Fast Miner - Gemastik 2022

main.py

#!/usr/bin/env python3

import os
from functools import wraps
from hashlib import sha256
from typing import Dict, Optional
from uuid import uuid4 as uuid

from bottle import get, post, request, response, run

# holds notes content
notes: Dict[str, str] = {
    "00000000": os.environ.get("FLAG", "FLAG{test_flag}"),
}

# holds uid
session: Dict[str, bytes] = {}


@get("/")
def index():
    sessionId = request.cookies.get("sessionId")

    if sessionId is None:
        sessionId = str(uuid())
        value = uuid().bytes
        session[sessionId] = value
        response.set_cookie("sessionId", sessionId)

    value = session.get(sessionId)
    if value is None:
        return "unauthorized"

    uid = value.hex()
    return f"hi {uid}"


@get("/notes")
def get_note():
    sessionId = request.cookies.get("sessionId")
    if sessionId is None:
        return "unauthorized"

    uid = session.get(sessionId)
    if uid is None:
        return "unauthorized"

    title: Optional[str] = request.query.get("title")
    if title is None:
        return "not found"

    titleB = title.encode("latin-1", "ignore")

    hash = sha256(uid[:2])
    hash.update(titleB)

    # get the last 4 bytes as index
    idx = hash.hexdigest()[-8:]
    note = notes.get(idx)

    if note is None:
        return "not found"

    return note


@post("/notes")
def create_note():
    sessionId = request.cookies.get("sessionId")
    if sessionId is None:
        return "unauthorized"

    uid = session.get(sessionId)
    if uid is None:
        return "unauthorized"

    title: Optional[str] = request.forms.get("title")
    content: Optional[str] = request.forms.get("content")

    if title is None:
        return "title can't be empty"

    titleB = title.encode("latin-1", "ignore")

    hash = sha256(uid[:2])
    hash.update(titleB)

    # get the last 4 bytes as index
    idx = hash.hexdigest()[-8:]

    if notes.get(idx) is not None:
        return "unauthorized"

    notes[idx] = content

    return idx


run(server="waitress", host="0.0.0.0", port=8000)

solve.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from hashlib import sha256
from typing import Dict, Tuple

import requests


def get_block_data(num=1024) -> Dict[bytes, bytes]:
    latest_block = requests.get("https://blockchain.info/q/latesthash").text
    # latest_block = "000000000000000000008abbb4cb9b7f3f2b245027dbeb3acf25129fcac36bb1"

    cur_block = latest_block
    res = {}

    for it in range(num):
        resp = requests.get(f"https://blockchain.info/rawblock/{cur_block}",
                            params={"format": "hex"})
        block_data = resp.text
        header = bytes.fromhex(block_data[:160])

        h = sha256(header)
        hash = h.digest()

        res[hash[:2]] = hash[2:]

        # reverse the byte order
        prev_block = header[35:3:-1].hex()

        # change cur_block to prev_block for the next iteration
        cur_block = prev_block

    return res


def get_uid() -> Tuple[str, bytes]:
    """
        returns sessionId and truncated UID
    """
    resp = requests.get("http://localhost:8000")
    uid = bytes.fromhex(resp.text.split()[-1][:4])

    return resp.cookies.get("sessionId"), uid


def main():
    block = get_block_data(10)

    while True:
        sessionId, uid = get_uid()
        title = block.get(uid)
        if title is not None:
            break

    assert sha256(uid + title).hexdigest().endswith("0000000000000000")

    resp = requests.get("http://localhost:8000/notes",
                        cookies={"sessionId": sessionId},
                        params={"title": title})
    print(resp.text)


if __name__ == "__main__":
    main()

GG