r86bf.py

1. #!/usr/bin/env python3
2.  
3. import sys
4. import random
5.  
6. RULE = [0,1,1,0,1,0,1,0]
7.  
8. def next(x):
9.   x = (x & 1) << 257 | x << 1 | x >> 255
10.   y = 0
11.   for i in range(256):
12.     y |= RULE[(x >> i) & 7] << i
13.   return y
14.  
15. # bootstrap the PRNG
16. # total 29 chars from hint image
17. password = 'INS{vbv"zU123AFn\cBx_%?45678}'
18.  
19. while 1:
20.   #r=random.randint(1,28)
21.   for r in range(5,28):
22.     maxfound=0
23.     foundchars=""
24.  
25.     for c1 in range(32,127):
26.       for c2 in range(32,127):
27.         temppassword=password[:r-1]+chr(c1)+chr(c2)+password[r+1:]
28.         keystream = int.from_bytes(temppassword.encode(),'little')
29.         for i in range(128):
30.           keystream = next(keystream)
31.         goal=0x52cc2cc124e3f2c28f5b9123904dc015babfd5c0988cb8d670f190fbb57593e2
32.         numok=0
33.         for i in range(256):
34.           if((keystream&(1<<i))==(goal&(1<<i))):
35.             numok+=1
36.         if(numok>maxfound):
37.           maxfound=numok
38.           foundchars=""
39.         if(numok==maxfound):
40.           foundchars+=chr(c1)+chr(c2)
41.     print('maxfound: '+str(maxfound)+', pos: '+str(r)+', foundchars: >'+foundchars+'<')
42.     r2=random.randint(1,len(foundchars)//2)-1
43.     betterchar1=foundchars[r2*2]
44.     betterchar2=foundchars[r2*2+1]
45.     password=password[:r-1]+betterchar1+betterchar2+password[r+1:]
46.     if(maxfound==256):
47.       print('Solution: '+password)
48.     else:
49.       print('better: '+password)