def real_oracle(s, payload): send(s, "2") x = receive_until(s, ":") send(s, base64.b64encode(payload)) x = receive_until(s, "\n") result = receive_until(s, "=") response_matrix = parse_stringified(result[:-1]) x = receive_until(s, ">") return response_matrix
def final_round(s, seed): receive_until_match(s, "bob number") send(s, b64e(b'\x00')) receive_until_match(s, "bob number") bob_no = int(receive_until(s, "\n").strip()) alice = DiffieHellman(long_to_bytes(int(seed, 2))) alice.set_other(bob_no) print('Shared:', alice.shared) iv = b64d(receive_until(s, "\n")) cipher = AES.new(long_to_bytes(alice.shared, 16)[:16], AES.MODE_CBC, IV=iv) enc_flag = b64d(receive_until(s, "\n")) print(cipher.decrypt(enc_flag))
def main(): host = "13.231.224.102" port = 3002 s = nc(host, port) x = receive_until(s, "\n") encflag = receive_until(s, "p") encflag_matrix = parse_stringified(encflag[:-1]) p = int(receive_until(s, "\n")[2:]) x = receive_until(s, ">") result = solver(encflag_matrix, p, lambda payload: real_oracle(s, payload)) flag = parse_stringified(str(result)) print("".join(["".join(map(chr, a)) for a in flag]))
def main(): s = nc("37.139.4.247", 31337) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) payload = int(time()) print(payload) send(s, base64.b64encode(brotli.compress(str(payload)))) data = receive_until_match(s, "\n\n") print(data) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) data = receive_until(s, "\n") print(brotli.decompress(data.decode("base64"))) send(s, base64.b64encode(brotli.compress("Y"))) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print('payload', decompressed) send(s, base64.b64encode(brotli.compress(decompressed))) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print(decompressed) data = receive_until(s, "\n") decompressed = brotli.decompress(data.decode("base64")) print(decompressed)
def main(): port = 1337 host = "bitflip1.hackable.software" s = nc(host, port) print(receive_until(s, "\n")) send(s, raw_input(">")) # PoW suffix = '0' while len(suffix) < 128: print('suffix is', suffix) print(receive_until(s, "\n")) bit = round(s, suffix=suffix) suffix = bit + suffix seed = suffix print('Seed', seed) final_round(s, seed) s.close()
def main(): port = 1337 host = "bitflip3.hackable.software" s = nc(host, port) print(receive_until(s, "\n")) send(s, raw_input(">")) suffix = '0' while len(suffix) < 128: print('suffix is', suffix) print(receive_until(s, "\n")) bit = round(s, suffix=suffix) suffix = bit + suffix seed = suffix print('Seed', seed) target_seed = int("f518d60deba9327df0b1c4681b64236e1554ab733c4e66c2c93a8837cc4c30eb", 16) final_round(s, seed, target_seed) s.close()
def main(): port = 1337 host = "34.89.64.81" s = nc(host, port) skip = receive_until_match(s, "pub_key = ") skip = receive_until_match(s, "pub_key = ") skip = receive_until_match(s, "pub_key = ") pubkey = receive_until(s, b"\n")[:-1] msg = receive_until(s, b"=") msg = re.findall("\"(.*)\"", msg.decode("utf-8"))[0] sig = receive_until(s, b"\n")[1:-1] print(pubkey) print(msg) print(sig) m, sig = solve(msg, sig) send(s, m.encode("utf-8")) send(s, sig.encode("utf-8")) interactive(s)
def main(): host = "crypto.byteband.it" port = 7002 s = nc(host, port) for i in range(32): data = receive_until_match(s, "Plaintext \(b64encoded\) : ") pt = receive_until(s, "\n").decode("base64") receive_until(s, "\n") x = int(receive_until(s, "\n").strip(), 16) m = int(receive_until(s, "\n").strip(), 16) print('x', x) print('m', m) n = recover_n(x, m) print('recovered n', n) key = RSA.construct((long(n), long(65537))) ct = base64.b64encode(encrypt(key, pt)) print('ct', ct) send(s, ct) interactive(s)
def worker(pad_char): port = 5959 host = "simple-spn.ctf.defenit.kr" s = nc(host, port) x = receive_until(s, "\n") x = receive_until(s, "\n") ct = [] payloads = [pad("\0", pad_char).encode("hex")] for i in range(1, 256): payloads.append(pad(long_to_bytes(i), pad_char).encode("hex")) for payload in payloads: send(s, payload) c = receive_until(s, "\n") ct.append(re.findall("ciphertext: (.*)\n", c)[0]) x = receive_until(s, "\n") print('cts', ct) ct = [[ord(c) for c in x.decode("hex")] for x in ct] candidates = integral(ct) return candidates
def get_kn(): host = "3.115.26.78" port = 31337 s = nc(host, port) receive_until_match(s, "! ") flag_ct = receive_until(s, "\n")[:-1] plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()] results = [] for pt in plaintexts: receive_until_match(s, ": ") send(s, pt.encode("hex")) res = receive_until(s, "\n")[:-1] results.append(res) s.close() CTA = int(results[0], 16) CTB = int(results[1], 16) CTC = int(results[2], 16) CTD = int(results[3], 16) kn = (CTA * CTB) - (CTD * CTC) print("Got k*N", kn) return kn
def final_round(s, seed, target_seed): while True: receive_until_match(s, 'bit-flip str') receive_until(s, "\n") send(s, b64e(long_to_bytes(int(seed, 2) ^ target_seed))) receive_until(s, "\n") # generated after iv = b64d(receive_until(s, "\n")) enc_flag = b64d(receive_until(s, "\n")) for key in range(8): cipher = AES.new(long_to_bytes(key, 16)[:16], AES.MODE_CBC, IV=iv) flag = cipher.decrypt(enc_flag) if 'DrgnS' in flag: print(flag) return
def get_iterations(s, msg): send(s, b64e(msg)) receive_until_match(s, "Generated after ") count = int(receive_until(s, "\n").split(' ')[0].strip()) return count
def main(): s = nc("52.193.157.19", 9999) data = receive_until_match(s, "Give me XXXX:") inputs = re.findall("SHA256\(XXXX\+(.*)\) == (.*)", data)[0] suffix = inputs[0] digest = inputs[1] result = PoW(suffix, digest) print("PoW done") send(s, result) receive_until_match(s, "Done!\n") welcome = receive_until(s, "\n")[:-1] get_flag_payload = generate_payload_from_message(welcome, "Welcome!", "get-flag") send(s, get_flag_payload) encrypted_flag = receive_until(s, "\n")[:-1] raw_enc_flag = encrypted_flag.decode("base64") current = "hitcon{" print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"), len(encrypted_flag.decode("base64"))) for block_to_recover in range(3): malleable_block = base64.b64encode(raw_enc_flag[block_to_recover * 16:]) missing = 16 - len(current) for spaces in range(missing): for c in string.printable: test_flag_block_prefix = current + c + ("\0" * (missing - spaces)) expected_command = (" " * spaces) + "get-flag" payload = generate_payload_from_message( malleable_block, test_flag_block_prefix, expected_command) send(s, payload) result = receive_until(s, "\n")[:-1] if result == encrypted_flag: current += c print('found matching flag char:', current) break print(current) known_blocks = raw_enc_flag[16 * block_to_recover:16 * block_to_recover + 32] expanded_flag = raw_enc_flag[ 16 * block_to_recover:] + known_blocks # appending IV and "Welcome!!" at the end next_block_known = "" for i in range(8): get_md5 = set_cbc_payload_for_block(expanded_flag, "\0" * 16 + current, (" " * 9) + "get-md5", 1) # first block is get-md5 get_md5 = set_byte_cbc( get_md5, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 - i - 1)) # last character to cut padding send(s, base64.b64encode(get_md5)) real_md5_result = receive_until(s, "\n")[:-1] for c in string.printable: test_md5_payload = set_cbc_payload_for_block( expanded_flag, "\0" * 16 + current, (" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1) test_md5_payload = set_byte_cbc( test_md5_payload, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 + 1)) send(s, base64.b64encode(test_md5_payload)) test_md5_result = receive_until(s, "\n")[:-1] if real_md5_result == test_md5_result: next_block_known += c print('found matching flag char:', next_block_known) break print(next_block_known) current = next_block_known[:-1]
def main(): f = 0 encrypted_flag = "" welcome = "" while f == 0: s = nc(HOST, PORT) welcome = receive_until(s, "\n")[:-1] print("welcome: ", welcome[:-1]) # Get command not found send(s, welcome) receive_until(s, "\n") receive_until(s, "\n") cnf = receive_until(s, "\n")[:-2] print("cnf: ", cnf) payload = gen_payload(welcome, "Welcome!", "get-flag") receive_until(s, "\n") send(s, payload) receive_until(s, "\n") encrypted_flag = receive_until(s, "\n")[:-2] payload = gen_payload(encrypted_flag, "send_flag_", "get-flag\x00\x00") send(s, payload) receive_until(s, "\n") encrypted_flag2 = receive_until(s, "\n")[:-2] print("encrypted flag: ", encrypted_flag2) print if encrypted_flag2 != cnf: f = 1 break raw_enc_flag = encrypted_flag.decode("base64") flag = "" current = "send_fl" print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"), len(encrypted_flag.decode("base64"))) for block_to_recover in range(3): malleable_block = base64.b64encode(raw_enc_flag[block_to_recover * 16:]) missing = 16 - len(current) for spaces in range(missing): for c in string.printable: test_flag_block_prefix = current + c + ("\0" * (missing - spaces)) expected_command = (" " * spaces) + "get-flag" payload = gen_payload(malleable_block, test_flag_block_prefix, expected_command) send(s, payload) receive_until(s, "\n") result = receive_until(s, "\n")[:-2] if result == encrypted_flag: current += c print('found matching flag char:', current) break print("current:", current) flag += current known_blocks = raw_enc_flag[16 * block_to_recover:16 * block_to_recover + 32] expanded_flag = raw_enc_flag[16 * block_to_recover:] + known_blocks next_block_known = "" for i in range(8): get_md5 = set_cbc_payload_for_block(expanded_flag, "\0" * 16 + current, (" " * 9) + "get-md5", 1) # first block is get-md5 get_md5 = set_byte_cbc( get_md5, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 - i - 1)) # last character to cut padding send(s, base64.b64encode(get_md5)) receive_until(s, "\n") real_md5_result = receive_until(s, "\n")[:-2] for c in string.printable: test_md5_payload = set_cbc_payload_for_block( expanded_flag, "\0" * 16 + current, (" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1) test_md5_payload = set_byte_cbc( test_md5_payload, ("\0" * (5 - block_to_recover) * 16) + current, (6 - block_to_recover) * 16 - 1, chr((4 - block_to_recover) * 16 + 1)) send(s, base64.b64encode(test_md5_payload)) receive_until(s, "\n") test_md5_result = receive_until(s, "\n")[:-2] if real_md5_result == test_md5_result: next_block_known += c print('found matching flag char:', next_block_known) if c == '}': print(flag + next_block_known) exit(0) break print(next_block_known) print(flag) current = next_block_known[:-1]
def level(): challenge = receive_until_match( s, r'Press the Enter key to start the challenge...') print(challenge) s.send("\n") code = receive_until_match(s, r'Answer:') print 'code', code raw_code = '\n'.join(code.split('\n')[1:-1]) print 'raw_code', raw_code if '| | |___ | | |_| | | |___ ' in challenge: arch = 'i386' ks = (KS_ARCH_X86, KS_MODE_32) cs = (CS_ARCH_X86, CS_MODE_32) uc = (UC_ARCH_X86, UC_MODE_32) uc_result = UC_X86_REG_EAX uc_stack = UC_X86_REG_ESP elif "`. `' .' / / \ ' / ' _ \\" in challenge: arch = 'x64' ks = (KS_ARCH_X86, KS_MODE_64) cs = (CS_ARCH_X86, CS_MODE_64) uc = (UC_ARCH_X86, UC_MODE_64) uc_result = UC_X86_REG_RAX uc_stack = UC_X86_REG_RSP elif ' |_ _| | || | |_ __ \ | || | / ___ | |' in challenge: arch = 'mips' ks = (KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN) cs = (CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN) uc = (UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN) uc_result = UC_MIPS_REG_V0 uc_stack = UC_MIPS_REG_29 elif '/ /\ \ / /\ \ ) (__) ) / / \ (__) / / / ( (__) (_' in challenge: arch = 'aarch64' ks = (KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN) cs = (CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN) uc = (UC_ARCH_ARM64, UC_MODE_ARM) uc_result = UC_ARM64_REG_X0 uc_stack = UC_ARM64_REG_SP elif '|____| |____||____| |___||_____||_____' in challenge: arch = 'arm' ks = (KS_ARCH_ARM, KS_MODE_ARM) cs = (CS_ARCH_ARM, CS_MODE_ARM) uc = (UC_ARCH_ARM, UC_MODE_ARM) uc_result = UC_ARM_REG_R0 uc_stack = UC_ARM_REG_SP elif '|_| \_\_____|_____/ \_____| \/ ' in challenge: # risc arch = 'risc' response = riscv_asm.asm(raw_code).encode('base64').replace('\n', '') global last_stage last_stage = True elif last_stage: arch = 'wasm' response = wasmlib.asm(raw_code).encode('base64').replace('\n', '') else: # assume PPC32 arch = 'ppc32' ks = (KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN) cs = (CS_ARCH_PPC, CS_MODE_32 + CS_MODE_BIG_ENDIAN) for i in range(32): raw_code = raw_code.replace("r" + str(i), str(i)) print 'architecture:', arch if arch != 'risc' and arch != 'wasm': ks = Ks(ks[0], ks[1]) encoding, count = ks.asm(raw_code) if arch == 'mips': encoding = encoding[:-4] # untestedy yet response = ''.join(map(chr, encoding)).encode('base64').replace('\n', '') print 'response', response s.send(response + '\n') print(receive_until(s, '\n')) out = receive_until(s, '\n') print(out) if arch == 'risc': code = out.decode('base64') result = riscv_dis.dis(code) elif arch == 'wasm': # wasm code = out.decode('base64') result = wasmlib.dis(code) else: cs = Cs(cs[0], cs[1]) result = [] for i in cs.disasm(out.decode('base64'), 0x1000): result += [(i.mnemonic + " " + i.op_str).strip()] result = '\n'.join(result) print 'asm', result resultb64 = result.encode('base64').replace('\n', '') print 'asmb64', resultb64 s.send(resultb64 + '\n') print 'D', s.recv(99999) print 'E', s.recv(99999) challenge = s.recv(99999) print repr(challenge) data = challenge[8:-10] print data.encode('hex') if arch == 'risc': result = riscv_dis.dis(data) print(result) elif arch == 'wasm': result = wasmlib.dis(data) print(result) else: result = [] for i in cs.disasm(challenge, 0x1000): result += [(i.mnemonic + " " + i.op_str).strip()] result = '\n'.join(result) print result # callback for tracing instructions def hook_code(uc, address, size, user_data): print(">>> Tracing instruction at 0x%x, instruction size = 0x%x" % (address, size)) for kot in cs.disasm(data[address - ADDRESS:address - ADDRESS + size], 4): OP = kot.mnemonic + " " + kot.op_str print 'OK', OP break if 'jr $ra' in OP: uc.emu_stop() elif 'ret' in OP: uc.emu_stop() elif 'bx lr' in OP: uc.emu_stop() return 'kot' if arch == 'ppc32': out = ppc_execute(result) elif arch == 'risc': out = risc_execute(result) elif arch == 'wasm': out = wasmlib.eval(result) else: uc = Uc(uc[0], uc[1]) ADDRESS = 0x10000000 STACK = 0x20000000 uc.mem_map(ADDRESS, 4 * 1024 * 1024) uc.mem_map(STACK, 4 * 1024 * 1024) uc.mem_write(ADDRESS, data) uc.reg_write(uc_stack, STACK + 0x2000) # tracing one instruction at ADDRESS with customized callback uc.hook_add(UC_HOOK_CODE, hook_code, begin=ADDRESS, end=ADDRESS + len(data)) uc.emu_start(ADDRESS, ADDRESS + len(data)) out = uc.reg_read(uc_result) print "RESULT", hex(out) if arch != 'wasm': s.sendall(hex(out).replace('L', '') + '\n') else: s.sendall(str(out) + "\n") interactive(s) print(receive_until_match(s, '------------------------------')) data = receive_until_match(s, '------------------------------') print(data) if "Wrong" in data: interactive(s)