def solve(): r = pwn.remote('misc.chal.csaw.io',4239) print(r.recvline()) result_string1 = ''; result_string2 = ''; while True: l1 = r.recvline().strip('\n') l2 = l1[1:10] parity = bit_xor(l2) print('InitialMessage={} WithoutStartStop={} Parity={}'.format(l1, l2, parity)) if(parity == 0): l3 = l2[0:8] unb = pwn.unbits(l3) print('Parity! Without parity bit={} unb={}'.format(l3, unb)) result_string1 = result_string1 + unb print(result_string1) result_string2 = result_string2 + l3; print(pwn.unbits(result_string2)) r.writeline('1') else: r.writeline('0')
def solve(): r = pwn.remote('misc.chal.csaw.io', 4239) print(r.recvline()) result_string1 = '' result_string2 = '' while True: l1 = r.recvline().strip('\n') l2 = l1[1:10] parity = bit_xor(l2) print('InitialMessage={} WithoutStartStop={} Parity={}'.format( l1, l2, parity)) if (parity == 0): l3 = l2[0:8] unb = pwn.unbits(l3) print('Parity! Without parity bit={} unb={}'.format(l3, unb)) result_string1 = result_string1 + unb print(result_string1) result_string2 = result_string2 + l3 print(pwn.unbits(result_string2)) r.writeline('1') else: r.writeline('0')
def run(self): e = self.env bits = e['bits'] chrs = e['chrs'] lock = e['lock'] func = e['func'] query = e['query'] verify = e['verify'] while not e['exit']: lock.acquire() n = e['next'] while n < len(bits) and bits[n] <> None: n += 1 if e['endp'] is not None and n >= e['endp']: lock.release() break if n < len(bits): bits[n] = _PROGRESS else: bits.append(_PROGRESS) lock.release() b = bool(int(func(_req_bit(query, n // 8, n % 8)))) lock.acquire() bits[n] = b n = align_down(8, n) byte = bits[n:n + 8] if len(byte) < 8 or None in byte or _PROGRESS in byte: lock.release() continue byte = unbits(byte) if byte <> '\0': chrs[n // 8] = (byte, False) lock.release() if not verify or func(_req_ver(query, n // 8, byte)): lock.acquire() if byte == '\0': if e['endp'] is None or e['endp'] > n: e['endp'] = n else: chrs[n // 8] = (byte, True) if n == e['next']: while e['next'] // 8 in chrs.keys(): e['next'] += 8 lock.release() else: lock.acquire() if byte <> '\0': del chrs[n // 8] if e['next'] > n: e['next'] = n for n in range(n, n + 8): bits[n] = None lock.release()
def run(self): e = self.env bits = e['bits'] chrs = e['chrs'] lock = e['lock'] func = e['func'] query = e['query'] verify = e['verify'] while not e['exit']: lock.acquire() n = e['next'] while n < len(bits) and bits[n] <> None: n += 1 if e['endp'] is not None and n >= e['endp']: lock.release() break if n < len(bits): bits[n] = _PROGRESS else: bits.append(_PROGRESS) lock.release() b = bool(int(func(_req_bit(query, n // 8, n % 8)))) lock.acquire() bits[n] = b n = align_down(8, n) byte = bits[n : n + 8] if len(byte) < 8 or None in byte or _PROGRESS in byte: lock.release() continue byte = unbits(byte) if byte <> '\0': chrs[n // 8] = (byte, False) lock.release() if not verify or func(_req_ver(query, n // 8, byte)): lock.acquire() if byte == '\0': if e['endp'] is None or e['endp'] > n: e['endp'] = n else: chrs[n // 8] = (byte, True) if n == e['next']: while e['next'] // 8 in chrs.keys(): e['next'] += 8 lock.release() else: lock.acquire() if byte <> '\0': del chrs[n // 8] if e['next'] > n: e['next'] = n for n in range(n, n + 8): bits[n] = None lock.release()
from pwn import unbits with open("./hexvals.txt", "r") as f: inp = f.read() ab = inp.replace("e28083", "A").replace("20", "B") out = ab.replace("A", "0").replace("B", "1") print(unbits(out).decode())
# For more details about how this script works, see "Investigative Reversing 2/script.py". from pwn import unbits with open("encoded.bmp", "rb") as b: b.seek(0x2d3) bin_str = "" # just like the encoding script, we loop 100 times. for j in range(100): if ((j & 1) == 0): for k in range(8): byte = ord(b.read(1)) bit = byte & 1 # the LSB bin_str += str(bit) # every other run we skip a byte by just reading and not storing it else: b.read(1) char_str = unbits(bin_str, endian='little') print("Flag: {}".format(char_str.decode("ascii")))
def _frombits(b): return pwn.unbits(b, endian="little")
def _frombits(b): return pwn.unbits(b, endian = 'little')