Skip to content

Instantly share code, notes, and snippets.

@hellman

hellman/lostkey.py

Created Oct 20, 2018
Embed
What would you like to do?
HITCON 2018 - Lost Key (Crypto)
#-*- coding:utf-8 -*-
from sock import Sock
from libnum import invmod, n2s, s2n, gcd
f = Sock("18.179.251.168 21700")
f.read_until("flag!")
f.read_line()
ENC = int(f.read_line().strip(), 16)
print "ENC = 0x%X" % ENC
NQ = [0, 0]
def oracle_enc(x):
NQ[0] += 1
print "oracle enc"
f.send_line("A")
f.send_line(n2s(x).encode("hex"))
f.read_until("input:")
return int(f.read_line().strip(), 16)
def oracle_dec(y):
NQ[1] += 1
print "oracle dec"
f.send_line("B")
f.send_line(n2s(y).encode("hex"))
f.read_until("input:")
return int(f.read_line().strip(), 16)
n = 0
a = 2
e = oracle_enc(a)
while gcd(n, 614889782588491410) > 1:
ee = oracle_enc(a**2)
n = gcd(n, ee - e**2)
e, a = ee, a**2
print n
pt8 = oracle_dec(ENC)
E28 = oracle_enc(2**8)
in8 = invmod(n % 2**8, 2**8)
t = 1
tc = 1
k = 0
itr = 0
for i in xrange(128):
print i
t = t * 2**8
tc = tc * E28 % n
k = k * 2**8
res = oracle_dec(ENC * tc % n)
klow = (t - k * pt8 - res) * in8 % 2**8
k += klow
pt = k * n / t + 1 # ceil
print `n2s(pt)`
# hitcon{1east_4ign1f1cant_BYTE_0racle_is_m0re_pow3rfu1!}
print "Queries:", NQ
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.