侧信道3连 233
可以对check总是令B=A,然后对长度不足31的情况判断其长度令B=0还是A(0的时候所有flag乱序输出一直,否则不一致),这样可以根据报错leak长度信息。
发现长度不足31后,可以对长度不足的情况判断开头是否TPCTF,如果是,那么就是第一个没有乱序的flag,对于其他不足的情况总是返回0,对于这种情况判断其是否>mid来决定访问A还是0,这样可以二分出flag来。
#from sage.all import * | |
import numpy as np | |
import sympy as sp | |
from sympy.abc import x | |
matrices=[[[16, 55, 40], [0, -39, -40], [0, 55, 56]], [[13, 41, 29], [3, -25, -29], [-3, 41, 45]], [[7, 13, 7], [9, 3, -7], [-9, 13, 23]], [[1, -15, -15], [15, 31, 15], [-15, -15, 1]], [[217, 728, 512], [39, -472, -512], [-39, 728, 768]], [[9341, 41833, 32493], [21635, 96663, 75027], [-29315, -130967, -101651]], [[10, 27, 18], [6, -11, -18], [-6, 27, 34]], [[28, 111, 84], [-12, -95, -84], [12, 111, 100]], [[266, 970, 705], [-10, -714, -705], [10, 970, 961]], [[1878, 4506, 2629], [2218, -410, -2629], [-2218, 4506, 6725]], [[253, 953, 701], [3, -697, -701], [-3, 953, 957]], [[1881, 4520, 2640], [2215, -424, -2640], [-2215, 4520, 6736]], [[233, 821, 589], [23, -565, -589], [-23, 821, 845]], [[1593, 3096, 1504], [2503, 1000, -1504], [-2503, 3096, 5600]], [[-7038, -35490, -28451], [-19586, -98654, -79069], [27266, 137310, 110045]], [[196, 695, 500], [60, -439, -500], [-60, 695, 756]], [[1590, 3082, 1493], [2506, 1014, -1493], [- |
#include "CertInjector.h" | |
#include "MinHook.h" | |
#include <string> | |
#include <unordered_set> | |
#define COUNT_OF(arr) (sizeof(arr) / sizeof(*arr)) | |
// #define PRINT_DEBUG |