Skip to content

Instantly share code, notes, and snippets.

@enedil
Created September 4, 2017 01:56
Show Gist options
  • Save enedil/d2eef0213165cc3a3ea68fdbc43f7686 to your computer and use it in GitHub Desktop.
Save enedil/d2eef0213165cc3a3ea68fdbc43f7686 to your computer and use it in GitHub Desktop.
WTCTF2017, BabyDLP
#!/usr/bin/env python2
import os
import pwn
from Crypto.Util.number import long_to_bytes
p = 160634950613302858781995506902938412625377360249559915379491492274326359260806831823821711441204122060415286351711411013883400510041411782176467940678464161205204391247137689678794367049197824119717278923753940984084059450704378828123780678883777306239500480793044460796256306557893061457956479624163771194201
g = 2
if __name__ == '__main__':
if 'REMOTE' in os.environ:
r = pwn.remote('ppc2.chal.ctf.westerns.tokyo', 28459)
else:
r = pwn.process('./server.py')
flag = 0
r.sendline(hex(0))
ini = int(r.readline().strip(), 16)
for n in range(p.bit_length()):
r.sendline(hex(1 << n))
c = int(r.readline().strip(), 16)
if ini == (c * pow(g, 1 << n, p)) % p:
flag += (1 << n)
prev = c
print(n)
print(flag)
print(long_to_bytes(flag))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment