Saturday, 13 July 2013

[EBCTF Teaser] Crypto100

#!/usr/bin/python
import hashlib, string, sys
ROUNDS = 20000
def xor(a, b):
l = min(len(a), len(b))
return ''.join([chr(ord(x) ^ ord(y)) for x,y in zip(a[:l], b[:l])])
def h(x):
x = hashlib.sha256(x).digest()
x = xor(x[:16], x[16:])
return x
def verify(x):
return all([ord(c) < 127 for c in x])
def crypt(msg, passwd):
k = h(passwd)
for i in xrange(ROUNDS):
k = h(k)
out = ''
for i in xrange(0, len(msg), 16):
out += xor(msg[i:i+16], k)
k = h(k + str(len(msg)))
return out
def encrypt(msg, passwd):
msg = crypt(msg, passwd)
return msg.encode('base64')
def decrypt(msg, passwd):
msg = crypt(msg.decode('base64'), passwd)
if verify(msg):
return msg
else:
sys.stderr.write('Looks like a bad decrypt\n')
sys.exit(1)
if len(sys.argv) < 5 or sys.argv[1] not in ('encrypt', 'decrypt'):
print 'Usage:\tcrypto.py encrypt <password> <infile> <outfile>'
print '\tcrypto.py decrypt <password> <infile> <outfile>'
sys.exit(1)
op, passwd, infile, outfile = sys.argv[1:]
inp = open(infile).read()
if op == 'encrypt':
ct = encrypt(inp, passwd)
open(outfile, 'w').write(ct)
elif op == 'decrypt':
pt = decrypt(inp, passwd)
open(outfile, 'w').write(pt)
view raw crypto.py hosted with ❤ by GitHub
import hashlib, string, sys
def h(x):
x = hashlib.sha256(x).digest()
x = xor(x[:16], x[16:])
return x
def xor(a, b):
l = min(len(a), len(b))
return ''.join([chr(ord(x) ^ ord(y)) for x, y in zip(a[:l], b[:l])])
def crypt(msg, k):
out = ''
for i in xrange(0, len(msg), 16):
out += xor(msg[i:i+16], k)
k = h(k + str(len(msg)))
return out
def verify(x):
return all([ord(c) < 127 for c in x])
#plaintext = 'From: Baron van '
plaintext = 'From: Vlugge Jap'
print len(plaintext)
#get first 16 bytes from msg002.enc
file_contents = open('msg002.enc','r').read().decode('base64')
ciphertext = file_contents[0:16]
key = xor(plaintext,ciphertext)
out = crypt(file_contents,key)
if verify(out):
print out
else:
print 'Bad decrypt!'
view raw dec.py hosted with ❤ by GitHub
Posted by at No comments:

[SIGINT CTF] RSA

#!/usr/bin/env python
from time import time
from os import system
from Crypto.PublicKey import RSA
SEED = int(time())
def randfunc(n):
def rand():
global SEED
ret = SEED*0x1333370023004200babe004141414100e9a1192355de965ab8cc1239cf015a4e35 + 1
SEED = ret
return (ret >> 0x10) & 0x7fff
ret = ""
while len(ret) < n:
ret += chr(rand() & 0xff)
return ret
keypair = RSA.generate(1024, randfunc)
with open("pub", "w") as pubfile, open("id_rsa", "w") as privfile:
privfile.write(keypair.exportKey())
pubfile.write(keypair.publickey().exportKey())
system("ssh-keygen -m PKCS8 -i -f pub > id_rsa.pub && rm pub")
view raw genrsa.py hosted with ❤ by GitHub
#!/usr/bin/python
import sys
import base64
import struct
filename = sys.argv[1]
file_contents = open(filename,'rb').read()
base64_encoded_info = file_contents.split(' ')[1]
raw_bytes = base64.b64decode(base64_encoded_info)
length = struct.unpack('>I',raw_bytes[0:4])[0]
raw_bytes = raw_bytes[4:]
data = raw_bytes[0:length]
print 'Obtained string: %s'%(data)
raw_bytes = raw_bytes[length:]
exponent_size = struct.unpack('>I',raw_bytes[0:4])[0]
print 'Exponent size: %d'%(exponent_size)
raw_bytes = raw_bytes[4:]
exponent = 0
for i in range(0,exponent_size):
exponent<<=8
exponent += ord(raw_bytes[i])
print 'Exponent: '+str(exponent)
raw_bytes = raw_bytes[exponent_size:]
modulus_size = struct.unpack('>I',raw_bytes[0:4])[0]
raw_bytes = raw_bytes[4:]
print 'Modulus size: %d'%(modulus_size)
modulus = 0
for i in range(0,modulus_size):
modulus<<=8
modulus += ord(raw_bytes[i])
print 'Modulus: '+str(modulus)
view raw rsa_extract.py hosted with ❤ by GitHub
from Crypto.PublicKey import pubkey
from Crypto.Util import number
import fractions
import sys
MIN_SEED = int(sys.argv[1])
MAX_SEED = int(sys.argv[2])
SEED = MAX_SEED
def randfunc(n):
def rand():
global SEED
ret = SEED*0x1333370023004200babe004141414100e9a1192355de965ab8cc1239cf015a4e35 + 1
SEED = ret
return (ret >> 0x10) & 0x7fff
ret = ""
while len(ret) < n:
ret += chr(rand() & 0xff)
return ret
correct_modulus = 133542334266816908873627788991135098836872531174929294246169531210661376429243860064170039541966242804413057715139822380296022355504905790916703933165069728724833411797448828615450127927989084469577103148831167203596018572102137170380105783557008648639360019823792278259940952368577709045086814405497576841683
e = long(65537)
bits = 1024
debug = 1
while MAX_SEED > MIN_SEED:
SEED = MAX_SEED
p = q = 1L
while number.size(p*q) < bits:
p = pubkey.getStrongPrime(bits>>1, e, 1e-12, randfunc)
q = pubkey.getStrongPrime(bits - (bits>>1), e, 1e-12, randfunc)
modulus = p*q
gcd = fractions.gcd( modulus, correct_modulus )
if gcd > 1:
print 'GCD: %d\np: %d\nq: %d\n'%(gcd,p,q)
break
MAX_SEED-=1
view raw pwn_rsa.py hosted with ❤ by GitHub
from Crypto.PublicKey import pubkey
from Crypto.Util import number
from Crypto.PublicKey import RSA
from Crypto.PublicKey import _slowmath
import fractions
import sys
import os
e = long(65537)
p = long(13097286606179453667665592444299109782484218865253457545521978739889248320232481682880143106432871469494586765663594908396375009598486558938138835723794021)
q = long(10196183246368760603869192593971202143897281417220455881063414616103901438182656326076501376638806928762094749150020638960102206987607293047096627515275223)
n = long(p*q)
d = long(pubkey.inverse(e, (p-1)*(q-1)))
key = _slowmath._RSAKey()
key.e = e
key.p = p
key.q = q
key.n = n
key.d = d
keypair = RSA._RSAobj(RSA.RSAImplementation(),key)
with open("pub", "w") as pubfile, open("id_rsa", "w") as privfile:
privfile.write(keypair.exportKey())
pubfile.write(keypair.publickey().exportKey())
os.system("ssh-keygen -m PKCS8 -i -f pub > id_rsa.pub && rm pub")
view raw key_gen.py hosted with ❤ by GitHub
Posted by at No comments:
Subscribe to: Posts (Atom)