def testSeed(s):
seed = s[624:]
predic = MT19937Predictor()
for i in seed:
predic.setrandbits(i, 32)
if predic.getrandbits(32) == s[624]:
print 'noice'
else:
print 'nope'
def obj11a():
with open('official_public.pem', 'rb') as fh:
official_public_key = RSA.importKey(fh.read())
# load the chain from the blockchain.dat file
chain = Chain(load=True, filename='blockchain.dat')
# go through the chain and build the list of 64-bit nonces
nonces64bit = [block.nonce for block in chain.blocks]
print(f"I've got {len(nonces64bit)} nonces64bit in total")
# I fixed the seed to help with debug, but this isn't necessary
random.seed(0)
# list of extracted 32-bit nonces
nonces32bit = []
# create a generator
predictor = MT19937Predictor()
# seed it with 624 32bit nonces that we extracted from the 64bit nonces
for i in range(624 // 2):
n1, n2 = n64_to_n32(nonces64bit[i])
predictor.setrandbits(n1, 32)
predictor.setrandbits(n2, 32)
nonces32bit.append(n1)
nonces32bit.append(n2)
# now, our generator generates the same "random numbers" than in the blockchain
# so, predict a bunch more nonces32bit
nb_of_predictions = 4000
print(f"predicting {624+nb_of_predictions} nonces32bit")
for i in range(nb_of_predictions):
nonces32bit.append(predictor.getrandbits(32))
# quick sanity test
# index of the nonce64bit
# i = 1548
# print(f"predicted n°{i * 2} and {i * 2 + 1} : {nonces32bit[i * 2 - 2]} {nonces32bit[i * 2 - 1]}")
# print(f"extracted from nonce64bit n°{i} : {n64_to_n32(nonces64bit[i - 1])}")
# use our previously generated nonce32bit to predict the 64bit nonce
# we start at index 1540 so we can verify that our predicted nonces match with the nonces we have (1540 to 1547)
# and we generate 4 nonces more
start = 1540
for i in range(1, 24, 2):
n1 = nonces32bit[start * 2 - 1 + i]
n2 = nonces32bit[start * 2 + i]
try:
currentnonce64 = nonces64bit[start + i // 2]
except:
currentnonce64 = None
print(
f"index {start + i//2} predicted nonce64 {n32_to_n64(n1, n2)} {currentnonce64} nonce64value "
)
print("hex value of the last 64bit nonce:", hex(n32_to_n64(n1, n2)))
def test_int32(self):
inst = random.Random()
predictor = MT19937Predictor()
for _ in range(624):
x = inst.getrandbits(32)
predictor.setrandbits(x, 32)
for _ in range(100):
x = inst.getrandbits(32)
y = predictor.getrandbits(32)
self.assertEqual(x, y)
def test_getrandbits_arbitrary(self):
inst = random.Random()
predictor = MT19937Predictor()
for _ in range(624):
x = inst.getrandbits(32)
predictor.setrandbits(x, 32)
for _ in range(1000):
k = random.randint(1, 100)
x = inst.getrandbits(k)
y = predictor.getrandbits(k)
self.assertEqual(x, y)
def test_lognormvariate(self):
inst = random.Random()
predictor = MT19937Predictor()
for _ in range(624):
x = inst.getrandbits(32)
predictor.setrandbits(x, 32)
for _ in range(100):
mu = random.random()
sigma = random.random()
x = inst.lognormvariate(mu, sigma)
y = predictor.lognormvariate(mu, sigma)
self.assertEqual(x, y)
def setup_predictor(players):
# setup the predictor
predictor = MT19937Predictor()
# for player in players:
for i in range(624):
player = players[i]
first, last = player.split(" ")
f = first_names.index(first)
l = last_names.index(last)
out = (l << 16) | f
# print(out)
predictor.setrandbits(out, 32)
return predictor
def test_setrandbits_arbitrary(self):
inst = random.Random()
predictor = MT19937Predictor()
entropy = 624
while entropy > 0:
k = random.randint(1, 3)
x = inst.getrandbits(k * 32)
predictor.setrandbits(x, k * 32)
entropy -= k
for _ in range(1000):
x = inst.getrandbits(32)
y = predictor.getrandbits(32)
self.assertEqual(x, y)
def nonce_predictor(nonces, blockchain, target_block):
"""Predict the nonce for the target block."""
# set up the predictor with the nonces as 64-bit integers
predictor = MT19937Predictor()
for nonce in nonces[-624:]:
predictor.setrandbits(nonce, 64)
# predict blocks until we reach the target block
block_index = blockchain.index + 1
for i in range(block_index, target_block):
print(f'Predicting nonce for block {i}...')
next_nonce = predictor.getrandbits(64)
print('The target block will have the nonce:', hex(next_nonce))
import socket
from mt19937predictor import MT19937Predictor
host = 'chal.noxale.com'
port = 5115
a = MT19937Predictor()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
for i in range(624):
s.recv(64)
send = ' ' * 16
s.send(send)
a.setrandbits(int(s.recv(64).split()[-1]), 32)
s.recv(64)
send = str(a.getrandbits(32)).rjust(16, '0')
s.send(send)
print s.recv(64)
# predictor.setrandbits(x, 32)
# nonce = random.randrange(0xFFFFFFFFFFFFFFFF)
# print(nonce)
# nonce_pred = predictor.getrandbits(32)
# nonce_pred_second = predictor.getrandbits(32)
# print('CTF Nonce: %s\n' % ('%016.016x' % (nonce)))
# nonce1 = '%s' % ('%08x' % (nonce_pred))
# nonce2 = '%s' % ('%08x' % (nonce_pred_second))
# predicted_nonce = nonce2 + nonce1
# print("Predicted nonce:", predicted_nonce)
# #print(int("0x"+predicted_nonce, 0))
#### solving CTF #####################
predictorObj = MT19937Predictor()
#fp = open("624_nonces.txt")
fp = open("snowball_impossible.txt")
for i, line in zip(range(624), fp):
line = line.strip("\n")
#print(int(line))
predictorObj.setrandbits(int(line), 32)
print("Next predicted nonce 1:", predictorObj.getrandbits(32))
#print("Next actual:", str(fp.readline()))
# for i in range(129996,130005):
# secondNonce = hex(predictorObj.getrandbits(32))
# firstNonce = hex(predictorObj.getrandbits(32))
# predictedNonce = str(firstNonce).replace("0x", "") + str(secondNonce).replace("0x", "")