Don't like ads? PRO users don't see any ads ;-)
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
- <?php
- function readCipher($fp)
- {
- $ciphlen = unpack('V', fread($fp, 4));
- $ciphlen = $ciphlen[1];
- //echo "len = $ciphlen".PHP_EOL;
- $ciph = fread($fp, $ciphlen);
- $blocks = str_split($ciph, 16);
- /*foreach ($blocks as $block)
- echo 'B '.(bin2hex($block)).PHP_EOL;
- echo "--------\n";*/
- return $blocks;
- }
- $host = 'localhost:4433';
- //$host = '23.21.15.166:4433';
- $solution = '';
- $fp = stream_socket_client("tcp://$host", $errno, $errstr, 30);
- if (!$fp) {
- echo "$errstr ($errno)\n";
- exit;
- }
- $iv = fread($fp, 16);
- echo 'IV = '.(bin2hex($iv)).PHP_EOL;
- $padlen = 4;
- for ($n = 0; $n < 2; $n++)
- {
- for ($j = 1; $j < 16; $j++)
- {
- $found = false;
- fwrite($fp, pack('V', $padlen));
- $padstr = str_repeat('0', $padlen);
- fwrite($fp, $padstr);
- $blocks = readCipher($fp);
- for ($i = 0x5F; $i < 0x7F; $i++)
- {
- $iv2 = $blocks[count($blocks)-1];
- //echo 'IV2 = '.(bin2hex($iv)).PHP_EOL;
- $c = chr($i);
- $bl = $c.$solution;
- //echo "Trying $c\n";
- if (strlen($bl) < 16)
- $p = $bl.str_repeat(chr(16-$j), 16-$j);
- else
- $p = $bl;
- fwrite($fp, pack('V', 16));
- fwrite($fp, $iv2^$p^$blocks[count($blocks)-2-$n]);
- $lastBlocks = $blocks;
- $blocks = readCipher($fp);
- if (in_array($blocks[0],$lastBlocks))
- {
- $solution = chr($i).$solution;
- echo "Sol: $solution\n";
- $found = true;
- $padlen++;
- break;
- } else {
- fwrite($fp, pack('V', $padlen));
- $padstr = str_repeat('0', $padlen);
- fwrite($fp, $padstr);
- $blocks = readCipher($fp);
- }
- }
- if (!$found)
- {
- echo "Sol: $solution\n";
- echo "end\n";
- break;
- }
- }
- }
- fclose($fp);
create a new version of this paste
RAW Paste Data