Created
January 19, 2018 01:34
-
-
Save obilodeau/4442cc2694c3e91fcfbd444f885262ec to your computer and use it in GitHub Desktop.
Solver for FLARE's pewpewboat that doesn't require doing reverse-engineering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| import binascii | |
| import hashlib | |
| import time | |
| # FIXME: why isn't pwntools python 3 already!? Oh I see it's complicated: https://github.com/Gallopsled/pwntools/issues/529 | |
| from pwn import * | |
| #context.log_level = 'debug' | |
| p = process('./pewpewboat.exe', stdin=PTY) | |
| def bit_not(n, numbits=8): | |
| return (1 << numbits) - 1 - n | |
| def submit_grid(solver): | |
| moves = solver.split(' ') | |
| for move in moves: | |
| print "Playing {}".format(move) | |
| p.sendline(move) | |
| data = p.recv() | |
| print data | |
| time.sleep(0.1) # makes it more dramatic | |
| if 'NotMd5Hash' in data: | |
| return data.split('"')[1].replace('\n','') | |
| def solve_hash(chal): | |
| while True: | |
| m = hashlib.md5() | |
| m.update(chal) | |
| result = binascii.hexlify(bytearray([bit_not(ord(c)) for c in m.digest()])).upper() | |
| p.sendline(result) | |
| chal = p.recv() | |
| print chal | |
| time.sleep(0.5) | |
| if 'NotMd5Hash' not in chal: | |
| p.recv(timeout=1) | |
| return | |
| p.recv() | |
| # F | |
| hash_challenge = submit_grid("B4 B5 B6 B7 B8 C4 C5 C6 C7 C8 D4 D5 D6 D7 D8 E4 E5 E6 E7 E8 F4 F5 F6 F7 F8 G4") | |
| solve_hash(hash_challenge) | |
| # H | |
| hash_challenge = submit_grid("B4 B5 B6 B7 B8 C4 C5 C8 D4 D5 D6 D7 D8 E4 E5 E6 E7 E8 F4 F5 F6 F7 F8 G4 G8") | |
| solve_hash(hash_challenge) | |
| # G | |
| hash_challenge = submit_grid("A2 A3 A4 A5 A6 A7 A8 B1 B8 C1 C8 D1 E1 E5 E6 E7 E8 F1 F8 G1 H1 H2 H3 H4 H5 H6 H7 G8") | |
| solve_hash(hash_challenge) | |
| # U | |
| hash_challenge = submit_grid("D5 D8 E5 E8 F5 F8 G5 G8 H5 H6 H7 H8") | |
| solve_hash(hash_challenge) | |
| # Z | |
| hash_challenge = submit_grid("B8 E5 F5 D6 C7 B4 B5 B6 B7 F6 F7 F8 F4") | |
| solve_hash(hash_challenge) | |
| # R | |
| hash_challenge = submit_grid("C1 C2 C3 D3 D1 E1 E4 B4 B1 A1 A2 A3") | |
| solve_hash(hash_challenge) | |
| # E | |
| hash_challenge = submit_grid("D5 D6 D7 E5 E7 F5 F6 F7 G5 H5 H6 H7") | |
| solve_hash(hash_challenge) | |
| # J | |
| hash_challenge = submit_grid("B4 B5 B6 C4 B3 B2 D4 E4 F1 G2 G3 F4") | |
| solve_hash(hash_challenge) | |
| # V | |
| hash_challenge = submit_grid("D7 E7 F7 G6 H5 G4 F3 E3 D3") | |
| solve_hash(hash_challenge) | |
| # O | |
| hash_challenge = submit_grid("D3 D4 E2 E5 F2 F5 G2 G5 H3 H4") | |
| solve_hash(hash_challenge) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment