Bruteforce bit by bit

brute_remote.py

from pwn import *
from math import *

def match(str_1, str_2):
  s1 = bits(str_1)
  s2 = bits(str_2)
  for i in range(len(s1)):
      if s1[i] != s2[i]:
          return i-1
  return i-1

def try_plain(plain):
  # connect  to remote
  r = remote('icss.ctf.site', 40112)
  
  # wait for prompt
  r.recvline('Type you plain text:')
  
  # send guess
  r.sendline(plain)

  # receive answer
  answer = r.recvall()
  
  # extract
  m = re.search('output: ([a-zA-Z0-9+/]+)',answer)
  answer = m.group(1)

  return answer

confirmed = []
cipher = "ypovStywDFkNEotWNc3AxtlL2IwWKuJA1qawdvYynITDDIpknntQR1gB+Nzl"
total_len = len(cipher) * 6
match_val = len(confirmed)

context.log_level = 'error'

i = 0
while True:
  guess = bits(i)[-6:]
  i += 1
  pad = [0, 1] * ((total_len - len(confirmed + guess))/2)
  plain = unbits(confirmed + guess + pad)
  answer = try_plain(plain)

  if ( match(cipher,answer) > match_val):
    match_val = match(cipher,answer)
    best_guess = guess
    print match_val
    print unbits(confirmed+best_guess)
    print "doing it better !!!!!"

  if i >= 64:
    confirmed = confirmed + best_guess
    i = 0
    best_guess = 0
    print 'end cicle'