smiley CTF 2025
Wu cho giải smileyCTF 2025
smiley CTF 2025
Crypto/saas
Source code của bài:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/usr/local/bin/python
from Crypto.Util.number import getPrime as gP
from random import choice, randint
p, q = gP(512), gP(512)
while p % 4 != 3:
p = gP(512)
while q % 4 != 3:
q = gP(512)
n = p * q
e = 0x10001
f = lambda x: ((choice([-1,1]) * pow(x, (p + 1) // 4, p)) * pow(q, -1, p) * q + (choice([-1,1]) * pow(x, (q + 1) // 4, q)) % q * pow(p, -1, q) * p) % n
while True:
try:
l = int(input(">>> ")) % n
print(f(l))
except:
break
m = randint(0, n - 1)
print(f"{m = }")
s = int(input(">>> ")) % n
if pow(s,e,n) == m:
print(open("flag.txt", "r").read())
else:
print("Wrong signature!")
exit(1)
Đối với bài này thì bên phía server sẽ cho ta nhập vào một giá trị $\displaystyle r$ và sau đó sẽ trả về $\displaystyle x$ sao cho $\displaystyle r \equiv x^{2}\bmod n$. Hàm lambda đóng vai trò tính nghiệm thặng dư bậc hai này.
Để giải bài này thì đầu tiên mình cần khôi phục lại modulo $\displaystyle n$. Với mỗi $\displaystyle r$ thì sẽ có tổng cộng 4 nghiệm thặng dư bậc 2 khác nhau $\displaystyle x_{1} ,x_{2} ,x_{3} ,x_{4}$. Điểm khác nhau giữa chúng đó là cách chọn dấu cho các nghiệm thành phần theo modulo $\displaystyle p$ và $\displaystyle q$. Như vậy, mình sẽ gửi một số $\displaystyle r$ lên server và nhận về cho đủ 4 nghiệm phân biệt, do có $\displaystyle \left(\frac{p-1}{2}\right)\left(\frac{q-1}{2}\right)$ thặng dư bậc hai nên khả năng bốc trúng $\displaystyle r$ thỏa cũng khá cao. Tiếp theo mình sẽ lấy tổng/hiệu từng đôi một của mỗi nghiệm này lại rồi lấy ước chung của từng cặp trong số chung.
Chẳng hạn ta có
\[\begin{gather*} x_{i} \equiv -r_{p}\bmod p,x_{i} \equiv r_{q}\bmod q\\ x_{j} \equiv -r_{p}\bmod p,x_{q} \equiv -r_{q}\bmod q \end{gather*}\]thì khi tính
\[\begin{gather*} x_{i} +x_{j} \equiv 0\bmod q\\ x_{i} -x_{j} \equiv 0\bmod q \end{gather*}\]Và làm tương tự với các cặp khác ta sẽ có lại được $\displaystyle p,q$.
Script:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
from Crypto.Util.number import *
import itertools
from math import gcd
from pwn import *
r = remote("smiley.cat", 46177)
roots = set()
while len(roots)<4:
r.sendlineafter(b">>> ", str(5).encode())
res = r.recvline().strip()
try:
root = int(res)
roots.add(root)
except:
continue
roots = list(roots)
print(f"các nghiệm là {roots}")
factors = []
for a, b in itertools.combinations(roots, 2):
factors.append(a + b)
factors.append(a - b)
possible_factors = set()
n_fac = set()
for a,b in itertools.combinations(factors,2):
g = gcd(a,b)
if isPrime(g) and g.bit_length()>=512:
n_fac.add(g)
if len(n_fac) >= 2:
n_fac=list(n_fac)
print(n_fac)
p=n_fac[0]
q=n_fac[1]
n=n_fac[0]*n_fac[1]
print(f"tìm lại được modulo là {n}")
r.sendlineafter(b">>> ", b"exit")
res = r.recvline().strip().decode()
if res.startswith("m = "):
m = int(res.split("=", 1)[1].strip())
print(m)
phi = (p-1)*(q-1)
e = 65537
d=pow(e,-1,phi)
s = pow(m,d,n)
r.sendlineafter(b">>> ",str(s).encode())
res = r.recvline()
print(res)
Flag: .;,;.{squares_as_a_service_est_like_the_dawn_of_time}
Crypto/ never enough
Source code của bài:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from random import getrandbits
from Crypto.Cipher import AES
from hashlib import sha256
danger = 624*32 # i hear you need this much.
given = []
key = ""
for _ in range(danger//20 - 16): # should be fine if im only giving u this much :3
x = getrandbits(32)
# we share <3
key += str(x % 2**12)
given.append(x >> 12)
key = key[:100]
key = sha256(key.encode()).digest()
flag = open("flag.txt", "rb").read().strip()
cipher = AES.new(key, AES.MODE_ECB)
print(given)
print(cipher.encrypt(flag + b"\x00" * (16 - len(flag) % 16)).hex())
1
2
3
out.txt
[460740, 510430, 449840, 653759, 349011, 404684, 565671, 151336, 476305, 497936, 41763, 941189, 388293, 588119, 945336, 802349, 728358, 42797, 304426, 638246, 1028695, 170118, 6618, 450537, 966644, 114144, 1015799, 431061, 242512, 361277, 929693, 876685, 667250, 286513, 855131, 227404, 1028552, 802960, 678698, 609056, 344877, 128798, 491943, 825669, 836993, 163687, 382325, 617036, 149687, 1024458, 395036, 123044, 588199, 366734, 618995, 123233, 621065, 246612, 380212, 929271, 715144, 820916, 759118, 1034076, 275722, 215204, 737922, 341367, 362282, 548568, 623808, 702486, 1043666, 427353, 20473, 176843, 767153, 826681, 334516, 761649, 198828, 523732, 955349, 496077, 582800, 315924, 571663, 114097, 288178, 369505, 416278, 690975, 333172, 964798, 170195, 453282, 650511, 949879, 22810, 627154, 93691, 67288, 574007, 704689, 833929, 545611, 215912, 553130, 16226, 60995, 830127, 386613, 405177, 596107, 657547, 500645, 566278, 404330, 569691, 901032, 622287, 199920, 546426, 346823, 387319, 176830, 903409, 767296, 61239, 872690, 479067, 375777, 1008156, 123524, 304932, 688431, 668942, 157891, 638507, 86987, 368570, 405220, 710891, 479436, 560974, 236112, 850417, 250958, 137845, 637518, 347027, 25265, 902081, 756062, 112961, 512605, 917275, 904862, 233169, 486928, 98543, 767822, 457250, 853509, 276601, 902297, 817530, 160601, 628865, 366681, 734127, 260478, 526614, 1042808, 884815, 951201, 644267, 642657, 824688, 643170, 577762, 785312, 585031, 213492, 635617, 980073, 400845, 294855, 761226, 564594, 30887, 164533, 499814, 40920, 187431, 290994, 223618, 307085, 857841, 1030076, 1021152, 433340, 670999, 76424, 564484, 698791, 846564, 456570, 269679, 200894, 92968, 596021, 792314, 570446, 818115, 62244, 311011, 234374, 520523, 160383, 727239, 528551, 457544, 72261, 999556, 250466, 351690, 788758, 657142, 134996, 64356, 108055, 898728, 145171, 466296, 699960, 578755, 482317, 1044448, 461178, 77644, 982099, 174272, 147970, 465941, 477858, 104579, 563469, 209831, 288799, 211571, 891028, 254850, 925679, 932755, 126578, 953042, 825695, 423755, 787244, 759375, 555333, 216755, 50593, 157586, 482514, 204373, 993000, 80608, 764665, 999634, 384528, 957767, 182036, 294697, 520003, 83362, 390857, 80971, 1012545, 391026, 5133, 194522, 430823, 550214, 699001, 52657, 127145, 598327, 568226, 899942, 849944, 556225, 278347, 609270, 427120, 858771, 332591, 12800, 831169, 626251, 835108, 766002, 603263, 270006, 170634, 36734, 661232, 97318, 188682, 1004591, 738182, 433599, 445596, 153587, 999913, 852616, 90814, 589942, 302888, 835884, 951769, 32939, 553223, 784938, 272637, 1008360, 870222, 258360, 59913, 119277, 893131, 530467, 342095, 940593, 413878, 939828, 783360, 634197, 403415, 287835, 791613, 683346, 844964, 1034575, 727399, 287797, 654034, 53471, 739461, 105046, 452300, 164145, 347109, 89072, 190880, 421853, 222190, 860745, 45637, 842471, 953558, 352527, 533999, 813895, 334927, 516717, 42802, 990139, 343731, 149906, 689806, 613601, 637494, 736229, 439047, 726010, 1017684, 670902, 921587, 36228, 704331, 701175, 644486, 505880, 451505, 87102, 453460, 166430, 333989, 445133, 244451, 482094, 821731, 43372, 234629, 779356, 370260, 715065, 564539, 262773, 945737, 893778, 641237, 983848, 1040291, 929548, 116904, 282961, 196142, 759790, 592158, 937947, 1017961, 562427, 902020, 81202, 223378, 719458, 802553, 535816, 453260, 1046793, 843952, 939627, 292428, 137861, 82269, 244851, 956104, 100875, 881487, 48186, 799112, 58214, 349187, 685898, 121673, 674040, 757033, 1033625, 466079, 508116, 284755, 202191, 792885, 224003, 688244, 187116, 552046, 890512, 71339, 923936, 838226, 362946, 372054, 1042319, 187051, 188258, 374678, 344775, 1021919, 842849, 809968, 47367, 526472, 511030, 122155, 176259, 565722, 33617, 909106, 303700, 357029, 642618, 21630, 206327, 697286, 316252, 143594, 966689, 262069, 78857, 371731, 986473, 61442, 247178, 677525, 156730, 668178, 50439, 576232, 701111, 756947, 85217, 222477, 323553, 665382, 272366, 791336, 989193, 1038568, 848837, 215483, 847691, 202495, 558697, 271933, 596977, 970669, 143980, 729628, 118373, 718549, 554870, 556265, 131565, 245785, 616439, 187063, 426237, 555588, 353176, 783445, 297832, 375034, 544926, 760215, 1016779, 689353, 640048, 275456, 8629, 123245, 559288, 304978, 789829, 181335, 713234, 939987, 714471, 357366, 492186, 215286, 761475, 836393, 1045012, 463670, 111387, 203578, 379209, 273225, 68165, 690416, 821522, 18320, 96543, 678620, 1008629, 722989, 1023060, 618941, 64782, 82970, 158842, 676480, 640585, 780693, 710326, 192312, 965181, 566161, 746519, 526994, 70282, 724631, 1044156, 75396, 53297, 203217, 849129, 692419, 699645, 443421, 174098, 685068, 709717, 950377, 183823, 939517, 960059, 286272, 393333, 545821, 776406, 73708, 650992, 878060, 671058, 418475, 337867, 635843, 679038, 564023, 755111, 1033770, 90351, 349166, 7439, 826001, 60722, 950275, 824860, 789057, 407624, 54378, 173426, 340667, 57529, 566283, 564292, 214923, 796815, 142450, 1035873, 210654, 534509, 88457, 110429, 224628, 102545, 956228, 472365, 722077, 383511, 186408, 40520, 398044, 191129, 57476, 416822, 188061, 216041, 969731, 11356, 112328, 1014991, 422715, 455941, 693327, 1021394, 156539, 703475, 79267, 770137, 425587, 934535, 549051, 296081, 74458, 248184, 707726, 687061, 110046, 736731, 790728, 430172, 58056, 312640, 969217, 956689, 819257, 682385, 23405, 951756, 482828, 781488, 662103, 1030684, 91234, 848083, 366663, 25160, 665051, 366842, 957310, 476440, 331029, 407367, 302672, 232105, 619847, 291493, 23091, 807587, 1039253, 339016, 328887, 124919, 787788, 726218, 1038674, 385495, 854631, 502072, 488413, 16469, 686977, 408849, 819639, 1046150, 917000, 930587, 649538, 346516, 1016021, 219552, 902102, 370687, 640324, 822138, 219019, 200164, 366380, 951625, 30743, 937030, 886654, 341625, 822226, 21377, 520981, 468636, 414197, 960807, 37352, 713145, 406475, 678393, 756049, 36787, 433198, 277161, 461337, 684585, 979789, 168634, 72884, 399095, 850964, 793808, 562419, 993586, 667227, 342278, 344519, 858740, 887797, 442587, 100072, 1030354, 548398, 852046, 5317, 191859, 245988, 15813, 600606, 262, 108497, 602709, 494330, 855311, 1030225, 979607, 122214, 946348, 788723, 48890, 992409, 128277, 371067, 731017, 52593, 1035441, 762977, 833742, 193335, 115591, 46492, 1034608, 24375, 538549, 630862, 687449, 27601, 841870, 251589, 987043, 267591, 643000, 479939, 1007837, 607330, 819765, 325882, 893262, 581491, 1023258, 537530, 508691, 292019, 302776, 909634, 567748, 872878, 878935, 416160, 884092, 610107, 87839, 984643, 349164, 632749, 61942, 163472, 708422, 847952, 1024238, 1046010, 332581, 657916, 335952, 661726, 315940, 589686, 792734, 694954, 404890, 603480, 703950, 107407, 447267, 469811, 110619, 543800, 543353, 307912, 575213, 587564, 688533, 746265, 228462, 372023, 599434, 438009, 282355, 744037, 179161, 810569, 520598, 245757, 358733, 990715, 325829, 214496, 47196, 943273, 225979, 299022, 874584, 387663, 108256, 348618, 66763, 111761, 483045, 312192, 743810, 675324, 295233, 533878, 122933, 744291, 803234, 935159, 348121, 940242, 314494, 302370, 254107, 561173, 109351, 833983, 740850, 807471, 679769, 6695, 64917, 512946, 877533, 172034, 357869, 942471, 370023, 139048, 744120, 767300, 48370, 773175, 367474, 158381, 788297, 379954, 693531, 196261, 599776, 698490, 453021, 570466, 935069, 581249, 868828, 965816, 311034, 208769, 255799, 646363, 839114, 842699, 355645, 783632, 264853, 906246, 644013, 959968, 844301, 141260, 47760, 743209, 1024058, 699185, 893651, 702841, 544876, 816304, 345500, 950088, 545485, 705316, 972089, 930117, 484894, 515648, 533391, 227812, 549779, 840799, 396226, 603829, 838531, 99857, 659667, 664066, 687482, 743635, 895338, 168574, 1016165, 673024, 366373, 991950, 523942, 657538, 1045864, 33297, 306379, 62337, 418301, 338750, 152830, 292783]
c8a6c38be0ec97bc32df34e0df6e5d7b64a1dc238b0e5019a728c2b7c8fbdab22393c7177dad868294557cc22ab5855989b7ff61b74e4beb4c5070bc0a390ab7902d347c04c33aa5ab0c5b7cb38d7898048de44e94671e78ea3c55c24031505499301fb5edbd3c2790e0d6d91afae53f4fc1f891ca48c79fcdd8ccd4fb4c874a
Script giải:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
from z3 import *
from random import Random
from itertools import count
from time import time
import logging
import random
from Crypto.Cipher import AES
from hashlib import sha256
logging.basicConfig(format='STT> %(message)s')
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
SYMBOLIC_COUNTER = count()
class Untwister:
def __init__(self):
name = next(SYMBOLIC_COUNTER)
self.MT = [BitVec(f'MT_{i}_{name}', 32) for i in range(624)]
#print(self.MT)
self.index = 0
self.solver = Solver()
#This particular method was adapted from https://www.schutzwerk.com/en/43/posts/attacking_a_random_number_generator/
def symbolic_untamper(self, solver, y):
name = next(SYMBOLIC_COUNTER)
y1 = BitVec(f'y1_{name}', 32)
y2 = BitVec(f'y2_{name}' , 32)
y3 = BitVec(f'y3_{name}', 32)
y4 = BitVec(f'y4_{name}', 32)
equations = [
y2 == y1 ^ (LShR(y1, 11)),
y3 == y2 ^ ((y2 << 7) & 0x9D2C5680),
y4 == y3 ^ ((y3 << 15) & 0xEFC60000),
y == y4 ^ (LShR(y4, 18))
]
solver.add(equations)
return y1
def symbolic_twist(self, MT, n=624, upper_mask=0x80000000, lower_mask=0x7FFFFFFF, a=0x9908B0DF, m=397):
'''
This method models MT19937 function as a Z3 program
'''
MT = [i for i in MT] #Just a shallow copy of the state
for i in range(n):
x = (MT[i] & upper_mask) + (MT[(i+1) % n] & lower_mask)
xA = LShR(x, 1)
xB = If(x & 1 == 0, xA, xA ^ a) #Possible Z3 optimization here by declaring auxiliary symbolic variables
MT[i] = MT[(i + m) % n] ^ xB
return MT
def get_symbolic(self, guess):
name = next(SYMBOLIC_COUNTER)
ERROR = 'Must pass a string like "?1100???1001000??0?100?10??10010" where ? represents an unknown bit'
assert type(guess) == str, ERROR
assert all(map(lambda x: x in '01?', guess)), ERROR
assert len(guess) <= 32, "One 32-bit number at a time please"
guess = guess.zfill(32)
self.symbolic_guess = BitVec(f'symbolic_guess_{name}', 32)
guess = guess[::-1]
for i, bit in enumerate(guess):
if bit != '?':
self.solver.add(Extract(i, i, self.symbolic_guess) == bit)
return self.symbolic_guess
def submit(self, guess):
'''
You need 624 numbers to completely clone the state.
You can input less than that though and this will give you the best guess for the state
'''
if self.index >= 624:
name = next(SYMBOLIC_COUNTER)
next_mt = self.symbolic_twist(self.MT)
self.MT = [BitVec(f'MT_{i}_{name}', 32) for i in range(624)]
#print(self.MT)
for i in range(624):
self.solver.add(self.MT[i] == next_mt[i])
self.index = 0
symbolic_guess = self.get_symbolic(guess)
symbolic_guess = self.symbolic_untamper(self.solver, symbolic_guess)
#print(guess, self.MT[self.index], symbolic_guess)
self.solver.add(self.MT[self.index] == symbolic_guess)
self.index += 1
def get_random(self):
'''
This will give you a random.Random() instance with the cloned state.
'''
logger.debug('Solving...')
start = time()
self.solver.check()
model = self.solver.model()
end = time()
logger.debug(f'Solved! (in {round(end-start,3)}s)')
#Compute best guess for state
state = list(map(lambda x: model[x].as_long(), self.MT))
result_state = (3, tuple(state+[self.index]), None)
r = Random()
r.setstate(result_state)
return r
def get_random2(self):
'''
This will give you a random.Random() instance with the cloned state.
'''
logger.debug('Solving...')
start = time()
self.solver.check()
model = self.solver.model()
end = time()
logger.debug(f'Solved! (in {round(end-start,3)}s)')
#Compute best guess for state
#state = list(map(lambda x: model[x].as_long(), self.MT))
#result_state = (3, tuple(state+[self.index]), None)
#r = Random()
#r.setstate(result_state)
#print(model)
init_state = [None for _ in range(624)]
for d in model.decls():
ss = d.name()
#print ("%s = %d" % (ss, model[d].as_long()))
if ss.startswith('MT_') and ss.endswith('_0'):
#print ("%s = %d" % (ss, model[d].as_long()))
act_idx = int(ss[3:ss[3:].index("_") + 3])
#print(act_idx)
init_state[act_idx] = model[d].as_long()
result_state = (3, tuple(init_state+[0]), None)
r = Random()
r.setstate(result_state)
return r, init_state
def unshiftRight(x, shift):
res = x
for i in range(32):
res = x ^ res >> shift
return res
def unshiftLeft(x, shift, mask):
res = x
for i in range(32):
res = x ^ (res << shift & mask)
return res
def untemper(v):
v = unshiftRight(v, 18)
v = unshiftLeft(v, 15, 0xefc60000)
v = unshiftLeft(v, 7, 0x9d2c5680)
v = unshiftRight(v, 11)
return v
'''
danger = 624*32 # i hear you need this much.
given = []
key = ""
_keys = []
for _ in range(danger//20 - 16): # should be fine if im only giving u this much :3
x = random.getrandbits(32)
# we share <3
key += str(x % 2**12)
#if _ == 0: print(random.getstate())
#print(x, x >> 12, x % 2**12, untemper(x))
_keys.append(x % 2**12)
given.append(x >> 12)
#print(key)
key = key[:100]
print(key)
print(_keys)
key = sha256(key.encode()).digest()
flag = b'.;.;.{testtesttesttest}'
cipher = AES.new(key, AES.MODE_ECB)
ct = cipher.encrypt(flag + b"\x00" * (16 - len(flag) % 16)).hex()
'''
given = [460740, 510430, 449840, 653759, 349011, 404684, 565671, 151336, 476305, 497936, 41763, 941189, 388293, 588119, 945336, 802349, 728358, 42797, 304426, 638246, 1028695, 170118, 6618, 450537, 966644, 114144, 1015799, 431061, 242512, 361277, 929693, 876685, 667250, 286513, 855131, 227404, 1028552, 802960, 678698, 609056, 344877, 128798, 491943, 825669, 836993, 163687, 382325, 617036, 149687, 1024458, 395036, 123044, 588199, 366734, 618995, 123233, 621065, 246612, 380212, 929271, 715144, 820916, 759118, 1034076, 275722, 215204, 737922, 341367, 362282, 548568, 623808, 702486, 1043666, 427353, 20473, 176843, 767153, 826681, 334516, 761649, 198828, 523732, 955349, 496077, 582800, 315924, 571663, 114097, 288178, 369505, 416278, 690975, 333172, 964798, 170195, 453282, 650511, 949879, 22810, 627154, 93691, 67288, 574007, 704689, 833929, 545611, 215912, 553130, 16226, 60995, 830127, 386613, 405177, 596107, 657547, 500645, 566278, 404330, 569691, 901032, 622287, 199920, 546426, 346823, 387319, 176830, 903409, 767296, 61239, 872690, 479067, 375777, 1008156, 123524, 304932, 688431, 668942, 157891, 638507, 86987, 368570, 405220, 710891, 479436, 560974, 236112, 850417, 250958, 137845, 637518, 347027, 25265, 902081, 756062, 112961, 512605, 917275, 904862, 233169, 486928, 98543, 767822, 457250, 853509, 276601, 902297, 817530, 160601, 628865, 366681, 734127, 260478, 526614, 1042808, 884815, 951201, 644267, 642657, 824688, 643170, 577762, 785312, 585031, 213492, 635617, 980073, 400845, 294855, 761226, 564594, 30887, 164533, 499814, 40920, 187431, 290994, 223618, 307085, 857841, 1030076, 1021152, 433340, 670999, 76424, 564484, 698791, 846564, 456570, 269679, 200894, 92968, 596021, 792314, 570446, 818115, 62244, 311011, 234374, 520523, 160383, 727239, 528551, 457544, 72261, 999556, 250466, 351690, 788758, 657142, 134996, 64356, 108055, 898728, 145171, 466296, 699960, 578755, 482317, 1044448, 461178, 77644, 982099, 174272, 147970, 465941, 477858, 104579, 563469, 209831, 288799, 211571, 891028, 254850, 925679, 932755, 126578, 953042, 825695, 423755, 787244, 759375, 555333, 216755, 50593, 157586, 482514, 204373, 993000, 80608, 764665, 999634, 384528, 957767, 182036, 294697, 520003, 83362, 390857, 80971, 1012545, 391026, 5133, 194522, 430823, 550214, 699001, 52657, 127145, 598327, 568226, 899942, 849944, 556225, 278347, 609270, 427120, 858771, 332591, 12800, 831169, 626251, 835108, 766002, 603263, 270006, 170634, 36734, 661232, 97318, 188682, 1004591, 738182, 433599, 445596, 153587, 999913, 852616, 90814, 589942, 302888, 835884, 951769, 32939, 553223, 784938, 272637, 1008360, 870222, 258360, 59913, 119277, 893131, 530467, 342095, 940593, 413878, 939828, 783360, 634197, 403415, 287835, 791613, 683346, 844964, 1034575, 727399, 287797, 654034, 53471, 739461, 105046, 452300, 164145, 347109, 89072, 190880, 421853, 222190, 860745, 45637, 842471, 953558, 352527, 533999, 813895, 334927, 516717, 42802, 990139, 343731, 149906, 689806, 613601, 637494, 736229, 439047, 726010, 1017684, 670902, 921587, 36228, 704331, 701175, 644486, 505880, 451505, 87102, 453460, 166430, 333989, 445133, 244451, 482094, 821731, 43372, 234629, 779356, 370260, 715065, 564539, 262773, 945737, 893778, 641237, 983848, 1040291, 929548, 116904, 282961, 196142, 759790, 592158, 937947, 1017961, 562427, 902020, 81202, 223378, 719458, 802553, 535816, 453260, 1046793, 843952, 939627, 292428, 137861, 82269, 244851, 956104, 100875, 881487, 48186, 799112, 58214, 349187, 685898, 121673, 674040, 757033, 1033625, 466079, 508116, 284755, 202191, 792885, 224003, 688244, 187116, 552046, 890512, 71339, 923936, 838226, 362946, 372054, 1042319, 187051, 188258, 374678, 344775, 1021919, 842849, 809968, 47367, 526472, 511030, 122155, 176259, 565722, 33617, 909106, 303700, 357029, 642618, 21630, 206327, 697286, 316252, 143594, 966689, 262069, 78857, 371731, 986473, 61442, 247178, 677525, 156730, 668178, 50439, 576232, 701111, 756947, 85217, 222477, 323553, 665382, 272366, 791336, 989193, 1038568, 848837, 215483, 847691, 202495, 558697, 271933, 596977, 970669, 143980, 729628, 118373, 718549, 554870, 556265, 131565, 245785, 616439, 187063, 426237, 555588, 353176, 783445, 297832, 375034, 544926, 760215, 1016779, 689353, 640048, 275456, 8629, 123245, 559288, 304978, 789829, 181335, 713234, 939987, 714471, 357366, 492186, 215286, 761475, 836393, 1045012, 463670, 111387, 203578, 379209, 273225, 68165, 690416, 821522, 18320, 96543, 678620, 1008629, 722989, 1023060, 618941, 64782, 82970, 158842, 676480, 640585, 780693, 710326, 192312, 965181, 566161, 746519, 526994, 70282, 724631, 1044156, 75396, 53297, 203217, 849129, 692419, 699645, 443421, 174098, 685068, 709717, 950377, 183823, 939517, 960059, 286272, 393333, 545821, 776406, 73708, 650992, 878060, 671058, 418475, 337867, 635843, 679038, 564023, 755111, 1033770, 90351, 349166, 7439, 826001, 60722, 950275, 824860, 789057, 407624, 54378, 173426, 340667, 57529, 566283, 564292, 214923, 796815, 142450, 1035873, 210654, 534509, 88457, 110429, 224628, 102545, 956228, 472365, 722077, 383511, 186408, 40520, 398044, 191129, 57476, 416822, 188061, 216041, 969731, 11356, 112328, 1014991, 422715, 455941, 693327, 1021394, 156539, 703475, 79267, 770137, 425587, 934535, 549051, 296081, 74458, 248184, 707726, 687061, 110046, 736731, 790728, 430172, 58056, 312640, 969217, 956689, 819257, 682385, 23405, 951756, 482828, 781488, 662103, 1030684, 91234, 848083, 366663, 25160, 665051, 366842, 957310, 476440, 331029, 407367, 302672, 232105, 619847, 291493, 23091, 807587, 1039253, 339016, 328887, 124919, 787788, 726218, 1038674, 385495, 854631, 502072, 488413, 16469, 686977, 408849, 819639, 1046150, 917000, 930587, 649538, 346516, 1016021, 219552, 902102, 370687, 640324, 822138, 219019, 200164, 366380, 951625, 30743, 937030, 886654, 341625, 822226, 21377, 520981, 468636, 414197, 960807, 37352, 713145, 406475, 678393, 756049, 36787, 433198, 277161, 461337, 684585, 979789, 168634, 72884, 399095, 850964, 793808, 562419, 993586, 667227, 342278, 344519, 858740, 887797, 442587, 100072, 1030354, 548398, 852046, 5317, 191859, 245988, 15813, 600606, 262, 108497, 602709, 494330, 855311, 1030225, 979607, 122214, 946348, 788723, 48890, 992409, 128277, 371067, 731017, 52593, 1035441, 762977, 833742, 193335, 115591, 46492, 1034608, 24375, 538549, 630862, 687449, 27601, 841870, 251589, 987043, 267591, 643000, 479939, 1007837, 607330, 819765, 325882, 893262, 581491, 1023258, 537530, 508691, 292019, 302776, 909634, 567748, 872878, 878935, 416160, 884092, 610107, 87839, 984643, 349164, 632749, 61942, 163472, 708422, 847952, 1024238, 1046010, 332581, 657916, 335952, 661726, 315940, 589686, 792734, 694954, 404890, 603480, 703950, 107407, 447267, 469811, 110619, 543800, 543353, 307912, 575213, 587564, 688533, 746265, 228462, 372023, 599434, 438009, 282355, 744037, 179161, 810569, 520598, 245757, 358733, 990715, 325829, 214496, 47196, 943273, 225979, 299022, 874584, 387663, 108256, 348618, 66763, 111761, 483045, 312192, 743810, 675324, 295233, 533878, 122933, 744291, 803234, 935159, 348121, 940242, 314494, 302370, 254107, 561173, 109351, 833983, 740850, 807471, 679769, 6695, 64917, 512946, 877533, 172034, 357869, 942471, 370023, 139048, 744120, 767300, 48370, 773175, 367474, 158381, 788297, 379954, 693531, 196261, 599776, 698490, 453021, 570466, 935069, 581249, 868828, 965816, 311034, 208769, 255799, 646363, 839114, 842699, 355645, 783632, 264853, 906246, 644013, 959968, 844301, 141260, 47760, 743209, 1024058, 699185, 893651, 702841, 544876, 816304, 345500, 950088, 545485, 705316, 972089, 930117, 484894, 515648, 533391, 227812, 549779, 840799, 396226, 603829, 838531, 99857, 659667, 664066, 687482, 743635, 895338, 168574, 1016165, 673024, 366373, 991950, 523942, 657538, 1045864, 33297, 306379, 62337, 418301, 338750, 152830, 292783]
ct = "c8a6c38be0ec97bc32df34e0df6e5d7b64a1dc238b0e5019a728c2b7c8fbdab22393c7177dad868294557cc22ab5855989b7ff61b74e4beb4c5070bc0a390ab7902d347c04c33aa5ab0c5b7cb38d7898048de44e94671e78ea3c55c24031505499301fb5edbd3c2790e0d6d91afae53f4fc1f891ca48c79fcdd8ccd4fb4c874a"
ut = Untwister()
for val in given:
bits = format(val,'020b') + '?'*12
#print(val, bits)
ut.submit(bits)
r2, init_state = ut.get_random2()
#print(init_state)
_guess_ks = []
_guess_key = ""
for i, expected in enumerate(given):
x = r2.getrandbits(32)
recovered = x >> 12
#print(recovered == expected, f"[!] Mismatch at index {i}: got {recovered}, expected {expected}")
#print(x % 2**12)
if i == 0:
continue # skip the first one
_guess_ks.append(x % 2**12)
_guess_key += str(x % 2**12)
print(_guess_ks)
print(_guess_key)
for i in range(2**12):
cur_key = str(i) + _guess_key
cur_key = cur_key[:100]
#print(cur_key)
cipher = AES.new(sha256(cur_key.encode()).digest(), AES.MODE_ECB)
flag__ = cipher.decrypt(bytes.fromhex(ct))
if flag__.isascii():
print(flag__) # .;,;.{never_enough_but_you_gotta_just_make_more_or_something_idk_im_not_a_motivational_speaker_but_you_get_the_idea}
This post is licensed under CC BY 4.0 by the author.