def solve(data, leak, ctext):
guesses = []
# Based on the access order of Pi ^ Ki pairs in the first round, see aes.c
pairs = [ (0,4), (4,8), (8,12), (12,5),
(5,9), (9,13), (13,1), (1,10),
(10,14), (14,2), (2,6), (6,15),
(15,3), (3,7), (7,11) ]
workerPool = ThreadPool(8)
workerPool.map(makeGuesses, pairs)
for result in workerPool.get_results():
guesses.extend(result)
guesses = statisticalFilter(guesses)
guesses.sort(key=lambda x : x.cost, reverse=False)
pairs = np.zeros((16,16), dtype=np.uint8)
for guess in guesses:
pairs[guess.i1,guess.i2] = guess.relate
pairs[guess.i2,guess.i1] = guess.relate
# 00112233445566778899aabbccddeeff
# 4355a46b19d348dc2f57c046f8ef63d4 (sha256sum(echo "1")[:16])
keyBase = np.zeros((16), dtype=np.uint8)
keyBase[0:6] = leak
keyBase[14] = (keyBase[2] ^ pairs[2,14]) & mask
keyBase[10] = (keyBase[14] ^ pairs[10,14]) & mask
#keyBase[1] = (keyBase[10] ^ pairs[1,10]) & mask
keyBase[7] = (keyBase[3] ^ pairs[3,7]) & mask
keyBase[15] = (keyBase[3] ^ pairs[3,15]) & mask
keyBase[6] = (keyBase[15] ^ pairs[6,15]) & mask
#keyBase[0] = (keyBase[4] ^ pairs[4,0]) & mask
keyBase[8] = (keyBase[4] ^ pairs[4,8]) & mask
keyBase[9] = (keyBase[5] ^ pairs[9,5]) & mask
keyBase[12] = (keyBase[5] ^ pairs[5,12]) & mask
keyBase[13] = (keyBase[9] ^ pairs[9,13]) & mask
print("Base Pair: %s" % "".join(list(map(lambda x : "%02x" % x, keyBase))))
sys.stdout.flush()
# 4355a46b19d348dc2f57c046f8ef63d4 (sha256sum(echo "1")[:16])
for k11 in range(0x0,0x100):
key = np.array(keyBase, copy=True)
key[11] = k11
workerPool.add_task(run, ctext, key)
workerPool.get_results()
