CreateRemoteThread · March 1, 2020 22:15
diff --git a/aeroctf-oldcryptosolve.py b/aeroctf-oldcryptosolve.py
 #!/usr/bin/python

 import pwn
 import base64
 import binascii

 p = pwn.remote("tasks.aeroctf.com",44323)

 def encryptWithKey(p,blk):
  p.recvuntil("> ")
  p.send("3\n")
  p.recvuntil(": ")
  p.send(blk + "\n")
  data = p.recvuntil("\n")
  (p1,p2,p3) = data.split("'")
  dx = binascii.hexlify(base64.b64decode(p2))
  parts = [dx[i:i+32] for i in range(0, len(dx), 32)]
  print(parts)
  return parts

 def findLength(p):
  for i in range(0,16):
    par = encryptWithKey(p,"}" + "\x00" * 15 + "\00" * i)
    if par[0] == par[-1]:
      print "Found! %d" % i
      return i

 # We know it's i * 11.
 knownKeyBytes = "}"

 import string
 def findByte(p):
  for c in "0123456789abcdef":
    par = encryptWithKey(p,c + "5013a76ed3b98bae1e79169b3495f47a}" + "\x00" * 26)
    if par[0] == par[-3]:
      print "Found: %c" % c
      return c

 # findLength(p)

 findByte(p)

 p.close()
	#!/usr/bin/python

	import pwn
	import base64
	import binascii

	p = pwn.remote("tasks.aeroctf.com",44323)

	def encryptWithKey(p,blk):
	p.recvuntil("> ")
	p.send("3\n")
	p.recvuntil(": ")
	p.send(blk + "\n")
	data = p.recvuntil("\n")
	(p1,p2,p3) = data.split("'")
	dx = binascii.hexlify(base64.b64decode(p2))
	parts = [dx[i:i+32] for i in range(0, len(dx), 32)]
	print(parts)
	return parts

	def findLength(p):
	for i in range(0,16):
	par = encryptWithKey(p,"}" + "\x00" * 15 + "\00" * i)
	if par[0] == par[-1]:
	print "Found! %d" % i
	return i

	# We know it's i * 11.
	knownKeyBytes = "}"

	import string
	def findByte(p):
	for c in "0123456789abcdef":
	par = encryptWithKey(p,c + "5013a76ed3b98bae1e79169b3495f47a}" + "\x00" * 26)
	if par[0] == par[-3]:
	print "Found: %c" % c
	return c

	# findLength(p)

	findByte(p)

	p.close()