Create a gist now

Instantly share code, notes, and snippets.

@balidani /first_stage.py Secret
Created May 19, 2014

What would you like to do?
import socket
import time
seed = open('seed', 'rb').read()
count_max = 0xf81000 - 0x20
def calc4(buf, arg2):
res = 0
for arg3 in range(4):
res |= calc(buf, arg2, arg3)
return res
def calc(buf, arg2, arg3):
shift = arg2 >> 3
w = arg2 & 7
v1 = ord(buf[shift + arg3])
esi = v1 << w
v2 = ord(buf[shift + arg3 + 1])
edx = v2 >> (8 - w)
eax = (esi | edx) & 0xff
eax = eax << [24, 16, 8, 0][arg3]
return eax
def unloop(id):
i = id / 4
j = id % 4
count1 = i / count_max
count2 = i % count_max
result = calc4(seed, count1) ^ calc4(seed, count2)
return (result >> [24, 16, 8, 0][j]) & 0xff
def fix(x):
eax = x
ecx = x
edx = x
eax = eax * 3
eax = eax << 5
eax = eax + ecx
eax = eax >> 8
ecx = ecx - eax
ecx = ecx >> 2
eax = eax + ecx
eax = eax >> 6
ecx = 0x5d
eax = eax * ecx
edx = edx - eax
eax = edx & 0xff
eax = eax + 0x20
return eax & 0xff
HOST = '100lines_53ac15fc7aa93da92629d37a669e106c.2014.shallweplayaga.me'
PORT = 20689
# Connect
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.settimeout(2)
otp = []
otp.append(int(s.recv(1024).split("\n")[1], 16))
map(lambda x: otp.append(x), map(lambda x: int(x, 16), s.recv(1024).strip().split(" ")))
payload = ""
for x in otp:
print x, unloop(x), fix(unloop(x))
res = fix(unloop(x))
payload += chr(res)
s.send(payload)
print s.recv(1024)
print s.recv(1024)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment