Skip to content

Instantly share code, notes, and snippets.

View mzhang28's full-sized avatar

michael mzhang28

190 followers · 283 following
View GitHub Profile
@mzhang28
mzhang28 / crypto e.md
Created August 18, 2015 18:34

Data:

http://www.apk4fun.com/apk/1299/

Solution:

This is just a really difficult challenge. First, decompile snapchat.apk using a tool or a service like decompileandroid. Extact the src folder. Yay. Java.

The first step is to do a little bit of research on Snapchat decryption. Your research will probably lead you to this repo. However, it's outdated. Cry slowly. You should realize at this point that you need the Android ID to do anything. Use grep to search for android_id in src. This will reveal locations in the code that obtain the Android ID from the phone. You will eventually find in com.flurry.sdk.ea the following:

@mzhang28
mzhang28 / aplit.c
Created February 18, 2016 20:32
EasyCTF 2015 Shell Binary Sources
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
int main(int argc, char **argv) {
int score = 0;
printf("CollageBored (R) Advanced Placement Literature Grader\n");
if (argc != 2) {
printf("Usage: %s [essay]\n", argv[0]);
return 1;
@mzhang28
mzhang28 / gist:2ed44083581140c48c4a97766482448f
Created March 17, 2017 03:20
~ » telnet wayward.tcp.easyctf.com 8580 michael@zhang
Trying 45.55.88.134...
Connected to wayward.tcp.easyctf.com.
Escape character is '^]'.
Please enter your pilot key: hello
The current time is: 1489720845.28
Please enter the coordinates (x, y) you would like to hit:
world
Sorry, you didn't enter valid coordinates.
Connection closed by foreign host.
@mzhang28
mzhang28 / solve.py
Created March 26, 2017 21:19
VC Solution
#!/usr/bin/env python
from PIL import Image
A = Image.open("A.png")
B = Image.open("B.png")
dA = A.load()
dB = B.load()
@mzhang28
mzhang28 / solve.py
Created March 26, 2017 21:24
PyCrypto Solution
#!/usr/bin/env python
frequencies = {'a': 0.0651738, 'b': 0.0124248, 'c': 0.0217339, 'd': 0.0349835, 'e': 0.1041442, 'f': 0.0197881, 'g': 0.0158610, 'h': 0.0492888, 'i': 0.0558094, 'j': 0.0009033, 'k': 0.0050529, 'l': 0.0331490, 'm': 0.0202124,
'n': 0.0564513, 'o': 0.0596302, 'p': 0.0137645, 'q': 0.0008606, 'r': 0.0497563, 's': 0.0515760, 't': 0.0729357, 'u': 0.0225134, 'v': 0.0082903, 'w': 0.0171272, 'x': 0.0013692, 'y': 0.0145984, 'z': 0.0007836, ' ': 0.1918182}
def single_byte_xor(b, s):
""" Performs XOR of the single byte against every character in string. """
assert len(b) == 1
x = ord(b)
@mzhang28
mzhang28 / solve.py
Created March 26, 2017 21:50
KeyPass Implementation
chars = " FuMlX%3kBJ:.N*epqA0Lh=En/diT1cwyaz$7SH,OoP;rUsWv4g\\Z<tx(8mf>-#I?bDYC+RQ!K5jV69&)G"
def get_key(seed):
result = ""
seed = 16631 * (seed % 0x7fffffff) + 511115
for i in range(16):
result += byte[seed % 0x7fffffff % 82]
seed = 16631 * (seed % 0x7fffffff) + 511115
result += chars[seed % 0x7fffffff % 82]
return result
@mzhang28
mzhang28 / keybase.md
Created October 14, 2017 09:00

Keybase proof

I hereby claim:

  • I am iptq on github.
  • I am failedxyz (https://keybase.io/failedxyz) on keybase.
  • I have a public key ASAOyYr2aYI5dkkI2c1UXnrjbb5t1l9ICUk__yJZpjvtIgo

To claim this, I am signing this object:

@mzhang28
mzhang28 / .vimrc
Created April 24, 2018 17:05
call plug#begin()
Plug 'vim-syntastic/syntastic'
Plug 'tomasiser/vim-code-dark'
Plug 'vim-airline/vim-airline'
Plug 'scrooloose/nerdtree'
Plug 'rhysd/vim-clang-format'
Plug 'kien/ctrlp.vim'
call plug#end()
@mzhang28
mzhang28 / keybase.md
Created August 12, 2018 08:51

Keybase proof

I hereby claim:

  • I am iptq on github.
  • I am michaelz (https://keybase.io/michaelz) on keybase.
  • I have a public key ASCEhMaJMl3DkJKGSXc8q1Nr5FIMVapUMwtEbQkCH7vIQAo

To claim this, I am signing this object:

@mzhang28
mzhang28 / keybase.md
Created March 11, 2019 20:54

Keybase proof

I hereby claim:

  • I am iptq on github.
  • I am michaelz (https://keybase.io/michaelz) on keybase.
  • I have a public key ASArajdaYzbql7aXaUnBl6G5yasMz7nhOIgkLEnDqEQdhwo

To claim this, I am signing this object: