Skip to content

Instantly share code, notes, and snippets.

View pqlx's full-sized avatar

David Bouman pqlx

78 followers · 11 following
View GitHub Profile
@pqlx
pqlx / pwn.c
Created December 19, 2021 15:54
hxp 2021 日本旅行 - exploit
#include <stdio.h>
#include <unistd.h>
#include <signal.h>
void handle_alarm()
{
return;
}
int main(void)
@pqlx
pqlx / pwntools-template.py
Created July 25, 2021 14:35
pwntools template for ctf
from pwn import *
context.terminal = ["terminator", "-e"]
BINARY_NAME = "<enter binary name>"
LIBC_NAME = "./libc.so"
REMOTE = ("<enter hostname>", 0000)
context.binary = BINARY_NAME
binary = context.binary
@pqlx
pqlx / log.strace
Last active February 20, 2021 12:17
WSL procedure for executing native windows executables.
...
...
execve("/mnt/c/Windows/explorer.exe", ["./test"], NULL) = 0
arch_prctl(ARCH_SET_FS, 0x29c800) = 0
set_tid_address(0x29c838) = 1514
brk(NULL) = 0x218f000
brk(0x2190000) = 0x2190000
sched_getaffinity(0, 128, [0, 1, 2, 3]) = 32
getpid() = 1514
getcwd("/home/david/wsl_testing/execve_PE", 4096) = 34
@pqlx
pqlx / ec-param-check.sage
Last active December 28, 2023 20:59
Identifying weak elliptic curve cryptography domain parameters.
def check_pohlig_hellman(curve, generator=None):
"""
The Pohlig-Hellman algorithm allows for quick (EC)DLP solving if the order of the curve is smooth,
i.e its order is a product of multiple (small) primes.
The best general purpose algorithm for finding a discrete logarithm is the Baby-step giant-step
algorithm, with a running time of O(sqrt(n)).
If the order of the curve (over a finite field) is smooth, we can however solve the (EC)DLP
algorithm by solving the (EC)DLP for all the prime powers that make up the order, then using the
@pqlx
pqlx / ecb_adaptive_chosen_plaintext_suffix.py
Created January 1, 2021 15:22
Adaptive chosen plaintext attack for block ciphers using the electronic codebook (ECB) mode of operation. Allows you to bruteforce any suffix to the plaintext in polynomial time
def bruteforce_suffix(encryption_routine, block_size=16, bruteforce_space=bytes(range(0, 0x100)), debug=False):
def _to_blocks(text):
blocks = []
for i in range(0, len(text), block_size):
blocks.append(text[i:i+block_size])
return blocks
@pqlx
pqlx / gram-schmidt.py
Created December 27, 2020 16:19
Gram-Schmidt algorithm for finding orthogonal basis U in vector space Φ, given a basis V in vector space Φ
import numpy as np
def proj(u, v):
return np.multiply(u, (np.inner(u, v)/np.inner(u, u)))
def orthogonal_basis(*V):
"""Uses the Gram-Schmidt algorithm for finding an orthogonal basis of V"""
U = [None] * len(V)
for k in range(len(V)):
@pqlx
pqlx / pow.py
Last active December 27, 2020 16:20
Modular integer exponentiation
from typing import List
from sys import getrecursionlimit, setrecursionlimit
def int_pow(base: int, power: int, modulus: int=None, safe: bool=True):
"""
Calculate `base` raised to `power`, optionally mod `modulus`
The python standard library offers the same functionality,
and this function exists only as a proof of Concept.
This function only aims to support positive integer operands.
@pqlx
pqlx / gen_from_poly.py
Last active December 27, 2020 16:22
Create C header file describing an AES substitution box given an arbitrary irreducible polynomial which defines the finite field GF(2^8)
import sys
from gf2 import GF2, GF2Element
def append_c_header(path, s):
with open(path, 'a') as o:
o.write(s)
def clear_c_header(path):
open(path, 'w').close()
@pqlx
pqlx / gf2.py
Last active December 27, 2020 16:23
GF(2^m) finite fields
from typing import Union, Optional
from math import log, floor
"""
This code is taken from the AES implementation which supplements my paper: 'Cryptography: A concise overview'.
It is released as beerware:
***************************************************************************************************************
@pqlx
pqlx / exploit.py
Created November 17, 2020 22:59
from pwn import *
from base64 import b64encode as be, b64decode as bd
context.terminal = ["sn"]
BINARY_NAME = "./pwn_slot"
LIBC_NAME = "./libc.so"
REMOTE = ("34.107.41.169", 32674)