Skip to content

Instantly share code, notes, and snippets.

Paweł Łukasik pawlos

Block or report user

Report or block pawlos

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@pawlos
pawlos / part4.py
Created Jan 11, 2020
Solving the fifth part of HitCon Quals CoreDumb
View part4.py
import string
import itertools
def brute(data):
s = 0xffffffff
for i in range(len(data)):
if data[i] == 0x00:
break
#iVar1 = i + 1
s = s ^ ord(data[i])
s = s & 0xffffffff
@pawlos
pawlos / decode.py
Created Jan 11, 2020
Hitcon CoreDumb decryptor
View decode.py
keys = ['4a03b58e','44daffc6','e13fea85','f29ead42','5c53e277']
keys = [x.decode('hex') for x in keys]
data = ['1f4b3c6b028059ee028ac826c37611ea0288b1ab6203b58e028af0767bc372cb8a47c0c328c5f04a4a4b72cb9a03b58e4a4b72cb9203b58e4a4b72cbaa03b58e4ac4f0664a03b58e2cc4f0624a03fd360325c7bb3c32a68a028af04b2cc4f043045d73cb850372cbf203b58e4ac4f0324b03b58e8d460d8e4a03b5657388f036026065c6c1461dc64bd3ba384288f036d3c25f904bd3366e492a65c6d20c03ca4fc336664d3274078088f036029b3dda4fd336cbf2023ecbf238f02a36bc72cbf203b58e4ae896050fbbfd1645b5e18b9a88f036029bba380e0670b68877b2490fbfb58e4a0336cbf2023ecbf238f02a36d63ecbf64b3efbb267fdbd7e269d8e4a03c18ba2b74971b5ca7600',
'119276230c5913b60c53825e209274c261f2ffc644927683bceb3f01017effc644da3883ecdaffc6441dba6a44daffc6839f4fc744daff01010a424b8f4f388390a333424b1dba1e3272667e839f2393ef87f501013a45fdcf403883a07dc774341dba2eb5e64ab4839f13cf46a62b010176ffc644da16d545daff4d0176b7a594927483dc92fe164b6cffc9fa1ada3944daff4f017e7483e892678ec98afb8ecf9f678e450af07044d541066125ffc64453ba6e
View solution.py
from itertools import *
import string
def xor(data, key):
return ''.join([chr(d ^ ord(k)) for d,k in zip(data, cycle(key))])
data = [0x1C,0x5C,0x22,0x00,0x00,0x17,0x02,0x62,0x07,0x00,0x06,0x0D,0x08,0x75,0x45,0x17,0x17,0x3C,0x3D,0x1C,0x31,0x32,0x02,0x2F,0x12,0x72,0x39,0x0D,0x23,0x1E,0x28,0x29,0x69,0x31,0x00,0x39]
extra = '_'+'-'+'$' +'!'+'@'+'*'+'.'
View solution2.py
from ctypes import *
import struct
import hashlib
def readProcessMemory(address, l):
OpenProcess = windll.kernel32.OpenProcess
ReadProcessMemory = windll.kernel32.ReadProcessMemory
CloseHandle = windll.kernel32.CloseHandle
PROCESS_ALL_ACCESS = 0x1F0FFF
View solv.py
from z3 import *
x0 = BitVec('x0',8)
x1 = BitVec('x1',8)
x2 = BitVec('x2',8)
x3 = BitVec('x3',8)
x4 = BitVec('x4',8)
View nums2.py
array = [121,255,214,60,106,216,149,89,96,29,81,123,182,24,167,252,88,212,43,85,181,86,108,213,50,78,247,83,193,35,135,217,0,64,45,236,134,102,76,74,153,34,39,10,192,202,71,183,185,175,84,118,9,158,66,128,116,117,4,13,46,227,132,240,122,11,18,186,30,157,1,154,144,124,152,187,32,87,141,103,189,12,53,222,206,91,20,174,49,223,155,250,95,31,98,151,179,101,47,17,207,142,199,3,205,163,146,48,165,225,62,33,119,52,241,228,162,90,140,232,129,114,75,82,190,65,2,21,14,111,115,36,107,67,126,80,110,23,44,226,56,7,172,221,239,161,61,93,94,99,171,97,38,40,28,166,209,229,136,130,164,194,243,220,25,169,105,238,245,215,195,203,170,16,109,176,27,184,148,131,210,231,125,177,26,246,127,198,254,6,69,237,197,54,59,137,79,178,139,235,249,230,233,204,196,113,120,173,224,55,92,211,112,219,208,77,191,242,133,244,168,188,138,251,70,150,145,248,180,218,42,15,159,104,22,37,72,63,234,147,200,253,100,19,73,5,57,201,51,156,41,143,68,8,160,58]
def _f(idx, num2):
global array
num = idx
result = 0
#for i in range(idx+1):
num +=1
num %=
View solution.py
# -*- coding: utf-8 -*-
import sys
from PIL import Image
from nums2 import _f, _g
import struct
im = Image.open(sys.argv[1])
rgb_im = im.convert('RGB')
widht, height = im.size#(1664,1248)
#data = open(sys.argv[1],'rb').read()[0x36:]
@pawlos
pawlos / import_blender.py
Created Dec 5, 2019
Imports data from the file into blender
View import_blender.py
import bpy
from mathutils import Vector
import sys
file = open("c:\\temp\\FlareOn\\2019\\challenges\\demo\\output3.txt")
v = True
i = False
verts = []
faces = []
@pawlos
pawlos / convert.py
Last active Dec 5, 2019
Converts binary D3DX data into text form
View convert.py
import struct
cv = 0
ci = 0
with open('output3.txt','w') as o:
with open('mesh2_vertices.bin','rb') as f:
data = f.read()
#print(len(data))
i = 0
o.write("Vertex\n")
@pawlos
pawlos / FlareBearActivity.java
Last active Nov 29, 2019
Solution for Flare-On 2019 Lvl 3 - Flarebear
View FlareBearActivity.java
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.Charset;
import javax.crypto.*;
import java.security.*;
import java.security.spec.*;
You can’t perform that action at this time.