hugsy · April 30, 2017 15:37
diff --git a/alchemy.py b/alchemy.py
 #!/usr/bin/python2
 #
 # alchemy - defcon 2017
 #
 # @_hugsy_
 #
 #
 # The flag is: The flag is: end of the world sun clyigujheo
 #

 import os, base64, telnetlib
 from  subprocess import *
 import string, threading

 DIR = "alchemy_dist"

 lock = threading.Lock()
 solutions = {}
 T = []
 N = 50

 def crack(f):
    global solutions, lock
    pre = ""
    while True:
        found = False
        # for i in range(256):
        #     c = chr(i)
        for c in string.printable:
            #print("trying %s" % c.encode('hex'))
            p = Popen(["%s/%s" % (DIR,f),],
                      stdout=PIPE,
                      stdin=PIPE,
                      stderr=PIPE,
                      close_fds=True
            )

            res = p.stdout.read(11)
            p.stdin.write(pre+c + '\n')
            p.wait()


            if len(p.stderr.read(10)):
                print(pre)
                pre += c
                found = True
                break


            #print(p.returncode)

            if p.returncode == 0: return pre+c

            if p.returncode == len(pre)+1: continue

            if p.returncode < 0:  continue

            pre += c
            found = True
            break

        if not found:
            raise Exception("bye")

        lock.acquire()
        solutions[f] = pre
        lock.release()

    return pre

 t = telnetlib.Telnet("cm2k-alchemy_c745e862098878b8052e1e9588c59bff.quals.shallweplayaga.me", 12004)
 t.read_until('send your solution as base64, followed by a newline\n')

 while True:
    h = t.read_until('\n').strip()
    print "<<< ", h
    #res = solutions[f]
    res = crack(h)
    t.write( base64.b64encode(res)  + '\n')
    print ">>> ", res
	#!/usr/bin/python2
	#
	# alchemy - defcon 2017
	#
	# @_hugsy_
	#
	#
	# The flag is: The flag is: end of the world sun clyigujheo
	#

	import os, base64, telnetlib
	from subprocess import *
	import string, threading

	DIR = "alchemy_dist"

	lock = threading.Lock()
	solutions = {}
	T = []
	N = 50

	def crack(f):
	global solutions, lock
	pre = ""
	while True:
	found = False
	# for i in range(256):
	# c = chr(i)
	for c in string.printable:
	#print("trying %s" % c.encode('hex'))
	p = Popen(["%s/%s" % (DIR,f),],
	stdout=PIPE,
	stdin=PIPE,
	stderr=PIPE,
	close_fds=True
	)

	res = p.stdout.read(11)
	p.stdin.write(pre+c + '\n')
	p.wait()


	if len(p.stderr.read(10)):
	print(pre)
	pre += c
	found = True
	break


	#print(p.returncode)

	if p.returncode == 0: return pre+c

	if p.returncode == len(pre)+1: continue

	if p.returncode < 0: continue

	pre += c
	found = True
	break

	if not found:
	raise Exception("bye")

	lock.acquire()
	solutions[f] = pre
	lock.release()

	return pre

	t = telnetlib.Telnet("cm2k-alchemy_c745e862098878b8052e1e9588c59bff.quals.shallweplayaga.me", 12004)
	t.read_until('send your solution as base64, followed by a newline\n')

	while True:
	h = t.read_until('\n').strip()
	print "<<< ", h
	#res = solutions[f]
	res = crack(h)
	t.write( base64.b64encode(res) + '\n')
	print ">>> ", res