emln/crypto2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ALL the CTFS of Crypto2025 finally

Browse Source
This commit is contained in:
emln
2025-06-02 19:35:30 +02:00
parent aa0fe54b3b
commit 50c18f35b9
442 changed files with 1743 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
crypto-simmetric/fool-the-oracle-v2/attack.py Normal file
View File

@ -0,0 +1,108 @@
#!/usr/bin/env python3
from pwn import *
HOST = "130.192.5.212"
PORT = "6542"
server = remote(HOST,PORT)
sleepT = 0.1
payload = b'A'*32
flag = "CRYPTO25{ad3c6c1e-5cac-4c87-b5c3-a5dab511fee3}"
firstBlock = b"CRYPTO25{ad3c6c1"
secondBlock = b"e-5cac-4c87-b5c3"
thirdBlock=b"-a5dab511fee3}"
flagGuessed = b''
"""for i in range(16):
# Create one pad block with the 5 random bytes
beforePad = b'A'*11
pad = b'A'*(16-(i+1))
fPayload = pad + flagGuessed
for guess in string.printable:
guess = bytes(guess,'utf-8')
server.send(b'enc\n')
sleep(sleepT)
server.recv(1024)
sleep(sleepT)
print(f"Payload len: {len(fPayload+guess)} Pad len: {len(pad)}")
toSend = beforePad+fPayload+guess+pad
print(f"Sending {toSend} with len {len(toSend)}")
server.send( toSend.hex())
server.send(b'\n')
sleep(sleepT)
#print(server.recv(1024))
ciphertext = server.recv(1024)
#print(f"Ciphertext:{ciphertext}")
ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
if ciphertext[16:32] == ciphertext[32:48]:
print(f"Block1:{ciphertext[16:32]} Block2:{ciphertext[32:48]}")
print(f"Matched guess: {guess}")
flagGuessed += guess
print(f"Already Guessed: {flagGuessed}")
break
sleep(sleepT)
#ciphertext//AES.blocksize
"""
"""for i in range(16):
beforePad = b'A'*11
pad = firstBlock[(i+1):]
#pad = b'A'*(16 - (len(flagGuessed)+1) )
fPayload = pad + flagGuessed
#fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
#fPayload = fBlock[(i+1):]+flagGuessed
for guess in string.printable:
guess = bytes(guess,'utf-8')
server.send(b'enc\n')
server.recv(1024)
sleep(sleepT)
#The second pad can be whatever
toSend = beforePad + fPayload+guess+pad
print(f"Payload len: {len(fPayload+guess)} Pad len: {len(pad)}")
print(f"Sending {toSend} with len {len(toSend)}")
server.send( toSend.hex())
server.send(b'\n')
sleep(sleepT)
#print(server.recv(1024))
ciphertext = server.recv(1024)
#print(f"Ciphertext:{ciphertext}")
ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
if ciphertext[16:32] == ciphertext[48:64]:
print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
print(f"Matched guess: {guess}")
flagGuessed += guess
print(f"Already Guessed: {flagGuessed}")
break
sleep(sleepT)
#ciphertext//AES.blocksize
"""
for i in range(16):
beforePad = b'A'*11
pad = secondBlock[(i+1):]
#pad = b'A'*(16 - (len(flagGuessed)+1) )
fPayload = pad + flagGuessed
#fPayload = b"A"*(16 - (len(fBlock+flagGuessed)+1) )+fBlock+flagGuessed
#fPayload = fBlock[(i+1):]+flagGuessed
for guess in string.printable:
guess = bytes(guess,'utf-8')
server.send(b'enc\n')
server.recv(1024)
sleep(sleepT)
#The second pad can be whatever
toSend = beforePad + fPayload+guess+pad
print(f"Payload len: {len(fPayload+guess)} Pad len: {len(pad)}")
print(f"Sending {toSend} with len {len(toSend)}")
server.send( toSend.hex())
server.send(b'\n')
sleep(sleepT)
#print(server.recv(1024))
ciphertext = server.recv(1024)
#print(f"Ciphertext:{ciphertext}")
ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
if ciphertext[16:32] == ciphertext[64:80]:
print(f"Block1:{ciphertext[0:16]} Block2:{ciphertext[16:32]}")
print(f"Matched guess: {guess}")
flagGuessed += guess
print(f"Already Guessed: {flagGuessed}")
break
sleep(sleepT)