#!/usr/bin/env python3 | |
from pwn import remote | |
import sys | |
def egcd(a, b): | |
if a == 0: | |
return (b, 0, 1) | |
else: | |
g, x, y = egcd(b % a, a) | |
return (g, y - (b // a) * x, x) | |
def modinv(b, n): | |
g, x, _ = egcd(b, n) | |
if g == 1: | |
return x % n | |
def crack_multiplier(states, modulus): | |
return (states[2] - states[1]) * modinv(states[1] - states[0], modulus) % modulus | |
def crack_increment(states, modulus, multiplier): | |
return (states[1] - states[0] * multiplier) % modulus | |
def main(): | |
try: | |
modulus = 11760071327054544317 | |
conn = remote('159.89.198.90', 2000) | |
# get the output from the connection | |
# split into lines, select line at index 5 | |
# get only the numbers in that line and split them by , | |
# map the numbers into int and convert the map into list | |
states = list(map(int, conn.recv().decode().split('\n')[5][16:].split(','))) | |
multiplier = crack_multiplier(states, modulus) | |
increment = crack_increment(states, modulus, multiplier) | |
for i in range(1000): | |
last_state = states[len(states) - 1] | |
next_state = (last_state * multiplier + increment) % modulus | |
states.append(next_state) | |
# need to modulo with 10000, refer to original server.py | |
answer = str(next_state % 10000) + '\r\n' | |
conn.send(answer.encode()) | |
res = conn.recv().decode().strip() | |
print(res) | |
except TypeError: | |
# sometimes error will occur, so we have to re-do the process | |
return main() | |
try: | |
main() | |
except KeyboardInterrupt: | |
sys.exit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment