hugsy · April 30, 2017 19:02
diff --git a/occult.py b/occult.py
 #!/usr/bin/python2
 #
 # occult - defcon 2017
 #
 # @_hugsy_
 #

 import string, threading, sys, os, base64, telnetlib, time
 from  subprocess import *

 lock = threading.Lock()
 solutions = {}
 T = []
 N = 50
 DIR = "occult_dist"

 def crack(f):
    global solutions, lock

    pre = ""

    charset = string.printable
    while True:
        found = False

        # for i in range(256):
        #     c = chr(i)
        #     if i == 255: return pre

        for c in charset:
            if c in ('\t', '\n', '\r'):
                return pre             # huge mega cheat (and hope there is no tab in response)

            p = Popen(["%s/%s" % (DIR,f),],
                      stdout=PIPE,
                      stdin=PIPE,
                      close_fds=True,
                      env={
                          "LD_PRELOAD": "preload.so",
                          "LD_LIBRARY_PATH": ".",
                      }
            )
            res = p.stdout.read(len("\x0benter code"))
            p.stdin.write(pre+c + '\n')
            p.stdin.flush()
            time.sleep(0.03)
            p.poll()

            if p.returncode is None:
                p.kill()
                pre += c
                print "current='%s'" % (pre)
                found = True
                break

            #print(pre, c, p.returncode)
            p.wait()

        if not found:
            raise Exception("bye")

        # lock.acquire()
        # solutions[f] = pre
        # lock.release()

    return pre

 res = crack('d4aed2b0a0979e453b3cfd8ef69831807a96a8094c3b2317ef643634293e5ba2')
 print("result '%s'" % res)
 print (base64.b64encode(res))
 exit(0)

 def do(f):
    if '.txt' in f:
        return
    txt = DIR+'/'+f+'.txt'
    if os.path.isfile(txt):
        print("already cracked %s" % f)
        return

    res = crack(f)
    open(txt, 'wb').write(res)
    return


 print("[+] generating all solutions")

 # for f in os.listdir(DIR):
 #     if '.txt' in f: continue
 #     t = threading.Thread(target=do, args=(f,))
 #     t.daemon = True
 #     t.start()
 #     T.append(t)
 #     if len(T)==N:
 #         for t in T: t.join()
 #         T = []
 # for t in T: t.join()

 print("[+] done")
 # print(solutions)

 t = telnetlib.Telnet("cm2k-occult_92090ea70651a37c143d1af2ac714445.quals.shallweplayaga.me", 12005)
 t.read_until('send your solution as base64, followed by a newline\n')

 while True:
    h = t.read_until('\n').strip()
    print ("<<< %s" % h)
    #res = solutions[h]
    res = open(DIR+'/'+h+'.txt').read()
    t.write( base64.b64encode(res)  + '\n')
    print (">>> '%s'" % res)
	#!/usr/bin/python2
	#
	# occult - defcon 2017
	#
	# @_hugsy_
	#

	import string, threading, sys, os, base64, telnetlib, time
	from subprocess import *

	lock = threading.Lock()
	solutions = {}
	T = []
	N = 50
	DIR = "occult_dist"

	def crack(f):
	global solutions, lock

	pre = ""

	charset = string.printable
	while True:
	found = False

	# for i in range(256):
	# c = chr(i)
	# if i == 255: return pre

	for c in charset:
	if c in ('\t', '\n', '\r'):
	return pre # huge mega cheat (and hope there is no tab in response)

	p = Popen(["%s/%s" % (DIR,f),],
	stdout=PIPE,
	stdin=PIPE,
	close_fds=True,
	env={
	"LD_PRELOAD": "preload.so",
	"LD_LIBRARY_PATH": ".",
	}
	)
	res = p.stdout.read(len("\x0benter code"))
	p.stdin.write(pre+c + '\n')
	p.stdin.flush()
	time.sleep(0.03)
	p.poll()

	if p.returncode is None:
	p.kill()
	pre += c
	print "current='%s'" % (pre)
	found = True
	break

	#print(pre, c, p.returncode)
	p.wait()

	if not found:
	raise Exception("bye")

	# lock.acquire()
	# solutions[f] = pre
	# lock.release()

	return pre

	res = crack('d4aed2b0a0979e453b3cfd8ef69831807a96a8094c3b2317ef643634293e5ba2')
	print("result '%s'" % res)
	print (base64.b64encode(res))
	exit(0)

	def do(f):
	if '.txt' in f:
	return
	txt = DIR+'/'+f+'.txt'
	if os.path.isfile(txt):
	print("already cracked %s" % f)
	return

	res = crack(f)
	open(txt, 'wb').write(res)
	return


	print("[+] generating all solutions")

	# for f in os.listdir(DIR):
	# if '.txt' in f: continue
	# t = threading.Thread(target=do, args=(f,))
	# t.daemon = True
	# t.start()
	# T.append(t)
	# if len(T)==N:
	# for t in T: t.join()
	# T = []
	# for t in T: t.join()

	print("[+] done")
	# print(solutions)

	t = telnetlib.Telnet("cm2k-occult_92090ea70651a37c143d1af2ac714445.quals.shallweplayaga.me", 12005)
	t.read_until('send your solution as base64, followed by a newline\n')

	while True:
	h = t.read_until('\n').strip()
	print ("<<< %s" % h)
	#res = solutions[h]
	res = open(DIR+'/'+h+'.txt').read()
	t.write( base64.b64encode(res) + '\n')
	print (">>> '%s'" % res)