import os os.environ['PWNLIB_NOTERM'] = 'True' os.environ['PWNLIB_SILENT'] = 'True' #The python script consider two bytes sent as one (Ex aa is \xaa so one byte) the same thing on the otp received. from pwn import * from Cryptodome.Cipher import AES from Cryptodome.Random import get_random_bytes import random ############################ BLOCK_SIZE = AES.block_size BLOCK_SIZE_HEX = 2*BLOCK_SIZE ############################ HOST = "130.192.5.212" PORT = "6531" server = remote(HOST, PORT) ############################ for i in range(128): print("-"*10+f"{i}"+"-"*10) print(f"{server.recvuntil(b'\n')}") otp = server.recvuntil(b'\n').split(b':')[1].strip() print(f"Received OTP:{otp}") sleep(0.1) otp_bytes = bytes.fromhex(otp.decode('utf-8')) print(f"OTP bytes len:{len(otp_bytes)}") prepayload = b"A"*32 # Remember to send newline payload = bytes([p ^ o for p, o in zip(prepayload,otp_bytes)]) ############################ hex_string = "" for byte in payload: hex_string += f'{byte:02x}' print(f"hexstring len:{len(hex_string)}") ############################# server.send(hex_string) server.send(b'\n') # "Input:" print(f"{server.recv(6)}") sleep(0.1) ciphertext = server.recvuntil(b'\n').split(b'\n')[0].split(b':')[1].strip() sleep(0.1) ########################### ciphertext_hex = ciphertext.hex() print(f"Ciphertext obtained len:{len(ciphertext)} AES_block_size:{AES.block_size}") for i in range(0,int(len(ciphertext_hex)//BLOCK_SIZE_HEX)): print(ciphertext_hex[i*BLOCK_SIZE_HEX:(i+1)*BLOCK_SIZE_HEX]) #Check if two blocks are equal print("Selected mode is", end=' ') if ciphertext[0:32] == ciphertext[32:64] : server.send("ECB") print("ECB") else: server.send("CBC") print("CBC") server.send(b'\n') print(f"{server.recvuntil(b'\n')}") sleep(0.1) print(f"Should be 'Ok Next':{server.recvuntil(b'\n')}") print("-"*10+"-"*10) #print(f"{server.recv(1024)}") #print(f"{server.recv(1024)}") print(f"FLAG:{server.recv(1024)}")