emln/crypto2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
50c18f35b97af9fbdb1f94c7f24245e6bf13b40d
crypto2025/crypto-simmetric/fool-the-oracle-v4/attack.py.bak
emln 50c18f35b9 ALL the CTFS of Crypto2025 finally
2025-06-02 19:35:30 +02:00

124 lines
4.3 KiB
Python
Raw Blame History

#!/usr/bin/env python3
from Cryptodome.Random import get_random_bytes
from pwn import *
HOST = "130.192.5.212"
PORT = "6544"
lenFlag = len("CRYPTO25{}")+36 # 46 total
server = remote(HOST, PORT)
#padding1 + padding2 = 10
PAD_NUM = 10
#AES block 16
#server.send(b"enc\n")
flagGuessed = b''
sleepT = 0.1
pad1Len = 0
pad2Len = 0
#print(server.recv(1024))
for i in range(1,6):
pad=b'A'*(16-i)
secondBlock=b'B'*16
thirdBlock=b'B'*16
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
server.send(b'enc\n')
toSend = pad + secondBlock + thirdBlock
print(f"Sending {toSend} with len {len(toSend)}")
server.send( toSend.hex())
server.send(b'\n')
ciphertext = server.recvline().strip(b"> >").strip()
ciphertext = bytes.fromhex(ciphertext.decode('utf-8'))
if ciphertext[16:32] == ciphertext[32:48]:
pad1Len = i
pad2Len = 10-i
print(f"Found the right padding num:{pad1Len} and second pad len:{pad2Len}")
break
assert(pad1Len <= 6)
assert(pad2Len > 0)
print('-------')
pad2Guessed = b''
sleepT = 0.1
for i in range(pad2Len):
pad1 = b'A' * (16-pad1Len)
data = b'B' * (16 - (len(pad2Guessed)+1) )
fPayload = data + pad2Guessed
for g in range(255):
assert(g != 255)
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
guess = g.to_bytes()
server.send(b'enc\n')
toSend = pad1 + fPayload + guess + data
print(f"Sending {toSend} with len {len(toSend)} and PAD2Len:{pad2Len}")
server.send( toSend.hex())
server.send(b'\n')
ciphertext = server.recvline().strip(b"> >").strip()
ciphertext = bytes.fromhex(ciphertext.decode('utf-8'))
print(ciphertext)
#print(server.recv(4096))
#sleep(3)
"""try:
ciphertext = server.recv(4096)
ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b'\n')[0].strip().decode('utf-8'))
#print(ciphertext)
#ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
except:
ciphertext = bytes.fromhex(ciphertext.split(b'\n')[4].strip(b" >").decode('utf-8'))
#print(f"ERROR CIPHER:{ciphertext}")
#g = g - 1
if ciphertext[16:32] == ciphertext[32:48]:
print(f"Matched guess: {guess}")
pad2Guessed += guess
print(f"Already Guessed: {pad2Guessed}")
break
#sleep(sleepT)"""
assert(len(pad2Guessed) == pad2Len)
print(f"FOUND PADDING 2:{pad2Guessed}")
#sleep(1000)
firstBlock = b''
#already guessed 280043
for i in range(3):
for j in range(16):
pad1 = b'A' * (16-pad1Len)
#data = b'B'*(16-pad2Len-(j+1))
data = b'B'*(16 - pad2Len - (len(firstBlock)+1) )
fPayload = data + firstBlock
for guess in string.printable:
guess = bytes(guess,'utf-8')
server.send(b'enc\n')
#server.recv(1024)
sleep(sleepT)
#The second pad can be whatever
#if(len(firstBlock)>0):
# toSend = pad1 + fPayload + firstBlock + guess + data
#$else:
toSend = pad1 + fPayload + pad2Guessed + guess + fPayload
print(f"Payload len: {len(fPayload+pad2Guessed+guess+fPayload)}")
print(f"Sending {toSend} with len {len(toSend)} and PAD2Len:{pad2Len}")
server.send( toSend.hex())
server.send(b'\n')
sleep(sleepT)
#print(server.recv(4096))
#sleep(3)
try:
ciphertext = server.recv(4096)
ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b'\n')[0].strip().decode('utf-8'))
#print(ciphertext)
#ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8'))
except:
ciphertext = bytes.fromhex(ciphertext.split(b'\n')[4].strip(b" >").decode('utf-8'))
#print(f"ERROR CIPHER:{ciphertext}")
#g = g - 1
if ciphertext[16:32] == ciphertext[32:48]:
print(f"Matched guess: {guess}")
firstBlock += guess
print(f"FLAG Already Guessed: {firstBlock}")
break
Reference in New Issue View Git Blame Copy Permalink