Tom Bonner tombonner
qkta
/ extract_hash.py
Created
June 7, 2019 02:01
APT32 name hashing function (https://tradahacking.vn/thưởng-tết-fbcbbed49da7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lief | |
| def wthash(name): | |
| name = map(ord, name) | |
| hash = 0 | |
| x = 0 | |
| y = 0 | |
| for i in range(len(name)): | |
| x = x & 0xffffff00 | name[i] | |
| y = x & 0xf |
epixoip
/ cloudflare_challenge
Last active
December 2, 2023 11:53
How I obtained the private key for www.cloudflarechallenge.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
| 10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
| that I too could do it. | |
| First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
| believed that it would be highly improbable under normal conditions to obtain the private key | |
| through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
| challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
| extract private keys. So I wanted to see first-hand if it was possible or not. |