Reversing the obfuscated js shows that you can provide payload from query string:
http://cybercook.chal.imaginaryctf.org/?action=base64&input=616263
And the payload will be decoded like this:
s=q.input // q is parsed query string object
from Crypto.Util.number import * | |
p = getPrime(512) | |
q = getPrime(512) | |
e = 65537 | |
n = p * q | |
dp = inverse_mod(e, p - 1) | |
m = 1234567894876348763 | |
c = power_mod(m, e, n) |
from cryptography import x509 | |
from cryptography.hazmat.primitives import hashes, serialization | |
from cryptography.hazmat.primitives.asymmetric import rsa | |
from cryptography.x509.oid import ( | |
NameOID, | |
ExtendedKeyUsageOID, | |
AuthorityInformationAccessOID, | |
) | |
def gen(ocsp_url, ca_url): |
# Based on https://utaha1228.github.io/ctf-note/2021/11/21/BalsnCTF-2021/ | |
import random | |
from tqdm import tqdm | |
class MT19937: | |
(w, n, m, r) = (32, 624, 397, 31) | |
a = 0x9908B0DF | |
(u, d) = (11, 0xFFFFFFFF) | |
(s, b) = (7, 0x9D2C5680) |
from collections import Counter | |
from math import log | |
import json | |
from argparse import ArgumentParser | |
def get_ctr(txt, n): | |
ctr = Counter("".join(x) for x in zip(*[txt[i:] for i in range(n)])) | |
return ctr |
import itertools | |
# curl -LJO 'https://msolve.lip6.fr/downloads/msolve-v0.2.4.tar.gz' | |
load("msolve-v0.2.4/interfaces/msolve-to-sage-file-interface.sage") | |
def msolve_wrap(eqs): | |
return MSolveRealRoots(eqs, mspath="msolve-v0.2.4/binary/msolve", p=0) | |
def all_zz(xs): | |
try: |
Reversing the obfuscated js shows that you can provide payload from query string:
http://cybercook.chal.imaginaryctf.org/?action=base64&input=616263
And the payload will be decoded like this:
s=q.input // q is parsed query string object
from tqdm import tqdm | |
p = 2**255 - 19 | |
m = 314159265358979323846264338327950288419716939937510582097494459230781640628 | |
cf = continued_fraction((m + 87 * p) / (1 + 63 * p)) | |
s = "".join(["-" * x + "/" for x in cf])[:-1] | |
def calc(m, s): | |
for x in s: |
p1 = 11400714785074694791 | |
p2 = 14029467366897019727 | |
p5 = 2870177450012600261 | |
mask = (1 << 64) - 1 | |
def rol(x, l): | |
return ((x << l) | (x >> (64 - l))) & mask |
N := 16272263761884760913834981570237185012689016739909681724173123311027023698119382194604351367717710439423966215734773732739017169649397007886867641042574372612328200833990505826283627024383229386248616346487228543485039109194654445182620365493334393898275761693877783109565274288153742902157274464598397610141189095624484325167663863550180485641254521697139714498053575172081231983805125962891334660276966188969824322759661626822865129776818152174027045203117029331430920115554670139006395498251713151875940958179247650377893980949189098296912824643766810997471467119541508081507756798709251607976701111186991307217371; | |
c1 := 1154720460725595432419912121463256063636424922900002916346539904244306803589761923608560394363786646398862561339382783422777269083534736611588855079248972521208730883026494066191103047261851647563891050392249668337425632378542083085965334206476002722020036872618229677291003581600074208003837158590639907087882793309117061515575553888628795766241013386491926120093502009571319539512620135816323 |
#include <memory.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <algorithm> | |
#define rotr(val, r) ((val >> r) | ((val & (1L << r) - 1) << (64 - r))) | |
typedef unsigned long uint64; | |
void printhex(char *buf, size_t len) { | |
for (size_t i = 0; i < len; i++) | |
printf("%02hhx", buf[i]); |