This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from socket import create_connection | |
def wait(sock) -> str: | |
buf = "" | |
while True: | |
buf += sock.recv(1024).decode() | |
if "[Q]uit" in buf: | |
break | |
return buf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
References: | |
[1]: Marc Joye and Jean-Jacques Quisquater. 2001. "Hessian Elliptic Curves and Side-Channel Attacks". | |
""" | |
from scryptos import * # https://github.com/scryptos/scryptoslib | |
from ast import literal_eval | |
from scryptos.wrapper.parigp import set_gp_memalloc_size | |
import string | |
import math |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. git clone https://github.com/GiacomoPope/Castryck-Decru-SageMath | |
# 2. cd Castryck Decru-SageMath | |
# 3. place this file | |
# 4. run | |
import public_values_aux | |
from public_values_aux import * | |
set_verbose(-1) | |
load("castryck_decru_attack.sage") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sage.all import * | |
from Crypto.Util.number import long_to_bytes | |
n = 12765231982257032754070342601068819788671760506321816381988340379929052646067454855779362773785313297204165444163623633335057895252608396010414744222572161530653104640020689896882490979790275711854268113058363186249545193245142912930804650114934761299016468156185416083682476142929968501395899099376750415294540156026131156551291971922076435528869024742993840057342092865203064721826362149723366381892539617642364692012936270150691803063945919154346756726869466855557344213050973081755499746750276623648407677639812809665472258655462846021403503851719008687214848550916999977775070011121527941755954255781343103086789 | |
e = 45965045468694670661537184573752791653920565666784478063438604926880061578296492094422908450275216739544615829085404769600603475021075834174484176247919117301777303464773934692739058084899812183002913454288071340930609296728267512269958650368494340753506721673855640316940362210476251629387999438732437083571805625170615055782010 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import functools | |
from PIL import Image | |
import itertools | |
def sox(n, d): | |
x, y, t = 0, 0, d | |
for s in range(n - 1): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sage.all import * | |
from ast import literal_eval | |
import binascii | |
import hashlib | |
d = open("output.txt").read().split("\n")[:-1] | |
Q_vec = literal_eval(d[0]) | |
M1_vec = literal_eval(d[1]) | |
M2_vec = literal_eval(d[2]) | |
encrypted_flag = binascii.unhexlify(d[3]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require_relative './happy' # rename happy -> happy.rb | |
q = 180754955592872777770305021165949447837520820408608437544593001477325680227199967219036800612237524673886247520794601572290402702594122131782305474875236404413820478308317235725623037177247985490515533618988964977186476558003216903 | |
p = 166878663790065040663149504970052368124427462024107500159158464138407657299730521908976684364578086644682045134207945137293534705688910696520830729908263578233018529387676221035298300775812585471932551347478303730822844748034186479 | |
k = 2 | |
e = 65537 | |
d1 = e.pow((p - 1) / 2 - 2, (p - 1)) | |
d2 = e.pow(((q - 1) / 2 - 1) * (q - 1) * (k > 1 ? q ** (k - 2) : 1) - 1, q ** (k - 1) * (q - 1)) | |
cf = p.pow(q ** (k - 1) * (q - 1) - 1, q ** k) | |
key = Key.new({ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Util.number import long_to_bytes | |
from Crypto.Cipher import AES | |
import base64 | |
E = 226611012014558802453288800032037813546 | |
key = long_to_bytes(E) | |
IV = b'\x00' * 16 | |
ciphertext = base64.b32decode("YQLAC5DCJR57PYVUBQ4PXMH47IO5IETPUI7EDFUR7JWTNIHNTEAA====") | |
print([AES.new(key, AES.MODE_CBC, IV=IV).decrypt(ciphertext)]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from scryptos import * | |
# test parameters | |
# p, q = 14056259838232570373, 3909938154797744143 | |
# p, q = 110641318332500553225796279828587613489797458859835222045512182391168598134167, 41341297333205266450910162205203983690711509110268167866251160754916102829081 | |
# p, q = 10228796114311354522393980901045139447044341433203094817361313657771454169784897994605194490320353121541462445378267256058403046516520932633258044274994937, 9674880045377912387417155013106887773980875486540327472093521385140255139488018323841292644856768684836232571892336095160722768016023003373215125021261061 | |
rsa = RSA.import_pem(open('publickey.pem').read()) | |
e = rsa.e | |
n = rsa.n |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from scryptos import * | |
import hashlib | |
''' | |
DEFCON Quals 2018 Official: Crypto part | |
Partial random-value Exposure Attack for DSA (<=> biased-k DSA) | |
References: https://crypto.stackexchange.com/questions/44644/how-does-the-biased-k-attack-on-ecdsa-work | |
Thanks: @Bono_iPad and binja members | |
''' |