emln/crypto2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
50c18f35b97af9fbdb1f94c7f24245e6bf13b40d
crypto2025/crypto-simmetric/guess-mode-one-shot/main.py
emln 50c18f35b9 ALL the CTFS of Crypto2025 finally
2025-06-02 19:35:30 +02:00

67 lines
2.1 KiB
Python
Raw Blame History

import os
os.environ['PWNLIB_NOTERM'] = 'True'
os.environ['PWNLIB_SILENT'] = 'True'
#The python script consider two bytes sent as one (Ex aa is \xaa so one byte) the same thing on the otp received.
from pwn import *
from Cryptodome.Cipher import AES
from Cryptodome.Random import get_random_bytes
import random
############################
BLOCK_SIZE = AES.block_size
BLOCK_SIZE_HEX = 2*BLOCK_SIZE
############################
HOST = "130.192.5.212"
PORT = "6531"
server = remote(HOST, PORT)
############################
for i in range(128):
print("-"*10+f"{i}"+"-"*10)
print(f"{server.recvuntil(b'\n')}")
otp = server.recvuntil(b'\n').split(b':')[1].strip()
print(f"Received OTP:{otp}")
sleep(0.1)
otp_bytes = bytes.fromhex(otp.decode('utf-8'))
print(f"OTP bytes len:{len(otp_bytes)}")
prepayload = b"A"*32 # Remember to send newline
payload = bytes([p ^ o for p, o in zip(prepayload,otp_bytes)])
############################
hex_string = ""
for byte in payload:
hex_string += f'{byte:02x}'
print(f"hexstring len:{len(hex_string)}")
#############################
server.send(hex_string)
server.send(b'\n')
# "Input:"
print(f"{server.recv(6)}")
sleep(0.1)
ciphertext = server.recvuntil(b'\n').split(b'\n')[0].split(b':')[1].strip()
sleep(0.1)
###########################
ciphertext_hex = ciphertext.hex()
print(f"Ciphertext obtained len:{len(ciphertext)} AES_block_size:{AES.block_size}")
for i in range(0,int(len(ciphertext_hex)//BLOCK_SIZE_HEX)):
print(ciphertext_hex[i*BLOCK_SIZE_HEX:(i+1)*BLOCK_SIZE_HEX])
#Check if two blocks are equal
print("Selected mode is", end=' ')
if ciphertext[0:32] == ciphertext[32:64] :
server.send("ECB")
print("ECB")
else:
server.send("CBC")
print("CBC")
server.send(b'\n')
print(f"{server.recvuntil(b'\n')}")
sleep(0.1)
print(f"Should be 'Ok Next':{server.recvuntil(b'\n')}")
print("-"*10+"-"*10)
#print(f"{server.recv(1024)}")
#print(f"{server.recv(1024)}")
print(f"FLAG:{server.recv(1024)}")
Reference in New Issue View Git Blame Copy Permalink