Skip to content

Instantly share code, notes, and snippets.

@ymgve
Created May 22, 2017 00:26
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ymgve/44066aa30ec1f3b5b913dd201e11104c to your computer and use it in GitHub Desktop.
import socket, struct, os, binascii, base64, hashlib
import telnetlib
import rsa
from gmpy2 import mpz, iroot, powmod, mul, t_mod
def readline(sc, show = True):
res = ""
while len(res) == 0 or res[-1] != "\n":
data = sc.recv(1)
if len(data) == 0:
print repr(res)
raise Exception("Server disconnected")
res += data
if show:
print repr(res[:-1])
return res[:-1]
def read_until(sc, s):
res = ""
while not res.endswith(s):
data = sc.recv(1)
if len(data) == 0:
print repr(res)
raise Exception("Server disconnected")
res += data
return res[:-(len(s))]
def read_all(sc, n):
data = ""
while len(data) < n:
block = sc.recv(n - len(data))
if len(block) == 0:
print repr(data)
raise Exception("Server disconnected")
data += block
return data
def I(n):
return struct.pack("<I", n)
def Q(n):
return struct.pack("<Q", n)
def to_bytes(n):
""" Return a bytes representation of a int """
s = ""
while n > 0:
s = chr(n & 0xff) + s
n = n >> 8
return s
def from_bytes(b):
""" Makes a int from a bytestring """
return int(binascii.b2a_hex(b), 16)
def get_bit(n, b):
""" Returns the b-th rightmost bit of n """
return ((1 << b) & n) >> b
def set_bit(n, b, x):
""" Returns n with the b-th rightmost bit set to x """
if x == 0: return ~(1 << b) & n
if x == 1: return (1 << b) | n
def cube_root(n):
return int(iroot(mpz(n), 3)[0])
message = "Rule110 baby!!".encode("ASCII")
message_hash = hashlib.md5(message).digest()
ASN1_blob = rsa.pkcs1.HASH_ASN1['MD5']
suffix = b'\x00' + ASN1_blob + message_hash
assert ord(suffix[-1]) & 1 == 1
sig_suffix = 1
for b in range(len(suffix)*8):
if get_bit(sig_suffix ** 3, b) != get_bit(from_bytes(suffix), b):
sig_suffix = set_bit(sig_suffix, b, 1)
assert to_bytes(sig_suffix ** 3).endswith(suffix)
print len(to_bytes(sig_suffix ** 3)) * 8
while True:
prefix = b'\x00\x01' + os.urandom(1024/8 - 2)
sig_prefix = to_bytes(cube_root(from_bytes(prefix)))[:-len(suffix)] + b'\x00' * len(suffix)
sig = sig_prefix[:-len(suffix)] + to_bytes(sig_suffix)
if b'\x00' not in to_bytes(from_bytes(sig) ** 3)[:-len(suffix)]: break
assert to_bytes(from_bytes(sig) ** 3).endswith(suffix)
assert to_bytes(from_bytes(sig) ** 3).startswith(b'\x01')
assert len(to_bytes(from_bytes(sig) ** 3)) == 1024/8 - 1
assert b'\x00' not in to_bytes(from_bytes(sig) ** 3)[:-len(suffix)]
print binascii.hexlify(sig)
print binascii.hexlify(to_bytes(from_bytes(sig) ** 3))
sc = socket.create_connection(("rsasign2.2017.teamrois.cn", 3001))
read_until(sc, "Show me your magic words:")
sc.send(message + "\n")
read_until(sc, "Show me again:")
sc.send(binascii.b2a_hex(sig) + "\n")
# t = telnetlib.Telnet()
# t.sock = sc
# t.interact()
while True:
data = sc.recv(16384)
if len(data) == 0:
break
for line in data.split("\n"):
print repr(line)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment