update
This commit is contained in:
@@ -37,4 +37,4 @@ Hack the box december [CTF](https://ctf.hackthebox.com/ctf/249)
|
|||||||
|
|
||||||
## Writeups
|
## Writeups
|
||||||
|
|
||||||
- Each challenge subfolder contains a small README.md
|
- Each challenge subfolder contains a README.md
|
||||||
|
|||||||
@@ -6,45 +6,50 @@ from math import gcd
|
|||||||
# the modulus for the lcg prng
|
# the modulus for the lcg prng
|
||||||
n = 256
|
n = 256
|
||||||
# the header of the pdf v1.5 file
|
# the header of the pdf v1.5 file
|
||||||
header = [ 0x25, 0x50, 0x44, 0x46, 0x2d, 0x31, 0x2e ]
|
header = [0x25, 0x50, 0x44, 0x46, 0x2D, 0x31, 0x2E]
|
||||||
|
|
||||||
|
|
||||||
def get_factors(ct: bytes, n: int = 256) -> (int, int):
|
def get_factors(ct: bytes, n: int = 256) -> (int, int):
|
||||||
''' find a and b for n and ct '''
|
"""find a and b for n and ct"""
|
||||||
# first generate a list of all numbers without common divisor with 256
|
# first generate a list of all numbers without common divisor with 256
|
||||||
nogcds = [x for x in range(1, n) if gcd(x, n) == 1]
|
nogcds = [x for x in range(1, n) if gcd(x, n) == 1]
|
||||||
for b in range(1, n):
|
for b in range(1, n):
|
||||||
for a in nogcds:
|
for a in nogcds:
|
||||||
for i, enc in enumerate(header):
|
for i, enc in enumerate(header):
|
||||||
candidate = (a * enc + b) % n
|
candidate = (a * enc + b) % n
|
||||||
if candidate != ct[i]: break
|
if candidate != ct[i]:
|
||||||
if(i+1 == len(header)):
|
break
|
||||||
|
if i + 1 == len(header):
|
||||||
return (a, b)
|
return (a, b)
|
||||||
print('[-] No solution found.')
|
print("[-] No solution found.")
|
||||||
return (0, 0)
|
return (0, 0)
|
||||||
|
|
||||||
|
|
||||||
def generate_lookuptable(a: int, b: int) -> dict[int, int]:
|
def generate_lookuptable(a: int, b: int) -> dict[int, int]:
|
||||||
''' generate a lookuptable for the translation of the enc file'''
|
"""generate a lookuptable for the translation of the enc file"""
|
||||||
out = {}
|
out = {}
|
||||||
for i in range(0, 256):
|
for i in range(0, 256):
|
||||||
lt = (i * a + b) % 256
|
lt = (i * a + b) % 256
|
||||||
out[lt] = i
|
out[lt] = i
|
||||||
return out
|
return out
|
||||||
|
|
||||||
|
|
||||||
def decrypt(ct: bytes, lut: dict) -> bytes:
|
def decrypt(ct: bytes, lut: dict) -> bytes:
|
||||||
''' decrypt the file using the lookup table '''
|
"""decrypt the file using the lookup table"""
|
||||||
res = b''
|
res = b""
|
||||||
for byte in ct:
|
for byte in ct:
|
||||||
dec = lut[byte]
|
dec = lut[byte]
|
||||||
res += bytes([dec])
|
res += bytes([dec])
|
||||||
return res
|
return res
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
ct = open('encrypted.bin', 'rb').read()
|
if __name__ == "__main__":
|
||||||
|
ct = open("encrypted.bin", "rb").read()
|
||||||
a, b = get_factors(ct)
|
a, b = get_factors(ct)
|
||||||
print(f'[+] Factors solved: a={a}, b={b}')
|
print(f"[+] Factors solved: a={a}, b={b}")
|
||||||
lut = generate_lookuptable(a, b)
|
lut = generate_lookuptable(a, b)
|
||||||
print(f'[+] Lookuptable generated: \nlookup = {lut}')
|
print(f"[+] Lookuptable generated: \nlookup = {lut}")
|
||||||
dec = decrypt(ct, lut)
|
dec = decrypt(ct, lut)
|
||||||
print(f'[+] Encrypted file decrypted')
|
print(f"[+] Encrypted file decrypted")
|
||||||
with open('letter.pdf', 'wb') as f:
|
with open("letter.pdf", "wb") as f:
|
||||||
f.write(dec)
|
f.write(dec)
|
||||||
|
|||||||
Reference in New Issue
Block a user