ALL the CTFS of Crypto2025 finally

2025-06-02 19:35:30 +02:00
parent aa0fe54b3b
commit 50c18f35b9
442 changed files with 1743 additions and 8 deletions
--- a/crypto-simmetric/fool-the-oracle/attack.py
+++ b/crypto-simmetric/fool-the-oracle/attack.py
@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+
+from Cryptodome.Cipher import AES
+from pwn import *
+import math
+os.environ['PWNLIB_NOTERM'] = 'True'
+os.environ['PWNLIB_SILENT'] = 'True'
+HOST = "130.192.5.212"
+PORT = "6541"
+server = remote(HOST, PORT)
+sleepT = 0.1
+# First block
+#discoveringFlag=b"CRYPTO25{96ce8a93-d548-4f88-bc6"
+firstBlock=b"CRYPTO25{96ce8a9"
+secondBlock=b"3-d548-4f88-bc6c"
+thirdBlock=b"-db6eb3c96382}"
+
+#print(firstBlock+secondBlock+thirdBlock)
+#sleep(1000)
+
+flagGuessed=b""
+"""for i in range(15):
+    pad =  b'A'*(16 - (len(flagGuessed)+1) )
+    fPayload = pad + flagGuessed
+    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
+    #fPayload = fBlock[(i+1):]+flagGuessed
+    for guess in string.printable:
+        guess = bytes(guess,'utf-8')
+        server.send(b'enc\n')
+        server.recv(1024)
+        sleep(sleepT)
+        toSend = fPayload+guess+pad
+        #toSend = fPayload+guess+fPayload[i:]
+        #print(len(fPayload[i:]))
+        print(f"Sending {toSend} with len {len(toSend)}")
+        server.send( toSend.hex())
+        server.send(b'\n')
+        sleep(sleepT)
+        #print(server.recv(1024))
+        ciphertext = server.recv(1024)
+        #print(f"Ciphertext:{ciphertext}")
+        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
+        if ciphertext[0:16] == ciphertext[16:32]:
+            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
+            print(f"Matched guess: {guess}")
+            flagGuessed += guess
+            print(f"Already Guessed: {flagGuessed}")
+            break
+        sleep(sleepT)
+            #ciphertext//AES.blocksize
+"""
+for i in range(16):
+    pad = secondBlock[(i+1):]
+    #pad =  b'A'*(16 - (len(flagGuessed)+1) )
+    fPayload = pad + flagGuessed
+    #fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
+    #fPayload = fBlock[(i+1):]+flagGuessed
+    for guess in string.printable:
+        guess = bytes(guess,'utf-8')
+        server.send(b'enc\n')
+        server.recv(1024)
+        sleep(sleepT)
+        #The second pad can be whatever
+        toSend = fPayload+guess+pad
+        print(f"Sending {toSend} with len {len(toSend)}")
+        server.send( toSend.hex())
+        server.send(b'\n')
+        sleep(sleepT)
+        #print(server.recv(1024))
+        ciphertext = server.recv(1024)
+        #print(f"Ciphertext:{ciphertext}")
+        ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
+        if ciphertext[0:16] == ciphertext[48:64]:
+            print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
+            print(f"Matched guess: {guess}")
+            flagGuessed += guess
+            print(f"Already Guessed: {flagGuessed}")
+            break
+        sleep(sleepT)
+            #ciphertext//AES.blocksize
+
+server.close()
+# CRYPTO25{flag} total length of 46, almost 3 blocks less 2 bytes
+# One block is 16 bytes
+#flag = CRYPTO25{CCCCCC