# Gleb RUysaewv, our lord and saviour
всем привет ставьте лайки и погнали мы начинаем райтап на крипту
## Encrypccino
просто брутим лол кек
вот скрипт все по последниму слову техники блин!!! потоки!!!!!
```
#!/usr/bin/env python3
import argparse
import hashlib
import secrets
from pathlib import Path
import multiprocessing
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
SALT = b"ENCRYPCCINO"
WARNING = "If you lose your passphrase, we cannot restore access to your data.\nMake sure you save your passphrase in a safe place."
with open(Path(__file__).parent / "words.txt") as f:
words = [w.strip() for w in f.readlines()]
def main():
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group()
group.add_argument(
"-e", "--encrypt", action="store_true", help="encrypt with random passphrase"
)
group.add_argument(
"-d", "--decrypt", metavar="passphrase", help="decrypt with passphrase"
)
parser.add_argument("files", nargs="+")
args = parser.parse_args()
if args.encrypt:
encrypt_all(args.files)
elif args.decrypt:
passphrase = args.decrypt.strip().split(" ")
decrypt_all(args.files, passphrase)
else:
parser.print_help()
def encrypt_all(files):
passphrase = generate_passphrase(2)
passphrase_str = " ".join(passphrase)
print(f"Your passphrase:\n{passphrase_str}\n\n{WARNING}")
for file in files:
with open(file, "rb") as f:
data = f.read()
for word in passphrase:
data = encrypt(word, data)
with open(f"{file}.enc", "wb") as f:
f.write(data)
enc_file = 1
enc_data = []
def download_data(filename):
with open(f"{filename}", "rb") as f:
data = f.read()
return data
def decrypt_all(files, passphrase):
for file in files:
with open(f"{file}.enc", "rb") as f:
data = f.read()
for word in reversed(passphrase):
print([word])
print(data, '->')
data = decrypt(word, data)
print(data, '\n')
with open(file, "wb") as f:
f.write(data)
def try_combination(passphrase):
for word in reversed(passphrase):
try:
data = decrypt(word, enc_data)
except:
return 0
return data
def bruteforce(chunk):
cnt1 = 0
for i in words[min(370103 - 1, chunk*37000):min(370103, (chunk+1)*37000)]:
cnt1 += 1
if cnt1 % 1000 == 0: print('[', chunk, ']',cnt1, '/ 37000')
try:
data = decrypt(i, enc_data)
except:
continue
for j in words:
try:
data2 = decrypt(j, data)
except:
continue
if data2[:5] == b'Lorem':
print([data2, i, j])
# https://xkcd.com/936/
def generate_passphrase(strength):
return [secrets.choice(words) for _ in range(strength)]
def encrypt(password, plaintext):
return cipher(password).encrypt(pad(plaintext, 16))
def decrypt(password, ciphertext):
return unpad(cipher(password).decrypt(ciphertext), 16)
def cipher(password):
digest = hashlib.sha256(password.encode() + SALT).digest()
key, iv = digest[:16], digest[16:]
return AES.new(key, AES.MODE_CBC, iv)
def init_brute():
print('Starting threads..')
pool = multiprocessing.Pool()
pool.map(bruteforce, range(1, 10))
pool.close()
print('Done')
if __name__ == "__main__":
main()
```
## I'm one yet many
ЗАМЕЧАЕМ что ключ то у нас один а на конце каждой строки из readlines у нас \n вот и думайтеперь
вот скрипт
```
#!/usr/bin/env python3
import os
def encrypt(key, plaintext):
assert len(key) >= len(plaintext)
return bytes(x ^ y for x, y in zip(key, plaintext))
def main():
key = os.urandom(10 * 1024)
with open("flag.txt", "rb") as f:
flag = f.read()
print(encrypt(key, flag))
with open("data.bin", "rb") as f:
for line in f.readlines():
print(encrypt(key, line))
key = b'\x00'*2435
def modify_key(element, number):
global key
buff = list(key)
buff[element] = number
key = bytes(buff)
otp = open('output.txt', 'r')
results = otp.readlines()
results = [i.strip('\n') for i in results]
results = [bytearray.fromhex(i) for i in results]
for i in results[1:]:
nline = len(i) - 1
modify_key(nline, i[-1] ^ 10)
print(encrypt(key, results[0]))
```
простите за говнокод)))
## Firmware
находим официальный райтап таска от LIveOVERFLOW
https://www.youtube.com/watch?v=EOlddNofKxo
там штото про математику
копируем скрипт из комментов
ксорим фейковую прошивку с оригом
вписываем результат в строку GOAL
(в саге скрипте в комментах)
запускаем
вываливаются названия файлов
создаем их в фейк архиве
PROFIT!!!
```
import sage.all
import hashlib
# part1 - https://www.youtube.com/watch?v=Vgdhlh6evjI
# part2 - https://www.youtube.com/watch?v=EOlddNofKxo
# prepare a table of bits
def bits_of(x):
bits = []
for c in "{:08b}".format(x):
bits += [int(c)]
return bits
# list of 8bit arrays/vectors
# bits_table[ 0] = [0,0,0,0, 0,0,0,0]
# bits_table[ 3] = [0,0,0,0, 0,0,1,1]
# bits_table[86] = [0,1,0,1, 0,1,1,0]
bits_8_table = [bits_of(x) for x in range(0x100)]
def mk_vector(filename):
bits_256 = []
# sha256 of the filename+"\0"
result = hashlib.sha256(filename)
# for each byte of the hash we get each bit
for byte in result.digest():
# add the next 8 bits to the bits vector
bits_256 += bits_8_table[byte]
# return the bit vector
return bits_256
GF2 = Zmod(2)
vectors = []
filenames = []
# loop over some numbers
for x in range(99999):
# generate a 256bit vector from a possible filename
filename = "{}\0".format(x)
new_256_vector = mk_vector(bytes(filename, 'utf-8'))
# create a matrix of all old vectors + the potential new one in GF(2)
m = matrix(GF2, vectors + [new_256_vector]).transpose()
# check the rank of this matrix
rank = m.rank()
# if rank increased, keep this file and vector because it's linear independent
if rank > len(vectors):
print("file '{:3}' is linear independent".format(x))
vectors += [new_256_vector]
filenames += [filename]
else:
print("file '{:3}' is NOT linear independent".format(x))
if len(vectors)==256:
break
GOAL = []
# the signed hash is the "point" that we want to get to in the vector space
for c in '\xd7,\x06\xda9Z\xf9\xbe\xaa:\x9ec\x99\xe4\x17\xcf\\\x95HZ2\xe6180v\x0e\x8c\x02\xa8\x9c\x8d':
GOAL += bits_8_table[ord(c)]
# create the whole matrix in GF(2) with all 256 bit vectors
m = matrix(GF2, vectors).transpose()
solved_equation = m.solve_right(vector(GOAL))
print(solved_equation)
for x, s in zip(solved_equation, filenames):
#print x, s
if x:
print(s)
```
Sign in with Wallet
Connect another wallet