CTFs and solutions

2025-04-27 19:24:27 +02:00
commit aa0fe54b3b
426 changed files with 2756 additions and 0 deletions
--- a/fool-the-oracle/lecture.py
+++ b/fool-the-oracle/lecture.py
@ -0,0 +1,67 @@
+import os
+os.environ['PWNLIB_NOTERM'] = 'True'
+os.environ['PWNLIB_SILENT'] = 'True'
+
+if __name__ == '__main__':
+    #server = remote(HOST, PORT)
+    #server.send(iv)
+    #server.send(ciphertext)
+    #response = server.recv(1024)
+    #print(response)
+    #server.close()
+
+    #server = remote(HOST, PORT)
+    #server.send(iv)
+
+    #edt = bytearray(ciphertext)
+    #edt[-1] = 0
+    #server.send(edt)
+    #response = server.recv(1024)
+    #print(response)
+    #server.close()
+#---------------
+    print(len(ciphertext)//AES.block_size)
+    N = len(ciphertext)//AES.block_size)
+    #This initial part will be non modifiabke
+    #We put all the block except the last one 
+    initial_part = ciphertext[:(N-2)*AES.block_size]
+    #The second to last block is the one swapped in CBC then it is not dependent from the others(?)
+    block_to_modify =  bytearray(ciphertext[(N-2)*AES.block_size:(N-1)*AES.block_size])
+    last_block = ciphertext[(N-1]*AES.block_size:]
+
+    byte_index = AES.block_size - 1
+    c15 = block_to_modify[byte_index]
+
+    for c_prime_15 in range(256):
+
+        block_to_modify[byte_index] = c_prime_15
+        to_send = initial_part + block_to_modify + last_block
+
+        server = remote(HOST, PORT)
+        server.send(iv)
+        server.send(to_send)
+        response = server.recv(1024)
+        #print(response)
+        server.close()
+   
+        if response = b'OK':
+            print("c_prime_15"+str(c_prime_15))
+            p_prime_15 = c_prime_15 ^ 1
+            p_15 = p_prime_15 ^ c_15
+            print("p_prime_15"+str(p_prime_15))  
+            print("p_15"+str(p_15))
+    p_prime_15 = 191
+    
+    c_second_15 = p_prime_15 ^ 2
+    block_to_modify[byte_index] = c_second_15
+
+    byte_index -= 1
+    c_14 = block_to_modify[byte_index]
+    
+    for c_prime_14 in range(256):
+        
+        block_to_modify[byte_index] = c_prime_14
+        to_send = initial_part + block_to_modify + last_block
+
+        ##connect to the server etc
+