def solve():
r = pwn.remote('misc.chal.csaw.io',4239)
print(r.recvline())
result_string1 = '';
result_string2 = '';
while True:
l1 = r.recvline().strip('\n')
l2 = l1[1:10]
parity = bit_xor(l2)
print('InitialMessage={} WithoutStartStop={} Parity={}'.format(l1, l2, parity))
if(parity == 0):
l3 = l2[0:8]
unb = pwn.unbits(l3)
print('Parity! Without parity bit={} unb={}'.format(l3, unb))
result_string1 = result_string1 + unb
print(result_string1)
result_string2 = result_string2 + l3;
print(pwn.unbits(result_string2))
r.writeline('1')
else:
r.writeline('0')
def solve():
r = pwn.remote('misc.chal.csaw.io', 4239)
print(r.recvline())
result_string1 = ''
result_string2 = ''
while True:
l1 = r.recvline().strip('\n')
l2 = l1[1:10]
parity = bit_xor(l2)
print('InitialMessage={} WithoutStartStop={} Parity={}'.format(
l1, l2, parity))
if (parity == 0):
l3 = l2[0:8]
unb = pwn.unbits(l3)
print('Parity! Without parity bit={} unb={}'.format(l3, unb))
result_string1 = result_string1 + unb
print(result_string1)
result_string2 = result_string2 + l3
print(pwn.unbits(result_string2))
r.writeline('1')
else:
r.writeline('0')
def run(self):
e = self.env
bits = e['bits']
chrs = e['chrs']
lock = e['lock']
func = e['func']
query = e['query']
verify = e['verify']
while not e['exit']:
lock.acquire()
n = e['next']
while n < len(bits) and bits[n] <> None:
n += 1
if e['endp'] is not None and n >= e['endp']:
lock.release()
break
if n < len(bits):
bits[n] = _PROGRESS
else:
bits.append(_PROGRESS)
lock.release()
b = bool(int(func(_req_bit(query, n // 8, n % 8))))
lock.acquire()
bits[n] = b
n = align_down(8, n)
byte = bits[n:n + 8]
if len(byte) < 8 or None in byte or _PROGRESS in byte:
lock.release()
continue
byte = unbits(byte)
if byte <> '\0': chrs[n // 8] = (byte, False)
lock.release()
if not verify or func(_req_ver(query, n // 8, byte)):
lock.acquire()
if byte == '\0':
if e['endp'] is None or e['endp'] > n:
e['endp'] = n
else:
chrs[n // 8] = (byte, True)
if n == e['next']:
while e['next'] // 8 in chrs.keys():
e['next'] += 8
lock.release()
else:
lock.acquire()
if byte <> '\0': del chrs[n // 8]
if e['next'] > n: e['next'] = n
for n in range(n, n + 8):
bits[n] = None
lock.release()
def run(self):
e = self.env
bits = e['bits']
chrs = e['chrs']
lock = e['lock']
func = e['func']
query = e['query']
verify = e['verify']
while not e['exit']:
lock.acquire()
n = e['next']
while n < len(bits) and bits[n] <> None: n += 1
if e['endp'] is not None and n >= e['endp']:
lock.release()
break
if n < len(bits):
bits[n] = _PROGRESS
else:
bits.append(_PROGRESS)
lock.release()
b = bool(int(func(_req_bit(query, n // 8, n % 8))))
lock.acquire()
bits[n] = b
n = align_down(8, n)
byte = bits[n : n + 8]
if len(byte) < 8 or None in byte or _PROGRESS in byte:
lock.release()
continue
byte = unbits(byte)
if byte <> '\0': chrs[n // 8] = (byte, False)
lock.release()
if not verify or func(_req_ver(query, n // 8, byte)):
lock.acquire()
if byte == '\0':
if e['endp'] is None or e['endp'] > n:
e['endp'] = n
else:
chrs[n // 8] = (byte, True)
if n == e['next']:
while e['next'] // 8 in chrs.keys():
e['next'] += 8
lock.release()
else:
lock.acquire()
if byte <> '\0': del chrs[n // 8]
if e['next'] > n: e['next'] = n
for n in range(n, n + 8):
bits[n] = None
lock.release()
from pwn import unbits
with open("./hexvals.txt", "r") as f:
inp = f.read()
ab = inp.replace("e28083", "A").replace("20", "B")
out = ab.replace("A", "0").replace("B", "1")
print(unbits(out).decode())
# For more details about how this script works, see "Investigative Reversing 2/script.py".
from pwn import unbits
with open("encoded.bmp", "rb") as b:
b.seek(0x2d3)
bin_str = ""
# just like the encoding script, we loop 100 times.
for j in range(100):
if ((j & 1) == 0):
for k in range(8):
byte = ord(b.read(1))
bit = byte & 1 # the LSB
bin_str += str(bit)
# every other run we skip a byte by just reading and not storing it
else:
b.read(1)
char_str = unbits(bin_str, endian='little')
print("Flag: {}".format(char_str.decode("ascii")))
def _frombits(b):
return pwn.unbits(b, endian="little")
def _frombits(b):
return pwn.unbits(b, endian = 'little')
