ubuntor/poooooooow.py

## poooooooow.py
from sage.all import *
import pwn
import re
import hashlib
import random
from multiprocessing import Manager, Pool, TimeoutError
from ctypes import c_bool
import struct

results = []

prime = 195589859419604305972182309315916027436941011486827038011731627454673222943892428912238183097741291556130905026403820602489277325267966860236965344971798765628107804393049178848883490619438682809554522593445569865108465536075671326806730534242861732627383004696136244305728794347161769919436748766859796527723
xxxx = 2 * 4759647095086827597559114855685975263112106458932414012998147177848303887783492510354911068366203455488902018600593880874117783509946030773587965941
rrrr = Integers(prime)
gggg = rrrr(2)**xxxx

bases = [gggg**(3**(335-i)) for i in range(335)]

rem = ''
while len(results) < 335:
    try:
        rem = pwn.remote("52.69.244.164", 9003)

        def findCollision(st, collisionFound):
            # print collisionFound, type(collisionFound), True if collisionFound.value
            # else False
            cf = collisionFound.value
            counter = 0
            while not cf:
                test = st + \
                    struct.pack("I", random.randint(0, 256 * 256 * 256 * 256 - 1))
                m = hashlib.sha1()
                m.update(test)
                if "\0\0\0" == m.digest()[:3]:
                    collisionFound.value = True
                    print "Solved"
                    print test
                    return test
                if counter % 1000 == 0:
                    # print "Updating %d" % counter
                    cf = collisionFound.value
                counter += 1

        init = rem.recvuntil("zero?")
        print init
        match = re.search(
            "with ([a-f0-9]{2}) ([a-f0-9]{2}) ([a-f0-9]{2}) ([a-f0-9]{2})", init)
        st = ''
        for x in match.groups():
            st += x.decode('hex')
        collisionFound = False
        NUM_PROCESSES = 4
        pool = Pool(processes=NUM_PROCESSES)
        processes = []
        m = Manager()
        collisionFound = m.Value(c_bool, False)
        for _ in range(NUM_PROCESSES):
            i = pool.apply_async(findCollision, (st, collisionFound))
            processes.append(i)
        test = None
        while test is None:
            for i in range(len(processes)):
                try:
                    p = processes[i]
                    test = p.get(timeout=0.1)
                    processes.remove(p)
                    break
                except TimeoutError:
                    continue
                print "Got result from %s" % i
        #test contain the 8byte bruteforced
        rem.send(test)
        print test

        for i in range(len(results),335):
            rem.sendline(str(bases[i]))
            result = rem.recvline()
            print(i,result,len(results))
            results.append(int(result.strip()))
    except ValueError:
        rem.close()
        continue

total = 0
for i in range(0,len(results)):
    xx = 3**(335-i)
    for j in range(3):
        if (gggg**xx)**(total+j*(3**i)) == results[i]:
            total += j*(3**i)
            print "%d mod 3 ** %d"%(total,i+1)
            break
    else:
        print "bad"
        break

print(hex(total))
print(hex(total)[2:].decode('hex'))
	from sage.all import *
	import pwn
	import re
	import hashlib
	import random
	from multiprocessing import Manager, Pool, TimeoutError
	from ctypes import c_bool
	import struct

	results = []

	prime = 195589859419604305972182309315916027436941011486827038011731627454673222943892428912238183097741291556130905026403820602489277325267966860236965344971798765628107804393049178848883490619438682809554522593445569865108465536075671326806730534242861732627383004696136244305728794347161769919436748766859796527723
	xxxx = 2 * 4759647095086827597559114855685975263112106458932414012998147177848303887783492510354911068366203455488902018600593880874117783509946030773587965941
	rrrr = Integers(prime)
	gggg = rrrr(2)**xxxx

	bases = [gggg(3(335-i)) for i in range(335)]

	rem = ''
	while len(results) < 335:
	try:
	rem = pwn.remote("52.69.244.164", 9003)

	def findCollision(st, collisionFound):
	# print collisionFound, type(collisionFound), True if collisionFound.value
	# else False
	cf = collisionFound.value
	counter = 0
	while not cf:
	test = st + \
	struct.pack("I", random.randint(0, 256 * 256 * 256 * 256 - 1))
	m = hashlib.sha1()
	m.update(test)
	if "\0\0\0" == m.digest()[:3]:
	collisionFound.value = True
	print "Solved"
	print test
	return test
	if counter % 1000 == 0:
	# print "Updating %d" % counter
	cf = collisionFound.value
	counter += 1

	init = rem.recvuntil("zero?")
	print init
	match = re.search(
	"with ([a-f0-9]{2}) ([a-f0-9]{2}) ([a-f0-9]{2}) ([a-f0-9]{2})", init)
	st = ''
	for x in match.groups():
	st += x.decode('hex')
	collisionFound = False
	NUM_PROCESSES = 4
	pool = Pool(processes=NUM_PROCESSES)
	processes = []
	m = Manager()
	collisionFound = m.Value(c_bool, False)
	for _ in range(NUM_PROCESSES):
	i = pool.apply_async(findCollision, (st, collisionFound))
	processes.append(i)
	test = None
	while test is None:
	for i in range(len(processes)):
	try:
	p = processes[i]
	test = p.get(timeout=0.1)
	processes.remove(p)
	break
	except TimeoutError:
	continue
	print "Got result from %s" % i
	#test contain the 8byte bruteforced
	rem.send(test)
	print test

	for i in range(len(results),335):
	rem.sendline(str(bases[i]))
	result = rem.recvline()
	print(i,result,len(results))
	results.append(int(result.strip()))
	except ValueError:
	rem.close()
	continue

	total = 0
	for i in range(0,len(results)):
	xx = 3**(335-i)
	for j in range(3):
	if (ggggxx)(total+j(3*i)) == results[i]:
	total += j(3*i)
	print "%d mod 3 ** %d"%(total,i+1)
	break
	else:
	print "bad"
	break

	print(hex(total))
	print(hex(total)[2:].decode('hex'))