Skip to content

Instantly share code, notes, and snippets.

@nick3499

nick3499/keygenme.py

Last active January 13, 2022 21:19
Show Gist options
  • Save nick3499/fd4053897585ed51aee76f9c442023c7 to your computer and use it in GitHub Desktop.
Save nick3499/fd4053897585ed51aee76f9c442023c7 to your computer and use it in GitHub Desktop.
Download ZIP
keygenme-py
Raw
keygenme.py
#!/bin/python3
'''Print picoCTF flag for “keygenme-py” challenge.'''
import hashlib
user = b'GOUGH'
nums = [4, 5, 3, 6, 2, 7, 1, 8]
flag_1 = 'picoCTF{1n_7h3_|<3y_of_'
flag_2 = ''
flag_3 = '}'
for num in nums:
flag_2 += hashlib.sha256(user).hexdigest()[num]
print(flag_1 + flag_2 + flag_3)
@nick3499
Copy link
Author

  • change the username to suit

@nick3499
Copy link
Author

hashlib

This module implements a common interface to many different secure hash and message digest algorithms. Included are the FIPS secure hash algorithms SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA’s MD5 algorithm (defined in internet RFC 1321). The terms “secure hash” and “message digest” are interchangeable. Older algorithms were called message digests. The modern term is secure hash.

Encode Username

  • sha256(b'GOUGH') returns a sha256 _hashlib.HASH object
  • hexdigest() returns a string object of double length, containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.
>>> from hashlib import sha256
>>> sha256(b'GOUGH').hexdigest()  # encode username 
'e8a1f9146d32473b9605568ca66f7b5c2db9f271f57a8c8e9e121e48accddf2f'

So, it simply became a matter of indexing characters based on the order of indices found in the check_key() method in keygenme-py.py (4, 5, 3, 6, 2, 7, 1, 8). For example, in the line if key[i] != hashlib.sha256(username_trial).hexdigest()[4]: the index value of 4 can be found in the hex digest, so the first character becomes f.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment