def uHash(self, message): res = 0 plen = 16 - (len(message) % 16) message += chr(plen) * plen for i in xrange(len(message) / 16): blk = s2i(message[16 * i: 16 * i + 16]) res = gf_2_128_mul(blk ^ res, s2i(self.key)) return res
def sign(self, message, nonce): assert len(nonce) == 16 return i2s(self.uHash(message) ^ s2i(self.prp(nonce))).ljust(16, '\x00')
'http://toilet.eatpwnnosleep.com/login/?name={}'.format(name)) return base64.b64decode(r.history[0].cookies['session']) # prefix: 29 | <- Control Start # {"is_admin": false, "name": "Test"} while True: c1 = get_cookie( ' \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') c2 = get_cookie( ' \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') if c1[:16] == c2[:16]: break i1 = s2i(c1[-16:]) i2 = s2i(c2[-16:]) key_square = i1 ^ i2 ''' sqrt x = x ^ (2 ^ 127) Therefore, we can get s2i(self.key) ''' print "key * key = %d" % key_square key = gf_pow(key_square, 2**127) print "key = %d" % key key_str = i2s(key) prp = AES.new(key_str).encrypt nonce = "0123456789abcdef"