Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python3
from pwn import remote
import sys
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, x, y = egcd(b % a, a)
return (g, y - (b // a) * x, x)
def modinv(b, n):
g, x, _ = egcd(b, n)
if g == 1:
return x % n
def crack_multiplier(states, modulus):
return (states[2] - states[1]) * modinv(states[1] - states[0], modulus) % modulus
def crack_increment(states, modulus, multiplier):
return (states[1] - states[0] * multiplier) % modulus
def main():
try:
modulus = 11760071327054544317
conn = remote('159.89.198.90', 2000)
# get the output from the connection
# split into lines, select line at index 5
# get only the numbers in that line and split them by ,
# map the numbers into int and convert the map into list
states = list(map(int, conn.recv().decode().split('\n')[5][16:].split(',')))
multiplier = crack_multiplier(states, modulus)
increment = crack_increment(states, modulus, multiplier)
for i in range(1000):
last_state = states[len(states) - 1]
next_state = (last_state * multiplier + increment) % modulus
states.append(next_state)
# need to modulo with 10000, refer to original server.py
answer = str(next_state % 10000) + '\r\n'
conn.send(answer.encode())
res = conn.recv().decode().strip()
print(res)
except TypeError:
# sometimes error will occur, so we have to re-do the process
return main()
try:
main()
except KeyboardInterrupt:
sys.exit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment