def main():
p = remote("challenge.nahamcon.com", 32535)
#p = process("./dice_roll.py")
print("Running...")
rc = RandCrack()
p.recvuntil("3. Guess the dice (test)")
for i in range(624):
p.sendline(b'2') # payload sent as byte
random_number = p.recvuntil("3. Guess the dice (test)") # return bytes
random_number = random_number.decode().split('\n')
random_number = int(random_number[3])
rc.submit(random_number) # submitting the generated random numbers
p.sendline(b'3')
p.recvuntil(
"Guess the dice roll to win a flag! What will the sum total be?")
predicted_number = rc.predict_getrandbits(
32
) # predicting the next number based on the 624 numbers submitted above
p.sendline(str(predicted_number)) # payload sent as string
print("predicted number:", predicted_number)
flag = p.recvuntil("3. Guess the dice (test)") # return bytes
flag = flag.decode().split('\n')[2]
print(flag)
def crack():
# gather 624 * 32 bits
from randcrack import RandCrack
rc = RandCrack()
# 19.5 * 1024 == 624 * 32
# means 10 rounds is enough to predict
for i in xrange(10):
p_rand, q_rand = crack_pq()
if i == 9:
# enough bits
crack_rand(p_rand, rc)
crack_rand(q_rand, rc, 512)
print('predicted high bits of q:\n %X' %
(rc.predict_getrandbits(512)))
print('received q:\n %X' % (q_rand))
break
crack_rand(p_rand, rc)
crack_rand(q_rand, rc)
p_base = rc.predict_getrandbits(1024)
q_base = rc.predict_getrandbits(1024)
p = gen_prime(p_base)
q = gen_prime(q_base)
return p, q
def test_predict_random():
random.seed(time.time())
cracker = RandCrack()
for i in range(624):
cracker.submit(random.randint(0, 4294967294))
assert sum([random.random() == cracker.predict_random() for _ in range(1000)]) >= 980
def get_aesIV():
rc = RandCrack()
for i in range(156):
x = get_IV()
for j in range(4):
rc.submit(x % (2**32))
x = x >> 32
return rc
def test_predict_first_1000_close():
random.seed(time.time())
cracker = RandCrack()
for i in range(624):
cracker.submit(random.randint(0, 4294967294))
assert sum([random.getrandbits(32) == cracker.predict_getrandbits(32) for _ in range(1000)]) >= 980
def __init__(self,output) -> None:
self.rc = RandCrack()
S = []
for ot in output:
tmp = []
if len(bin(ot)[2:]) % 32 != 0:
b ='0'*(32 - (len(bin(ot)[2:]) % 32)) + bin(ot)[2:]
else:
b = bin(ot)[2:]
for i in range(0,len(b),32):
tmp.append(int(b[i:i+32],2))
S = S + tmp[::-1]
for i in S[:624]:
self.rc.submit(i)
def getNonces():
rc = RandCrack()
scripts = '<script></script>' * (628 // 4)
r = s.post('https://naas.2019.chall.actf.co/nonceify', data=scripts)
r = json.loads(r.text)
nonces = re.findall(r'''nonce-([^']+)''', r["csp"])
nonces = map(lambda x: int(binascii.hexlify(b64decode(x)), 16), nonces)
for nonce in nonces:
n = nonce
try:
while n > 0:
rc.submit(n % (1 << 32))
n = n >> 32
except:
print("{}, {}".format(nonce, rc.predict_getrandbits(128)))
scripts = ''
for i in range(0, 16):
next_nonce = convert(rc.predict_getrandbits(128))
scripts += '''<script nonce="{}">{}</script>'''.format(
next_nonce, payload)
r = s.post('https://paste.2019.chall.actf.co', data={"paste": scripts})
s.post('https://paste.2019.chall.actf.co/report', json={"url": r.url})
print(r.text, r.url)
class MyRandCrack:
rc = RandCrack()
def __init__(self,output) -> None:
self.rc = RandCrack()
S = []
for ot in output:
tmp = []
if len(bin(ot)[2:]) % 32 != 0:
b ='0'*(32 - (len(bin(ot)[2:]) % 32)) + bin(ot)[2:]
else:
b = bin(ot)[2:]
for i in range(0,len(b),32):
tmp.append(int(b[i:i+32],2))
S = S + tmp[::-1]
for i in S[:624]:
self.rc.submit(i)
def rc_getrandbits(self,bits):
return self.rc.predict_getrandbits(bits)
def rc_randint(self,a,b):
return self.rc.predict_randint(a,b)
def rc_randrange(self,a,b):
return self.rc.predict_randrange(a,b)
def test_submit_not_enough():
random.seed(time.time())
cracker = RandCrack()
for i in range(623):
cracker.submit(random.randint(0, 4294967294))
with pytest.raises(ValueError):
cracker.predict_randint(0, 1)
def test_submit_too_much():
random.seed(time.time())
cracker = RandCrack()
for i in range(624):
cracker.submit(random.randint(0, 4294967294))
with pytest.raises(ValueError):
cracker.submit(random.randint(0, 4294967294))
import socket
import struct
import json
import time
import random
from randcrack import RandCrack
from tqdm import tqdm
rc = RandCrack()
TCP_IP = 'challenge.nahamcon.com'
TCP_PORT = 31784
BUFFER_SIZE = 4096
MESSAGE = "Hello, World!"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
def recvall_header(sock):
BUFF_SIZE = 256 # 4 KiB
data = b''
while True:
part = sock.recv(BUFF_SIZE)
data += part
if b"> " in part:
break
return data
data = recvall_header(s)
# print(data.decode())
from pwntools import *
from randcrack import RandCrack
r = remote('challenge.nahamcon.com', port)
print(r.recvline())
# set seed
r.send(b'1\r\n')
print(r.recvline())
# get samples
rc = RandCrack()
for i in range(624):
r.send(b'2\r\n')
sample = r.recvline()
rc.submit(sample)
# predict next number
prediction = rc.predict_getrandbits(32)
r.send(b'3\r\n')
print(r.recvline())
r.send('{prediction}\r\n'.encode('ascii'))
print(r.recvline())
from randcrack import RandCrack
rc = RandCrack()
with open("robo_numbers_list.txt") as file:
for line in file:
line = line[:3] + line[4:7] + line[8:]
num = int(line) - (1 << 31)
rc.submit(num)
with open("secret.enc", "rb") as file:
print("".join([chr(c ^ rc.predict_getrandbits(8)) for c in file.read()]))
pk = [0, 0]
ct = [0, 0]
pk[0] = kkk[0][1:-1].split(',')
for i in range(len(pk[0])):
pk[0][i] = int(pk[0][i])
pk[1] = kkk[1][1:-1].split(',')
for i in range(len(pk[1])):
pk[1][i] = int(pk[1][i])
ct[0] = kkk[2][1:-1].split(',')
for i in range(len(ct[0])):
ct[0][i] = int(ct[0][i])
ct[1] = kkk[3][1:-1].split(',')
for i in range(len(ct[1])):
ct[1][i] = int(ct[1][i])
print(len(pk[0]))
rc = RandCrack()
S(con, b'1')
print(R(con).decode())
for _ in range(312):
S(con, b'1')
resp = R(con).decode()
# print(resp)
num = re.findall('my number is (.*)', resp)[0]
r = bin(int(num))[2:].zfill(64)
r1 = r[:32]
r2 = r[32:]
rc.submit(int(r2, 2))
rc.submit(int(r1, 2))
num = 0
from randcrack import RandCrack
rc = RandCrack()
f = open("./poker.py", 'rb').read()
cards = {}
for i in range(13):
cards[f[f.index(b'SPADES')+10+4*i: f.index(b'SPADES')+14+4*i]] = i
cards[f[f.index(b'HEARTS')+10+4*i: f.index(b'HEARTS')+14+4*i]] = 13+i
cards[f[f.index(b'DIAMONDS')+12+4*i: f.index(b'DIAMONDS')+16+4*i]] = 26+i
cards[f[f.index(b'CLUBS')+9+4*i: f.index(b'CLUBS')+13+4*i]] = 39+i
sorted(cards)
def deal_card(shuffle):
deal = []
deck = [i for i in range(52)]
while shuffle > 0:
deal.append(deck.pop(shuffle % len(deck)))
shuffle //= len(deck) + 1
while len(deal) < 25:
deal += [deck.pop(0)]
return deal
MD = 7407396657496428903767538970656768000000
g = open("./cards.22.07.16.txt", 'rb').read()
rands = []
for i in range(750):
deck = [i for i in range(52)]
rand = 0
deals = []
for j in range(25):
card = cards[g[g.index(b'\xf0'):g.index(b'\xf0')+4]]
import random
from pwn import *
from randcrack import RandCrack
import zlib
rc = RandCrack()
p = 'POST /regen HTTP/1.1\r\n\
Host: tasks.open.kksctf.ru:20007\r\n\
Connection: keep-alive\r\n\
Content-Length: 17\r\n\
Cache-Control: max-age=0\r\n\
Origin: http://tasks.open.kksctf.ru:20007\r\n\
Upgrade-Insecure-Requests: 1\r\n\
Content-Type: application/x-www-form-urlencoded\r\n\
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36\r\n\
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n\
Referer: http://tasks.open.kksctf.ru:20007/regen\r\n\
Accept-Encoding: gzip, deflate\r\n\
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-CN;q=0.6,ja;q=0.5\r\n\
Cookie: PHPSESSID=481943c7014681051f83f0ab3df052f7; session=eyJ1aWQiOiJDamo5NWZ4c0tobktHT2ZHK3hqRFh3PT0ifQ.Xgg7Ow.bCqGLOuPAk6uADACGSZ8w6Ol-DE\r\n\
\r\n\
login=golem&otp=1\r\n'
bseed = zlib.crc32("golem".encode())
for i in range(624):
r = remote("tasks.open.kksctf.ru", 20007)
r.send(p)
r.recvuntil(b'your new seed ')
q = int(r.recvuntil(b' '))-bseed
print(i, q)
rc.submit(q)
HOST = '103.152.242.172'
PORT = 7070
def getSphinx(n):
r.sendlineafter('[>] ', str(n))
r.recvlines(2)
out = r.recvline(0)
if 'sphinx!' in out:
return 'found'
return int(out.split()[-1])
r = remote(HOST, PORT)
rc = RandCrack()
for n in range(1, 1338):
rand = getSphinx(n)
if rand == 'found':
break
if n < 625:
rc.submit(rand)
else:
predict = rc.predict_getrandbits(32)
predict = rc.predict_getrandbits(32)
print 'PREDICT: ' + str(predict)
r.sendlineafter('[>]', str(predict))
# technofair{1s_this_even_crypt0graphy?}
import socket
from randcrack import RandCrack
sock = socket.socket()
sock.connect(('task.pase.ca', 24028))
sock.recv(10000)
sock.send(b'2\n')
sock.recv(1000)
sock.send(b'b33_1_4m_b3333\n')
sock.recv(200)
sock.send(b'1\n')
sock.recv(500)
states = []
rc = RandCrack()
for i in range(624):
sock.send(b'$\n')
sock.recv(100)
sock.send(b'a\n')
data = sock.recv(100)
state = int(''.join(data.split(b'\n')[0].decode('ascii').split('|')), 16)
rc.submit(state)
win = bytes(hex(rc.predict_getrandbits(32))[2:].encode('ascii'))
sock.send(b'$\n')
sock.recv(100)
sock.send(win + b'\n')
data = sock.recv(1024)
print(data.split(b'\n')[-2])
import random, time
from randcrack import RandCrack
from pwn import *
# random.seed(time.time())
rc = RandCrack()
# for i in range(624):
# rc.submit(random.getrandbits(32))
# print("Random result: {}\nCracker result: {}"
# .format(random.randrange(0, 4294967295), rc.predict_randrange(0, 4294967295)))
# Global vars
################################################################
host = args['RHOST'] or "challenge.nahamcon.com" # passed as arguments or hardcode
port = args['RPORT'] or "31784" # passed as arguments or hardcode
# user = args['USER'] or ''
# password = args['PASS'] or ''
# binary = args['BIN'] or './path/to/binary'
conn = remote(host, port)
for i in range(624):
print(i)
conn.sendline('2')
from pwn import *
from randcrack import RandCrack
rc = RandCrack()
p = remote('task.pase.ca', 24028)
# p = process(['python', 'casino.py'])
print(p.recv())
p.write('2\n')
print(p.recv())
p.write('b33_1_4m_b3333\n')
print(p.recv())
p.write('1\n')
print(p.recv())
for i in range(624):
p.write('$\n')
print(p.recv())
p.write('ff\n')
result = p.recv().split('\n')
print(result)
data = result[0].replace('|', '')
rc.submit(int(data, 16))
print(int(data, 16))
print("feeding done")
prediction = rc.predict_getrandbits(32)
print("predicted %x" % prediction)
p.write('$\n')
from pwn import *
from randcrack import RandCrack
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("challenge.nahamcon.com", 32535))
answer = s.recv(1024)
print answer
rc = RandCrack()
s.send("2\r\n")
num = s.recv(128)
split = num.split()
for i in range(624):
s.send("2\r\n")
num = s.recv(128)
split = num.split()
print '[' + str(i) + '] ' + split[6]
rc.submit(int(split[6]))
#str(rc.predict_getrandbits(32))
s.send("3\r\n")
print s.recv(128)
s.send(str(rc.predict_getrandbits(32)) + '\r\n')
resp = s.recv(1024)
print resp
import random, time
from randcrack import RandCrack
random.seed(0)
first_random_is = "{0:b}".format(random.randrange(16**32))
random_bits_string = first_random_is
while len(random_bits_string) <= (624 * 32):
random_bits_string = "{0:b}".format(random.randrange(
0, 16**32)) + random_bits_string # 128~ bits each round
print("Total random bits generated: ", len(random_bits_string), ", ",
len(random_bits_string) - (624 * 32), "More than needed")
bit32_random_array = []
while len(random_bits_string) >= 32:
bit32_random_array.append(bin(int(random_bits_string[-32:], 2)))
random_bits_string = random_bits_string[:-32]
bit32_random_array.append(bin(int(random_bits_string, 2)))
print(bit32_random_array)
rc = RandCrack()
for i in range(624):
print("Submiting", bin(int(bit32_random_array[i], 2)))
rc.submit(int(bit32_random_array[i], 2))
bit32_random_array[i] = ""
bit32_random_array = list(filter(None, bit32_random_array))
print(bit32_random_array)
import random, time, socket
from randcrack import RandCrack
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('chal.noxale.com', 5115))
sock.send(b'0'*(16*624))
rc = RandCrack()
for i in range(624):
read = 0
while read < 34:
read += len(sock.recv(34-read))
read, resp = 0, b''
while read < 37:
resp += sock.recv(37-read)
read += len(resp)
resp = int(resp[20:-1])
print('- {}'.format(resp))
rc.submit(resp)
guess = rc.predict_getrandbits(32)
print('+ {}'.format(guess))
sock.send(str(guess).rjust(16, '0').encode('utf-8'))
read = 0
while read < 34:
read += len(sock.recv(34-read))
print(sock.recv(1024).decode('utf-8'))
print("Number of random bits is = ", len(random_bits_string))
print("LEN IS:",len(first_random_is))
print(first_random_is)
print(bin(int(first_random_is,2)))
print(random_bits_string)
# random_bits = bin(int(random_bits_string,2))
# print(random_bits)
# first32 = random_bits[len(random_bits) - 32:]
bit32_random_array = []
while len(random_bits_string) >= 32:
bit32_random_array.append(bin(int(random_bits_string[- 32:],2)))
random_bits_string = random_bits_string[:-32]
rc = RandCrack()
for i in range(624):
rc.submit(random_bits_string[i])
random_bits_string[i] = 0
# print(i)
# print(bit32_random_array)
# print(len(bit32_random_array))
# 0b11100011111001110000011010000010110000100000100101001100101011000110001010011111011011111011111011011000001011000000011111001101
#
# >>> random.seed(0)
from pwn import *
from randcrack import RandCrack
rc = RandCrack()
r = remote("twistwislittlestar.fword.wtf", 4445)
#p.interactive()
for i in range(3):
r.recvuntil("Random Number is : ")
n = int(r.recvline().strip())
print(n)
rc.submit(n)
def get_n():
r.recvuntil("Your Prediction For the next one : ")
r.sendline("0")
r.recvuntil("The number was : ")
n = int(r.recvline().strip())
print(n)
return n
for i in range(624 - 3):
rc.submit(get_n())
for _ in range(20):
r.sendline(str(rc.predict_getrandbits(32)))
r.interactive()
from z3 import *
from socket import socket
from randcrack import RandCrack
ALPHA = "BCDGPTVZ"
rc = RandCrack()
s = socket()
s.connect(("misc.hsctf.com", 9988))
data = recvuntil(s, b"letters are being said.\n").decode()
lines = data.split('\n')[8:-2]
assert len(lines) == 216
for i in range(8, 216): #Need exactly 624 integers out of 648, so skip the 8*3=24 first
v1 = BitVec("v1", 32)
v2 = BitVec("v2", 32)
v3 = BitVec("v3", 32)
results = list(map(ALPHA.index, lines[i]))
z = Solver()
z.add((v2 >> 0x1F & 0x1 | v3 >> 0x0 & 0x3) == results[0])
z.add((v1 >> 0x09 & 0x7) == results[1])
z.add((v3 >> 0x05 & 0x7) == results[2])
z.add((v3 >> 0x08 & 0x7) == results[3])
z.add((v1 >> 0x15 & 0x7) == results[4])
z.add((v1 >> 0x06 & 0x7) == results[5])
z.add((v3 >> 0x1D & 0x7) == results[6])
z.add((v1 >> 0x1B & 0x7) == results[7])
z.add((v2 >> 0x04 & 0x7) == results[8])
z.add((v2 >> 0x0D & 0x7) == results[9])
z.add((v2 >> 0x0A & 0x7) == results[10])
z.add((v3 >> 0x1A & 0x7) == results[11])
#!/usr/bin/env python3
import random
import os
from randcrack import RandCrack
rc = RandCrack()
dice_bits = 32
#flag = open('flag.txt').read()
for i in range(624):
rc.submit(random.getrandbits(32))
print("Random result: {}\nCracker result: {}".format(random.getrandbits(32), rc.predict_getrandbits(32)))
key_loc = result.index(b"The key was ") + 12
key = int(result[key_loc:key_loc + 32], 16)
iv_loc = result.index(b"you were curious ") + 17
iv = int(result[iv_loc:iv_loc + 32], 16)
# print(iv)
# print(key)
# iv = random.getrandbits(128).to_bytes(16, 'big').hex()
# key = random.getrandbits(128).to_bytes(16, 'big').hex()
# iv = int(iv, 16)
# key = int(key, 16)
return iv, key
# Submit required numbers to crack random gen
random.seed(time.time())
rc = RandCrack()
for i in range(624 // 8):
print("Getting key set", i)
iv, key = gen_iv_and_key()
# num = int.from_bytes(iv, byteorder='big')
num = iv
num1 = num >> 96
num2 = (num >> 64) % (1 << 32)
num3 = (num >> 32) % (1 << 32)
num4 = (num) % (1 << 32)
rc.submit(num4)
rc.submit(num3)
rc.submit(num2)
rc.submit(num1)
# num = int.from_bytes(key, byteorder='big')
def main():
# Generate placeholder image with hidden data which generates a QR code of 444x444
# Was useful for size information, formats etc. Not really needed
qr = qrcode.QRCode(
version=1,
error_correction=qrcode.constants.ERROR_CORRECT_L,
box_size=12,
border=4,
)
qr.add_data("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ")
qr.make(fit=True)
img = qr.make_image(fill_color="black", back_color="white")
m, n = img.size
# load share 2
share2 = Image.open('share2.png')
# Calculate randomness bitstream from last 624 * 32 bits of padding
# We know the last 48 * 444 pixels were white, so can deduce random bits used from only share2.png
bitstream = []
for idx in range(48 * 444):
i, j = idx // n + 444 - 48, idx % n
if share2.getpixel((2 * j, 2 * i)):
bitstream.append(0)
else:
bitstream.append(1)
bitstream = "".join([str(x) for x in bitstream])
# Load bitstream, and use cracker to simulate mersene twister state
rc = RandCrack()
# As getrandbits Generates sets of 32 bit integers, and puts the first ones generated at the end of the sequence of bits,
# we need to invert the sequence so we give the last bits (the first generated) to randcracker in the right order
splitstream = wrap((bitstream), 32)
splitstream.reverse()
# Seed the mersene twister cracker with 624 32 bit integers
for i in range(624):
val = int(splitstream[i], 2)
rc.submit(val)
# Predict randomness for all remaining pixels in source image
newlist = bin(rc.predict_getrandbits(444 * 444))[2:].zfill(444 * 444)
# Add the calculated randomness back onto the end of the approximated randomness
splitstream2 = newlist[-(444 * 444 -
(32 * 624)):] + bitstream[-(32 * 624):]
# Given the known randomness, we can reconstruct the original image from share2.png
original = []
for k in range(444 * 444):
# l = k + 444*444 - 1 % (444*444)
i, j = k // n, k % n
if share2.getpixel((2 * j, 2 * i)):
if int(splitstream2[k]):
original.append(0)
else:
original.append(255)
else:
if int(splitstream2[k]):
original.append(255)
else:
original.append(0)
# Save the resulting data back into an image
res = Image.new("L", img.size, 255)
res.putdata(original)
res.save('result3.png')
import requests as r
import zlib
import crypto
import re
from randcrack import RandCrack
import sys
rc = RandCrack()
r0 = re.compile(r"seed (\d+) and first password (\d+)")
r1 = re.compile(r"and first password (\d+)")
bu = "http://127.0.0.1:20007/"
bname = "exploit_" + sys.argv[1] + "_name_{0}"
s = r.Session()
for i in range(0, 624):
try:
d0 = s.post(bu + "register", data={"login": bname.format(i)})
except r.exceptions.ConnectionError:
d0 = s.post(bu + "register", data={"login": bname.format(i)})
if "exists" in d0.text:
print("watafack")
exit(1)
rd0 = r0.search(d0.text)
if not rd0:
print("watafack 1")
print(d0.text)
exit(1)
seed = int(rd0.group(1))
pasw = int(rd0.group(2))