Created
December 6, 2023 15:12
-
-
Save sawaYch/cfcdacd153fb5230a31541c1450df6aa to your computer and use it in GitHub Desktop.
hkcert23 ctf sign me a flag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import signal | |
| import os | |
| import hmac | |
| import hashlib | |
| import sys | |
| def tle_handler(*args): | |
| print('β°') | |
| sys.exit(0) | |
| def xor(a, b): | |
| return bytes(u^v for u, v in zip(a, b)) | |
| def sign_message(key_client: bytes, key_server: bytes, message: str) -> bytes: | |
| key_combined = xor(key_client, key_server) | |
| signature = hmac.new(key_combined, message.encode(), hashlib.sha256).digest() | |
| return signature | |
| def main(): | |
| signal.signal(signal.SIGALRM, tle_handler) | |
| signal.alarm(120) | |
| flag = os.environ.get('FLAG', 'hkcert23{***REDACTED***}') | |
| key_server = os.urandom(16) | |
| for id in range(10): | |
| action = input('π¬ ').strip() | |
| if action == 'sign': | |
| key_client = bytes.fromhex(input('π ')) | |
| message = input('π¬ ') | |
| if 'flag' in message: | |
| return print('π‘') | |
| signature = sign_message(key_client, key_server, message) | |
| print(f'π {signature.hex()}') | |
| elif action == 'verify': | |
| key_client = b'\0'*16 # I get to decide the key :) | |
| message = input('π¬ ') | |
| signature = bytes.fromhex(input('π ')) | |
| if message != 'gib flag pls': | |
| return print('π‘') | |
| if signature != sign_message(key_client, key_server, message): | |
| return print('π‘') | |
| print(f'π {flag}') | |
| if __name__ == '__main__': | |
| try: | |
| main() | |
| except Exception as error: | |
| print('π') | |
| print(error) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hmac | |
| import hashlib | |
| from pwn import * | |
| import itertools | |
| def sign_message(key_client: bytes, key_server: bytes, message: str) -> bytes: | |
| key_combined = xor(key_client, key_server) | |
| signature = hmac.new(key_combined, message.encode(), hashlib.sha256).digest() | |
| return signature | |
| def sign(r, key_client: bytes, message: str): | |
| r.sendlineafter('π¬ '.encode(), b'sign') | |
| r.sendlineafter('π '.encode(), key_client.hex().encode()) | |
| r.sendlineafter('π¬ '.encode(), message.encode()) | |
| r.recvuntil('π '.encode()) | |
| return bytes.fromhex(r.recvline().decode().strip()) | |
| def get_flag(r, key_server: bytes): | |
| signature = sign_message(b'\0'*16, key_server, 'gib flag pls') | |
| r.sendlineafter('π¬ '.encode(), b'verify') | |
| r.sendlineafter('π¬ '.encode(), b'gib flag pls') | |
| r.sendlineafter('π '.encode(), signature.hex().encode()) | |
| if __name__ == '__main__': | |
| r = remote('chal.hkcert23.pwnable.hk', 28029) | |
| key_server = b'' | |
| for i in range(8): # change 1 | |
| s = sign(r, b'\0' * (i+1) * 2, 'testing') # change 2 | |
| for guess in range(256*256): | |
| key_server_guess = key_server + int.to_bytes(guess, 2, 'big') # change 3 | |
| if sign_message(b'\0'*(i+1) * 2, key_server_guess, 'testing') != s: continue # change 4 | |
| key_server = key_server_guess | |
| break | |
| print(f'{key_server = }') | |
| get_flag(r, key_server) | |
| r.interactive() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hmac | |
| import hashlib | |
| from pwn import * | |
| import itertools | |
| def sign_message(key_client: bytes, key_server: bytes, message: str) -> bytes: | |
| key_combined = xor(key_client, key_server) | |
| signature = hmac.new(key_combined, message.encode(), hashlib.sha256).digest() | |
| return signature | |
| def sign(r, key_client: bytes, message: str): | |
| r.sendlineafter('π¬ '.encode(), b'sign') | |
| r.sendlineafter('π '.encode(), key_client.hex().encode()) | |
| r.sendlineafter('π¬ '.encode(), message.encode()) | |
| r.recvuntil('π '.encode()) | |
| return bytes.fromhex(r.recvline().decode().strip()) | |
| def get_flag(r, key_server: bytes): | |
| signature = sign_message(b'\0'*16, key_server, 'gib flag pls') | |
| r.sendlineafter('π¬ '.encode(), b'verify') | |
| r.sendlineafter('π¬ '.encode(), b'gib flag pls') | |
| r.sendlineafter('π '.encode(), signature.hex().encode()) | |
| if __name__ == '__main__': | |
| r = remote('chal.hkcert23.pwnable.hk', 28029) | |
| key_server = b'' | |
| for i in range(16): | |
| s = sign(r, b'\0'*(i+1), 'testing') | |
| for guess in range(256): | |
| key_server_guess = key_server + int.to_bytes(guess, 1, 'big') | |
| if sign_message(b'\0'*(i+1), key_server_guess, 'testing') != s: continue | |
| key_server = key_server_guess | |
| break | |
| print(f'{key_server = }') | |
| get_flag(r, key_server) | |
| r.interactive() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment