mrT4ntr4
/ reee_plaid20_z3.py
Created
April 20, 2020 10:24
Unoptimized solution script for 'reee' chall from Plaid CTF 2020, solved using z3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| import time | |
| start_time = time.time() | |
| s = Solver() | |
| enc = ['0x48', '0x5f', '0x36', '0x35', '0x35', '0x25', '0x14', '0x2c', '0x1d', '0x01', '0x03', '0x2d', '0x0c', '0x6f', '0x35', '0x61', '0x7e', '0x34', '0x0a', '0x44', '0x24', '0x2c', '0x4a', '0x46', '0x19', '0x59', '0x5b', '0x0e', '0x78', '0x74', '0x29', '0x13','0x2c'] | |
| enc = [int(x,16) for x in enc] | |
| inp = [] |
mrT4ntr4
/ SharpPasswd_enc_volga20.py
Last active
April 21, 2020 19:37
Encrypt Fcn of Challenge SharpPasswd.dll from VolgaCTF 2020 (Unsolved)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def b64From24bit(a, b, c, n): | |
| num = c << 16 | b << 8 | a | |
| b64enc = "" | |
| while (n): | |
| b64enc += "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"[num & 63] | |
| num >>= 6; | |
| n-=1 | |
| return b64enc |
mrT4ntr4
/ SharpPasswd_dec_volga20.py
Created
April 21, 2020 19:39
Trying decryption of hash for Challenge SharpPasswd.dll from VolgaCTF 2020 (Unsolved)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dd = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | |
| get_bin = lambda x: format(x, 'b').zfill(6) | |
| enc = "h3dly.DhgeOUeicweL2Zp." | |
| n = 4 | |
| enc = [enc[i:i+n] for i in range(0, len(enc), n)] | |
| #print enc | |
| i=0 |
mrT4ntr4
/ deobf_r0shin.py
Created
April 21, 2020 19:47
Deobfuscating some strings and variables from r0sh1n's crackme
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://crackmes.one/crackme/5e2e79f933c5d43b8718c5d0 | |
| def deobf(enc,k): | |
| num = 276606405 + k +1 | |
| dec = "" | |
| for item in enc: | |
| c = ord(item) | |
| lev2 = ((c >> 8) ^ num) & 0xff | |
| num+=2 | |
| dec += (chr(lev2)) |
mrT4ntr4
/ wavDecode.py
Created
April 21, 2020 19:55
Solution script for Challenge Screams from riceteacatpanda CTF 2020
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Fixing wav and generating an img | |
| import soundfile as sf | |
| import numpy as np | |
| from PIL import Image | |
| #im = Image.new() | |
| #np.set_printoptions(threshold=np.inf) | |
| data, samplerate = sf.read('../aaaaaaaaaaaaaaaaaa.wav') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '''Position | |
| Find the Name when the Serial is 76876-77776 | |
| This problem has several answers. | |
| Password is ***p | |
| ''' | |
| import string | |
| name = ['g','o','l','u'] | |
| serial = [None]*11 |
mrT4ntr4
/ pos_crack.py
Created
April 21, 2020 20:18
z3 solver script for Position Challenge from Reversing.kr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| s = Solver() | |
| serial = list("76876-77776") | |
| inp = [] | |
| for i in range(4): | |
| b = BitVec("%d" % i, 16) |
mrT4ntr4
/ Tough_HouseplantCTF_z3.py
Created
April 26, 2020 19:10
z3 solver script for Challenge 'Tough' from Houseplant CTF 2020
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #encoding: utf-8 | |
| from z3 import * | |
| def algo(inp): | |
| got = "ow0_wh4t_4_h4ckr_y0u_4r3" | |
| realflag = [9,4,23,8,17,1,18,0,13,7,2,20,16,10,22,12,19,6,15,21,3,14,5,11] | |
| therealflag = [20,16,12,9,6,15,21,3,18,0,13,7,1,4,23,8,17,2,10,22,19,11,14,5] | |
| theflags = ['*'] * 24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| start(int, int): | |
| push rbp | |
| mov rbp, rsp | |
| sub rsp, 48 | |
| mov DWORD PTR [rbp-36], edi | |
| mov DWORD PTR [rbp-40], esi | |
| mov eax, DWORD PTR [rbp-36] | |
| mov edi, eax | |
| call f(int) | |
| mov DWORD PTR [rbp-4], eax |
mrT4ntr4
/ asm2_crack.py
Last active
May 7, 2020 12:26
Python solution script for ASM2 challenge from zh3r0 CTF '20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Challenge Source Backup : | |
| https://gist.github.com/mrT4ntr4/4e02a52c0bc89ecac7f03e38e0934628 | |
| Manually dissecting the assembly code and porting it to python | |
| ''' | |
| def f(x): | |
| if(x): | |
| if(x != 1): |
OlderNewer