This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
Turns out that the output.txt contains images of the 8-byte chunks of the flag under a fixed affine map. | |
We can interpolate the map from a bunch of samples and then simply invert the real flag's output. | |
''' | |
from sage.all import * | |
import re | |
from binteger import Bin # pip install binteger | |
# need to use script log, since the program requires a console | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdint.h> | |
#include <assert.h> | |
int main() { | |
uint64_t a = 0x6dc06dabb8fb11a7ull; | |
uint64_t b = 0x661f975dc51abe17ull; | |
// uint64_t a = 1ull << 63; | |
// uint64_t b = 1ull << 63; |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sage.all import * | |
from rejected import LFSR, taps | |
from binteger import Bin | |
from sock import Sock | |
n = 64 | |
N = 2**30 + 2**29 | |
f = Sock("mc.ax 31669") | |
f.send_line(str(N)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sage.all import ZZ, GF, EllipticCurve, proof | |
from hashlib import scrypt | |
from sock import Sock | |
from psych import sidh, xor, G, H | |
proof.all(False) | |
def ser(*args): |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
The idea is to reach a state consisting of 00 and FF bytes. | |
Because of the independence of shifts values, if the message block is the same 32-byte part repeated 2 times, | |
the state is preserved. We then can change the 32 byte part arbitrarily and keep the hash value unchanged. | |
To do this we first craft a 32x2 message block that lands on such state after 2nd round (1st round does nothing). | |
We have 32 bytes of freedom (-charset constraints), so this is reasonable and can be done with 1 byte guess and propagation. | |
One caveat is that the initial state is rather symmetric and and it's not always easy to land on a desired state, | |
so we prepend random block first to randomize the state. |
NewerOlder