-
Notifications
You must be signed in to change notification settings - Fork 0
/
x.py
executable file
·48 lines (34 loc) · 1.16 KB
/
x.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/env python
import typing
from pwn import *
context.log_level = 'info'
def check_data(encrypted_data: bytes):
"""Returns True if the keystream is likely to be 2-periodic."""
# We only consider the most significant bit ...
data_parsed = [x & 0x80 for x in encrypted_data]
# ... and check if it is 2-periodic (2 keys with length 32 bit each)
for i in range(8):
if len(set(data_parsed[i::8])) != 1:
return False
return True
def main():
"""Runs the exploit."""
if len(sys.argv) == 2 and sys.argv[1] == 'local':
host, port = 'localhost', 10701
else:
host, port = 'okboomer.tasteless.eu', 10701
while True:
r = remote(host, port)
# Send our key
r.send(struct.pack('d', 4.5))
# Receive the encrypted data
encrypted_data = r.recvall()
# Check data
if check_data(encrypted_data):
# Save the encrypted data and exit
log.info('Saving data to "encrypted_data.raw"')
with open('encrypted_data.raw', 'bw') as fptr:
fptr.write(encrypted_data)
break
if __name__ == '__main__':
main()