Last active
April 8, 2021 11:58
-
-
Save st98/27ff9be78aaa3957dfe790ddd4966245 to your computer and use it in GitHub Desktop.
Harekaze CTF 2019 - One Quadrillion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import re | |
import requests | |
def extend(original_hash, data_to_add, start): | |
T = [5676567, 858051, 5476703, 265259, 4058727, 5112531, 964143, 1099579, 8277687, 8717411, 2022783, 7207499, 1997447, 5864691, 828623, 3917019] | |
v = [int(x) for x in re.findall(r'.{7}', original_hash)] | |
i = start | |
for block in re.findall(r'.{7}', data_to_add)[::-1]: | |
s = int(block) | |
k = T[i % 16] | |
a = v[1 + i % 3] | |
b = v[1 + (1 + i) % 3] | |
c = v[1 + (2 + i) % 3] | |
d = (a * b + b * c + c * s ^ k) % 10000000 | |
v = [(d + v[1]) % 10000000, (d | v[2]) % 10000000, (d * v[3]) % 10000000, d] | |
i += 1 | |
return ''.join(str(s).zfill(7) for s in v) | |
URL = 'http://153.127.202.154:3001/' | |
def attack(): | |
r = requests.get(URL).content.decode() | |
zero_hash = re.findall(r'"progress" value="(\d+)"', r)[0][:-15] | |
data_to_add = '99999999999999' | |
for i in range(10): | |
h = extend(zero_hash, data_to_add, i) | |
left = int(h[5:5+4]) | |
right = int(h[19:19+4]) | |
r = requests.post(URL, data={ | |
'progress': h + data_to_add + '0', | |
'answer': str(left + right) | |
}).content.decode() | |
if 'Question 1 / 1000000000000000' not in r: | |
return r | |
return None | |
if __name__ == '__main__': | |
r = attack() | |
progress = re.findall(r'"progress" value="(\d+)"', r)[0] | |
formula = re.findall(r'(\d+ \+ \d+)', r)[0] | |
while True: | |
r = requests.post(URL, data={ | |
'progress': progress, | |
'answer': str(eval(formula)) | |
}).content.decode() | |
if 'HarekazeCTF' in r: | |
break | |
progress = re.findall(r'"progress" value="(\d+)"', r)[0] | |
formula = re.findall(r'(\d+ \+ \d+)', r)[0] | |
print(r) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment