Last active
September 17, 2017 08:46
-
-
Save sudoaza/a925ee51cd437f99419b6018d170d498 to your computer and use it in GitHub Desktop.
Bruteforce bit by bit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| from math import * | |
| def match(str_1, str_2): | |
| s1 = bits(str_1) | |
| s2 = bits(str_2) | |
| for i in range(len(s1)): | |
| if s1[i] != s2[i]: | |
| return i-1 | |
| return i-1 | |
| def try_plain(plain): | |
| # connect to remote | |
| r = remote('icss.ctf.site', 40112) | |
| # wait for prompt | |
| r.recvline('Type you plain text:') | |
| # send guess | |
| r.sendline(plain) | |
| # receive answer | |
| answer = r.recvall() | |
| # extract | |
| m = re.search('output: ([a-zA-Z0-9+/]+)',answer) | |
| answer = m.group(1) | |
| return answer | |
| confirmed = [] | |
| cipher = "ypovStywDFkNEotWNc3AxtlL2IwWKuJA1qawdvYynITDDIpknntQR1gB+Nzl" | |
| total_len = len(cipher) * 6 | |
| match_val = len(confirmed) | |
| context.log_level = 'error' | |
| i = 0 | |
| while True: | |
| guess = bits(i)[-6:] | |
| i += 1 | |
| pad = [0, 1] * ((total_len - len(confirmed + guess))/2) | |
| plain = unbits(confirmed + guess + pad) | |
| answer = try_plain(plain) | |
| if ( match(cipher,answer) > match_val): | |
| match_val = match(cipher,answer) | |
| best_guess = guess | |
| print match_val | |
| print unbits(confirmed+best_guess) | |
| print "doing it better !!!!!" | |
| if i >= 64: | |
| confirmed = confirmed + best_guess | |
| i = 0 | |
| best_guess = 0 | |
| print 'end cicle' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment