qr4/ot-pwn.py

## ot-pwn.py
#!/usr/bin/env python3
# Author: lenerd@hackint

from argparse import ArgumentParser
import math
import sys
from telnetlib import Telnet
from phe import paillier
from gmpy2 import gcdext, invert

parser = ArgumentParser(prog=sys.argv[0])
parser.add_argument('--host', action='store', default='localhost', help='target host')
parser.add_argument('--port', type=int, default=1337, help='target port')
args = parser.parse_args()

HOST = args.host
PORT = args.port


def ot_pwner(t):
    pk, sk = paillier.generate_paillier_keypair()
    t.write('{}\n'.format(pk.n).encode())

    g, X, Y = gcdext(sk.p, sk.q)
    assert g == 1

    alpha = int(X*sk.p % pk.n)

    c = pk.raw_encrypt(alpha)
    print('{}\n'.format(c).encode())
    t.write('{}\n'.format(c).encode())

    # receive c0, c1
    c0 = int(t.read_until(b'\n').decode().strip())
    c1 = int(t.read_until(b'\n').decode().strip())
    gamma0 = sk.raw_decrypt(c0)
    gamma1 = sk.raw_decrypt(c1)

    x0 = (gamma0 * invert(Y*sk.q, sk.p)) % sk.p
    x1 = (gamma1 * invert(X*sk.p, sk.q)) % sk.q

    m0 = int(x0).to_bytes(math.ceil(x0.bit_length() / 8), 'big')
    m1 = int(x1).to_bytes(math.ceil(x1.bit_length() / 8), 'big')

    flag = bytes(x ^ y for x, y in zip(m0, m1)).decode()

    return flag


if __name__ == '__main__':
    t = Telnet(HOST, PORT)
    flag = ot_pwner(t)
    print(flag)
	#!/usr/bin/env python3
	# Author: lenerd@hackint

	from argparse import ArgumentParser
	import math
	import sys
	from telnetlib import Telnet
	from phe import paillier
	from gmpy2 import gcdext, invert

	parser = ArgumentParser(prog=sys.argv[0])
	parser.add_argument('--host', action='store', default='localhost', help='target host')
	parser.add_argument('--port', type=int, default=1337, help='target port')
	args = parser.parse_args()

	HOST = args.host
	PORT = args.port


	def ot_pwner(t):
	pk, sk = paillier.generate_paillier_keypair()
	t.write('{}\n'.format(pk.n).encode())

	g, X, Y = gcdext(sk.p, sk.q)
	assert g == 1

	alpha = int(X*sk.p % pk.n)

	c = pk.raw_encrypt(alpha)
	print('{}\n'.format(c).encode())
	t.write('{}\n'.format(c).encode())

	# receive c0, c1
	c0 = int(t.read_until(b'\n').decode().strip())
	c1 = int(t.read_until(b'\n').decode().strip())
	gamma0 = sk.raw_decrypt(c0)
	gamma1 = sk.raw_decrypt(c1)

	x0 = (gamma0 * invert(Y*sk.q, sk.p)) % sk.p
	x1 = (gamma1 * invert(X*sk.p, sk.q)) % sk.q

	m0 = int(x0).to_bytes(math.ceil(x0.bit_length() / 8), 'big')
	m1 = int(x1).to_bytes(math.ceil(x1.bit_length() / 8), 'big')

	flag = bytes(x ^ y for x, y in zip(m0, m1)).decode()

	return flag


	if __name__ == '__main__':
	t = Telnet(HOST, PORT)
	flag = ot_pwner(t)
	print(flag)