/crack-ranshomware.py
Secret
Created Jun 1, 2017
| #!/usr/bin/env python3 | |
| from array import array | |
| ctfile = './cd/debian-40r9-amd64-businesscard.iso' | |
| ptfile = './debian-40r9-amd64-businesscard.iso' | |
| flagfile = './flags/flag.txt' | |
| with open(ctfile, 'rb') as f1: | |
| ctbytes = array('B', f1.read()) | |
| with open(ptfile, 'rb') as f2: | |
| ptbytes = array('B', f2.read()) | |
| with open(flagfile, 'rb') as f3: | |
| flagbytes = array('B', f3.read()) | |
| offset = 32 # IV is 3 for debian iso, 5 for flag.txt. this is two AES blocks of 16 bytes each for a total of 32 bytes | |
| keystream = [ctbytes[i] ^ ptbytes[i] for i in range(len(flagbytes) + offset)] # KPA on the encrypted debian ISO to derive a big chunk of keystream | |
| decrypted = [flagbytes[i] ^ keystream[i+offset] for i in range(len(flagbytes))] # using the keystream at the correct offset to decrypt the flag | |
| [print(chr(d), end='') for d in decrypted] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment