m}$ to sufficient precision to recover $m$.

First, let's define a function is_error(x:int)->bool. is_error(x) will ask the server to decrypt $c x^e \text{ mod } n$, and return True if the server encounters an invalid padding. Recall that in RSA, using $c x^e \text{ mod } n$ as the ciphertext will decrypt into the plaintext $m x \text{ mod } n$. Note that the padding check only checks if the first byte of the plaintext is \x00. I.e., if the plaintext is smaller than some fixed threshold, then it passes the padding check.

The hint to this challenge will be the answers to the following questions:

  • What do you expect is_error(1) to return?
  • What do you expect is_error(x) to return when x is a small integer close to 1?
  • As you continue to increase the value of x, you'd expect is_error(x) to start returning True. Eventual
@JuliaPoo
JuliaPoo / Hackbash 2024 Training Challenge Solutions - Jules.ipynb
Created March 11, 2024 03:26
Hackbash 2024 Training Challenge Solutions - Jules
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@JuliaPoo
JuliaPoo / circular.js
Created December 28, 2022 06:56
Source Circular Meta-evaluator
/**
* This file implements a circular meta-evaluator for a subset of js used
* by Source Academy: https://sourceacademy.org/sicpjs/
* It is very simple evaluator that recursively evaluates the AST
*
* This is by no means efficient and serves as a means for me to learn
* about interpreters.
*/
/*
@JuliaPoo
JuliaPoo / helloworld.py
Created March 13, 2022 04:35
Obfuscated python script (ski combinators) that prints "Hello World!"
# Obfuscated python script (ski combinators) that prints "Hello World!"
# Written by: JuliaPoo
S = lambda x: lambda y: lambda z: x(z)(y(z))
K = lambda x: lambda y: x
I = lambda x: x
A = lambda n: n+1
Z = lambda f: (lambda g: f(g(g)))(lambda g: f(lambda y: g(g)(y)))
to_str = Z(lambda f: lambda l: "" if S(S(I)(K(1)))(K(0))(S(I)(K(K))(l)) else chr(S(S(I)(K(A)))(K(0))(S(K(S(I)(K(K))))(S(I)(K(K(I))))(l)))+f(S(K(S(I)(K(K(I)))))(S(I)(K(K(I))))(l)))
@JuliaPoo
JuliaPoo / eng-shell-x86.asm
Last active November 7, 2021 03:08
A valid PE file that looks mostly like English that opens calc.exe
; eng-shell-x86.asm
; nasm -f bin eng-shell-x86.asm -o b.exe
BITS 32
;
; MZ header
;
; The only two fields that matter are e_magic and e_lfanew
@JuliaPoo
JuliaPoo / CPython_LOAD_FAST_abuse.py
Last active November 16, 2023 16:23
Running shellcode on Python 3.11.0a0 64-bit by abusing LOAD_FAST
# Python 3.11.0a0 64-bit
import sys
import opcode
import types
import ctypes
# PyBytesObject.ob_sval
PyBytesObject_ob_sval_offset = 0x20
# _frame.f_localsplus