| import socket, struct, os, binascii, base64, random, time, itertools | |
| import telnetlib | |
| def readline(sc, show = True): | |
| res = "" | |
| while len(res) == 0 or res[-1] != "\n": | |
| data = sc.recv(1) | |
| if len(data) == 0: | |
| print repr(res) | |
| raise Exception("Server disconnected") |
When executing a ELF binary, Linux kernel will pass the memory address of PHDR(program header) to userspace by AT_PHDR entry of AUXV.
ld.so interpreter will parse the PHDR structure at memory addressAT_PHDR and resolve more ELF structures, such as dynamic section.
But Linux kernel wrongly calculate the PHDR address in memory.
NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
Collecting some information about the extend and affected products and keys of the Infineon RSA vulnerability (ROCA).
Estonian eID cards
| from sage.all import continued_fraction, Integer, inverse_mod | |
| pubkey = (1696852658826990842058316561963467335977986730245296081842693913454799128341723605666024757923000936875008280288574503060506225324560725525210728761064310034604441130912702077320696660565727540525259413564999213382434231194132697630244074950529107794905761549606578049632101483460345878198682237227139704889943489709170676301481918176902970896183163611197618458670928730764124354693594769219086662173889094843054787693685403229558143793832013288487194871165461567L, 814161885590044357190593282132583612817366020133424034468187008267919006610450334193936389251944312061685926620628676079561886595567219325737685515818965422518820810326234612624290774570873983198113409686391355443155606621049101005048872030700143084978689888823664771959905075795440800042648923901406744546140059930315752131296763893979780940230041254506456283030727953969468933552050776243515721233426119581636614777596169466339421956338478341355508343072697451L, 17101222758731850777 |
| from scryptos import * | |
| import hashlib | |
| import gmpy | |
| ''' | |
| References: | |
| [1] Hitachi, Ltd. 2001. Specification of HIME(R) CryptoSystem - http://www.hitachi.com/rd/yrl/crypto/hime/HIME_R_specE.pdf | |
| ''' | |
| SECRET = 'ASISCTF-17' | |
| C0 = [ hashlib.sha1(SECRET[i:] + SECRET[:i]).digest()[:16] for i in xrange(10) ] |
| from sage.all import * | |
| # Original: https://github.com/mimoo/RSA-and-LLL-attacks/blob/master/boneh_durfee.sage | |
| dimension_min = 7 | |
| def remove_unhelpful(BB, monomials, bound, current): | |
| if current == -1 or BB.dimensions()[0] <= dimension_min: | |
| return BB | |
| for ii in range(current, -1, -1): | |
| if BB[ii, ii] >= bound: |
| function get_flag() { | |
| s = "ASIS{"; | |
| var r0 = 65; | |
| var r7 = 0; | |
| for (var r8 = 0; r8 <= 20; r8++) { | |
| var r9 = 47; | |
| r9 = r9 < r0; | |
| if (!(r9 < 58)) { | |
| r9 = 64; | |
| r9 = r9 < r0; |
| import socket, struct, os, binascii, base64, subprocess | |
| import telnetlib | |
| import base58 | |
| def readline(sc, show = True): | |
| res = "" | |
| while len(res) == 0 or res[-1] != "\n": | |
| data = sc.recv(1) | |
| if len(data) == 0: |
| #-*- coding:utf-8 -*- | |
| """ | |
| In this challenge we have a Paillier cryptosystem. | |
| We are given a decryption oracle, which leaks only one bit in the middle of the plaintext. | |
| Due to homomorphic properties of the Paillier cryptosystem, we can recover the full decryption using such an oracle. | |
| 1. First, we recover the lower half of the message bit-by-bit. | |
| This can be done by manipulating and observing the carry bit going through the pinhole, |
| #!/usr/bin/env ruby | |
| require 'securerandom' | |
| ## Parameters | |
| P = 115792089237316195423570985008687907853269984665640564039457584007913129639747 | |
| N = 100 | |
| K = 25 | |
| L = 38 # The number of liars | |
| def apply_polynomial(coeffs, x) | |
| r = 0 |