Last active
November 20, 2017 13:47
-
-
Save hellman/84f9d5b0209dffecbbfba87d09fd5f59 to your computer and use it in GitHub Desktop.
HXP CTF 2017 - ouchenticated (Crypto 200)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
CRC is applied before CTR so CTR is not protected and we can bitflip. | |
We can fix MAC randomly and save the difference between admin=0 and admin=1. | |
Since CRC is linear, the same difference will work for any other MAC. | |
''' | |
from sock import Sock | |
def xor(a, b): return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))]) | |
mac_key = os.urandom(0x10) | |
c1 = authenc(json.dumps({'admin': 0})) | |
c2 = authenc(json.dumps({'admin': 1})) | |
delta = xor(c1, c2) | |
f = Sock("35.198.105.111 32773") | |
ct = f.read_line().strip().decode("hex") | |
ct = xor(ct, delta) | |
f.send_line(ct.encode("hex")) | |
f.interact() | |
# hxp{CRC:_c0mpL3t3ly_r3duNd4nT_crYpT0gr4pH1c4LLy} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from Crypto.Cipher import AES | |
from Crypto.Util import Counter | |
import os, binascii, struct, zlib, json | |
enc_key = os.urandom(0x10) | |
mac_key = os.urandom(0x10) | |
def crc(bs): | |
return 0xffffffff ^ zlib.crc32(bs) | |
def authenc(m): | |
s = m + mac_key | |
s = s + struct.pack('<L', crc(s)) | |
print(repr(s)) | |
assert not crc(s) | |
aes = AES.new(enc_key, AES.MODE_CTR, counter = Counter.new(128)) | |
return aes.encrypt(s) | |
def authdec(c): | |
aes = AES.new(enc_key, AES.MODE_CTR, counter = Counter.new(128)) | |
s = aes.decrypt(c) | |
assert not crc(s) | |
assert s[-4-16:-4] == mac_key | |
return s[:-4-16] | |
cipher = authenc(json.dumps({'admin': 0}).encode()) | |
print(binascii.hexlify(cipher).decode()) | |
cipher = binascii.unhexlify(input().strip()) | |
obj = json.loads(authdec(cipher).decode()) | |
if obj['admin']: | |
print('The flag is: {}'.format(open('flag.txt').read().strip())) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment