Skip to content

Instantly share code, notes, and snippets.

@st98

st98/one_quadrillion.py

Last active April 8, 2021 11:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save st98/27ff9be78aaa3957dfe790ddd4966245 to your computer and use it in GitHub Desktop.
Save st98/27ff9be78aaa3957dfe790ddd4966245 to your computer and use it in GitHub Desktop.
Download ZIP
Harekaze CTF 2019 - One Quadrillion
Raw
one_quadrillion.py
import re
import requests
def extend(original_hash, data_to_add, start):
T = [5676567, 858051, 5476703, 265259, 4058727, 5112531, 964143, 1099579, 8277687, 8717411, 2022783, 7207499, 1997447, 5864691, 828623, 3917019]
v = [int(x) for x in re.findall(r'.{7}', original_hash)]
i = start
for block in re.findall(r'.{7}', data_to_add)[::-1]:
s = int(block)
k = T[i % 16]
a = v[1 + i % 3]
b = v[1 + (1 + i) % 3]
c = v[1 + (2 + i) % 3]
d = (a * b + b * c + c * s ^ k) % 10000000
v = [(d + v[1]) % 10000000, (d | v[2]) % 10000000, (d * v[3]) % 10000000, d]
i += 1
return ''.join(str(s).zfill(7) for s in v)
URL = 'http://153.127.202.154:3001/'
def attack():
r = requests.get(URL).content.decode()
zero_hash = re.findall(r'"progress" value="(\d+)"', r)[0][:-15]
data_to_add = '99999999999999'
for i in range(10):
h = extend(zero_hash, data_to_add, i)
left = int(h[5:5+4])
right = int(h[19:19+4])
r = requests.post(URL, data={
'progress': h + data_to_add + '0',
'answer': str(left + right)
}).content.decode()
if 'Question 1 / 1000000000000000' not in r:
return r
return None
if __name__ == '__main__':
r = attack()
progress = re.findall(r'"progress" value="(\d+)"', r)[0]
formula = re.findall(r'(\d+ \+ \d+)', r)[0]
while True:
r = requests.post(URL, data={
'progress': progress,
'answer': str(eval(formula))
}).content.decode()
if 'HarekazeCTF' in r:
break
progress = re.findall(r'"progress" value="(\d+)"', r)[0]
formula = re.findall(r'(\d+ \+ \d+)', r)[0]
print(r)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment