Last active
March 30, 2019 20:53
-
-
Save rugo/77036ee81f6e5bd99b8ade03317b2e0b to your computer and use it in GitHub Desktop.
MeePwn CTF Still Old School Solution of RedRocket (blog.redrocket.club)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pexpect | |
| import re | |
| from multiprocessing import Process, Queue | |
| from Crypto.Cipher import AES | |
| def inv(x): | |
| x ^= (x >> 18) | |
| # Lowest 16 bit stay how they are, so we can just repeat... | |
| x ^= (x << 15) & 0xEFC60000 | |
| # Do it step by step | |
| x ^= (x << 7) & 0x1680 | |
| x ^= (x << 7) & 0xC4000 | |
| x ^= (x << 7) & 0xD200000 | |
| x ^= (x << 7) & 0x90000000 | |
| # Only highest 11 bits are untouched | |
| x ^= (x >> 11) & 0xFFC00000 | |
| # Do step by step again | |
| x ^= (x >> 11) & 0x3FF800 | |
| x ^= (x >> 11) & 0x7FF | |
| return x | |
| def shuffle(num): | |
| state = num | |
| # Finishing same but without shifting: | |
| # x = state ^ (state // (2**self.u)) | |
| # y = x ^ ((x * (2**7)) & self.b) | |
| # z = y ^ ((y * (2**15)) & self.c) | |
| # Zi = z ^ (z // (2**18)) | |
| x = state ^ (state >> 11) | |
| y = x ^ ((x << 7) & 0x9D2C5680) | |
| z = y ^ ((y << 15) & 0xEFC60000) | |
| Zi = z ^ (z >> 18) | |
| return Zi | |
| N = 3544234957 | |
| #outputs = [125363999960473668817048535769515784423,192602598663224227585775361271009997072,42285828911715206590561489180273977936,191265397065210392717515262136658027441,188251381983658836262126387398702081294,326012552126133898030757852252791289764,333013933659939911966585988372106139876,171480321519630369791805044138027683138,244651841088875092925221824985009784190,116226989933199130392345007519263716491,115531911250746406860064399166763246300,333067853493522325172855198424429032536,1175544408183842886033877161403903718,296306647178828673244533533157216311165,60867588989347078594254529298602869200,141058091393955270030206313123586832975,196712482854138304629232515670525857650,79156858940731824411899315062122273749,241391694453915777195587087241302620481,274650247067215673115365295578964765096,297131148556941291627041680953906684900,272872170488365804486682399969964274642,63234114879075391980282767837789711777,176347724271023132123984289079760704150,14135062891718280721420485331827874566,334597150726315936857758270527999489733,51135068278333973725187397902664939312,183459248647657724030522091071410464960,110170067307083661376995455674807428134,242171233929741923353240231532567306116,338446287085878152942879457910444980676,268424557149137471794345603050041792899,125139625000637572627560353919471148886,259042935110063750342065630193997920755,20935889954818445951848802283700285946,110850665674372110162989667321259855694,143200504201979542271234111848524611437,68599094658141160515611024525458655594,237708282189357030500534238810183166757,27238336780466670093727136712143915892,329148999953338724594285546474747023236,55650810123368679797858323415599348314,182772645728956641943606190700168370085,1133756328350363003971325717858306165,168802678374329990271401637074914492304,206721822215940573149633553282898913147,32623983686899688318455659896006122615,138201643994301205941275911687686833288,324899175714202035873801451505785307744,82779736363124497686460496806026101781,9281443614535263897924046210828553482,134335019326135717685403753072976938018,231369848461551347823571843975878261432,84710088608220725060408702945014537501,235435688412067120744164449747735568401,23039151547150343630365022503303342162,66377003949514651733782443291531025104,68699403614150204879029423369026930875,304199207848249908994667139418997408613,99466319827331625485834979408856064647,235945665357505279056808341129628460701,271679382511893399338706422445058383685,145258368715802682156024175029234689512,175819487718932743417173734865966085350,214135694757742345961035899548420070747,126318717168957571667451726392436359635,12021254208964278807392359934892840641,233400157900677485007017886379636019319,152845060559722927828770942481357482281,250863330147596533968900025582186754790,90218889549620069348135302010697481774,117421736947752036493426885186009700927,230080190530264333651138409186742074538,317783202673800324909599019944807710443,205005294658546569272952315054997955184,135073135800894414383384912359537821108,118802710049095599822040407664137289165,246838200711322021028250750618003816870,25685777686106186438622619451172313664,266836037100927738411263087973549866677,64559217444595343307803933885516951568,278199970354649924399628186908567813834,144379012690320303071553078258088515173,38678731408701800976994415087826405212,269269025877836792588276249732097183088,108668659955954503677711220838932798975,33897583640037400830294216509513391551,70185895234772078598737488165718799112,122125106540526587620909823532606157246,96677610928077035677369743302577617891,31229156675679955712881127934972868208,186976424930240382687647622815326106305,139562135043614680279319788210397333745,264675873457633667415308544541006518933,180900719115743647410071523280939784919,265997734085793921908111907397672021336,141076423507655770695499122962812264074,225456130679851593712966406919726730516,120299191715793778571982123727644038011,223915503975087772904228031204701849768,160014374520293002277631795911419143564,106583944759414812578159525015988036610,42691877120870743208332834604095689507,19300416113462348985252291866759868140,324004720399697052708725432034279587673,59247956029497416985186184991646871675,105096513630591640294578343671815716145,32822159361621632483284936144625769706,20039634189235894959287938049411894264,75582990105504474946428360908462952151,55170098284744683644696121777426501789,82243299616651700731397271659755434163,337096719580589082193918984667714773459,306282559256861831614298081983567808807,316753753110495624876341106738691192231,54237879555433443032681998713118825133,288997217167320389120284998370651153439,66327536016636335430089016456166497563,261353796584037037134301323471248822336,41619927490628394398238531898373247354,80209764394650425696628441511225115610,76674035615195807775220688669400489570,234465733609358208551208088150544437982,191304186630266792197571365684834540867,294346381746612954637193416417179284191,36902576583981236721278786279354123935,310878714766384518516703996166027889457,125216950575565647253542041689852125721,233062757485511810048997298854898707444,37780819653177439831191023176348425316,103350493636671888522578230743356923561,58260094100381041461239101278611883092,330002093449692932706101376770523300621,194068060117642140234853467616030269704,271539025059266961863631072991786095089,175762738583178120267735904311216870677,8083413184839110976487099427567146927,305788856433282462111105986451410280287,68607416473866838785504702878291432297,9570077286658368376747204529970596121,73286430095356121850751429792414089280,85215989906094367336760504433066481733,270137965970437154362612714762212903068,190459536498134332972150625127301329755,191736350963016025822329331252534926155,267119185763187925710313734397059154240,43693620016151713677704510477569126799,104299093787497687853184109187450082043,71498214471041949578763282402942686626,232142518133523601069105044646751472118,219974615250224362873683206232063564474,275745787345537871565361225401040531477,336987336931947693632356752259690675348,182794082503372005442108830861895715072,330517927960040743350965037692857416693,311982348965192314002648591640805117652] | |
| #states = [1060008160,340894186,922533364,2934395003,98727379,1749811206,494539548,4174476334,1419161510,3420217662,1337073780,1050755561,4082217290,3011431138,2545869326,3392669912,3794904851,3050778150,244545168,909117800,789030313,706501281,3470001825,4060797168,1658182245,1825777204,2771148955,2246417524,906182775,412492871,267957395,726868342,4069677691,4233964023,2981155557,1789435770,3848087422,2087518455,1145732721,1972062083,2996191686,1070242083,3705173875,1405903102,2167190989,1165072499,2895949334,3412673471,145733581,2083463172,2656247082,1859395208,2825382751,2558595824,1660920600,2636867415,917039092,2785646114,1520047366,203223199,266423309,218562548,1996463257,386850045,3986489735,2976563520,1614186575,3526925669,2298589419,2010865880,2759884456,2940900311,815218851,3348787643,3765223504,4294939674,3201882382,3084086879,755740118,1054142518,395755607,4113691110,1975703872,1071261232,272352503,1808452270,4052410596,3055126595,4112102137,1777090857,1781526410,1935585404,3818346254,1867379836,186205022,997410821,2332379996,3114377948,2543426546,1500407189,2870477372,256596685,221196117,2963342704,921489241,603629477,1424913589,467851079,3781625277,3510843907,2046836961,527228879,240748330,2360558442,2856221869,2398237398,1707485963,1332256471,1266981327,397490266,893862880,1305355410,2409598228,714309318,87072949,239040086,1118877615,2773233585,1299440413,4108379195,3428569617,3951665031,301251225,2685094400,4129870479,4052323426,1093087922,1023590627,3976620844,1133948698,584033672,1748100608,2060543329,3587004453,2207546094,1432974466,2633760335,1717883342,1273389522,866187418,1839274430,2505251036,1530679313,271427413,1660496366,871238529,3874431356,2991711433,3084983387,131894248,3223772612,3975434461,4066957227,2971954785,2065209660,3733886458,2235756599,1792541877,337065761,2810073193,2293923349,2314560957,3397451439,2270212441,2662344881,1292662217,3222445343,1038017253,2703046495,1639638741,2710059441,2146179955,3584974651,3685262921,1918775395,218446703,4251937546,874199793,2411117066,4244368073,1301268052,2543024646,2297457851,3098579699,1226547557,450935217,851375551,399227820,3448025593,3783474655,1556932763,3294855579,1919834772,2556585843,3485020715,1222405832,675861215,2142126772,1534784096,4270757037,3798544487,1562668749,2153361337,3763847086,215062673,2441817120,769369137,1980497617,481212927,3551353692,1823809183,3463676690,2211899476,2941828877,2413986611,3535630660,716296627,1904852931,229956369,688456259,702723638,396286495,3904676761,900518162,3062948815,903805172,935699012,2361391592,2831424656,2170383980,2684525314,1639026267,3122185903,1591501556,482165548,4268238748,579035302,4030629387,237539840,2121720903,2220001201,3225577512,2436206224,2032177843,1229062521,3444107472,3199218644,275146874,2543068947,4028654342,3452961042,2075249582,1369372014,2963224844,947158057,535366882,2754980919,3271721843,1277284066,4196870259,520863078,3994244400,2194763640,596354587,378134212,199551579,3110895191,1076767732,18589318,3744712993,2166917859,3080058184,2690113496,1936801553,1905970156,49850942,2487832105,3757524160,301067492,4249074252,1399554750,849221708,104074255,98273774,4071623387,1001008911,3406483370,1951651997,2583052145,1079604373,321947739,1726753447,1400473303,3004176968,3471276932,926959852,2136108110,1130786213,1691660979,1909525512,3416255808,2300280833,2610279224,1193377489,3023194000,2370514980,282427044,733540336,2593370363,1953015116,4215918576,1879957236,1284216428,690939285,3165206485,3687856588,2261375533,3575959743,3962464322,980499627,1389792850,2185453970,3786497406,26993284,217820392,2533499053,1484746915,1654971804,510364313,1171983082,670542722,2118172047,3219688742,481417600,1916477496,2340068221,161540575,1931572247,2814256035,548796660,3542408362,1868693959,3176630136,1931299237,2933573125,954075681,2492565198,803098210,3650538009,3660689083,1760116734,1365892218,3363137188,2935470708,4001935105,464930006,3379308982,2085655192,1253562345,859921641,2476808654,2617417937,832703638,3110754175,2145849112,640889595,3047295100,1360660369,2423791468,296562056,265908347,300959128,2258237883,23200535,185824376,245574127,3490882382,4129478281,4285436801,3573331972,3589414576,1901275668,1208179281,1007616726,2241501704,1568997134,305866871,1313689490,1586661844,3276278049,885003446,343010096,590929623,2548817465,1999918245,1506539771,3714800530,366436908,2696915624,3426549663,3564046075,1019428989,3795801427,2674221410,2315358149,1821237455,2903475706,4067126092,2297377259,200737083,2224917483,828138154,1372700024,2425340107,1756132206,1955362541,204055162,3693045602,4023213516,3526736166,2389932016,2777193610,2815190118,2150820807,3266574316,2981828332,792261847,2258699311,2729938465,874131744,3101980149,1939957603,332487142,829197772,3345757870,463270549,3746723239,3043447698,54880535,1327421806,95613163,330708823,2393023519,3321098334,1650551363,3276534414,3565459456,2334521143,2740845806,3564577816,176458628,608104237,1911733395,593764068,3027270362,1305548617,3711321019,1455833193,3594329852,2794102466,2842174320,1591211582,956552773,2711329531,2194343354,3099415873,719813783,83402108,3078569641,1887125903,2760384428,324499939,354608105,2629002370,1206586088,4291903350,197303978,1910287883,1503181495,1598701070,552074501,3989683809,3747418267,1239954049,2089521656,1119606760,499249930,1873982850,2616722230,2304485852,1986225547,826475342,1628747648,2974712764,3445788700,3218231236,398227218,3736959629,2652041042,562060819,3039730246,1982537028,3923134005,1325884647,1982434696,1898895647,3167249999,711950290,605028415,3258920404,51792897,632946205,1682495113,216206763,852106337,935670518,1455715875,1660439874,2400674723,2603085572,362084975,2442418225,2374730220,3787124643,4082366259,3067909050,3908396895,793977728,2111883933,1562423376,323382996,2628070155,2807798926,2142221462,2215653893,1645010381,3944009467,1812292737,3464567740,3824539086,3724882623,1620994501,2021246775,2099612277,1436195830,1320674937,464492240,188659579,2922094759,1088011743,462448289,714796753,3915041705,1035355075,2590539134,1565475745,3098865245,1740370872,2302085200,3211811620,2879133658,306426490,1146129976,1893256634,1402066002,3852320211,2623607913,856891062,2075670029,1171697441,2308321202,2764423596,1318781647,1226497071,117177350,656703632,1998620196,2211828831,1754688218,2612874286,2145056919,1977565122,2718517844,3321727185,1307277477,2450400086,3900720973,1362939935,1661678446,243907285,2709416988,833479994,777071535,3526643563,1017948659,3007780343,692758575,1525831482,1678994643,2256706618,4169240418,1463038132,301771967,1626090426,2737506585,2489760243,3575103340,2950248269,4160040590,3069649376,1737383228,3844873816,3281513078,229380103,5] + [1147510631,1173149486,1295192515,4013530752,542632755,763746137,2877514798,494863222,2082850916,3132246952,2475651591,2568450573,2508430062,2679142396,1507804177,170866181,3314480753,3444061325,2006312059,595912689,2121135811,915243620,1928490307,1828705798,120975792,3662626282,3531411185,2862965642,3788493841,2463975660,3384211417,1334624302,890477826,1336127069,3504132919,2506291161,1728895843,2040428555,309724658,913560628,1078786145,366150983,1576796511,561684428,2282822533,94310125,3453000908,439573911,629891735,3497786162,3255655638,2390633575,56512534,1959600487,2217423907,3589724133,3606526799,254566592,1548565022,1249677017,2376501453,19563133,1190722233,2772614040,2089521037,2564900971,2473648265,1777865328,909944613,3480648943,2557196637,394137202,474945216,3646833496,556284979,1718598338,1668979979,3561935697,2815896922,3089411171,1046504847,3449704969,1872122519,899501320,649206964,770151323,1589055612,2758763339,305114941,1054173551,1215559221,1750274352,686605360,627793066,1769777852,3672094005,356049903,927423489,3070514685,139325972,2971641915,73868355,2433428324,3021845240,3115769923,3530243333,632772800,1691984413,1316708890,4088719293,1208198581,2570988743,668598182,2033784015,827458607,37610351,4055604051,3403903408,2062959922,2792081343,210267547,601867957,2541130423,2558962820,581322038,3692576129,2270014124,3447414064,2495475764,2850107380,2385785438,1592102448,2334280196,4152894455,3914374656,3977779381,1714634509,3318792869,3608658999,4187141531,457953408,3649095922,4006522013,1384928163,4128346442,808375158,211672177,2716009196,2078056832,3720626724,1722607855,974619499,1928050363,4017727048,3764509914,1259231113,3171272910,2539824388,223978381,1002240050,3830198218,1310161837,2168666672,1713121855,98411564,854786925,3520262470,158029361,3623410506,1709269384,3125408185,1971308504,1708176215,2110567261,3989649473,4249972840,3074362391,3659005730,206077542,363706478,3589120976,3362236751,2970242266,1773242204,995093700,1881978698,2317349256,18915587,3226584363,300377358,2283563356,3051809880,1592636808,2187303162,3785872325,576618580,3457701127,4062285958,2076642662,535725023,3926237197,440147492,2612017587,1604994518,1438896734,2742940191,3991105073,286380227,352907134,3245768899,2909327491,4248243152,4138288109,669119477,1609672356,3726233208,3269551117,880076089,3182433373,977633532,2296444612,3055442596,2018758329,3111627898,2356324090,264745584,2892005177,3686220336,3361793744,1505905368,2113815376,2365655584,2001977296,700687638,1200652044,1741101382,3169695580,3354229839,3652830523,3313686383,1986002958,3722155929,1698760575,3419428839,4068222787,651449384,2190677035,964280259,2428387480,3922959940,215933458,1336882936,1071105132,1876213394,2348881890,3197619707,3673062609,1534350479,933032365,1408998795,846941066,4162038144,2368564063,2721994152,1986723450,2573493046,3472500050,643571472,2982683041,309977068,376649044,3380194361,3444731199,3331617710,2261358693,2687888739,2959929032,3263205269,955217960,3670189496,789044163,3556826063,893843634,3996802745,240137695,3479252437,629615801,3311304383,1066098523,793590758,3155015614,3868801365,2584513692,857756987,2904929576,330940656,743907454,228070970,3998876903,2363482674,1931536084,2442940295,2145892326,67707081,2414802727,2558401405,10431086,2499972105,4118205453,1247388727,3893902807,1803076904,3615464492,1152267188,3804953433,1514475631,722017943,3694304919,308757398,357049288,1567470544,1329160586,1463842592,2456078554,1521434855,1835534388,4225182356,3339230234,3226929865,3093326925,3040608817,3379449596,2460404807,600477364,4132438676,3142347412,3269888371,3728658470,3151210930,874654311,3742497495,782647996,1281691567,3366325071,1448512721,2804842754,116641131,2254425237,1938111183,3202677986,1983847608,1007519370,1016998284,153647473,136112383,2666869587,4262332613,1006102413,2868242866,4283880955,3745304010,3446287698,3127100815,2290079826,2282479822,4087468268,2277178583,2803403691,1495848537,3877511290,2240131860,2931857153,3046328342,1936612349,737291086,1628284350,742519091,1854990169,1925256623,3960454745,3884024964,2049282264,2461525725,3096212210,154894636,626061866,3651478441,49534677,610871215,3954849128,515227445,3100948955,754221574,3542072386,1739139510,1206779822,1120388673,2499851603,3453186967,1068546316,2012497605,1700390901,1873555371,1437439642,1878700928,587060143,1598425464,3316807300,930178655,1110802296,2933430205,2472081074,1067321339,1444382389,4000244155,3604350934,1758646440,1432568182,1763040282,3316367522,3673270703,3377401209,3004289262,3125701808,1366235951,2111036507,836841582,2648903403,1931920055,3699999307,225315731,103145581,2053912355,2361038279,1238129589,3684443594,1529786891,1698408268,2805601088,1943259592,3342463131,1444481623,3333392542,3780607834,3769773228,185704017,1626745141,1347089040,2442212883,3816949267,698615566,304825386,1832798815,1146649287,4195531639,2720180944,2237137308,743488807,3879376940,840038930,2731827807,3865153946,1987384884,2799012401,940394292,1848267833,938035076,1568575344,2392774904,838145735,2763762936,2012576958,2937137546,3287717622,4230981052,1556434444,3954168058,2389298585,2929338080,764660666,3212292796,530110153,2966323130,3105618341,1687997236,1920843512,4062018129,2277484046,3619075719,72754434,231750215,2160903912,1687734953,4039110062,117568740,3207125028,631276845,462369999,2379512023,795569957,3728077321,3057894309,3096620221,3604850374,2640947319,1932608417,1821681697,1611574378,499663897,802272657,2502938651,2746459674,837431161,513010301,1690411759,3102203043,2054849551,923600766,3347492799,1116674627,3103005418,101281459,2361456378,2889522833,377130817,1546686249,3181626515,3986941914,3692017669,2888137230,2513157134,3375052753,1907088499,3762184488,3463235028,402970493,502281719,1340139590,1172872448,3739003718,3555989230,2976331038,630376996,2953426762,876363950,3202716724,4198637911,2049785358,1053002605,2706005664,2065911015,4288353187,3404889553,3508168559,2036064249,3447767457,620201775,992043709,805970124,107368392,2945403139,1542838175,2090859434,3486693324,697418025,1048669763,1207948219,3683286783,1897819950,430638146,2173162098,1954466765,2671962079,792405826,765043363,2763849764,3882709945,3538663265,2280546757,945110613,1531615655,4133083463,594603419,4252235462,677750725,2439359136,1739886347,2876766375,3233057605,1552288027,2995799987,2567914980,139961435,2017980506,2921306624,3026208032,378075306,3019909795,814545588,2771156504,733522272,2782006854,3508482772,3944682773,3996900733,3211587943,3245774276,1283490354,2036653765,4009173356,3541461672,2563598252,354871287,1362630650,3519560435,1323497497,626925073,1699686514,3819907371,1597222040,3783897966,107142285,2553497458,4194154797,5] | |
| outputs32 = [] | |
| def output128_to_32(outputs): | |
| for o in outputs: | |
| bn = o.to_bytes(16, "little") | |
| for i in range(4): | |
| outputs32.append(int.from_bytes(bn[i*4:(i+1)*4], "little")) | |
| return outputs32 | |
| def add_bit(n): | |
| n |= 1 << 31 | |
| return n | |
| def flip_bit(n): | |
| n |= 1 << 31 | |
| return n | |
| def add_pending_bit(n): | |
| n |= 1 | |
| return n | |
| def recover_state(i, outputs32): | |
| """ | |
| gives you all possible candidates for state how it was (i-624) iterations ago! | |
| """ | |
| Y = inv(outputs32[i - 1]) | |
| h_1 = Y ^ inv(outputs32[i - 227 - 1]) | |
| Y_old = inv(outputs32[i]) | |
| h_1_msb = ((Y_old ^ inv(outputs32[i - 227]))>>30) & 1 | |
| h_2 = h_1 | |
| h_2_alt = h_1 ^ 0x9908B0DF | |
| h_2 = (h_2 << 1) & 0x7fffffff | |
| h_2_alt = ((h_2_alt << 1)|1) & 0x7fffffff | |
| h_2 = (h_1_msb<<31)|h_2 | |
| h_2_alt = (h_1_msb<<31)|h_2_alt | |
| candidates = [h_2, h_2_alt] | |
| # [h_2, h_2_alt, add_bit(h_2), add_bit(h_2_alt), add_pending_bit(h_2_alt)] | |
| return candidates | |
| def shuffle_candidates(cand): | |
| """ | |
| Does MT finishing on a list | |
| """ | |
| cn = [] | |
| for c in cand: | |
| cn.append(shuffle(c)) | |
| return cn | |
| def float_magic(a, b): | |
| """ | |
| Rebuild of random_rancom from randommodule.c | |
| uses two outsputs! | |
| """ | |
| a = a >> 5 | |
| b = b >> 6 | |
| return (a*67108864.0+b)*(1.0/9007199254740992.0) | |
| def floats_for_cands(a_cs, b_cs): | |
| """ | |
| Applies float_magic to all candidate combinations | |
| """ | |
| floats = [] | |
| for a_c in a_cs: | |
| for b_c in b_cs: | |
| floats.append(float_magic(a_c, b_c)) | |
| return floats | |
| def get_output(st): | |
| return re.findall(r"PENSI\r\n(\w+)\r\n\r\n", st.decode())[0] | |
| def get_output_flag(st): | |
| return re.findall(r"\r\n(\w+)\r\n\r\n", st.decode())[0] | |
| def hex_to_int(hexn): | |
| b = bytes.fromhex(hexn) | |
| return int.from_bytes(b, "big") | |
| def to_string(num, max_len = 128): | |
| return int.to_bytes(num, 16, "big").hex() | |
| def pad(s): | |
| padnum = bs - len(s) % bs | |
| return s + padnum * chr(padnum) | |
| def unpad(s): | |
| return s[:-ord(s[-1])] | |
| def gen_key(mask): | |
| tmp1 = random.random() | |
| tmp2 = random.random() | |
| key = int(tmp1 * 2**128) | int(tmp2 * 2**75) # | (mask & 0x3fffff) | |
| key = to_string(key) | |
| return key | |
| def key_candidates_without_mask(float1, float2): | |
| keys = [] | |
| for f1 in float1: | |
| for f2 in float2: | |
| key = int(f1 * 2**128) | int(f2 * 2**75) | |
| key = bytes.fromhex(to_string(key)) # is this correct?? | |
| keys.append(key) | |
| return keys | |
| import hashlib | |
| def solve_pow(prefix): | |
| challenge = 1 | |
| prefix_decode = bytes.fromhex(prefix) | |
| while True: | |
| tmp = hashlib.sha256(prefix_decode + str(challenge).encode()).hexdigest() | |
| if tmp.startswith('00000'): | |
| return str(challenge) | |
| challenge += 1 | |
| def stage1(): | |
| # proc = pexpect.spawn('python2 aes_server.py') | |
| proc = pexpect.spawn('nc 206.189.32.108 13579') | |
| proc.expect(">") | |
| pow_chal = re.findall("prefix = (\w+)", proc.before.decode())[0] | |
| pow_s = solve_pow(pow_chal) | |
| proc.sendline(pow_s) | |
| proc.expect(">") | |
| print("After Pow") | |
| outputs_long = [] | |
| pensi_ct = "" | |
| for i in range(156): | |
| print("At ", i) | |
| proc.sendline("1") | |
| proc.expect("give me a string:") | |
| proc.sendline("PENSI") | |
| proc.expect(">") | |
| output = get_output(proc.before) | |
| iv = hex_to_int(output[:32]) | |
| pensi_ct = output | |
| outputs_long.append(iv) | |
| proc.sendline("3") | |
| proc.expect(">") | |
| flag = bytes.fromhex(get_output_flag(proc.before)) | |
| outputs32 = output128_to_32(outputs_long) | |
| # key2 | |
| candidates_a1 = shuffle_candidates(recover_state(620 - 2, outputs32)) | |
| candidates_b1 = shuffle_candidates(recover_state(621 - 2, outputs32)) | |
| candidates_a2 = shuffle_candidates(recover_state(622 - 2, outputs32)) | |
| candidates_b2 = shuffle_candidates(recover_state(623 - 2, outputs32)) | |
| floats1 = floats_for_cands(candidates_a1, candidates_b1) | |
| floats2 = floats_for_cands(candidates_a2, candidates_b2) | |
| key2_candid = key_candidates_without_mask(floats1, floats2) | |
| # key1 | |
| candidates_a1 = shuffle_candidates(recover_state(616 - 2, outputs32)) | |
| candidates_b1 = shuffle_candidates(recover_state(617 - 2, outputs32)) | |
| candidates_a2 = shuffle_candidates(recover_state(618 - 2, outputs32)) | |
| candidates_b2 = shuffle_candidates(recover_state(619 - 2, outputs32)) | |
| floats1 = floats_for_cands(candidates_a1, candidates_b1) | |
| floats2 = floats_for_cands(candidates_a2, candidates_b2) | |
| key1_candid = key_candidates_without_mask(floats1, floats2) | |
| print("Candidates for keys: ", len(key1_candid), len(key2_candid)) | |
| return key1_candid, key2_candid, pensi_ct, flag | |
| # print("*** KEY 1 ***") | |
| # for x in key1_candid: | |
| # print(x.hex()) | |
| # | |
| # print("*** KEY 2 ***") | |
| # for x in key2_candid: | |
| # print(x.hex()) | |
| # | |
| WORD = b"PENSI\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" | |
| def brute1(k, iv, q): | |
| """ | |
| Build list with possible plaintexts | |
| """ | |
| print("Launching Stage1") | |
| l_t = {} | |
| k_id = 1 | |
| for i in range(32210, 32220): # range(0x3fffff): | |
| k_id += 1 | |
| if not k_id % 100000: | |
| print("At key #", k_id) | |
| key = int.to_bytes(int.from_bytes(k, "big") | i, 16, "big") | |
| aes = AES.new(key, AES.MODE_CBC, iv) | |
| ct1 = aes.encrypt(WORD) | |
| l_t[ct1] = key | |
| q.put(l_t, False) | |
| def brute2(k, iv, ct, l_pt, res_q): | |
| print("Launching Stage2") | |
| for i in range(1330, 1340): # range(0x3fffff): | |
| key = int.to_bytes(int.from_bytes(k, "big") | i, 16, "big") | |
| aes = AES.new(key, AES.MODE_CBC, iv) | |
| pt2 = aes.decrypt(ct) | |
| if pt2 in l_pt: | |
| key1 = l_pt[pt2] | |
| key2 = key | |
| print("Found keys: ", key1.hex(), key2.hex()) | |
| res_q.put((key1, key2), False) | |
| def dump_done_queue(q): | |
| l = [] | |
| while True: | |
| try: | |
| l.append(q.get(timeout=0.1)) | |
| except Exception: | |
| break | |
| return l | |
| def stage2(key1_candid, key2_candid, pensi_ct): | |
| """ | |
| Meet-in-the-middle attack | |
| """ | |
| cores = 4 | |
| q = Queue() | |
| l_t1 = {} | |
| l_t2 = {} | |
| l_t3 = {} | |
| l_t4 = {} | |
| iv = bytes.fromhex(pensi_ct[:32]) | |
| ct = bytes.fromhex(pensi_ct[32:]) | |
| cands = len(key2_candid) | |
| print("Launching Meet-In-The-Middle with {} candidate keys.".format(cands)) | |
| procs = [] | |
| for i in range(16): | |
| procs.append(Process(target=brute1, args=(key2_candid[i],iv, q))) | |
| for p in procs: | |
| p.start() | |
| pl_list = {} | |
| for p in procs: | |
| pl_list.update(q.get()) | |
| for p in procs: | |
| p.join() | |
| procs = [] | |
| result_q = Queue() | |
| for i in range(16): | |
| procs.append(Process(target=brute2, args=(key1_candid[i],iv, ct, pl_list, result_q))) | |
| for p in procs: | |
| p.start() | |
| keys = result_q.get() | |
| for p in procs: | |
| p.terminate() | |
| p.join() | |
| return keys | |
| def decrypt(key1, key2, flag_ct): | |
| iv = flag_ct[:16] | |
| ct = flag_ct[16:] | |
| aes1 = AES.new(key2, AES.MODE_CBC, iv) | |
| aes2 = AES.new(key1, AES.MODE_CBC, iv) | |
| return aes2.decrypt(aes1.decrypt(ct)) | |
| def main(): | |
| keys1, keys2, pensi_ct, flag_ct = stage1() | |
| print("Done stage 1") | |
| key1, key2 = stage2(keys1, keys2, pensi_ct) | |
| print("Done stage 2, found keys") | |
| flag = decrypt(key1, key2, flag_ct) | |
| print("The flag is: ", flag) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment