Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
seed = open('seed', 'rb').read()
count_max = 0xf81000 - 0x20
def calc4(buf, arg2):
res = 0
for arg3 in range(4):
res |= calc(buf, arg2, arg3)
return res
def calc(buf, arg2, arg3):
shift = arg2 >> 3
w = arg2 & 7
v1 = ord(buf[shift + arg3])
esi = v1 << w
v2 = ord(buf[shift + arg3 + 1])
edx = v2 >> (8 - w)
eax = (esi | edx) & 0xff
eax = eax << [24, 16, 8, 0][arg3]
return eax
def unloop(id):
i = id / 4
j = id % 4
count1 = i / count_max
count2 = i % count_max
result = calc4(seed, count1) ^ calc4(seed, count2)
return (result >> [24, 16, 8, 0][j]) & 0xff
# We got these after running the first part of the solution
otp = [599521712711912, 856316164104560, 851375299807737, 226795474523010, 690343477575657, 530610340387377, 402190494029161, 435574450270296, 1003903144987565, 933916790309578, 576245728766126, 588241585631380, 897535963540551, 184202982571948, 755391352053788, 499858102942276, 573081870210472, 801849170089785, 638395633557041, 799213889332420, 1055945742133509, 525694201254105, 1047919585821714, 120655124875111, 178112910059018, 681464867239468, 330601444697131, 713225398903763, 449046221226234, 684150454390929, 83445625775525, 216053647017703, 28210504105632, 667024320238515, 630378564532229, 289267338813144, 601558443994855, 770418906081774]
flag = [0x03, 0x74, 0xef, 0xa1, 0x22, 0x15, 0xf5, 0x27, 0x35, 0xfb, 0xca, 0xfa, 0xe6, 0xd8, 0x77, 0x85, 0xd4, 0x79, 0x76, 0x23, 0x50, 0xef, 0x57, 0xd9, 0x7a, 0xf7, 0x81, 0xdb, 0x89, 0x49, 0x4e, 0xff, 0xc1, 0xc9, 0xbc, 0x7a, 0x46, 0x69]
print ''.join([chr(unloop(o) ^ f) for o, f in zip(otp, flag)])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment