Day 10 - ChristmaSSE KeyGen - rev, math

Files reverse.py Challenge I ran this program but it never finished… maybe my computer is too slow. Maybe yours is faster? Inizialmente non avevo letto che la challenge fosse math e quindi ho subito pensato ad un ottimizzazione del codice. Ho iniziato a riscriverlo in python cachando le varie operazioni. Ottendendo cosi le 3 operazioni fondamentali che vengono utilizzate all’interno del <main>: @cached(cache={}) def pshufd(src,order): line=bin(src)[2:].rjust(128,"0") n=32 src=[line[i:i+n] for i in range(0, len(line), n)][::-1] #print(src) line=bin(order)[2:].rjust(8,"0") n=2 order=[line[i:i+n] for i in range(0, len(line), n)] #print(order) res="" for i in order: val=int(i,2) res+=src[val] #print(int(res,2)) return int(res,2) @cached(cache={}) def pmulld(val1,val2): line=bin(val1)[2:] line=line.rjust(128,"0") n=32 val1=[line[i:i+n] for i in range(0, len(line), n)] line=bin(val2)[2:].rjust(128,"0") n=32 val2=[line[i:i+n] for i in range(0, len(line), n)] #print(val1,val2) res="" for i,j in zip(val1,val2): res+=str(int(i,2)*int(j,2)).rjust(32,"0") return int(res,16) @cached(cache={}) def paddd(val1,val2): line=bin(val1)[2:] line=line.rjust(128,"0") n=32 val1=[line[i:i+n] for i in range(0, len(line), n)] line=bin(val2)[2:].rjust(128,"0") n=32 val2=[line[i:i+n] for i in range(0, len(line), n)] #print(val1,val2) res="" for i,j in zip(val1,val2): res+=str(int(i,2)+int(j,2)).rjust(32,"0") return int(res,16) Successivamente ho individuato che le funzioni venivano sempre chiamate con una sequenza ben precisa, quindi le ho rese delle funzioni: ...

December 10, 2019 · 4 min · Ulisse

Genetic Mutation

Files change_perms.c 4bytes.py Challenge We have to change 4 bytes and we can give our name as input, so we can put something on the stack of the length that we want. Of course we want to put a shellcode on the stack, and use the 4 bytes to jump on it. The first problem is that NX was enabled, so we have to use 1 byte to disable it in the header. To be honest I didn’t know how to do it, well, I knew how to change it, but I didn’t know of any software that could give me the address. So i asked one of my teammate, and he game the C script file in this directory. I could use a diff between a modified elf and the starting one, but hey, I ain’t the smartest one. ...

1 min · ossigeno

mooo

The challenge allows the use of cowsay on a website. You can create a custom one, if you select ‘custom’ from the input list, meaning that you want to write a custom file that will be executed from cowsay with the ‘-f’ parameter. So the only things that I can work with is the body had to work with the body, but every command inside was not executed, just printed. ...

1 min · Ulisse

Santa's Signature

The challenge use a classic RSA sign and verify, without anything strange. So, differently from the others, I abused the fact that we can give both the Sign and the plaintext as inputs. Is enought to switch S with M when given as input, where S is calculated encrypting M with the public key that is given. Since verify(m,s): return m==encrypt(s,publickey) If we give verify(encrypt("AAAA",publicKey),"AAAA") # encrypt("AAAA",publickey)==encrypt("AAAA",publickey) we will pass the test. We just have to do this for 3 times! Image not found! ...

1 min · Ulisse