def crack():
# gather 624 * 32 bits
from randcrack import RandCrack
rc = RandCrack()
# 19.5 * 1024 == 624 * 32
# means 10 rounds is enough to predict
for i in xrange(10):
p_rand, q_rand = crack_pq()
if i == 9:
# enough bits
crack_rand(p_rand, rc)
crack_rand(q_rand, rc, 512)
print('predicted high bits of q:\n %X' %
(rc.predict_getrandbits(512)))
print('received q:\n %X' % (q_rand))
break
crack_rand(p_rand, rc)
crack_rand(q_rand, rc)
p_base = rc.predict_getrandbits(1024)
q_base = rc.predict_getrandbits(1024)
p = gen_prime(p_base)
q = gen_prime(q_base)
return p, q
def getNonces():
rc = RandCrack()
scripts = '<script></script>' * (628 // 4)
r = s.post('https://naas.2019.chall.actf.co/nonceify', data=scripts)
r = json.loads(r.text)
nonces = re.findall(r'''nonce-([^']+)''', r["csp"])
nonces = map(lambda x: int(binascii.hexlify(b64decode(x)), 16), nonces)
for nonce in nonces:
n = nonce
try:
while n > 0:
rc.submit(n % (1 << 32))
n = n >> 32
except:
print("{}, {}".format(nonce, rc.predict_getrandbits(128)))
scripts = ''
for i in range(0, 16):
next_nonce = convert(rc.predict_getrandbits(128))
scripts += '''<script nonce="{}">{}</script>'''.format(
next_nonce, payload)
r = s.post('https://paste.2019.chall.actf.co', data={"paste": scripts})
s.post('https://paste.2019.chall.actf.co/report', json={"url": r.url})
print(r.text, r.url)
def main():
p = remote("challenge.nahamcon.com", 32535)
#p = process("./dice_roll.py")
print("Running...")
rc = RandCrack()
p.recvuntil("3. Guess the dice (test)")
for i in range(624):
p.sendline(b'2') # payload sent as byte
random_number = p.recvuntil("3. Guess the dice (test)") # return bytes
random_number = random_number.decode().split('\n')
random_number = int(random_number[3])
rc.submit(random_number) # submitting the generated random numbers
p.sendline(b'3')
p.recvuntil(
"Guess the dice roll to win a flag! What will the sum total be?")
predicted_number = rc.predict_getrandbits(
32
) # predicting the next number based on the 624 numbers submitted above
p.sendline(str(predicted_number)) # payload sent as string
print("predicted number:", predicted_number)
flag = p.recvuntil("3. Guess the dice (test)") # return bytes
flag = flag.decode().split('\n')[2]
print(flag)
class MyRandCrack:
rc = RandCrack()
def __init__(self,output) -> None:
self.rc = RandCrack()
S = []
for ot in output:
tmp = []
if len(bin(ot)[2:]) % 32 != 0:
b ='0'*(32 - (len(bin(ot)[2:]) % 32)) + bin(ot)[2:]
else:
b = bin(ot)[2:]
for i in range(0,len(b),32):
tmp.append(int(b[i:i+32],2))
S = S + tmp[::-1]
for i in S[:624]:
self.rc.submit(i)
def rc_getrandbits(self,bits):
return self.rc.predict_getrandbits(bits)
def rc_randint(self,a,b):
return self.rc.predict_randint(a,b)
def rc_randrange(self,a,b):
return self.rc.predict_randrange(a,b)
def test_predict_first_1000_close():
random.seed(time.time())
cracker = RandCrack()
for i in range(624):
cracker.submit(random.randint(0, 4294967294))
assert sum([random.getrandbits(32) == cracker.predict_getrandbits(32) for _ in range(1000)]) >= 980
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('chal.noxale.com', 5115))
sock.send(b'0'*(16*624))
rc = RandCrack()
for i in range(624):
read = 0
while read < 34:
read += len(sock.recv(34-read))
read, resp = 0, b''
while read < 37:
resp += sock.recv(37-read)
read += len(resp)
resp = int(resp[20:-1])
print('- {}'.format(resp))
rc.submit(resp)
guess = rc.predict_getrandbits(32)
print('+ {}'.format(guess))
sock.send(str(guess).rjust(16, '0').encode('utf-8'))
read = 0
while read < 34:
read += len(sock.recv(34-read))
print(sock.recv(1024).decode('utf-8'))
def getSphinx(n):
r.sendlineafter('[>] ', str(n))
r.recvlines(2)
out = r.recvline(0)
if 'sphinx!' in out:
return 'found'
return int(out.split()[-1])
r = remote(HOST, PORT)
rc = RandCrack()
for n in range(1, 1338):
rand = getSphinx(n)
if rand == 'found':
break
if n < 625:
rc.submit(rand)
else:
predict = rc.predict_getrandbits(32)
predict = rc.predict_getrandbits(32)
print 'PREDICT: ' + str(predict)
r.sendlineafter('[>]', str(predict))
# technofair{1s_this_even_crypt0graphy?}
r.interactive()
from randcrack import RandCrack
rc = RandCrack()
with open("robo_numbers_list.txt") as file:
for line in file:
line = line[:3] + line[4:7] + line[8:]
num = int(line) - (1 << 31)
rc.submit(num)
with open("secret.enc", "rb") as file:
print("".join([chr(c ^ rc.predict_getrandbits(8)) for c in file.read()]))
# num = int.from_bytes(key, byteorder='big')
num = key
num1 = num >> 96
num2 = (num >> 64) % (1 << 32)
num3 = (num >> 32) % (1 << 32)
num4 = (num) % (1 << 32)
rc.submit(num4)
rc.submit(num3)
rc.submit(num2)
rc.submit(num1)
# Predict next iv and key
'''
actual_iv, actual_key = gen_iv_and_key()
print("Actual IV:", actual_iv)
print("Actual key:", actual_key)
'''
predicted_iv = rc.predict_getrandbits(128)
predicted_key = rc.predict_getrandbits(128)
print("Predicted IV:", predicted_iv)
print("Predicted key:", predicted_key)
s.sendall(bytes("AAAA\n{}\n1\n".format(hex(predicted_key)[2:]), "utf-8"))
while True:
result = s.recv(4096)
print(result)
if len(result) == 0:
break
# USCC{p53ud0_r4nd0m_d03s_n0t_m34n_tru3_r4nd0m}
S(con, b'1')
print(R(con).decode())
for _ in range(312):
S(con, b'1')
resp = R(con).decode()
# print(resp)
num = re.findall('my number is (.*)', resp)[0]
r = bin(int(num))[2:].zfill(64)
r1 = r[:32]
r2 = r[32:]
rc.submit(int(r2, 2))
rc.submit(int(r1, 2))
num = 0
for _ in range(200):
S(con, str(rc.predict_getrandbits(64)).encode())
if 'win' in R(con).decode():
num += 1
print(num)
c0 = ''
for i in ct[0]:
c0 += str(i + q) + ','
c1 = ''
for i in ct[1]:
c1 += str(i + q) + ','
S(con, b'2')
print(R(con).decode())
S(con, c0[:-1].encode())
print(R(con).decode())
from randcrack import RandCrack
rc = RandCrack()
r = remote("twistwislittlestar.fword.wtf", 4445)
#p.interactive()
for i in range(3):
r.recvuntil("Random Number is : ")
n = int(r.recvline().strip())
print(n)
rc.submit(n)
def get_n():
r.recvuntil("Your Prediction For the next one : ")
r.sendline("0")
r.recvuntil("The number was : ")
n = int(r.recvline().strip())
print(n)
return n
for i in range(624 - 3):
rc.submit(get_n())
for _ in range(20):
r.sendline(str(rc.predict_getrandbits(32)))
r.interactive()
import socket
from randcrack import RandCrack
sock = socket.socket()
sock.connect(('task.pase.ca', 24028))
sock.recv(10000)
sock.send(b'2\n')
sock.recv(1000)
sock.send(b'b33_1_4m_b3333\n')
sock.recv(200)
sock.send(b'1\n')
sock.recv(500)
states = []
rc = RandCrack()
for i in range(624):
sock.send(b'$\n')
sock.recv(100)
sock.send(b'a\n')
data = sock.recv(100)
state = int(''.join(data.split(b'\n')[0].decode('ascii').split('|')), 16)
rc.submit(state)
win = bytes(hex(rc.predict_getrandbits(32))[2:].encode('ascii'))
sock.send(b'$\n')
sock.recv(100)
sock.send(win + b'\n')
data = sock.recv(1024)
print(data.split(b'\n')[-2])
from randcrack import RandCrack
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("challenge.nahamcon.com", 32535))
answer = s.recv(1024)
print answer
rc = RandCrack()
s.send("2\r\n")
num = s.recv(128)
split = num.split()
for i in range(624):
s.send("2\r\n")
num = s.recv(128)
split = num.split()
print '[' + str(i) + '] ' + split[6]
rc.submit(int(split[6]))
#str(rc.predict_getrandbits(32))
s.send("3\r\n")
print s.recv(128)
s.send(str(rc.predict_getrandbits(32)) + '\r\n')
resp = s.recv(1024)
print resp
s.close
p = remote('task.pase.ca', 24028)
# p = process(['python', 'casino.py'])
print(p.recv())
p.write('2\n')
print(p.recv())
p.write('b33_1_4m_b3333\n')
print(p.recv())
p.write('1\n')
print(p.recv())
for i in range(624):
p.write('$\n')
print(p.recv())
p.write('ff\n')
result = p.recv().split('\n')
print(result)
data = result[0].replace('|', '')
rc.submit(int(data, 16))
print(int(data, 16))
print("feeding done")
prediction = rc.predict_getrandbits(32)
print("predicted %x" % prediction)
p.write('$\n')
print(p.recv())
p.write(str(hex(prediction))[2:] + '\n')
print(p.recv())
#!/usr/bin/env python3
import random
import os
from randcrack import RandCrack
rc = RandCrack()
dice_bits = 32
#flag = open('flag.txt').read()
for i in range(624):
rc.submit(random.getrandbits(32))
print("Random result: {}\nCracker result: {}".format(random.getrandbits(32), rc.predict_getrandbits(32)))
def main():
# Generate placeholder image with hidden data which generates a QR code of 444x444
# Was useful for size information, formats etc. Not really needed
qr = qrcode.QRCode(
version=1,
error_correction=qrcode.constants.ERROR_CORRECT_L,
box_size=12,
border=4,
)
qr.add_data("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ")
qr.make(fit=True)
img = qr.make_image(fill_color="black", back_color="white")
m, n = img.size
# load share 2
share2 = Image.open('share2.png')
# Calculate randomness bitstream from last 624 * 32 bits of padding
# We know the last 48 * 444 pixels were white, so can deduce random bits used from only share2.png
bitstream = []
for idx in range(48 * 444):
i, j = idx // n + 444 - 48, idx % n
if share2.getpixel((2 * j, 2 * i)):
bitstream.append(0)
else:
bitstream.append(1)
bitstream = "".join([str(x) for x in bitstream])
# Load bitstream, and use cracker to simulate mersene twister state
rc = RandCrack()
# As getrandbits Generates sets of 32 bit integers, and puts the first ones generated at the end of the sequence of bits,
# we need to invert the sequence so we give the last bits (the first generated) to randcracker in the right order
splitstream = wrap((bitstream), 32)
splitstream.reverse()
# Seed the mersene twister cracker with 624 32 bit integers
for i in range(624):
val = int(splitstream[i], 2)
rc.submit(val)
# Predict randomness for all remaining pixels in source image
newlist = bin(rc.predict_getrandbits(444 * 444))[2:].zfill(444 * 444)
# Add the calculated randomness back onto the end of the approximated randomness
splitstream2 = newlist[-(444 * 444 -
(32 * 624)):] + bitstream[-(32 * 624):]
# Given the known randomness, we can reconstruct the original image from share2.png
original = []
for k in range(444 * 444):
# l = k + 444*444 - 1 % (444*444)
i, j = k // n, k % n
if share2.getpixel((2 * j, 2 * i)):
if int(splitstream2[k]):
original.append(0)
else:
original.append(255)
else:
if int(splitstream2[k]):
original.append(255)
else:
original.append(0)
# Save the resulting data back into an image
res = Image.new("L", img.size, 255)
res.putdata(original)
res.save('result3.png')
elif nx1:
state = state[1:] + [nx1]
elif nx2:
state = state[1:] + [nx2]
rands.pop(0)
ans = True
for i in state:
if i==0 or len(i)>1:
ans=False
break
if ans:
break
state = [i[0] for i in state]
for i in range(624):
rc.submit(rc._to_int(rc._harden(rc._to_bitarray(state[i]))))
for i in range(len(rands)):
rand = rc.predict_getrandbits(32)
if rands[i] != 0:
assert rand in rands[i]
ALPHABET52 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop_rstuvw{y}"
deal = deal_card(rc.predict_getrandbits(133) % MD)
for i in deal:
print(ALPHABET52[i], end='')
deal = deal_card(rc.predict_getrandbits(133) % MD)
for i in deal:
print(ALPHABET52[i], end='')