def get_iv(s): send(s, '1') print(receive_until_match(s, "input plain text: ")) send(s, 'A') r = receive_until_match(s, "4: get encrypted key\n") print(r) aes_iv = re.findall('AES: (.*)\n', r)[0][:32].decode("hex") return aes_iv
def oracle(s, payload): send(s, 'l') receive_until_match(s, "\:\>\>", None) send(s, str(payload)) send(s, str(1)) send(s, str(1)) data = receive_until_match(s, "\:\>\>", None) return "bit is wrong" in data
def oracle(s, ct): send(s, '2') print(receive_until_match(s, 'input hexencoded cipher text: ')) payload = long_to_bytes(ct).encode("hex") print("Sending payload", payload) send(s, payload) r = receive_until_match(s, 'RSA: .*\n') receive_until_match(s, '4: get encrypted key\n') bit = int(re.findall('RSA: (.*)\n', r)[0], 16) & 1 return bit
def final_round(s, seed): receive_until_match(s, "bob number") send(s, b64e(b'\x00')) receive_until_match(s, "bob number") bob_no = int(receive_until(s, "\n").strip()) alice = DiffieHellman(long_to_bytes(int(seed, 2))) alice.set_other(bob_no) print('Shared:', alice.shared) iv = b64d(receive_until(s, "\n")) cipher = AES.new(long_to_bytes(alice.shared, 16)[:16], AES.MODE_CBC, IV=iv) enc_flag = b64d(receive_until(s, "\n")) print(cipher.decrypt(enc_flag))
def final_round(s, seed, target_seed): while True: receive_until_match(s, 'bit-flip str') receive_until(s, "\n") send(s, b64e(long_to_bytes(int(seed, 2) ^ target_seed))) receive_until(s, "\n") # generated after iv = b64d(receive_until(s, "\n")) enc_flag = b64d(receive_until(s, "\n")) for key in range(8): cipher = AES.new(long_to_bytes(key, 16)[:16], AES.MODE_CBC, IV=iv) flag = cipher.decrypt(enc_flag) if 'DrgnS' in flag: print(flag) return
def main(): url = "47.75.53.178" port = 9999 s = nc(url, port) data = receive_until_match(s, "\:\>\>", None).split("\n") e = int(data[1]) n = int(data[2]) print(e, n) send(s, 'r') receive_until_match(s, "\:\>\>", None).split("\n") send(s, 'test') data = receive_until_match(s, "\:\>\>", None).split("\n") ct = int(data[0]) lsb_oracle(ct, lambda x: multiplicate(x, e, n), n, lambda ct: oracle(s, ct))
def query(s, x): send(s, '1') send(s, str(x)) r = receive_until_match(s, 'Guess the global maximum') y = float(re.findall('f\(.*\) = (.*)', r)[0]) print "Y = " + str(y) return y
def main(): s = nc("37.139.4.247", 31337) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) payload = int(time()) print(payload) send(s, base64.b64encode(brotli.compress(str(payload)))) data = receive_until_match(s, "\n\n") print(data) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) send(s, base64.b64encode(brotli.compress("Y"))) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print('payload', decompressed) send(s, base64.b64encode(brotli.compress(decompressed))) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print(decompressed) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print(decompressed)
def recover_aes_key(n, s): send(s, '4') r = receive_until_match(s, "here is encrypted key :\)\n.+\n") encrypted_aes_key = re.findall("here is encrypted key :\)\n(.*)\n", r)[0] print('aes key', encrypted_aes_key) decrypted_aes_key = lsb_oracle(int(encrypted_aes_key, 16), lambda ct: ct * pow(2, 65537, n) % n, n, lambda ct: oracle(s, ct)) decrypted_aes_key = long_to_bytes(int(decrypted_aes_key)) return decrypted_aes_key
def recover_n(s): send(s, '1') print(receive_until_match(s, "input plain text: ")) send(s, '\2') r = receive_until_match(s, "4: get encrypted key\n") print(r) pow2e = int(re.findall('RSA: (.*)\n', r)[0], 16) send(s, '1') print(receive_until_match(s, "input plain text: ")) send(s, '\3') r = receive_until_match(s, "4: get encrypted key\n") print(r) pow3e = int(re.findall('RSA: (.*)\n', r)[0], 16) n = gmpy2.gcd(2 ** 65537 - pow2e, 3 ** 65537 - pow3e) n = factor(n)[1] assert pow(2, 65537, n) == pow2e return n
def main(): port = 1337 host = "34.89.64.81" s = nc(host, port) skip = receive_until_match(s, "pub_key = ") skip = receive_until_match(s, "pub_key = ") skip = receive_until_match(s, "pub_key = ") pubkey = receive_until(s, b"\n")[:-1] msg = receive_until(s, b"=") msg = re.findall("\"(.*)\"", msg.decode("utf-8"))[0] sig = receive_until(s, b"\n")[1:-1] print(pubkey) print(msg) print(sig) m, sig = solve(msg, sig) send(s, m.encode("utf-8")) send(s, sig.encode("utf-8")) interactive(s)
def attack(s): response = receive_until_match(s, "Welcome to the server. \n") print(response) feats = cmd_hi(s) target = cmd_target(s) print target solution = solve(feats[target]) print(solution) print(fit(solution, feats, target)) send(s, "answer " + " ".join(map(str, solution))) print(s.recv(9999))
def main(): url = '18.179.251.168' # url = 'localhost' port = 21700 s = nc(url, port) data = receive_until_match(s, "cmd:") flag = re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0] print(flag) encryptor = lambda data: enc(s, data) decryptor = lambda data: dec(s, data) n = recover_pubkey(encryptor) print(n) print(recover_flag(encryptor, decryptor, flag, n))
def main(): host = "37.139.4.247" port = 19153 s = nc(host, port) data = receive_until_match(s, "= .*\n") print(data) suffix = data[-7:-1] print(suffix) response = pow(suffix, data) print('pow', response) send(s, response) print(receive_until_match(s, "solve")) send(s, 'C') data = receive_until_match(s, "n = \d+\n") print(data) number = re.findall("n = (\d+)", data)[0] for i in range(101): data = receive_until_match(s, "equal to " + str(i)) print(data) response = calculate(number, i) print(i, response) send(s, response) interactive(s)
def get_kn(): host = "3.115.26.78" port = 31337 s = nc(host, port) receive_until_match(s, "! ") flag_ct = receive_until(s, "\n")[:-1] plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()] results = [] for pt in plaintexts: receive_until_match(s, ": ") send(s, pt.encode("hex")) res = receive_until(s, "\n")[:-1] results.append(res) s.close() CTA = int(results[0], 16) CTB = int(results[1], 16) CTC = int(results[2], 16) CTD = int(results[3], 16) kn = (CTA * CTB) - (CTD * CTC) print("Got k*N", kn) return kn
def main(): url = "crypto.chal.ctf.westerns.tokyo" port = 5643 s = nc(url, port) print(receive_until_match(s, "4: get encrypted key")) n = recover_n(s) print('n', n) decrypted_aes_key = recover_aes_key(n, s) print('aes key', decrypted_aes_key.encode("hex")) next_iv_hex = recover_next_iv(s) print('next iv', next_iv_hex) send(s, '3') r = receive_until_match(s, "4: get encrypted key\n") flag_ct = re.findall("another bulldozer is coming!\n(.*)\n", r)[0][32:] print('encrypted flag', next_iv_hex + flag_ct) print(aes_decrypt((next_iv_hex + flag_ct).decode("hex"), decrypted_aes_key)) s.close()
def get_flag(msg1, msg2): url = "111.186.63.14" port = 10001 s = nc(url, port) challenge = receive_until_match(s, "XXXX:") suffix, result = re.findall("sha256\(XXXX\+(.*?)\) == (.*)\s", challenge)[0] print(suffix, result) prefix = break_pow(suffix, result) print(prefix) send(s, prefix) send(s, msg1) sleep(1) send(s, msg2) print(interactive(s))
def main(): bitsize = 1024 url = "13.112.92.9" port = 21701 s = nc(url, port) data = receive_until_match(s, "cmd:") flag = int(re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0], 16) print(flag) encryptor = lambda data: enc(s, data) decryptor = lambda data: dec(s, data) n = recover_modulus(encryptor, decryptor, bitsize) print('modulus', n) known_flag_suffix = "_paillier!!}\n" print(recover_flag(decryptor, flag, n, bitsize, known_flag_suffix)) pass
def main(): host = "crypto.byteband.it" port = 7002 s = nc(host, port) for i in range(32): data = receive_until_match(s, "Plaintext \(b64encoded\) : ") pt = receive_until(s, "\n").decode("base64") receive_until(s, "\n") x = int(receive_until(s, "\n").strip(), 16) m = int(receive_until(s, "\n").strip(), 16) print('x', x) print('m', m) n = recover_n(x, m) print('recovered n', n) key = RSA.construct((long(n), long(65537))) ct = base64.b64encode(encrypt(key, pt)) print('ct', ct) send(s, ct) interactive(s)
def level(): challenge = receive_until_match( s, r'Press the Enter key to start the challenge...') print(challenge) s.send("\n") code = receive_until_match(s, r'Answer:') print 'code', code raw_code = '\n'.join(code.split('\n')[1:-1]) print 'raw_code', raw_code if '| | |___ | | |_| | | |___ ' in challenge: arch = 'i386' ks = (KS_ARCH_X86, KS_MODE_32) cs = (CS_ARCH_X86, CS_MODE_32) uc = (UC_ARCH_X86, UC_MODE_32) uc_result = UC_X86_REG_EAX uc_stack = UC_X86_REG_ESP elif "`. `' .' / / \ ' / ' _ \\" in challenge: arch = 'x64' ks = (KS_ARCH_X86, KS_MODE_64) cs = (CS_ARCH_X86, CS_MODE_64) uc = (UC_ARCH_X86, UC_MODE_64) uc_result = UC_X86_REG_RAX uc_stack = UC_X86_REG_RSP elif ' |_ _| | || | |_ __ \ | || | / ___ | |' in challenge: arch = 'mips' ks = (KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN) cs = (CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN) uc = (UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN) uc_result = UC_MIPS_REG_V0 uc_stack = UC_MIPS_REG_29 elif '/ /\ \ / /\ \ ) (__) ) / / \ (__) / / / ( (__) (_' in challenge: arch = 'aarch64' ks = (KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN) cs = (CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN) uc = (UC_ARCH_ARM64, UC_MODE_ARM) uc_result = UC_ARM64_REG_X0 uc_stack = UC_ARM64_REG_SP elif '|____| |____||____| |___||_____||_____' in challenge: arch = 'arm' ks = (KS_ARCH_ARM, KS_MODE_ARM) cs = (CS_ARCH_ARM, CS_MODE_ARM) uc = (UC_ARCH_ARM, UC_MODE_ARM) uc_result = UC_ARM_REG_R0 uc_stack = UC_ARM_REG_SP elif '|_| \_\_____|_____/ \_____| \/ ' in challenge: # risc arch = 'risc' response = riscv_asm.asm(raw_code).encode('base64').replace('\n', '') global last_stage last_stage = True elif last_stage: arch = 'wasm' response = wasmlib.asm(raw_code).encode('base64').replace('\n', '') else: # assume PPC32 arch = 'ppc32' ks = (KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN) cs = (CS_ARCH_PPC, CS_MODE_32 + CS_MODE_BIG_ENDIAN) for i in range(32): raw_code = raw_code.replace("r" + str(i), str(i)) print 'architecture:', arch if arch != 'risc' and arch != 'wasm': ks = Ks(ks[0], ks[1]) encoding, count = ks.asm(raw_code) if arch == 'mips': encoding = encoding[:-4] # untestedy yet response = ''.join(map(chr, encoding)).encode('base64').replace('\n', '') print 'response', response s.send(response + '\n') print(receive_until(s, '\n')) out = receive_until(s, '\n') print(out) if arch == 'risc': code = out.decode('base64') result = riscv_dis.dis(code) elif arch == 'wasm': # wasm code = out.decode('base64') result = wasmlib.dis(code) else: cs = Cs(cs[0], cs[1]) result = [] for i in cs.disasm(out.decode('base64'), 0x1000): result += [(i.mnemonic + " " + i.op_str).strip()] result = '\n'.join(result) print 'asm', result resultb64 = result.encode('base64').replace('\n', '') print 'asmb64', resultb64 s.send(resultb64 + '\n') print 'D', s.recv(99999) print 'E', s.recv(99999) challenge = s.recv(99999) print repr(challenge) data = challenge[8:-10] print data.encode('hex') if arch == 'risc': result = riscv_dis.dis(data) print(result) elif arch == 'wasm': result = wasmlib.dis(data) print(result) else: result = [] for i in cs.disasm(challenge, 0x1000): result += [(i.mnemonic + " " + i.op_str).strip()] result = '\n'.join(result) print result # callback for tracing instructions def hook_code(uc, address, size, user_data): print(">>> Tracing instruction at 0x%x, instruction size = 0x%x" % (address, size)) for kot in cs.disasm(data[address - ADDRESS:address - ADDRESS + size], 4): OP = kot.mnemonic + " " + kot.op_str print 'OK', OP break if 'jr $ra' in OP: uc.emu_stop() elif 'ret' in OP: uc.emu_stop() elif 'bx lr' in OP: uc.emu_stop() return 'kot' if arch == 'ppc32': out = ppc_execute(result) elif arch == 'risc': out = risc_execute(result) elif arch == 'wasm': out = wasmlib.eval(result) else: uc = Uc(uc[0], uc[1]) ADDRESS = 0x10000000 STACK = 0x20000000 uc.mem_map(ADDRESS, 4 * 1024 * 1024) uc.mem_map(STACK, 4 * 1024 * 1024) uc.mem_write(ADDRESS, data) uc.reg_write(uc_stack, STACK + 0x2000) # tracing one instruction at ADDRESS with customized callback uc.hook_add(UC_HOOK_CODE, hook_code, begin=ADDRESS, end=ADDRESS + len(data)) uc.emu_start(ADDRESS, ADDRESS + len(data)) out = uc.reg_read(uc_result) print "RESULT", hex(out) if arch != 'wasm': s.sendall(hex(out).replace('L', '') + '\n') else: s.sendall(str(out) + "\n") interactive(s) print(receive_until_match(s, '------------------------------')) data = receive_until_match(s, '------------------------------') print(data) if "Wrong" in data: interactive(s)
send(s, '2') send(s, str(y)) return receive_until_match(s, 'Guess the global maximum') if __name__ == "__main__": s = nc(HOST, PORT) # pass CAPTCHA r = s.recv(4096) md5_s = re.findall('md5\(X\).hexdigest\(\)\[\:5\]=(.+?)\.', r)[0] send(s, captcha(md5_s)) # start retrieving information r = receive_until_match(s, 'Guess the global maximum') # getting x range x_range = re.findall('defined in range \((.*), (.*)\)', r) x_min = float(x_range[0][0]) x_max = float(x_range[0][1]) # getting f(x) values j = 0 x = [] y = [] for i in arange(x_min, x_max, 0.4): x.append(i) y.append(query(s, i)) j += 1 if (j == 500):
def guess(s, y): send(s, '2') send(s, str(y)) return receive_until_match(s, 'Guess the global maximum')
def get_iterations(s, msg): send(s, b64e(msg)) receive_until_match(s, "Generated after ") count = int(receive_until(s, "\n").split(' ')[0].strip()) return count
def main(): s = nc("52.193.157.19", 9999) data = receive_until_match(s, "Give me XXXX:") inputs = re.findall("SHA256\(XXXX\+(.*)\) == (.*)", data)[0] suffix = inputs[0] digest = inputs[1] result = PoW(suffix, digest) print("PoW done") send(s, result) receive_until_match(s, "Done!\n") welcome = receive_until(s, "\n")[:-1] get_flag_payload = generate_payload_from_message(welcome, "Welcome!", "get-flag") send(s, get_flag_payload) encrypted_flag = receive_until(s, "\n")[:-1] raw_enc_flag = encrypted_flag.decode("base64") current = "hitcon{" print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"), len(encrypted_flag.decode("base64"))) for block_to_recover in range(3): malleable_block = base64.b64encode(raw_enc_flag[block_to_recover * 16:]) missing = 16 - len(current) for spaces in range(missing): for c in string.printable: test_flag_block_prefix = current + c + ("\0" * (missing - spaces)) expected_command = (" " * spaces) + "get-flag" payload = generate_payload_from_message( malleable_block, test_flag_block_prefix, expected_command) send(s, payload) result = receive_until(s, "\n")[:-1] if result == encrypted_flag: current += c print('found matching flag char:', current) break print(current) known_blocks = raw_enc_flag[16 * block_to_recover:16 * block_to_recover + 32] expanded_flag = raw_enc_flag[ 16 * block_to_recover:] + known_blocks # appending IV and "Welcome!!" at the end next_block_known = "" for i in range(8): get_md5 = set_cbc_payload_for_block(expanded_flag, "\0" * 16 + current, (" " * 9) + "get-md5", 1) # first block is get-md5 get_md5 = set_byte_cbc( get_md5, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 - i - 1)) # last character to cut padding send(s, base64.b64encode(get_md5)) real_md5_result = receive_until(s, "\n")[:-1] for c in string.printable: test_md5_payload = set_cbc_payload_for_block( expanded_flag, "\0" * 16 + current, (" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1) test_md5_payload = set_byte_cbc( test_md5_payload, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 + 1)) send(s, base64.b64encode(test_md5_payload)) test_md5_result = receive_until(s, "\n")[:-1] if real_md5_result == test_md5_result: next_block_known += c print('found matching flag char:', next_block_known) break print(next_block_known) current = next_block_known[:-1]
def rakflag(): for i in range(7): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(16): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(10): print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') for i in range(17): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') for i in range(16): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') for i in range(6): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') for i in range(4): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(2): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') for i in range(4): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(5): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') for i in range(2): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(25): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') for i in range(4): print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') for i in range(10): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') print(receive_until_match(s, "(Press the Enter key to continue...)")) s.sendall("\n") print(receive_until_match(s, "(Press the Enter key to continue...)")) s.sendall("\n") print(receive_until_match(s, "(Press the Enter key to continue...)")) s.sendall("\n") level() s.sendall("\n") s.sendall("\n") s.sendall("\n") interactive(s)
def command(s, data, command): send(s, command) res = receive_until_match(s, "input: ") send(s, data.encode("hex")) res = receive_until_match(s, ".*\n") return re.findall("(.*)\s+", res)[0]
HOST = '199.247.6.180' PORT = 14002 if __name__ == "__main__": s = nc(HOST, PORT) # pass CAPTCHA r = s.recv(4096) md5_s = re.findall('md5\(X\).hexdigest\(\)\[\:5\]=(.+?)\.', r)[0] send(s, captcha(md5_s)) # start NIM game r = receive_until_match(s, 'Input the pile:') state = map( int, re.findall('Current state of the game: \[(.*)\]', r)[0].split(',')) while (True): print 'STATE: ' + str(state) index, quantity = nim(state, 'normal') print 'SEND: index = ' + str(index) + ', quantity = ' + str(quantity) send(s, str(index)) send(s, str(quantity)) if (state.count(0) != 14): r = receive_until_match(s, 'Input the pile:') state = map( int,
def main(): global s s = socket.socket() s.connect(('13.231.83.89', 30262)) print 'A', s.recv(999999) print 'B', s.recv(999999) s.send('\n') print 'C', s.recv(999999) print 'D', s.recv(999999) s.send('\n') print 'E', s.recv(999999) print 'F', s.recv(999999) s.send('\n') print 'G', s.recv(999999) print 'H', s.recv(999999) s.send('A\n') print 'I', s.recv(999999) print 'J', s.recv(999999) s.send('\n') print 'K', s.recv(999999) print 'L', s.recv(999999) s.send('B\n') print 'M', s.recv(999999) print 'N', s.recv(999999) s.send('\n') print 'O', s.recv(999999) s.send('duck\n') for i in range(7): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') level() for i in range(16): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') level() for i in range(9): print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') level() for i in range(16): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') level() for i in range(15): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('s\n') level() for i in range(6): print(receive_until_match(s, "w/a/s/d:")) s.sendall('d\n') for i in range(4): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(2): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') level() for i in range(4): print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') for i in range(5): print(receive_until_match(s, "w/a/s/d:")) s.sendall('a\n') print(receive_until_match(s, "w/a/s/d:")) s.sendall('w\n') level() while True: data = receive_until_match(s, '(Press the Enter key to continue...)') print(data) if 'EXIT2' in data: break s.sendall('\n') rakflag()