def solve(data, leak, ctext):
   
    guesses = []

    # Based on the access order of Pi ^ Ki pairs in the first round, see aes.c
    pairs = [   (0,4), (4,8), (8,12), (12,5),
                (5,9), (9,13), (13,1), (1,10), 
                (10,14), (14,2), (2,6), (6,15), 
                (15,3), (3,7), (7,11) ]
             
    workerPool = ThreadPool(8)
    workerPool.map(makeGuesses, pairs)
    for result in workerPool.get_results():
        guesses.extend(result)
    
    guesses = statisticalFilter(guesses)
    guesses.sort(key=lambda x : x.cost, reverse=False)

    pairs = np.zeros((16,16), dtype=np.uint8)
    for guess in guesses:
        pairs[guess.i1,guess.i2] = guess.relate
        pairs[guess.i2,guess.i1] = guess.relate

    
    # 00112233445566778899aabbccddeeff
    # 4355a46b19d348dc2f57c046f8ef63d4 (sha256sum(echo "1")[:16])
    keyBase = np.zeros((16), dtype=np.uint8)
    keyBase[0:6] = leak

    keyBase[14] = (keyBase[2]  ^ pairs[2,14]) & mask
    keyBase[10] = (keyBase[14] ^ pairs[10,14]) & mask
    #keyBase[1]  = (keyBase[10] ^ pairs[1,10]) & mask

    keyBase[7]  = (keyBase[3]  ^ pairs[3,7]) & mask
    keyBase[15] = (keyBase[3]  ^ pairs[3,15]) & mask
    keyBase[6]  = (keyBase[15] ^ pairs[6,15]) & mask

    #keyBase[0]  = (keyBase[4]  ^ pairs[4,0]) & mask
    keyBase[8]  = (keyBase[4]  ^ pairs[4,8]) & mask

    keyBase[9]  = (keyBase[5]  ^ pairs[9,5]) & mask
    keyBase[12] = (keyBase[5]  ^ pairs[5,12]) & mask
    keyBase[13] = (keyBase[9]  ^ pairs[9,13]) & mask

    print("Base Pair: %s" % "".join(list(map(lambda x : "%02x" % x, keyBase))))
    sys.stdout.flush()
    
    # 4355a46b19d348dc2f57c046f8ef63d4 (sha256sum(echo "1")[:16])
    for k11 in range(0x0,0x100):
        key = np.array(keyBase, copy=True)
        key[11] = k11
        workerPool.add_task(run, ctext, key)
        
    workerPool.get_results()
Exemple #2
0
    with open(fileOut, "wb") as f:
        f.write(data)
    st = os.stat(fileOut)
    os.chmod(fileOut, st.st_mode | stat.S_IEXEC)

    workers = ThreadPool(workerCount)
    
    tasks = 1024
    roundingerror = count - int(count/tasks)*tasks
    workers.add_task(run, int(count/tasks) + roundingerror, 0)
    for ii in range(1,tasks):
        workers.add_task(run, int(count/tasks), ii)
   
    textName = "/tmp/test.txt"

    results = workers.get_results()
    with open(textName, "wb") as f:
        for r in results:
            f.write(r)
    
    print(textName)
    
    readmeFile = "/tmp/Readme.txt"
    flag = os.getenv("FLAG", "flag{place:holder}")
    
    length = 16 - (len(flag) % 16)
    plain = flag + chr(length)*length

    cipher = AES.new(key, AES.MODE_ECB)
    ctext = cipher.encrypt(plain)