Created
June 10, 2013 01:15
-
-
Save aczid/5745979 to your computer and use it in GitHub Desktop.
Simple bruteforcer for BostonKeyParty CTF level 'Randy'.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <limits.h> | |
| unsigned int outputs[7][4] = { | |
| {0x7358837a, 0x6e1b2658, 0x3c00c5ff, 0x8c0d4aa}, | |
| {0x34d8c3b5, 0x5b56dca1, 0x78236d7, 0x1973085e}, | |
| {0x1f49456c, 0x27c0fa1d, 0x145214aa, 0x6200299c}, | |
| {0x1fea6614, 0x41cdb864, 0x53c0ed56, 0x63642916}, | |
| {0x4e81abc7, 0x792ce075, 0x7d2bc59c, 0x42a11ada}, | |
| {0x683d3f5d, 0xcaae38d, 0x7ec81c18, 0x444671e6}, | |
| {0x28c9a8fe, 0x3324b23, 0x3075f253, 0x60d2e9d2}}; | |
| unsigned int seeds[7] = {544485486,1914712179,811888180,874524781,1915974758,825319712,555819297}; | |
| void printasascii(unsigned int value){ | |
| printf("%c", (value) & 0xff); | |
| printf("%c", (value >> 8) & 0xff); | |
| printf("%c", (value >> 16) & 0xff); | |
| printf("%c", (value >> 24) & 0xff); | |
| } | |
| typedef union { | |
| unsigned int integer; | |
| unsigned char bytes[4]; | |
| } output_t; | |
| int main(int argc, char* argv[]){ | |
| output_t value; | |
| value.bytes[0] = 0x20; | |
| value.bytes[1] = 0x20; | |
| value.bytes[2] = 0x20; | |
| value.bytes[3] = 0x20; | |
| unsigned int outcome; | |
| unsigned int tries = 0; | |
| size_t output_row = 0; | |
| size_t seeds_found = 0; | |
| while(1){ | |
| for(output_row = 0; output_row < 7; output_row++){ | |
| srandom(value.integer); | |
| outcome = random(); | |
| if(outcome == outputs[output_row][0]){ | |
| outcome = random(); | |
| if(outcome == outputs[output_row][1]){ | |
| outcome = random(); | |
| if(outcome == outputs[output_row][2]){ | |
| outcome = random(); | |
| if(outcome == outputs[output_row][3]){ | |
| seeds[output_row] = value.integer; | |
| seeds_found++; | |
| printf("Found %i/7 seeds\n", seeds_found); | |
| printf("Seed %i = \"", output_row); | |
| printasascii(value.integer); | |
| printf("\" (%i)\n", value.integer); | |
| if(seeds_found == 7) break; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| /* iterate printable ascii */ | |
| if(value.bytes[3] < 0x7f){ | |
| value.bytes[3]++; | |
| } else { | |
| value.bytes[3] = 0x20; | |
| if(value.bytes[2] < 0x7f){ | |
| value.bytes[2]++; | |
| } else { | |
| value.bytes[2] = 0x20; | |
| if(value.bytes[1] < 0x7f){ | |
| value.bytes[1]++; | |
| } else { | |
| value.bytes[1] = 0x20; | |
| if(value.bytes[0] < 0x7f){ | |
| value.bytes[0]++; | |
| } else { | |
| printf("Exhausted keyspace.\n"); | |
| break; | |
| } | |
| } | |
| } | |
| } | |
| tries++; | |
| if(tries % 1000000 == 0){ | |
| printf("Tried %i seeds\nCurrent seed trying: ", tries); | |
| printasascii(value.integer); | |
| printf("\n"); | |
| } | |
| } | |
| for(output_row = 0; output_row < 7; output_row++){ | |
| printasascii(seeds[output_row]); | |
| } | |
| printf("\n"); | |
| for(output_row = 0; output_row < 7; output_row++){ | |
| printf("%i\n",seeds[output_row]); | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment