Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import base64,struct,time
- from telnetlib import Telnet
- from providers.mac.sha256 import Sha256MP
- from providers.mac.crc32 import Crc32MP
- from providers.mac.rsa1024 import Rsa1024MP
- from providers.mac.dsa512 import Dsa512MP
- from providers.mac.aes256_xor import Aes256XorMP
- from providers.serialization.concat import ConcatenatorSP
- from cvcb import CovidVaccinationCertificateBuilder
- from Crypto.Util import number
- from sympy import Matrix,Symbol,QQ
- from sympy.ntheory import residue_ntheory
- # from sha256_padding import SHA256,brute_force_len_padding
- class SHA256:
- def __init__(self, debug=False):
- self.debug=debug
- self.h = [
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c,
- 0x1f83d9ab, 0x5be0cd19
- ]
- self.k = [
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
- 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
- 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
- 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
- 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
- 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
- 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
- 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
- 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
- ]
- def set_state(self,h):
- self.h=h
- def rotate_right(self, v, n):
- w = (v >> n) | (v << (32 - n))
- return w & 0xffffffff
- ## only d & h change value other change location
- ## Now, we need to figure out what d and h are, from tmp2 and tmp3.
- def compression_step(self, state, k_i, w_i):
- a, b, c, d, e, f, g, h = state
- s1 = self.rotate_right(e, 6) ^ self.rotate_right(e, 11) ^ self.rotate_right(e, 25)
- ch = (e & f) ^ (~e & g)
- tmp1 = (h + s1 + ch + k_i + w_i) & 0xffffffff
- s0 = self.rotate_right(a, 2) ^ self.rotate_right(a, 13) ^ self.rotate_right(a, 22)
- maj = (a & b) ^ (a & c) ^ (b & c)
- tmp2 = (tmp1 + s0 + maj) & 0xffffffff
- tmp3 = (d + tmp1) & 0xffffffff
- return (tmp2, a, b, c, tmp3, e, f, g)
- def compression(self, state, w, round_keys = None): ## ?? same round key for
- if round_keys is None:
- round_keys = self.k
- for i in range(64):## compress 64 time?? only 8 key
- state = self.compression_step(state, round_keys[i], w[i])
- if self.debug: print(f"Round {i}:",state)
- return state
- def compute_w(self, m):
- w = list(struct.unpack('>16L', m))
- for _ in range(16, 64):
- a, b = w[-15], w[-2]
- s0 = self.rotate_right(a, 7) ^ self.rotate_right(a, 18) ^ (a >> 3)
- s1 = self.rotate_right(b, 17) ^ self.rotate_right(b, 19) ^ (b >> 10)
- s = (w[-16] + w[-7] + s0 + s1) & 0xffffffff
- w.append(s)
- return w
- def padding(self, m, lm_=None):
- lm = lm_ if lm_ else len(m)
- lpad = struct.pack('>Q', 8 * lm)
- lenz = -(lm + 9) % 64
- return m + bytes([0x80]) + bytes(lenz) + lpad
- def sha256_raw(self, m, round_keys = None):
- if len(m) % 64 != 0:
- raise ValueError('m must be a multiple of 64 bytes')
- state = self.h
- if self.debug: print(f"Init state:\n{state}")
- for i in range(0, len(m), 64):
- block = m[i:i + 64]
- w = self.compute_w(block)
- s = self.compression(state, w, round_keys)
- state = [(x + y) & 0xffffffff for x, y in zip(state, s)]
- if self.debug:print(f"New state:\n{state}")
- return state # 8 * 4_bytes
- def sha256(self, m, round_keys = None, lm_=None):
- m_padded = self.padding(m,lm_) # first get padding mess
- state = self.sha256_raw(m_padded, round_keys)
- return struct.pack('>8L', *state)
- def brute_force_len_padding(message):
- sha256 = SHA256()
- len_prepadding = 32
- dump = sha256.padding(b'A'*len_prepadding+message)
- return dump[len_prepadding:]
- ip,port = '34.124.243.167',1337
- # ip,port = '127.0.0.1',1337
- sage_service = '127.0.0.1',65535
- def banner(t):
- resp = t.read_until(b'\n');print(resp)
- resp = t.read_until(b'\n');print(resp)
- def choose_mod(t,mod):
- t.write(f'{mod}\n'.encode())
- def generate_mac(t):
- todo = False
- def verify_mac(t):
- todo = False
- def get_cert(t,mod,cid,cname):
- t.write(f"{mod}\n".encode())
- t.write(base64.b64encode(cid)+b'\n')
- t.write(base64.b64encode(cname)+b'\n')
- resp = t.read_until(b'\n');print(resp)
- return base64.b64decode(resp)
- def get_public_info(t):
- resp = t.read_until(b'\n');print(resp)
- return b'' if resp==b'\n' else base64.b64decode(resp)
- def send_cert(t,cert):
- t.write(base64.b64encode(cert)+b'\n')
- def check_correct_status(choice):
- t = Telnet(ip,port)
- banner(t)
- sp = ConcatenatorSP()
- cid,cname=b'AAAAAA',b'AAAAAA'
- if choice == 1:
- mp = Aes256XorMP()
- elif choice == 2:
- mp = Crc32MP()
- elif choice == 3:
- mp = Dsa512MP()
- elif choice == 4:
- mp = Rsa1024MP()
- builder = CovidVaccinationCertificateBuilder(mp, sp)
- cert = get_cert(t,choice,cid,cname)
- pub_key = get_public_info(t)
- elif choice == 5:
- mp = Sha256MP()
- builder = CovidVaccinationCertificateBuilder(mp, sp)
- cert = get_cert(t,choice,cid,cname)
- pub_key = get_public_info(t)
- data,signature = split_cert(mp,cert)
- send_cert(t,cert)
- resp = t.read_until(b'\n');print(resp)
- # t.interact()
- def split_cert(mp,signature):
- data,hash_ = signature[:-mp.get_mac_size()],signature[-mp.get_mac_size():]
- return data,hash_
- def submit(chall, flag):
- import requests,re
- s = requests.Session()
- # x_polaris_sid=; session=; x_polaris_sd=IoYr8eJdcJ0p/Aj7ilBSP8bAXgi5h55NqMNZ3UGG33dJEcotEinSMnhe0u08IV5Lt62YG|BrqFwcL6/yiTLnZuWokU0iRKWerwiSeucxEUHcNWlwe1CWVUJyLE2|2p7ubdNw
- cookies = {"x_polaris_sid":"B5f2mEvdr4||11y|h6Oj7sFqen8lLFYRX1Rx","polaris_sc":"blevvfs1vc0tbfu287jj0bp0rfme5f5v8c7o17ucofjts0", "x_polaris_cid": "bl605j2hsinoocvkhvi82ml71su4a03es7q2kov0bhuuo0",
- # "session":"ef991cb0-b980-4cf1-b886-5a5d919a0925.SJqwC4we5KvDtkfOVzfGeYPHwSE"}
- "session":"8eadefe3-7bd1-4aff-b762-7cc1ce2a6ac5.165NyFLL4mpk7VeCXog_f6GN71c"}
- data = {"team":"BkSec.Oggy",
- "daemon": chall,"action": "submit-flag","flag": flag}
- # r = s.post('https://ascis.1337.edu.vn/submitflag_API', data={"team":"Nupakachi","daemon":"Pwn02","action": "submit-flag","flag":"abc"}, proxies={'http': 'http://192.168.169.133:8080/', 'https': 'https://192.168.169.133:8080/'}, cookies=cookies, verify=False)
- r = s.post('https://ascis.1337.edu.vn/submitflag_API', data=data, cookies=cookies)
- # print(r.text)
- print(re.search(r'alert(.*?)</script', r.text).group(1))
- def solve5():
- t = Telnet(ip,port)
- banner(t)
- choice = 5
- mp = Sha256MP()
- cid,cname=b'AAAAAA',b'AAAAAA'
- cert = get_cert(t,choice,cid,cname)
- pub_key = get_public_info(t)
- # print(cert)
- data,signature = split_cert(mp,cert)
- # print(data,signature);input()
- state = list(struct.unpack('>8L', signature))
- sha256 = SHA256()
- sha256.set_state(state)
- message_padding = b'|'+sp.serialize({
- b"issuer": b"vnsecurity",
- b"citizen_id": b"admin",
- b"citizen_name": b"admin",
- b"doses": (2).to_bytes(1, "big") # hopefully no one will take more than 255 doses :D
- })
- lm_ = len(sha256.padding(message_padding))
- new_sig = sha256.sha256(message_padding,lm_=lm_+len(message_padding))
- mess = brute_force_len_padding(data)
- fake_cert = mess+message_padding+new_sig
- send_cert(t,fake_cert)
- # print(fake_cert,sp.deserialize(fake_cert))
- # print(cert)
- # send_cert(t,cert)
- resp = t.read_until(b'\n');print(resp)
- return resp
- def solve4():
- choice =4
- t = Telnet(ip,port)
- banner(t)
- mp = Rsa1024MP()
- sp = ConcatenatorSP()
- cid,cname=b'AAAAA',b'BBBBBBBBBBBBBBBB'
- cert = get_cert(t,choice,cid,cname)
- n,e,d = [int(i,16) for i in get_public_info(t).split(b',')]
- mp.n,mp.e,mp.d = n,e,d
- data = sp.serialize({
- b"issuer": b"vnsecurity",
- b"citizen_id": b"admin",
- b"citizen_name": b"admin",
- b"doses": (2).to_bytes(1, "big") # hopefully no one will take more than 255 doses :D
- })
- signature = mp.generate_mac(data)
- fake_cert = data+signature
- send_cert(t,fake_cert)
- resp = t.read_until(b'\n');print(resp)
- return resp
- def solve4_1():
- choice = 4
- def solve1():
- choice = 1
- t = Telnet(ip,port)
- banner(t)
- mp = Aes256XorMP()
- sp = ConcatenatorSP()
- cid,cname=b'AAAAA',b'BBBBBBBBBBBBBBBB'
- cert = get_cert(t,choice,cid,cname)
- pub_key = get_public_info(t)
- data,signature = split_cert(mp,cert)
- block_size = 16
- data += b'\x00' * (-len(data) % block_size)
- fake_mess = sp.serialize({
- b"issuer": b"vnsecurity",
- b"citizen_id": b"admin",
- b"citizen_name": b"admin",
- b"doses": (2).to_bytes(1, "big") # hopefully no one will take more than 255 doses :D
- })
- fake_cert=data+fake_mess+b'\x00' * (-len(fake_mess) % block_size)+fake_mess+signature
- # print(fake_cert)
- send_cert(t,fake_cert)
- resp = t.read_until(b'\n');print(resp)
- return resp
- def root_ring(q,var,f):
- t = Telnet(*sage_service)
- tmp = f'''F = PolynomialRing(GF({q}),'{var}');{var}=F.gens()[0]'''.replace('\n','')
- t.write(f"{tmp}\n".encode())
- # t.write(f'solve(f,{var},solution_dict=True)\n'.encode()) # bof ??
- t.write(f'f.roots()\n'.encode()) # return [(x,exp),] => x**exp
- resp=t.read_until(b'\n');print(resp)
- resp = resp.decode().replace('x',str(var))
- return eval(resp[:-1])
- def discrete_log(a,b,p):
- t = Telnet(*sage_service)
- t.write(f"a=(GF({p})({a}))\n".encode())
- t.write(f"a.log(GF({p})({b}))\n".encode())
- resp = t.read_until(b'\n')
- return eval(resp[:-1])
- def solve3():
- choice = 3
- t = Telnet(ip,port)
- banner(t)
- mp = Dsa512MP()
- sp = ConcatenatorSP()
- p = 0x299279f0e8cafde76b4377a707943c616f734b60c0d1817f105a1b739688b94a81ed4b77275f588910fd3562a8c52ee8cd69cb9b3696c3af80b7a8b7f28944b
- h = 2
- q = (p - 1) // h
- g = pow(2021, h, p)
- cid,cname=b'AAAAAA',b'AAAAAA'
- cert = get_cert(t,choice,cid,cname)
- pub_key = int(get_public_info(t),16)
- block_size = 64
- data,signature = split_cert(mp,cert)
- r,s = int.from_bytes(signature[:block_size],'big'),int.from_bytes(signature[block_size:],'big')
- fake_mess = sp.serialize({
- b"issuer": b"vnsecurity",
- b"citizen_id": b"admin",
- b"citizen_name": b"admin",
- b"doses": (2).to_bytes(1, "big") # hopefully no one will take more than 255 doses :D
- })
- x = discrete_log(pub_key,g,p) ## p order small
- mp.x=x
- mp.y=pub_key
- fake_cert = fake_mess+mp.generate_mac(fake_mess)
- # print(fake_cert)
- send_cert(t,fake_cert)
- resp = t.read_until(b'\n');print(resp)
- return resp
- ## ASCIS{d48da7e497ed368f2cef647bbe84c44c}
- if __name__=='__main__':
- # while True:
- # choice = 1
- choice = 2
- # choice = 3
- # choice = 4
- # choice = 5 # OK
- sp = ConcatenatorSP()
- if choice == 1:
- mp = Aes256XorMP()
- elif choice == 2:
- mp = Crc32MP()
- elif choice == 3:
- mp = Dsa512MP()
- elif choice == 4:
- mp = Rsa1024MP()
- elif choice == 5:
- mp = Sha256MP()
- builder = CovidVaccinationCertificateBuilder(mp, sp)
- # check_correct_status(choice);input()
- # resp = solve1()
- resp = solve3()
- # resp = solve4()
- # resp = solve4_1()
- # resp = solve5()
- # submit("Crypto01", resp)
Add Comment
Please, Sign In to add comment