khr0x40sh/keygen.py

## keygen.py
from random import randint, shuffle
from Crypto.Util.number import getPrime
from hashlib import sha256

class BBS:
    def __init__(self, bits, length):
        self.bits = bits
        self.out_length = length

    def reset_params(self):
        self.state = randint(2, 2 ** self.bits - 2)
        self.m = getPrime(self.bits // 2) * getPrime(self.bits // 2) * randint(1, 2)

    def extract_bit(self):
        self.state = pow(self.state, 2, self.m)
        return str(self.state % 2)

    def gen_output(self):
        self.reset_params()
        out = ''
        for _ in range(self.out_length):
            out += self.extract_bit()
        return out

    def keygen(self):
        out = self.gen_output()
        print(f'OUT    {out}')
        key = sha256(out.encode()).digest()
        print(f'KEY    {key.hex()}')
        return key

encryptor = BBS(512, 256)

keys = []
for i in range(10):
    print(f'------{i}-------')
    keys.append(encryptor.keygen())

## step1.py
from Crypto.Cipher import AES
import binascii

#keys values
keys = ["bd93b4a63868f8c6028d3fa30bdb4f2c15b96e2ec6ac85acfa7bac4b40c4c683","67f022195ee405142968ca1b53ae2513a8bab0404d70577785316fa95218e8ba"]

def decrypt(msg,key,iv):
    cipher = AES.new(key, AES.MODE_CBC, iv)
    plaintext = cipher.decrypt(msg)
    return plaintext

with open("output.txt","r") as f:
    lines = f.readlines()

next_step = ""
hold_array = eval(lines[0])
for arr in hold_array:
    stop = False
    for i in range(10):
        iv = arr[i][0]
        cipher= arr[i][1]
        for k in keys:
            output = decrypt(binascii.unhexlify(cipher),bytearray.fromhex(k),bytearray.fromhex(iv))
            try:
                test = output[0:10].decode() #check for UTF-8 text
                print(f'OUTPUT: {output}\n')
                stop = True
                break
            except:
                pass
        if stop:
            break

## step2.py
from lagrange import lagrange

Instructions = '''
Welcome! If you see this you have successfully decrypted the first message. To get the symmetric key that decrypts the flag you need to do the following:

1. Collect all 5 shares from these messages
2. Use them to interpolate the polynomial in a finite field that will be revealed in another message
3. Convert the constant term of the polynomial to bytes and use it to decrypt the flag. Here is your first share!
'''

Share1 = (1, 27006418753792019267647881709336369603809025474153761185424552629526746515909)
Share2 = (2, 76590454267924193303526931251420387908730989759486987968207839464816350274449)
Share3 = (3, 67564500698667187837224046797217120599664632018519685208508601443605280795068)
Share4 = (4, 57120102994643471094254225269948720992016639286627873340589938545214763610538)
Share5 = (5, 87036956450994410488989322365773556006053008613964544744444104769020810012336)

#GF(88061271168532822384517279587784001104302157326759940683992330399098283633319)

gf = 88061271168532822384517279587784001104302157326759940683992330399098283633319
data = {'required_shares':2,'prime_mod':gf, 'shares':[Share1,Share2,Share3,Share4,Share5]}

print(hex(lagrange([Share1,Share2,Share3,Share4,Share5], gf)))

## step3.py
from Crypto.Cipher import AES

def decrypt(msg,key):
    cipher = AES.new(key, AES.MODE_ECB)
    plaintext = cipher.decrypt(msg)
    return plaintext

cipher = "00cc03bebb6756fded9a55e772b665d3f98004163904713b83c0bfed06558e9ce57d1d50409179741b09d5f059d668d5fd7775892e403357200c5c516125cb53451f52d34f08e4e2885588c046360bfc44c84a3a4da194484d2ca414ba01e698221936ea8e372b6a3bf4af1c85a99e54df52b58d6a7a0add3752e88fa928c15d"
key = "315f346d5f793075725f6b33795f74305f6733745f7468335f666c3467313233"

print(f'OUTPUT {decrypt(bytearray.fromhex(cipher),bytearray.fromhex(key))}')
	from random import randint, shuffle
	from Crypto.Util.number import getPrime
	from hashlib import sha256

	class BBS:
	def __init__(self, bits, length):
	self.bits = bits
	self.out_length = length

	def reset_params(self):
	self.state = randint(2, 2 ** self.bits - 2)
	self.m = getPrime(self.bits // 2) * getPrime(self.bits // 2) * randint(1, 2)

	def extract_bit(self):
	self.state = pow(self.state, 2, self.m)
	return str(self.state % 2)

	def gen_output(self):
	self.reset_params()
	out = ''
	for _ in range(self.out_length):
	out += self.extract_bit()
	return out

	def keygen(self):
	out = self.gen_output()
	print(f'OUT {out}')
	key = sha256(out.encode()).digest()
	print(f'KEY {key.hex()}')
	return key

	encryptor = BBS(512, 256)

	keys = []
	for i in range(10):
	print(f'------{i}-------')
	keys.append(encryptor.keygen())
	from Crypto.Cipher import AES
	import binascii

	#keys values
	keys = ["bd93b4a63868f8c6028d3fa30bdb4f2c15b96e2ec6ac85acfa7bac4b40c4c683","67f022195ee405142968ca1b53ae2513a8bab0404d70577785316fa95218e8ba"]

	def decrypt(msg,key,iv):
	cipher = AES.new(key, AES.MODE_CBC, iv)
	plaintext = cipher.decrypt(msg)
	return plaintext

	with open("output.txt","r") as f:
	lines = f.readlines()

	next_step = ""
	hold_array = eval(lines[0])
	for arr in hold_array:
	stop = False
	for i in range(10):
	iv = arr[i][0]
	cipher= arr[i][1]
	for k in keys:
	output = decrypt(binascii.unhexlify(cipher),bytearray.fromhex(k),bytearray.fromhex(iv))
	try:
	test = output[0:10].decode() #check for UTF-8 text
	print(f'OUTPUT: {output}\n')
	stop = True
	break
	except:
	pass
	if stop:
	break
	from lagrange import lagrange

	Instructions = '''
	Welcome! If you see this you have successfully decrypted the first message. To get the symmetric key that decrypts the flag you need to do the following:

	1. Collect all 5 shares from these messages
	2. Use them to interpolate the polynomial in a finite field that will be revealed in another message
	3. Convert the constant term of the polynomial to bytes and use it to decrypt the flag. Here is your first share!
	'''

	Share1 = (1, 27006418753792019267647881709336369603809025474153761185424552629526746515909)
	Share2 = (2, 76590454267924193303526931251420387908730989759486987968207839464816350274449)
	Share3 = (3, 67564500698667187837224046797217120599664632018519685208508601443605280795068)
	Share4 = (4, 57120102994643471094254225269948720992016639286627873340589938545214763610538)
	Share5 = (5, 87036956450994410488989322365773556006053008613964544744444104769020810012336)

	#GF(88061271168532822384517279587784001104302157326759940683992330399098283633319)

	gf = 88061271168532822384517279587784001104302157326759940683992330399098283633319
	data = {'required_shares':2,'prime_mod':gf, 'shares':[Share1,Share2,Share3,Share4,Share5]}

	print(hex(lagrange([Share1,Share2,Share3,Share4,Share5], gf)))
	from Crypto.Cipher import AES

	def decrypt(msg,key):
	cipher = AES.new(key, AES.MODE_ECB)
	plaintext = cipher.decrypt(msg)
	return plaintext

	cipher = "00cc03bebb6756fded9a55e772b665d3f98004163904713b83c0bfed06558e9ce57d1d50409179741b09d5f059d668d5fd7775892e403357200c5c516125cb53451f52d34f08e4e2885588c046360bfc44c84a3a4da194484d2ca414ba01e698221936ea8e372b6a3bf4af1c85a99e54df52b58d6a7a0add3752e88fa928c15d"
	key = "315f346d5f793075725f6b33795f74305f6733745f7468335f666c3467313233"

	print(f'OUTPUT {decrypt(bytearray.fromhex(cipher),bytearray.fromhex(key))}')