def test_rc4(): assert rc4.encrypt(b"Key", b"Plaintext") == unhex("bbf316e8d940af0ad3") assert rc4.decrypt(b"Wiki", b"pedia") == unhex("1021bf0420") assert rc4.decrypt( b"Secret", b"Attack at dawn") == (unhex("45a01f645fc35b383552544b9bf5")) assert rc4(b"hello", b"world") == unhex("783ecd96cf")
def test_serpent(): payload = unhex("8a516cb035540b5854a18eeccc40299d") key = b"0123456789ABCDEF" assert serpent.cbc.decrypt( key, payload ) == b'\xf4\xee\xd1\xec\x04\x01\x00\x00\x00\x04\x00\x00\xc3\xdc\x07\xd4' assert serpent.cbc.encrypt( key, b'\xf4\xee\xd1\xec\x04\x01\x00\x00\x00\x04\x00\x00\xc3\xdc\x07\xd4' ) == payload
from malduck import unhex, u16 from z3 import * KEY = bytearray( unhex( b"450144013B011B01FB00FB0020013C015101420147013B0141012C01400119011901160147015D014301350132013801360130013A014A014901430142013E013401FA00F200D900E600D200D100D600D700D300D400A900890063006300BF0008014A01" )) flag = [] for i in range(55): flag.append(BitVec('flag' + str(i), 16)) s = Solver() s.add( And(flag[0] == ord('j'), flag[1] == ord('c'), flag[2] == ord('t'), flag[3] == ord('f'), flag[4] == ord('{'), flag[54] == ord('}'))) # Printable condition for i in range(5, 55): s.add(And(flag[i] >= 0x21, flag[i] <= 0x7e)) # Flag check for i in range(7, 55): s.add(flag[i % 0x37] + flag[(i - 1) % 0x37] + flag[(i - 2) % 0x37] == u16(KEY[i * 2 - 14:i * 2 - 14 + 2])) sol_count = 0 while sol_count < 10 and s.check() == sat: model = s.model() result = "" for i in range(55):
from malduck import unhex from pwn import process import os CLUE_ROWS = list( unhexlist( unhexuild pynogram clue file color_map = {1: 'r ', 2: 'g ', 3: 'b '} clue = "[colors]\n" clue += "r = (red) 1\n" clue += "g = (green) 2\n" clue += "b = (blue) 3\n\n" clue += "[clues]\n" clue += "rows = " for i in range(50): for j in range(40): value = CLUE_ROWS[2 * (j + 40 * i)] if value == 5: break amount = CLUE_ROWS[2 * (j + 40 * i) + 1] clue += str(amount) + color_map[value] clue += "\n\t"
from malduck import unhex from pwn import process from z3 import * CLUE_ROWS = list(unhexlist(unhexarse the clues rows_clue = [[] for i in range(50)] cols_clue = [[] for i in range(50)] for i in range(50): for j in range(40): value = CLUE_ROWS[2*(j+40*i)] if value == 5: break amount = CLUE_ROWS[2*(j+40*i) + 1] rows_clue[i].append((value, amount)) for i in range(50): for j in range(40): value = CLUE_COLS[2*(j+40*i)] if value == 5: break amount = CLUE_COLS[2*(j+40*i) + 1] cols_clue[i].append((value, amount)) h, w = (50, 50) # Variables for the result matrix X = [[Int("X_{}_{}".format(i, j)) for j in range(w)] for i in range(h)] # Variables for the row sequences
def test_hex(): assert enhex(b"hello") == b"68656c6c6f" assert unhex("68656c6c6f") == b"hello"
from malduck import unhex from z3 import * import sys sys.setrecursionlimit(10**9) mem = [ b for b in unhexmem += [0] * (4096 - len(mem)) # padding mem += [ord('T')] + [ 104, 101, 78, 101, 119, 70, 108, 97, 103, 72, 105, 108, 108, 115, 66, 121, 84, 104, 101, 67, 116, 102, 87, 111, 111, 100, 115 ] + [0] * 0x1000 # input regs = [0] * 32 * 8 LEN = 28 s = Solver() v = [0] * LEN def store32(where, addr, val): where[addr] = val & 0xff where[addr + 1] = (val >> 8) & 0xff where[addr + 2] = (val >> 16) & 0xff where[addr + 3] = (val >> 24) & 0xff def load32(where, addr):
from malduck import unhex ARR = list( bytearray( unhex( b"1B59294C3D6F227F261C2C2F074E171E610A531034654A4258081D603355374452392E720F6E7E3F32475A1319067A51181A634802773E543516045E4F49300315714D113812054527683A750920014069236A3B415F7B573C1F66565C0C36732D67435D4B2876787D316D2514745B6B0D5070640E622B0B462A7C796C2421" ))) def get_key(n): key = "" while (n != 0): if n & 1: key += "0" n = (n - 1) // 2 else: key += "1" n = (n - 2) // 2 return key[::-1] secret_key = "" for i in range(1, 128): x = ARR.index(i) secret_key += get_key(x) + '?' secret_key += "\n" open("./secret_key", "w").write(secret_key)
from malduck import unhex from z3 import * maze = list( unhexntVector('X', CNT) Y = IntVector('Y', CNT) s = Solver() MAZE = Array('MAZE', IntSort(), IntSort()) i = 0 for elem in maze: MAZE = Store(MAZE, i, elem) i = i + 1 # Coordinates condition for i in range(CNT): s.add(And(X[i] >= 0, X[i] < 8)) s.add(And(Y[i] >= 0, Y[i] < 8)) # Don't go back condition for i in range(2, CNT): s.add(If(X[i] == X[i - 2], Y[i] != Y[i - 2], True)) s.add(If(Y[i] == Y[i - 2], X[i] != X[i - 2], True)) # Initial coordinate condition