def testSeed(s): seed = s[624:] predic = MT19937Predictor() for i in seed: predic.setrandbits(i, 32) if predic.getrandbits(32) == s[624]: print 'noice' else: print 'nope'
def obj11a(): with open('official_public.pem', 'rb') as fh: official_public_key = RSA.importKey(fh.read()) # load the chain from the blockchain.dat file chain = Chain(load=True, filename='blockchain.dat') # go through the chain and build the list of 64-bit nonces nonces64bit = [block.nonce for block in chain.blocks] print(f"I've got {len(nonces64bit)} nonces64bit in total") # I fixed the seed to help with debug, but this isn't necessary random.seed(0) # list of extracted 32-bit nonces nonces32bit = [] # create a generator predictor = MT19937Predictor() # seed it with 624 32bit nonces that we extracted from the 64bit nonces for i in range(624 // 2): n1, n2 = n64_to_n32(nonces64bit[i]) predictor.setrandbits(n1, 32) predictor.setrandbits(n2, 32) nonces32bit.append(n1) nonces32bit.append(n2) # now, our generator generates the same "random numbers" than in the blockchain # so, predict a bunch more nonces32bit nb_of_predictions = 4000 print(f"predicting {624+nb_of_predictions} nonces32bit") for i in range(nb_of_predictions): nonces32bit.append(predictor.getrandbits(32)) # quick sanity test # index of the nonce64bit # i = 1548 # print(f"predicted n°{i * 2} and {i * 2 + 1} : {nonces32bit[i * 2 - 2]} {nonces32bit[i * 2 - 1]}") # print(f"extracted from nonce64bit n°{i} : {n64_to_n32(nonces64bit[i - 1])}") # use our previously generated nonce32bit to predict the 64bit nonce # we start at index 1540 so we can verify that our predicted nonces match with the nonces we have (1540 to 1547) # and we generate 4 nonces more start = 1540 for i in range(1, 24, 2): n1 = nonces32bit[start * 2 - 1 + i] n2 = nonces32bit[start * 2 + i] try: currentnonce64 = nonces64bit[start + i // 2] except: currentnonce64 = None print( f"index {start + i//2} predicted nonce64 {n32_to_n64(n1, n2)} {currentnonce64} nonce64value " ) print("hex value of the last 64bit nonce:", hex(n32_to_n64(n1, n2)))
def test_int32(self): inst = random.Random() predictor = MT19937Predictor() for _ in range(624): x = inst.getrandbits(32) predictor.setrandbits(x, 32) for _ in range(100): x = inst.getrandbits(32) y = predictor.getrandbits(32) self.assertEqual(x, y)
def test_getrandbits_arbitrary(self): inst = random.Random() predictor = MT19937Predictor() for _ in range(624): x = inst.getrandbits(32) predictor.setrandbits(x, 32) for _ in range(1000): k = random.randint(1, 100) x = inst.getrandbits(k) y = predictor.getrandbits(k) self.assertEqual(x, y)
def test_lognormvariate(self): inst = random.Random() predictor = MT19937Predictor() for _ in range(624): x = inst.getrandbits(32) predictor.setrandbits(x, 32) for _ in range(100): mu = random.random() sigma = random.random() x = inst.lognormvariate(mu, sigma) y = predictor.lognormvariate(mu, sigma) self.assertEqual(x, y)
def setup_predictor(players): # setup the predictor predictor = MT19937Predictor() # for player in players: for i in range(624): player = players[i] first, last = player.split(" ") f = first_names.index(first) l = last_names.index(last) out = (l << 16) | f # print(out) predictor.setrandbits(out, 32) return predictor
def test_setrandbits_arbitrary(self): inst = random.Random() predictor = MT19937Predictor() entropy = 624 while entropy > 0: k = random.randint(1, 3) x = inst.getrandbits(k * 32) predictor.setrandbits(x, k * 32) entropy -= k for _ in range(1000): x = inst.getrandbits(32) y = predictor.getrandbits(32) self.assertEqual(x, y)
def nonce_predictor(nonces, blockchain, target_block): """Predict the nonce for the target block.""" # set up the predictor with the nonces as 64-bit integers predictor = MT19937Predictor() for nonce in nonces[-624:]: predictor.setrandbits(nonce, 64) # predict blocks until we reach the target block block_index = blockchain.index + 1 for i in range(block_index, target_block): print(f'Predicting nonce for block {i}...') next_nonce = predictor.getrandbits(64) print('The target block will have the nonce:', hex(next_nonce))
import socket from mt19937predictor import MT19937Predictor host = 'chal.noxale.com' port = 5115 a = MT19937Predictor() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) for i in range(624): s.recv(64) send = ' ' * 16 s.send(send) a.setrandbits(int(s.recv(64).split()[-1]), 32) s.recv(64) send = str(a.getrandbits(32)).rjust(16, '0') s.send(send) print s.recv(64)
# predictor.setrandbits(x, 32) # nonce = random.randrange(0xFFFFFFFFFFFFFFFF) # print(nonce) # nonce_pred = predictor.getrandbits(32) # nonce_pred_second = predictor.getrandbits(32) # print('CTF Nonce: %s\n' % ('%016.016x' % (nonce))) # nonce1 = '%s' % ('%08x' % (nonce_pred)) # nonce2 = '%s' % ('%08x' % (nonce_pred_second)) # predicted_nonce = nonce2 + nonce1 # print("Predicted nonce:", predicted_nonce) # #print(int("0x"+predicted_nonce, 0)) #### solving CTF ##################### predictorObj = MT19937Predictor() #fp = open("624_nonces.txt") fp = open("snowball_impossible.txt") for i, line in zip(range(624), fp): line = line.strip("\n") #print(int(line)) predictorObj.setrandbits(int(line), 32) print("Next predicted nonce 1:", predictorObj.getrandbits(32)) #print("Next actual:", str(fp.readline())) # for i in range(129996,130005): # secondNonce = hex(predictorObj.getrandbits(32)) # firstNonce = hex(predictorObj.getrandbits(32)) # predictedNonce = str(firstNonce).replace("0x", "") + str(secondNonce).replace("0x", "")