potetisensei/100lines.cpp

## 100lines.cpp
unsigned char[] randpad = "\xfc\x8a\x45\x51\x67\x8c\xa9\xc0\xb0\xfd\xf7\x6f\xb8\x50\xf1\x2f\x7a\x62\x66\xe3\xd3\xc3\x6e\xbe\x37\x39\x33\x68\x3b\xc6\x76\x1e\xae\xaa\x83\xed\x57\x1a\xf1\x29\xe6\xc1\xb9\x9e\xdd\xa2\x86\x2c\x1a\xdc\x49\x9d\x82\x01\xd5\x3a\xb5\xd3\x33\x12\x1c\xce\x94\x2b\xc3\xb0\x6c\xbc\x46\x73\x39\x5e\x7b\xc7\xb4\x9e\x56\xf0\xad\x72\x5e\x83\xc7\x05\xc5\xe9\x2e\x85\x88\x79\x94\xf7\xe7\xac\x34\xfe\x5c\xce\x2e\x13\xf1\xcc\x8e\xea\x60\x83\xbe\xdc\x4a\xbb\xe8\xdf\x65\x20\xef\x44\xad\xfa\xd6\x12\x83\xd5\xdc\x94\xad\x1f\xe1\x5f\xe8\xfa\x7e\x3f\xda\x61\xe3\xdf\xab\x5b\x4f\x2a\x6c\x24\x82\xad\x17\x89\xba\x29\xb9\x46\x34\x74\x64\xf7\x45\x22\x8d\xaf\x33\xd6\x52\xb5\xde\x10\xe4\x53\x5d\x96\xb7\xe2\x2e\xcb\xb1\x75\xbc\x74\x5a\x21\x29\x8c\x57\xb3\x16\x5e\xc7\xc8\xc2\x26\x35\x48\x2d\x3c\x60\x7b\x5d\xdd\xa8\x29\x61\x19\xd0\xef\xee\x6d\x04\xdd\x20\x51\x95\x1d\x01\xe1\xda\xda\xb4\xa5\x46\xd9\xcb\xaf\x56\xb5\x20\x05\xd0\x6b\xd2\x22\x21\x2f\x2d\xd3\x73\x97\x56\x89\xae\xac\x02\xb6\x35\xd2\x14\x87\xc6\x49\xdf\x0e\x17\x85\x64\xe5\xaf\x6e\x93\x61";
unsigned int4 randpad_len = 0x100;

unsigned int4 calc(unsigned int sum, unsigned char * buf, unsigned long long i, unsigned long long j) {
    unsigned int4 ret = 0;

    ret |= buf[i/8 + j] << (i%7);
    ret |= buf[i/8 + j +1] >> (8 - j%7); /* rotate */
    ret %= 0x100;

    ret <<= (24-j*8); /* store straight */

    sum |= ret;
    return sum;
}

void loop(unsigned longlong8 arg1, unsigned char *arg2, unsigned char *stored) {
    unsigned longlong8 len = arg1 - 0x20;

    for (unsigned longlong8 i=0; i<len; i++) {/* var_30: i*/
        unsigned int4 sum1 = 0; /* sum1: var_34 */
        var_20 = 0;

        for (unsigned longlong8 j=0; j<4; j++) { /* var_20:j */
            sum = calc(sum, arg2, i, j);
        }

        for (unsigned longlong8 j=0; j<len; j++) { /* var_28:j*/
            unsigned int4 sum2 = 0; /* sum2:var_38 */

            for (unsigned longlong8 k=0; k<4; k++) { /*var_18:k*/
                sum2 = calc(sum2, arg2, j, k);
            }

            sum2 ^= sum1;

            for (unsigned longlong8 k=0; k<4; k++) { /* k:var_10 */
                stored[(i*len+j)*4+k] = sum2 >> (24 - k*8); /* store reverse */
            }
        }
    }
}

unsigned char getByte(unsigned longlong8 index, unsigned longlong8 arg2, unsigned char* arg3) {
    unsigned longlong8 size = (arg2 - 0x20) * (arg2 - 0x20) * 4;
    unsigned char *stored = malloc(size);
    if (stored == NULL) exit(0);

    loop(arg2, arg3, stored);

    unsigned char ret = stored[index];
    if (stored) delete [] stored;

    return ret;
}

int main() {
    FILE *stream = NULL;
    s = NULL;
    unsigned char* var_48 = 0;
    var_40 = 0;
    unsigned longlong8 var_38 = (long8)((randpad_len + 0x1FFFFFFC) * 8);

    unsigned longlong8 var_30 = (var_38 * var_38 * 4) - 0x20;
    unsigned longlong8 size = var_38 * var_38 * 4;

    unsigned long4 *array = new unsigned long4[size]; /* var_48 */
    unsigned long4 *var_40 = new unsigned long4[0x26];

    unsigned longlong8 var_20 = var_30 * var_30 * 4;
    loop(var_38, randpad, array);

    unsigned long4 *var_18 = new unsigned long4[0x130];

    int fd = open("/dev/urandom", R_ONLY); /* fd:[rbp+fd] */
    puts("OTP locations:");

    for (int i=0; i<0x26; i++) { /* i:var_74 */
        unsigned longlong8 val; /* val:var_60:[rbp+buf] */

        read(fd, &val, 8);
        val %= var_20;
        printf("0x%016llx ", val);
        var_18[i] = val;

        fflush(stdout);
    }

    for (int i=0; i<8; i++) { /* i:var_70 */
        var_75 = fgetc(stdin);

        char g = getByte(var_18[i], var_28, var_48);
        g = g - (g*97/256 + (g - g*97/256)/2)/64*0x5D + 0x20;

        /* edx = eax = getByte(var_18[i], var_28, var_48);
           ecx = edx - (eax * 97)/256
           eax = edx - ((eax * 97)/256 + ecx / 2) / 64 * 0x5D + 0x20*/

        if (g == var_75) var_6C++;
        else var_6C = 0;
    }

    putchar('\n');

    if (var_6C > 6) {
        stream = fopen("flag", "r");
        if (stream != NULL) {
            fseek(stream, 0, 2);
            var_64 = ftell(stream);

            rewind(stream);

            s = malloc(var_64 + 1);
            memset(s, '\0', var_64+1);

            fread(s, 1, var_64, stream);

            for (int i=0; i<0x26; i++) { /* var_74: i */
                var_40[i] = getByte(var_18[i], var_28, var_48) ^ s[i];
                printf("0x%02x", var_40[i]);
                if (i < 0x25) putchar(',');
                fflush(stdout);
            }

            puts("\n");
        }
    }

   if (var_18) delete[] var_18;
   if (var_48) delete[] var_48;
   if (var_40) delete[] var_40;
}
	unsigned char[] randpad = "\xfc\x8a\x45\x51\x67\x8c\xa9\xc0\xb0\xfd\xf7\x6f\xb8\x50\xf1\x2f\x7a\x62\x66\xe3\xd3\xc3\x6e\xbe\x37\x39\x33\x68\x3b\xc6\x76\x1e\xae\xaa\x83\xed\x57\x1a\xf1\x29\xe6\xc1\xb9\x9e\xdd\xa2\x86\x2c\x1a\xdc\x49\x9d\x82\x01\xd5\x3a\xb5\xd3\x33\x12\x1c\xce\x94\x2b\xc3\xb0\x6c\xbc\x46\x73\x39\x5e\x7b\xc7\xb4\x9e\x56\xf0\xad\x72\x5e\x83\xc7\x05\xc5\xe9\x2e\x85\x88\x79\x94\xf7\xe7\xac\x34\xfe\x5c\xce\x2e\x13\xf1\xcc\x8e\xea\x60\x83\xbe\xdc\x4a\xbb\xe8\xdf\x65\x20\xef\x44\xad\xfa\xd6\x12\x83\xd5\xdc\x94\xad\x1f\xe1\x5f\xe8\xfa\x7e\x3f\xda\x61\xe3\xdf\xab\x5b\x4f\x2a\x6c\x24\x82\xad\x17\x89\xba\x29\xb9\x46\x34\x74\x64\xf7\x45\x22\x8d\xaf\x33\xd6\x52\xb5\xde\x10\xe4\x53\x5d\x96\xb7\xe2\x2e\xcb\xb1\x75\xbc\x74\x5a\x21\x29\x8c\x57\xb3\x16\x5e\xc7\xc8\xc2\x26\x35\x48\x2d\x3c\x60\x7b\x5d\xdd\xa8\x29\x61\x19\xd0\xef\xee\x6d\x04\xdd\x20\x51\x95\x1d\x01\xe1\xda\xda\xb4\xa5\x46\xd9\xcb\xaf\x56\xb5\x20\x05\xd0\x6b\xd2\x22\x21\x2f\x2d\xd3\x73\x97\x56\x89\xae\xac\x02\xb6\x35\xd2\x14\x87\xc6\x49\xdf\x0e\x17\x85\x64\xe5\xaf\x6e\x93\x61";
	unsigned int4 randpad_len = 0x100;

	unsigned int4 calc(unsigned int sum, unsigned char * buf, unsigned long long i, unsigned long long j) {
	unsigned int4 ret = 0;

	ret \|= buf[i/8 + j] << (i%7);
	ret \|= buf[i/8 + j +1] >> (8 - j%7); /* rotate */
	ret %= 0x100;

	ret <<= (24-j8); / store straight */

	sum \|= ret;
	return sum;
	}

	void loop(unsigned longlong8 arg1, unsigned char arg2, unsigned char stored) {
	unsigned longlong8 len = arg1 - 0x20;

	for (unsigned longlong8 i=0; i<len; i++) {/* var_30: i*/
	unsigned int4 sum1 = 0; /* sum1: var_34 */
	var_20 = 0;

	for (unsigned longlong8 j=0; j<4; j++) { /* var_20:j */
	sum = calc(sum, arg2, i, j);
	}

	for (unsigned longlong8 j=0; j<len; j++) { /* var_28:j*/
	unsigned int4 sum2 = 0; /* sum2:var_38 */

	for (unsigned longlong8 k=0; k<4; k++) { /var_18:k/
	sum2 = calc(sum2, arg2, j, k);
	}

	sum2 ^= sum1;

	for (unsigned longlong8 k=0; k<4; k++) { /* k:var_10 */
	stored[(ilen+j)4+k] = sum2 >> (24 - k8); / store reverse */
	}
	}
	}
	}

	unsigned char getByte(unsigned longlong8 index, unsigned longlong8 arg2, unsigned char* arg3) {
	unsigned longlong8 size = (arg2 - 0x20) * (arg2 - 0x20) * 4;
	unsigned char *stored = malloc(size);
	if (stored == NULL) exit(0);

	loop(arg2, arg3, stored);

	unsigned char ret = stored[index];
	if (stored) delete [] stored;

	return ret;
	}

	int main() {
	FILE *stream = NULL;
	s = NULL;
	unsigned char* var_48 = 0;
	var_40 = 0;
	unsigned longlong8 var_38 = (long8)((randpad_len + 0x1FFFFFFC) * 8);

	unsigned longlong8 var_30 = (var_38 * var_38 * 4) - 0x20;
	unsigned longlong8 size = var_38 * var_38 * 4;

	unsigned long4 array = new unsigned long4[size]; / var_48 */
	unsigned long4 *var_40 = new unsigned long4[0x26];

	unsigned longlong8 var_20 = var_30 * var_30 * 4;
	loop(var_38, randpad, array);

	unsigned long4 *var_18 = new unsigned long4[0x130];

	int fd = open("/dev/urandom", R_ONLY); /* fd:[rbp+fd] */
	puts("OTP locations:");

	for (int i=0; i<0x26; i++) { /* i:var_74 */
	unsigned longlong8 val; /* val:var_60:[rbp+buf] */

	read(fd, &val, 8);
	val %= var_20;
	printf("0x%016llx ", val);
	var_18[i] = val;

	fflush(stdout);
	}

	for (int i=0; i<8; i++) { /* i:var_70 */
	var_75 = fgetc(stdin);

	char g = getByte(var_18[i], var_28, var_48);
	g = g - (g97/256 + (g - g97/256)/2)/64*0x5D + 0x20;

	/* edx = eax = getByte(var_18[i], var_28, var_48);
	ecx = edx - (eax * 97)/256
	eax = edx - ((eax * 97)/256 + ecx / 2) / 64 * 0x5D + 0x20*/

	if (g == var_75) var_6C++;
	else var_6C = 0;
	}

	putchar('\n');

	if (var_6C > 6) {
	stream = fopen("flag", "r");
	if (stream != NULL) {
	fseek(stream, 0, 2);
	var_64 = ftell(stream);

	rewind(stream);

	s = malloc(var_64 + 1);
	memset(s, '\0', var_64+1);

	fread(s, 1, var_64, stream);

	for (int i=0; i<0x26; i++) { /* var_74: i */
	var_40[i] = getByte(var_18[i], var_28, var_48) ^ s[i];
	printf("0x%02x", var_40[i]);
	if (i < 0x25) putchar(',');
	fflush(stdout);
	}

	puts("\n");
	}
	}

	if (var_18) delete[] var_18;
	if (var_48) delete[] var_48;
	if (var_40) delete[] var_40;
	}