morsisko/p.py

## p.py
#ctf
import struct
import string

shuffle = [int(i, 16) for i in "02 06 07 01 05 0b 09 0e 03 0f 04 08 0a 0c 0d 00".split()]
add = [int(i, 16) for i in "ef be ad de ad de e1 fe 37 13 37 13 66 74 63 67".split()]
xor = [int(i, 16) for i in "76 58 b4 49 8d 1a 5f 38 d4 23 f8 34 eb 86 f9 aa".split()]

def make_shuffle(input):
    output = [0 for i in range(len(input))]
    for i in range(len(input)):
        output[i] = input[shuffle[i]]

    return output

def make_add(input):
    left1, left2 = struct.unpack("<ii", bytearray(input[0:4]) + bytearray(add[0:4]))
    left3, left4 = struct.unpack("<ii", bytearray(input[4:8]) + bytearray(add[4:8]))
    right1, right2 = struct.unpack("<ii", bytearray(input[8:12]) + bytearray(add[8:12]))
    right3, right4 = struct.unpack("<ii", bytearray(input[12:16]) + bytearray(add[12:16]))

    output = []
    left = (left1 + left2) & (0xFFFFFFFF)
    for i in range(4):
        output.append((left >> i*8) & 0xFF)

    lleft = (left3 + left4) & (0xFFFFFFFF)
    for i in range(4):
        output.append((lleft >> i*8) & 0xFF)

    right = (right1 + right2) & (0xFFFFFFFF)
    for i in range(4):
        output.append((right >> i*8) & 0xFF)

    rright = (right3 + right4) & (0xFFFFFFFF)
    for i in range(4):
        output.append((rright >> i*8) & 0xFF)


    return output

def make_xor(input):
    output = [0 for i in range(len(input))]
    for i in range(len(input)):
        output[i] = input[i] ^ xor[i]

    return output

def brute():
    shuffle = [int(i, 16) for i in "02 06 07 01 05 0b 09 0e 03 0f 04 08 0a 0c 0d 00".split()]

    current_s = "CTF{aaaaaaaaaa}\x00"
    z_shuffle_index = 0
    char_in_beginning = current_s[z_shuffle_index]
    in_beginning = shuffle[z_shuffle_index]
    in_end = z_shuffle_index

    for jj in range(0x100):
        input = [ord(i) for i in current_s]
        input[in_beginning] = jj

        input = make_shuffle(input)
        input = make_add(input)
        input = make_xor(input)

        if input[in_end] == ord(char_in_beginning):
            print("Now", z_shuffle_index, "new pos:", in_beginning, "char", chr(jj), jj)


brute()
	#ctf
	import struct
	import string

	shuffle = [int(i, 16) for i in "02 06 07 01 05 0b 09 0e 03 0f 04 08 0a 0c 0d 00".split()]
	add = [int(i, 16) for i in "ef be ad de ad de e1 fe 37 13 37 13 66 74 63 67".split()]
	xor = [int(i, 16) for i in "76 58 b4 49 8d 1a 5f 38 d4 23 f8 34 eb 86 f9 aa".split()]

	def make_shuffle(input):
	output = [0 for i in range(len(input))]
	for i in range(len(input)):
	output[i] = input[shuffle[i]]

	return output

	def make_add(input):
	left1, left2 = struct.unpack("<ii", bytearray(input[0:4]) + bytearray(add[0:4]))
	left3, left4 = struct.unpack("<ii", bytearray(input[4:8]) + bytearray(add[4:8]))
	right1, right2 = struct.unpack("<ii", bytearray(input[8:12]) + bytearray(add[8:12]))
	right3, right4 = struct.unpack("<ii", bytearray(input[12:16]) + bytearray(add[12:16]))

	output = []
	left = (left1 + left2) & (0xFFFFFFFF)
	for i in range(4):
	output.append((left >> i*8) & 0xFF)

	lleft = (left3 + left4) & (0xFFFFFFFF)
	for i in range(4):
	output.append((lleft >> i*8) & 0xFF)

	right = (right1 + right2) & (0xFFFFFFFF)
	for i in range(4):
	output.append((right >> i*8) & 0xFF)

	rright = (right3 + right4) & (0xFFFFFFFF)
	for i in range(4):
	output.append((rright >> i*8) & 0xFF)


	return output

	def make_xor(input):
	output = [0 for i in range(len(input))]
	for i in range(len(input)):
	output[i] = input[i] ^ xor[i]

	return output

	def brute():
	shuffle = [int(i, 16) for i in "02 06 07 01 05 0b 09 0e 03 0f 04 08 0a 0c 0d 00".split()]

	current_s = "CTF{aaaaaaaaaa}\x00"
	z_shuffle_index = 0
	char_in_beginning = current_s[z_shuffle_index]
	in_beginning = shuffle[z_shuffle_index]
	in_end = z_shuffle_index

	for jj in range(0x100):
	input = [ord(i) for i in current_s]
	input[in_beginning] = jj

	input = make_shuffle(input)
	input = make_add(input)
	input = make_xor(input)

	if input[in_end] == ord(char_in_beginning):
	print("Now", z_shuffle_index, "new pos:", in_beginning, "char", chr(jj), jj)


	brute()