Skip to content

Instantly share code, notes, and snippets.

View sonickun's full-sized avatar

sonickun sonickun

10 followers · 0 following
View GitHub Profile
@sonickun
sonickun / command
Created October 26, 2016 07:04
Hack.lu CTF 2016 | redacted (crypto 200)
# python rsatool.py -p 0x00e4ddba96c1cbc4f41204ee6fc16e14830438aeee4bbd21af5ce88dfd25a12f2a9a26994eefa0e6bed04ac2e29bf639b4c8f975ad886f3115ec5e384cc68c1fd7d7db63cc63f6346152809c71d226223d7d6990cae64dfc16f174fa1a6ee46b25afaffcf3936a61d3f2c69d6cee994feff8f2f0a70638420110d303d075ab16d3 -q 0x00dee55998947bfdb75c7e349bc76a1673a8c41b62929c242c0e3d0c808738972518f8639304b3340d6a88510cc524e37963a42d0638f605572aa7b93eda07dc29457118fa9a990062f05d0025d5467d3edf8db448cf12ed4ab67967be70c2a5617b3085d0e151357d63b1eca4b53746fcbe586cdc8a4405cfaf719f3f011318db -o test.key
Using (p, q) to initialise RSA instance
n =
c7455240232e4c309b7afda495ccd5ff4a9cd78e945d76c6713955e12a5da435cdf967bd011d643b
3d417797075f8def866a8cb9f02745acbe78c4920b15dc36365f6c1dd71c9b900bc702a2f21c00e6
711446857236b5c31106e4c1d3ee5bd7c785342aadb6a7d176df7edcb7ce1d78dfe992857e1a3473
0756186ca4c200dec2a97f33b36c789fd7bb5866fbd68e83d823eae64c9e2d740f2f09d0383b39d5
1aaeb190858e8a3b6ad9cbab8d935aa1bd01d1cbba238af4df8455d7d789c71ee6091f711e766f63
3a0420f530adb7
@sonickun
sonickun / solver.py
Created October 18, 2016 16:04
HITCON CTF 2016 Quals | Hackpad (Crypto 150)
secret = "3ed2e01c1d1248125c67ac637384a22d997d9369c74c82abba4cc3b1bfc65f026c957ff0feef61b161cfe3373c2d9b905639aa3688659566d9acc93bb72080f7e5ebd643808a0e50e1fc3d16246afcf688dfedf02ad4ae84fd92c5c53bbd98f08b21d838a3261874c4ee3ce8fbcb96628d5706499dd985ec0c13573eeee03766f7010a867edfed92c33233b17a9730eb4a82a6db51fa6124bfc48ef99d669e21740d12656f597e691bbcbaa67abe1a09f02afc37140b167533c7536ab2ecd4ed37572fc9154d23aa7d8c92b84b774702632ed2737a569e4dfbe01338fcbb2a77ddd6990ce169bb4f48e1ca96d30eced23b6fe5b875ca6481056848be0fbc26bcbffdfe966da4221103408f459ec1ef12c72068bc1b96df045d3fa12cc2a9dcd162ffdf876b3bc3a3ed2373559bcbe3f470a8c695bf54796bfe471cd34b463e9876212df912deef882b657954d7dada47"
secret = secret.decode("hex")
f = open("value_md5.txt", "r")
# head value_md5.txt
# 00000000000000000000000000000000997d9369c74c82abba4cc3b1bfc65f02,aa85a4e0adbd34c287af2d20da4453c9
# 0000000000000000000000000000d903997d9369c74c82abba4cc3b1bfc65f02,9f5b543c64d3e384078fdd8cf4b2ce6d
# 00000000000000000000000000efd802997d9369c74c82abba4cc3b
@sonickun
sonickun / solver.py
Created October 5, 2016 10:40
Tokyo Westerns CTF 2016 | Backpacker's cipher - easy mode (Crypto200)
import json
import Crypto.Cipher.DES as DES
import struct
from Crypto.Util.number import *
# Extended Greatest Common Divisor
def egcd(a, b):
if (a == 0):
return [b, 0, 1]
else:
@sonickun
sonickun / solver.py
Created October 5, 2016 10:39
Tokyo Westerns CTF 2016 | Super Express (Crypto100)
import itertools
cipher = '805eed80cbbccb94c36413275780ec94a857dfec8da8ca94a8c313a8ccf9'
for i, j in itertools.product(range(251), repeat=2):
if (ord("T")*i+j)%251==0x80 and (ord("W")*i+j)%251==0x5e:
a, b = i, j
break
print a, b
@sonickun
sonickun / solver.py
Created October 5, 2016 10:19
Tokyo Westerns CTF 2016 | Twin Primes (Crypto50)
from Crypto.Util.number import *
import Crypto.PublicKey.RSA as RSA
import os
n1 = 19402643768027967294480695361037227649637514561280461352708420192197328993512710852087871986349184383442031544945263966477446685587168025154775060178782897097993949800845903218890975275725416699258462920097986424936088541112790958875211336188249107280753661467619511079649070248659536282267267928669265252935184448638997877593781930103866416949585686541509642494048554242004100863315220430074997145531929128200885758274037875349539018669336263469803277281048657198114844413236754680549874472753528866434686048799833381542018876362229842605213500869709361657000044182573308825550237999139442040422107931857506897810951
n2 = 1940264376802796729448069536103722764963751456128046135270842019219732899351271085208787198634918438344203154494526396647744668558716802515477506017878289709799394980084590321889097527572541669925846292009798642493608854111279095887521133618824910728075366146761951107964907024865953628226726792866926525293575741886
@sonickun
sonickun / regexpire.py
Last active September 28, 2016 08:04
CSAW CTF 2016 | Regexpire (misc100)
import socket
import rstr
remoteip = "misc.chal.csaw.io"
remoteport = 8001
def sock(remoteip, remoteport):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((remoteip, remoteport))
return s, s.makefile('rw', bufsize=0)
@sonickun
sonickun / coinslot.py
Last active September 28, 2016 08:02
CSAW CTF 2016 | Coinslot (misc50)
import socket
remoteip = "misc.chal.csaw.io"
remoteport = 8000
def sock(remoteip, remoteport):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((remoteip, remoteport))
return s, s.makefile('rw', bufsize=0)
@sonickun
sonickun / solver.py
Created September 14, 2016 11:49
Tokyo Westerns CTF 2016 | Vigenere Cipher (Crypto200)
import collections
import itertools
from base64 import b64encode, b64decode
def shift(char, key, rev = False):
if not char in chars:
return char
if rev:
return chars[(chars.index(char) - chars.index(key)) % len(chars)]
else:
@sonickun
sonickun / esper_solver.py
Created September 7, 2016 07:51
Tokyo Westerns CTF 2016 | ESPer (Crypto100) writeup
import socket
import hashlib
import telnetlib
import fractions
# nc cry1.chal.ctf.westerns.tokyo 37992
remoteip = "cry1.chal.ctf.westerns.tokyo"
remoteport = 37992
def shell(s):
@sonickun
sonickun / crackme_solver.py
Created July 31, 2016 07:37
katagaitai 勉強会 rev_easy crackme
def calc_hash(key):
h = 0x539
target = 0xEF2E3558
for k in key:
h += (h<<5) + ord(k)
h &= 0xFFFFFFFF
return abs(target - h)
charset = [chr(i) for i in range(0x21,0x7e)]