def real_oracle(s, payload):
send(s, "2")
x = receive_until(s, ":")
send(s, base64.b64encode(payload))
x = receive_until(s, "\n")
result = receive_until(s, "=")
response_matrix = parse_stringified(result[:-1])
x = receive_until(s, ">")
return response_matrix
def final_round(s, seed):
receive_until_match(s, "bob number")
send(s, b64e(b'\x00'))
receive_until_match(s, "bob number")
bob_no = int(receive_until(s, "\n").strip())
alice = DiffieHellman(long_to_bytes(int(seed, 2)))
alice.set_other(bob_no)
print('Shared:', alice.shared)
iv = b64d(receive_until(s, "\n"))
cipher = AES.new(long_to_bytes(alice.shared, 16)[:16], AES.MODE_CBC, IV=iv)
enc_flag = b64d(receive_until(s, "\n"))
print(cipher.decrypt(enc_flag))
def main():
host = "13.231.224.102"
port = 3002
s = nc(host, port)
x = receive_until(s, "\n")
encflag = receive_until(s, "p")
encflag_matrix = parse_stringified(encflag[:-1])
p = int(receive_until(s, "\n")[2:])
x = receive_until(s, ">")
result = solver(encflag_matrix, p, lambda payload: real_oracle(s, payload))
flag = parse_stringified(str(result))
print("".join(["".join(map(chr, a)) for a in flag]))
def main():
s = nc("37.139.4.247", 31337)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
payload = int(time())
print(payload)
send(s, base64.b64encode(brotli.compress(str(payload))))
data = receive_until_match(s, "\n\n")
print(data)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
send(s, base64.b64encode(brotli.compress("Y")))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print('payload', decompressed)
send(s, base64.b64encode(brotli.compress(decompressed)))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
def main():
port = 1337
host = "bitflip1.hackable.software"
s = nc(host, port)
print(receive_until(s, "\n"))
send(s, raw_input(">")) # PoW
suffix = '0'
while len(suffix) < 128:
print('suffix is', suffix)
print(receive_until(s, "\n"))
bit = round(s, suffix=suffix)
suffix = bit + suffix
seed = suffix
print('Seed', seed)
final_round(s, seed)
s.close()
def main():
port = 1337
host = "bitflip3.hackable.software"
s = nc(host, port)
print(receive_until(s, "\n"))
send(s, raw_input(">"))
suffix = '0'
while len(suffix) < 128:
print('suffix is', suffix)
print(receive_until(s, "\n"))
bit = round(s, suffix=suffix)
suffix = bit + suffix
seed = suffix
print('Seed', seed)
target_seed = int("f518d60deba9327df0b1c4681b64236e1554ab733c4e66c2c93a8837cc4c30eb", 16)
final_round(s, seed, target_seed)
s.close()
def main():
port = 1337
host = "34.89.64.81"
s = nc(host, port)
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
pubkey = receive_until(s, b"\n")[:-1]
msg = receive_until(s, b"=")
msg = re.findall("\"(.*)\"", msg.decode("utf-8"))[0]
sig = receive_until(s, b"\n")[1:-1]
print(pubkey)
print(msg)
print(sig)
m, sig = solve(msg, sig)
send(s, m.encode("utf-8"))
send(s, sig.encode("utf-8"))
interactive(s)
def main():
host = "crypto.byteband.it"
port = 7002
s = nc(host, port)
for i in range(32):
data = receive_until_match(s, "Plaintext \(b64encoded\) : ")
pt = receive_until(s, "\n").decode("base64")
receive_until(s, "\n")
x = int(receive_until(s, "\n").strip(), 16)
m = int(receive_until(s, "\n").strip(), 16)
print('x', x)
print('m', m)
n = recover_n(x, m)
print('recovered n', n)
key = RSA.construct((long(n), long(65537)))
ct = base64.b64encode(encrypt(key, pt))
print('ct', ct)
send(s, ct)
interactive(s)
def worker(pad_char):
port = 5959
host = "simple-spn.ctf.defenit.kr"
s = nc(host, port)
x = receive_until(s, "\n")
x = receive_until(s, "\n")
ct = []
payloads = [pad("\0", pad_char).encode("hex")]
for i in range(1, 256):
payloads.append(pad(long_to_bytes(i), pad_char).encode("hex"))
for payload in payloads:
send(s, payload)
c = receive_until(s, "\n")
ct.append(re.findall("ciphertext: (.*)\n", c)[0])
x = receive_until(s, "\n")
print('cts', ct)
ct = [[ord(c) for c in x.decode("hex")] for x in ct]
candidates = integral(ct)
return candidates
def get_kn():
host = "3.115.26.78"
port = 31337
s = nc(host, port)
receive_until_match(s, "! ")
flag_ct = receive_until(s, "\n")[:-1]
plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()]
results = []
for pt in plaintexts:
receive_until_match(s, ": ")
send(s, pt.encode("hex"))
res = receive_until(s, "\n")[:-1]
results.append(res)
s.close()
CTA = int(results[0], 16)
CTB = int(results[1], 16)
CTC = int(results[2], 16)
CTD = int(results[3], 16)
kn = (CTA * CTB) - (CTD * CTC)
print("Got k*N", kn)
return kn
def final_round(s, seed, target_seed):
while True:
receive_until_match(s, 'bit-flip str')
receive_until(s, "\n")
send(s, b64e(long_to_bytes(int(seed, 2) ^ target_seed)))
receive_until(s, "\n") # generated after
iv = b64d(receive_until(s, "\n"))
enc_flag = b64d(receive_until(s, "\n"))
for key in range(8):
cipher = AES.new(long_to_bytes(key, 16)[:16], AES.MODE_CBC, IV=iv)
flag = cipher.decrypt(enc_flag)
if 'DrgnS' in flag:
print(flag)
return
def get_iterations(s, msg):
send(s, b64e(msg))
receive_until_match(s, "Generated after ")
count = int(receive_until(s, "\n").split(' ')[0].strip())
return count
def main():
s = nc("52.193.157.19", 9999)
data = receive_until_match(s, "Give me XXXX:")
inputs = re.findall("SHA256\(XXXX\+(.*)\) == (.*)", data)[0]
suffix = inputs[0]
digest = inputs[1]
result = PoW(suffix, digest)
print("PoW done")
send(s, result)
receive_until_match(s, "Done!\n")
welcome = receive_until(s, "\n")[:-1]
get_flag_payload = generate_payload_from_message(welcome, "Welcome!",
"get-flag")
send(s, get_flag_payload)
encrypted_flag = receive_until(s, "\n")[:-1]
raw_enc_flag = encrypted_flag.decode("base64")
current = "hitcon{"
print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"),
len(encrypted_flag.decode("base64")))
for block_to_recover in range(3):
malleable_block = base64.b64encode(raw_enc_flag[block_to_recover *
16:])
missing = 16 - len(current)
for spaces in range(missing):
for c in string.printable:
test_flag_block_prefix = current + c + ("\0" *
(missing - spaces))
expected_command = (" " * spaces) + "get-flag"
payload = generate_payload_from_message(
malleable_block, test_flag_block_prefix, expected_command)
send(s, payload)
result = receive_until(s, "\n")[:-1]
if result == encrypted_flag:
current += c
print('found matching flag char:', current)
break
print(current)
known_blocks = raw_enc_flag[16 *
block_to_recover:16 * block_to_recover +
32]
expanded_flag = raw_enc_flag[
16 *
block_to_recover:] + known_blocks # appending IV and "Welcome!!" at the end
next_block_known = ""
for i in range(8):
get_md5 = set_cbc_payload_for_block(expanded_flag,
"\0" * 16 + current,
(" " * 9) + "get-md5",
1) # first block is get-md5
get_md5 = set_byte_cbc(
get_md5, ("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 - i -
1)) # last character to cut padding
send(s, base64.b64encode(get_md5))
real_md5_result = receive_until(s, "\n")[:-1]
for c in string.printable:
test_md5_payload = set_cbc_payload_for_block(
expanded_flag, "\0" * 16 + current,
(" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1)
test_md5_payload = set_byte_cbc(
test_md5_payload,
("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 + 1))
send(s, base64.b64encode(test_md5_payload))
test_md5_result = receive_until(s, "\n")[:-1]
if real_md5_result == test_md5_result:
next_block_known += c
print('found matching flag char:', next_block_known)
break
print(next_block_known)
current = next_block_known[:-1]
def main():
f = 0
encrypted_flag = ""
welcome = ""
while f == 0:
s = nc(HOST, PORT)
welcome = receive_until(s, "\n")[:-1]
print("welcome: ", welcome[:-1])
# Get command not found
send(s, welcome)
receive_until(s, "\n")
receive_until(s, "\n")
cnf = receive_until(s, "\n")[:-2]
print("cnf: ", cnf)
payload = gen_payload(welcome, "Welcome!", "get-flag")
receive_until(s, "\n")
send(s, payload)
receive_until(s, "\n")
encrypted_flag = receive_until(s, "\n")[:-2]
payload = gen_payload(encrypted_flag, "send_flag_", "get-flag\x00\x00")
send(s, payload)
receive_until(s, "\n")
encrypted_flag2 = receive_until(s, "\n")[:-2]
print("encrypted flag: ", encrypted_flag2)
print
if encrypted_flag2 != cnf:
f = 1
break
raw_enc_flag = encrypted_flag.decode("base64")
flag = ""
current = "send_fl"
print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"),
len(encrypted_flag.decode("base64")))
for block_to_recover in range(3):
malleable_block = base64.b64encode(raw_enc_flag[block_to_recover *
16:])
missing = 16 - len(current)
for spaces in range(missing):
for c in string.printable:
test_flag_block_prefix = current + c + ("\0" *
(missing - spaces))
expected_command = (" " * spaces) + "get-flag"
payload = gen_payload(malleable_block, test_flag_block_prefix,
expected_command)
send(s, payload)
receive_until(s, "\n")
result = receive_until(s, "\n")[:-2]
if result == encrypted_flag:
current += c
print('found matching flag char:', current)
break
print("current:", current)
flag += current
known_blocks = raw_enc_flag[16 *
block_to_recover:16 * block_to_recover +
32]
expanded_flag = raw_enc_flag[16 * block_to_recover:] + known_blocks
next_block_known = ""
for i in range(8):
get_md5 = set_cbc_payload_for_block(expanded_flag,
"\0" * 16 + current,
(" " * 9) + "get-md5",
1) # first block is get-md5
get_md5 = set_byte_cbc(
get_md5, ("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 - i -
1)) # last character to cut padding
send(s, base64.b64encode(get_md5))
receive_until(s, "\n")
real_md5_result = receive_until(s, "\n")[:-2]
for c in string.printable:
test_md5_payload = set_cbc_payload_for_block(
expanded_flag, "\0" * 16 + current,
(" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1)
test_md5_payload = set_byte_cbc(
test_md5_payload,
("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 + 1))
send(s, base64.b64encode(test_md5_payload))
receive_until(s, "\n")
test_md5_result = receive_until(s, "\n")[:-2]
if real_md5_result == test_md5_result:
next_block_known += c
print('found matching flag char:', next_block_known)
if c == '}':
print(flag + next_block_known)
exit(0)
break
print(next_block_known)
print(flag)
current = next_block_known[:-1]
def level():
challenge = receive_until_match(
s, r'Press the Enter key to start the challenge...')
print(challenge)
s.send("\n")
code = receive_until_match(s, r'Answer:')
print 'code', code
raw_code = '\n'.join(code.split('\n')[1:-1])
print 'raw_code', raw_code
if '| | |___ | | |_| | | |___ ' in challenge:
arch = 'i386'
ks = (KS_ARCH_X86, KS_MODE_32)
cs = (CS_ARCH_X86, CS_MODE_32)
uc = (UC_ARCH_X86, UC_MODE_32)
uc_result = UC_X86_REG_EAX
uc_stack = UC_X86_REG_ESP
elif "`. `' .' / / \ ' / ' _ \\" in challenge:
arch = 'x64'
ks = (KS_ARCH_X86, KS_MODE_64)
cs = (CS_ARCH_X86, CS_MODE_64)
uc = (UC_ARCH_X86, UC_MODE_64)
uc_result = UC_X86_REG_RAX
uc_stack = UC_X86_REG_RSP
elif ' |_ _| | || | |_ __ \ | || | / ___ | |' in challenge:
arch = 'mips'
ks = (KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN)
cs = (CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN)
uc = (UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN)
uc_result = UC_MIPS_REG_V0
uc_stack = UC_MIPS_REG_29
elif '/ /\ \ / /\ \ ) (__) ) / / \ (__) / / / ( (__) (_' in challenge:
arch = 'aarch64'
ks = (KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)
cs = (CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
uc = (UC_ARCH_ARM64, UC_MODE_ARM)
uc_result = UC_ARM64_REG_X0
uc_stack = UC_ARM64_REG_SP
elif '|____| |____||____| |___||_____||_____' in challenge:
arch = 'arm'
ks = (KS_ARCH_ARM, KS_MODE_ARM)
cs = (CS_ARCH_ARM, CS_MODE_ARM)
uc = (UC_ARCH_ARM, UC_MODE_ARM)
uc_result = UC_ARM_REG_R0
uc_stack = UC_ARM_REG_SP
elif '|_| \_\_____|_____/ \_____| \/ ' in challenge: # risc
arch = 'risc'
response = riscv_asm.asm(raw_code).encode('base64').replace('\n', '')
global last_stage
last_stage = True
elif last_stage:
arch = 'wasm'
response = wasmlib.asm(raw_code).encode('base64').replace('\n', '')
else:
# assume PPC32
arch = 'ppc32'
ks = (KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN)
cs = (CS_ARCH_PPC, CS_MODE_32 + CS_MODE_BIG_ENDIAN)
for i in range(32):
raw_code = raw_code.replace("r" + str(i), str(i))
print 'architecture:', arch
if arch != 'risc' and arch != 'wasm':
ks = Ks(ks[0], ks[1])
encoding, count = ks.asm(raw_code)
if arch == 'mips':
encoding = encoding[:-4] # untestedy yet
response = ''.join(map(chr,
encoding)).encode('base64').replace('\n', '')
print 'response', response
s.send(response + '\n')
print(receive_until(s, '\n'))
out = receive_until(s, '\n')
print(out)
if arch == 'risc':
code = out.decode('base64')
result = riscv_dis.dis(code)
elif arch == 'wasm': # wasm
code = out.decode('base64')
result = wasmlib.dis(code)
else:
cs = Cs(cs[0], cs[1])
result = []
for i in cs.disasm(out.decode('base64'), 0x1000):
result += [(i.mnemonic + " " + i.op_str).strip()]
result = '\n'.join(result)
print 'asm', result
resultb64 = result.encode('base64').replace('\n', '')
print 'asmb64', resultb64
s.send(resultb64 + '\n')
print 'D', s.recv(99999)
print 'E', s.recv(99999)
challenge = s.recv(99999)
print repr(challenge)
data = challenge[8:-10]
print data.encode('hex')
if arch == 'risc':
result = riscv_dis.dis(data)
print(result)
elif arch == 'wasm':
result = wasmlib.dis(data)
print(result)
else:
result = []
for i in cs.disasm(challenge, 0x1000):
result += [(i.mnemonic + " " + i.op_str).strip()]
result = '\n'.join(result)
print result
# callback for tracing instructions
def hook_code(uc, address, size, user_data):
print(">>> Tracing instruction at 0x%x, instruction size = 0x%x" %
(address, size))
for kot in cs.disasm(data[address - ADDRESS:address - ADDRESS + size],
4):
OP = kot.mnemonic + " " + kot.op_str
print 'OK', OP
break
if 'jr $ra' in OP:
uc.emu_stop()
elif 'ret' in OP:
uc.emu_stop()
elif 'bx lr' in OP:
uc.emu_stop()
return 'kot'
if arch == 'ppc32':
out = ppc_execute(result)
elif arch == 'risc':
out = risc_execute(result)
elif arch == 'wasm':
out = wasmlib.eval(result)
else:
uc = Uc(uc[0], uc[1])
ADDRESS = 0x10000000
STACK = 0x20000000
uc.mem_map(ADDRESS, 4 * 1024 * 1024)
uc.mem_map(STACK, 4 * 1024 * 1024)
uc.mem_write(ADDRESS, data)
uc.reg_write(uc_stack, STACK + 0x2000)
# tracing one instruction at ADDRESS with customized callback
uc.hook_add(UC_HOOK_CODE,
hook_code,
begin=ADDRESS,
end=ADDRESS + len(data))
uc.emu_start(ADDRESS, ADDRESS + len(data))
out = uc.reg_read(uc_result)
print "RESULT", hex(out)
if arch != 'wasm':
s.sendall(hex(out).replace('L', '') + '\n')
else:
s.sendall(str(out) + "\n")
interactive(s)
print(receive_until_match(s, '------------------------------'))
data = receive_until_match(s, '------------------------------')
print(data)
if "Wrong" in data:
interactive(s)
