# phiphai
- Đây là một bài RSA cơ bản, khi mở lên ta nhận được source code sau:
```python=
from Crypto.Util.number import *
flag = b'W1{?????????????}'
m = bytes_to_long(flag)
e = 0x10001
p = getPrime(1024)
q = getPrime(1024)
n = p*q
e = 65537
phi = (p-1)*(q-1)
d = pow(e, -1, phi)
hint = p+q
c = pow(m,e,n)
print(f"e={e}")
print(f"d={d}")
print(f"hint={hint}")
print(f"c={c}")
'''
e=65537
d=4504287984018183537713208161402766323065548618393723872837173606374276398491834181934336417310620387990925189536232872881499528612504958202701279049935780903977608853793957819684386053139789777966936156264230499424635837453895019683637553474699470241265384239892304309743522811693909773853204104744746499940669186347989219693819334120860342801601135658920550816397929837218587842050717426094705159184294217221659550021174121437354727563286401517383250923022292331155286641664114777714280910808217996581853423619501922201519238297960634332127751600929842715997073072544823353485994644594610107896462399877655553045761
hint=231925193905919836406214406898885408169720762556845482044575179755202576770665967750292209535638389585617923204488598005919071680696574306168950409350364369661185363429309191455686049593246205245617043129829360203967945465085196018291809693305049028207915207766096530755343783712735226590596701430255772594556
c=6217038084836470023310381029897048208087224587728895918727075557465841714766785434203795384404277685883194699549944699326316064489862857903738642081680285228167738881574533344177255570731527611503589831001734795490242158816621194509455025049486128406587545324515046616431849802141624745659660349892441242897503306780984369111460208907969417056103375189617092555003582813739896435112054576310776891033107119212517760203084951964632014280482552024983115272574743031704179104705817029355755554440364213319205880788661502753344785708858216051846295494426952842154398100557142240912181225765846610290283305931102820798460
'''
```
- Phân tích ta có được $hint = p + q$, ngoài ra ta biết được $phi(n) = (p - 1) * (q - 1)$, từ đây ta chỉ cần phân tích như sau:
$(p - 1) * (q - 1) + hint = p * q$
$d * e = 1 + k * phi(n)$
$phi(n) = (d * e - 1) // k$
$p * q = phi(n) + hint-1$
- Tới đây, ta có thuật toán bruteforce từng $k$ đề tìm $n$ từ đó kiếm được flag bằng cách giải mã RSA thông thường.
```python
e=65537
d=4504287984018183537713208161402766323065548618393723872837173606374276398491834181934336417310620387990925189536232872881499528612504958202701279049935780903977608853793957819684386053139789777966936156264230499424635837453895019683637553474699470241265384239892304309743522811693909773853204104744746499940669186347989219693819334120860342801601135658920550816397929837218587842050717426094705159184294217221659550021174121437354727563286401517383250923022292331155286641664114777714280910808217996581853423619501922201519238297960634332127751600929842715997073072544823353485994644594610107896462399877655553045761
hint=231925193905919836406214406898885408169720762556845482044575179755202576770665967750292209535638389585617923204488598005919071680696574306168950409350364369661185363429309191455686049593246205245617043129829360203967945465085196018291809693305049028207915207766096530755343783712735226590596701430255772594556
c=6217038084836470023310381029897048208087224587728895918727075557465841714766785434203795384404277685883194699549944699326316064489862857903738642081680285228167738881574533344177255570731527611503589831001734795490242158816621194509455025049486128406587545324515046616431849802141624745659660349892441242897503306780984369111460208907969417056103375189617092555003582813739896435112054576310776891033107119212517760203084951964632014280482552024983115272574743031704179104705817029355755554440364213319205880788661502753344785708858216051846295494426952842154398100557142240912181225765846610290283305931102820798460
k = 1
while 1 :
phi = (d * e - 1) // k
n = phi + hint - 1
print(k)
#print(phi, hint, n)
x = hex(pow(c, d, n))[2:]
if (len(x) % 2 != 0) :
k = k + 1
continue
plain = bytes.fromhex(hex(pow(c, d, n))[2:])
#print(plain)
if plain.startswith(b'W1{') :
print(plain)
break
k = k + 1
#b'W1{phi_phai_la_game_rac_so_1_vn}'
```
# phiphai2
- Đây là một bài RSA cơ bản, khi mở lên ta nhận được source code sau:
```python
from Crypto.Util.number import *
flag = b'W1{???????????}'
p = getPrime(1024)
q = getPrime(1024)
e = 65537
n = p*q
leak = (p**2+q**2) % n
ct = pow(bytes_to_long(flag),e, n)
print(f'{n = }')
print(f'{leak = }')
print(f'{ct = }')
'''
n = 20842938351896783351765564497257406689875073939168847270109018452331595953195137925905407574790509131975169442262183423216630782056006817670026102637100795102868553295795605909294220001159170312214938967565708237131119660898946450453038715919305770854433454485282482531591669338374784896696254086081923985254456532726474557269047987653955703675146699130077388795028830171715932232259532178061195603162554212575207799198670246556909810593997402979919324116015029695269687378794139114073155816838415492318483626370434226417328166879349978988600491401399315534138391936796615782306743416152563145103425347897571269559877
leak = 1246889223294307854370712989427585884021285335323141671816486223380713311286629425480810174036551750931478373626071781038942054037291709281118654737087599035092443005799430352628570933778452108536502272580400092528062848455445985692614774855796791907610933670663580901476953467808284328166657791568856558571935788405193538986947393116928493787198798661826785549975721130971676199856446097879499458065034678153636052702160287204920680541565366139294026010089009061274372587986143754097126566624340639998228509117420424679732985956823117206903025894886029533740978018513157416105341714161360196840042575896512731742096
ct = 3088291167300681828911890341254838261507896143994085977627215978594078495952883007565773809797879150841185401282724413230256089706081482055304607098189837372445021022139016449305819308800001848241222118389290692225549475347019810385147707744883436586629808823247373108273012523932858309484832402796522454251129915341722714855738383668651266661352021406899104266596812402238487015961091455318371807234925900608259741913811110018686747303985152505270333578971573169716269092799613880511496142576903738948348527279101539196915559331086705114365249818982213416798535758240324625059044600889754519687795415852504666992830
'''
```
- Khác với phiên bản trên ở đây ta nhận được $leak = (p^2+q^2) % n$, từ đây $leak = p^2+q^2+k*n$ $=> leak = p^2 + q^2 + 2pq$, ta thấy đây là phương trình bậc 2. Ta chỉ cần bruteforce $k$ cộng vào cho tới khi ra được nghiệm thỏa mãn.
```python=
n = 20842938351896783351765564497257406689875073939168847270109018452331595953195137925905407574790509131975169442262183423216630782056006817670026102637100795102868553295795605909294220001159170312214938967565708237131119660898946450453038715919305770854433454485282482531591669338374784896696254086081923985254456532726474557269047987653955703675146699130077388795028830171715932232259532178061195603162554212575207799198670246556909810593997402979919324116015029695269687378794139114073155816838415492318483626370434226417328166879349978988600491401399315534138391936796615782306743416152563145103425347897571269559877
leak = 1246889223294307854370712989427585884021285335323141671816486223380713311286629425480810174036551750931478373626071781038942054037291709281118654737087599035092443005799430352628570933778452108536502272580400092528062848455445985692614774855796791907610933670663580901476953467808284328166657791568856558571935788405193538986947393116928493787198798661826785549975721130971676199856446097879499458065034678153636052702160287204920680541565366139294026010089009061274372587986143754097126566624340639998228509117420424679732985956823117206903025894886029533740978018513157416105341714161360196840042575896512731742096
ct = 3088291167300681828911890341254838261507896143994085977627215978594078495952883007565773809797879150841185401282724413230256089706081482055304607098189837372445021022139016449305819308800001848241222118389290692225549475347019810385147707744883436586629808823247373108273012523932858309484832402796522454251129915341722714855738383668651266661352021406899104266596812402238487015961091455318371807234925900608259741913811110018686747303985152505270333578971573169716269092799613880511496142576903738948348527279101539196915559331086705114365249818982213416798535758240324625059044600889754519687795415852504666992830
e = 65537
def integer_nth_root(x, n) :
if n <= 0:
raise ValueError("n must be positive")
if x < 0:
return 1
if x in (0, 1) or n == 1:
return x
lo, hi = 0, x if x > 1 else 1
while lo <= hi:
mid = (lo + hi) // 2
p = mid ** n
if p == x:
return mid
if p < x:
lo = mid + 1
else:
hi = mid - 1
return hi
def solve_quadratic(a, b, c):
if a == 0:
if b == 0:
return None # no solution if both a and b are 0
return (-c / b,) # linear case
discriminant = integer_nth_root(b**2 - 4*a*c, 2)
x1 = (-b + discriminant) // (2 * a)
x2 = (-b - discriminant) // (2 * a)
return x1, x2
k = 1
while 1 :
nxt = leak + k * n
cur = integer_nth_root(nxt + 2 * n, 2)
p, q = solve_quadratic(1, -cur, n)
if p * q != n :
k = k + 1
continue
d = pow(e, -1, (p - 1) * (q - 1))
plain = pow(ct, d, n)
print(bytes.fromhex(hex(plain)[2:]))
#W1{i_hope_you_like_this_one}
```
# Vi-et
- Ta mở source code ra và nhận được:
```python=
import sympy as sp
import random
from Crypto.Util.number import *
a = getPrime(128)
b = getPrime(128)
c = getPrime(128)
x,y,z = sp.symbols('x y z')
print(f'a * b * c = {a*b*c}')
print(f'a + b + c = {a+b+c}')
print(f'a*b + b*c + c*a = {a*b + b*c + c*a}')
flag = f'W1{{{123*a + 456*b + 789*c}}}'
"""
a * b * c = 15864378984956659850534060107405422568891641699308509134070157505662198692417476378386001170963905568690006431674713
a + b + c = 779122598205443694565344617967399722167
a*b + b*c + c*a = 196487786916397904192643381759626074607590751745631772329891131596526673844879
"""
```
- Ta thấy đây là vi-et của phương trình bậc ba, vì thế ta chỉ cần nhờ chatgpt viết cách giải phương trình bậc 3 ;)).
```python=
import cmath
def solve_cubic(a, b, c, d):
"""
Solves a cubic equation a*x^3 + b*x^2 + c*x + d = 0.
Returns a tuple of three (possibly complex) roots.
"""
if a == 0:
raise ValueError("Coefficient 'a' must not be zero for a cubic equation.")
# Convert to depressed cubic: t^3 + pt + q = 0 via x = t - b/(3a)
p = (3*a*c - b**2) / (3 * a**2)
q = (2*b**3 - 9*a*b*c + 27*a**2*d) / (27 * a**3)
# Discriminant
Δ = (q**2) / 4 + (p**3) / 27
# Compute roots using Cardano's formula
u_cubic = -q / 2 + cmath.sqrt(Δ)
v_cubic = -q / 2 - cmath.sqrt(Δ)
u = u_cubic ** (1/3)
v = v_cubic ** (1/3)
# Handle floating-point cube root properly (avoid complex rounding issues)
def cube_root(z):
return z ** (1/3) if abs(z) < 1e-12 else z ** (1/3)
# Principal root
t1 = u + v
# Non-real cube roots of unity
omega = complex(-0.5, cmath.sqrt(3)/2)
t2 = u * omega + v * omega.conjugate()
t3 = u * omega.conjugate() + v * omega
# Convert back to x
x1 = t1 - b / (3 * a)
x2 = t2 - b / (3 * a)
x3 = t3 - b / (3 * a)
return (x1, x2, x3)
# --- Example usage ---
if __name__ == "__main__":
print("Solve cubic equation a*x³ + b*x² + c*x + d = 0")
a = float(input("Enter a: "))
b = float(input("Enter b: "))
c = float(input("Enter c: "))
d = float(input("Enter d: "))
roots = solve_cubic(a, b, c, d)
print("\nRoots:")
for i, r in enumerate(roots, start=1):
print(f"x{i} = {r}")
```
- Sau khi giải ta chỉ cần thử 6 hoán vị có thể rồi nhập từng cái vào cho tới khi được flag đúng.
# System of equations
- Mở source code ta nhận được:
```python=
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import hashlib
import os
FLAG = b'W1{???}'
x = int(input("Nhap x nguyen: "))
y = int(input("Nhap y nguyen: "))
z = int(input("Nhap z nguyen: "))
assert x**2 + 2*x*y - 8 == 4*z**2 + 4*y - 8*z
assert x**5 + y**3 == 10823714993004958804353333960725385073542379465721 - z**4
assert 8864612849141*x**2 + 8864612849141*y + 17729225698282*z == 205022233466935232483321764396
mode = str(input("Nhap phuong thuc (encrypt hoac decrypt): "))
secret = (str(x**10) + str(y**10) + str(z**10)).encode()
key = hashlib.sha256(secret).digest()
if mode == "encrypt":
iv = os.urandom(16)
c = AES.new(key, AES.MODE_CBC, iv).encrypt(pad(FLAG, 16))
print(f'iv = {iv}')
print(f'ciphertext = {c}')
elif mode == "decrypt":
iv = b'\x8d\r\x19\xbc\xfd\x84\x13N,\xf85\xdb\xd3\x92i\x93'
ciphertext = b'\xe9\xa2\x8c\x8b\xc3\xb4\x88\xe2\xbb\x96\xc6\xac`\x1c}\xd1\xca\xc1ZB\xf1@\x01\x92\xca\xc4Z[\x96o\xdeFv\xdf\r\x13u+\x89\xac3\xa3\xc9X\xfb\x07u\x1bO\x9c\xb0\xbdN\xa4\xb6\xca&T\xabmx\xdb\xae\xc2'
FLAG = unpad(AES.new(key, AES.MODE_CBC, iv).decrypt(ciphertext), 16)
print(FLAG.decode())
else:
exit(1)
```
- Nhìn code, ta thấy cần phải tìm được $x, y, z$ thỏa mãn để nhận code. Từ đây ta chỉ cần sử dụng thư viện sympy để tìm ra $x, y, z$
```python=
from sympy import Eq, solve, solveset, symbols
x, y, z = symbols('x y z')
eq1 = Eq(x**2 + 2*x*y -4*z**2 - 4*y + 8*z, 8)
eq2 = Eq(x**5 + y**3 + z**4, 10823714993004958804353333960725385073542379465721)
eq3 = Eq(8864612849141*x**2 + 8864612849141*y + 17729225698282*z, 205022233466935232483321764396)
sol = solve([eq1, eq2, eq3], (x, y, z))
#33131538
#22029258543363862
#604095676625
print(sol)
#W1{y0u_must_b3_th3_m4st3r_0f_3quat1ons_817e31a7ccdbe8fd}
```
# Baby Crypto
- Trong file, ta nhận được code và một file gồm các dữ liệu đã được mã hóa.
```python=
#!/usr/bin/env python3
import os
message = '???'
FLAG = open("flag.txt").read().encode()
assert FLAG in message
def cauhoi1(text: bytes) -> bytes:
return ???
def cauhoi2(text: bytes) -> bytes:
return ???
def cauhoi3(a: bytes, b: bytes) -> bytes:
return ???
enc = cauhoi1(message.encode())
weird = cauhoi2(enc)
key1, key2, key3 = [os.urandom(len(enc)) for _ in range(3)]
ct1 = cauhoi3(enc, key1)
ct2 = cauhoi3(key1, key2)
ct3 = cauhoi3(key2, key3)
with open("output.txt", "w") as o:
o.write(f'ct1: {ct1.hex()}\nct2: {ct2.hex()}\nct3: {ct3.hex()}\n')
# I will give you a chance with my last key :D
o.write(f'key3: {key3.hex()}')
```
- Nhìn vào code, ta có 3 hàm $cauhoi$, ta dự đoán thử hàm $cauhoi3$ là hàm xor sau đó đảo ngược lại, ta nhận được mã sau:
>R$(AoZe?(FATls8H!L7$b#fqcc4cN~AZKN6c6oATAai16AZK-QAa!<hb$M(cZeeG3aCT#EXL4~MRAp{qaUe%^a&u=OPH1OhAXZ5rYHnsAWpa6PZf0_EAYx%>VjyRAav()waCl~CZe<`;ZhCTNAZl`NW_D+CE+9#Ea%ysAW_5OBAZl)AAZB79b#`=hAZK-MXCQWGAaG@FW_5CLAVp$ucxGpAWhZ7JW_D+CE+9s7X>w(5c_3(Ja%E;9b#i%Qa&aJMVjyE;W@jLJc4cK^Wo95^b0BARav*7TadKiHVqqY0c5`!bWpZI>AZB)Fa%L<bZ)j&AVqtP1Xl8O{AYx%4G;nopVJsj<b#7{5AW&jwXL4mMAa!nWAbECScye(dXJQ~{b#fp<a%pm9AXH*uVQwH)c4=}TOk!vtNMj&rc5!lIAaHqZc6xSUbRcJ9Aa8OYXLWKQXJu}7d2(eeAZKNEaCmlMbRc19dU9oAXl5W~a&B>QWo96DVP|3>XLWKQZ*F#HEpB0PEoN$VXK-~cAXRc@av*kQAZK-QAai+cbUGkPF?&%labIjONMBTPM_*+zP<UTuFnL)saX)<^R$(AAFfuYMAVzg=YGEKyVrOS^Wgu#9W*~N9XL4m}c5-TRaUgGOAW3#`av)lAadvJlAXRc8W^Q(IAZK-QAZ2oHW@2F=Vsjv9W_Dq8AVG3za%CV?Vqsx!AXIi~av)4%Xdp;qAZl)AAa8PTZfIt5Aa!yeb7E*=aUgCWd3I)JAZ~ABXlEd1VqtV<AZK-MXCP{FWpW^6Vq<7|Ze<{DXCP;Fav*1RdU7Cjav*AMW*~23Wnmy_W_Dq8AZK-QAXZ^#a%Ew1XDlFYVR0a5b#`VTW@2G<Aa-UTVqqX>b#fqQVq+j;b09G}I5#XHYISySbs%bPW*~KTW*}^GZe<{1b0BYaWoLCRAV+m}W*}o_Zg6LIaB?7IXm)UTd2AqMa$|XJaB^`VacFROAZ22Cd3IrRAai16AYx~Aa%CWHd3k7Mc42fNd3IrVW-K6Xd3hjoa$$01Zh3iZAY)>7VP|$>bRcJ9AWmjyd2(zgW*}*HadKiTAZ}rCAZK-GW*~57a&BjKVRRs8b#fqMWo~e1c5reaVsjv6c5rxQVtILXVRSAaM|E-_Z*F#HEpB0PEoN$VXK-~OXJQ~ha%pm9AXH*uVQwH)c4=}TOk!vtNMj&$WpZw3d2AqZYh!L<adL4WVqqXOaCL5BAYx%4PGe<uc_33_VtHmKAW?2?Aa-FOGB7YVEFf-SaUgkeaUf@6AZK-QAZKNEaCjhcYh!L<adu&JAZKDAVrO-7WgupDXL4pBd3JbmAX9E-cpz?JaUfB4baWtjZfA03AZK-MXCQ2HZe=VWWN3D9czJ9fZgFvTVRRs8b#fqKZhCScWp;3QWny`Gc42fNZ*FFCaUf!0AZK-QAY)~AVr3w4XmEHSWny`Gc42fb
- Đứa đống trên vào cyberchef ta nhận được:
>Va Znepu 2007, gur svefg genvyre sbe gur uvtuyl nagvpvcngrq Tenaq Gursg Nhgb VI jnf eryrnfrq bagb gur Ebpxfgne Tnzrf jrofvgr. Ivrjrefuvc jnf fb uvtu gung vg penfurq Ebpxfgne'f fvgr. Frireny hfref urycrq gb cbfg zveebef bs gur ivqrb ba qvssrerag fvgrf, ohg bar hfre ba 4puna, Funja Pbggre, unq yvaxrq gb gur Arire Tbaan Tvir Lbh Hc ivqrb pynvzvat gb or gur genvyre, gevpxvat ahzrebhf ernqref vagb gur onvg-naq-fjvgpu. Urer vf gur synt: J1{Q1q_l0H_TrG_e1Px_e0yY3q?} Va 2022, Funja Pbggre jnf vagreivrjrq ol Ivpr Zrqvn. Ur fnvq gur ernfba bs hfvat Arire Tbaan Tvir Lbh Hc jnf orpnhfr ur sbhaq n yvfg nobhg fbatf gung jrer cbchyne ng gur gvzr ur jnf obea hfvat gur Vagrearg, naq guvf fbat vf ba gur gbc bs 1987, juvpu jnf uvf lrne bs ovegu. Guvf cenpgvpr dhvpxyl ercynprq qhpx ebyyvat sbe bgure nyyhevat yvaxf, nyy trarenyyl cbvagvat gb Nfgyrl'f ivqrb, naq guhf perngvat gur cenpgvpr bs evpxebyyvat. Gur onvg-naq-fjvgpu gb Arire Tbaan Tvir Lbh Hc terngyl rkcnaqrq ba 4puna ba Ncevy Sbbyf' Qnl va 2007, naq yrq gb gur gevpx rkcnaqvat gb bgure fvgrf yvxr Snex naq Qvtt yngre gung lrne, dhvpxyl nqqvat gur anzr evpxebyyvat onfrq ba gur cevbe qhpx ebyyvat.
- Tiếp tục sử dụng Mono-alphabetic Substitution, ta được:
>IN MARCH 2007, THE FIRST TRAILER FOR THE HIGHLY ANTICIPATED GRAND THEFT AUTO IV WAS RELEASED ONTO THE ROCKSTAR GAMES WEBSITE. VIEWERSHIP WAS SO HIGH THAT IT CRASHED ROCKSTAR'S SITE. SEVERAL USERS HELPED TO POST MIRRORS OF THE VIDEO ON DIFFERENT SITES, BUT ONE USER ON 4CHAN, SHAWN COTTER, HAD LINKED TO THE NEVER GONNA GIVE YOU UP VIDEO CLAIMING TO BE THE TRAILER, TRICKING NUMEROUS READERS INTO THE BAIT-AND-SWITCH. HERE IS THE FLAG: W1{D1D_Y0U_GET_R1CK_R0LL3D?} IN 2022, SHAWN COTTER WAS INTERVIEWED BY VICE MEDIA. HE SAID THE REASON OF USING NEVER GONNA GIVE YOU UP WAS BECAUSE HE FOUND A LIST ABOUT SONGS THAT WERE POPULAR AT THE TIME HE WAS BORN USING THE INTERNET, AND THIS SONG IS ON THE TOP OF 1987, WHICH WAS HIS YEAR OF BIRTH. THIS PRACTICE QUICKLY REPLACED DUCK ROLLING FOR OTHER ALLURING LINKS, ALL GENERALLY POINTING TO ASTLEY'S VIDEO, AND THUS CREATING THE PRACTICE OF RICKROLLING. THE BAIT-AND-SWITCH TO NEVER GONNA GIVE YOU UP GREATLY EZPANDED ON 4CHAN ON APRIL FOOLS' DAY IN 2007, AND LED TO THE TRICK EZPANDING TO OTHER SITES LIKE FARK AND DIGG LATER THAT YEAR, QUICKLY ADDING THE NAME RICKROLLING BASED ON THE PRIOR DUCK ROLLING.
- Cuối cùng, ta so sánh ký tự nào in hoa in thường giữa 2 văn bản và nhận được flag.
- Flag: W1{D1d_y0U_GeT_r1Ck_r0lL3d?}
# Sor Sor Sor:
- Mở source code ta nhận được:
```python=
import random
with open('flag.txt', 'rb') as f:
flag = f.read().strip()
assert len(flag) % 3 == 0
def xor(a, b):
return bytes(x ^ y for x, y in zip(a, b))
blocks = [flag[i:i+3] for i in range(0, len(flag), 3)]
ori_blocks = [flag[i:i+3] for i in range(0, len(flag), 3)]
random.shuffle(blocks)
assert all(ori_blocks[i] != blocks[i] for i in range(len(blocks)))
print(xor(b''.join(blocks), flag).hex())
# 2f01090a6f042b4447101f0047460d6e0e5d001100422d156443022c4a3e074a392b033e531d1b47401b44423c411e08
```
- Ta thấy, flag bàn đầu của ta được chia thành các khối có độ dài 3 sau đó được đem **xor** với flag ban đầu.
- Ta biết được khối đầu tiên là **W1{**, dựa vào khối này ta có thể đảo ngược được bằng cách chia ciphertext thành các block có độ dài 3. Sau đó sử dụng thuật toán quay lui và xor để có thể duyệt từng khối cho tới khi ra flag hoàn chỉnh.
```python=
import random
taphop = []
for i in range(49, 58) :
taphop.append(i)
for i in range(65, 91) :
taphop.append(i)
for i in range(97, 123) :
taphop.append(i)
def check1(a) :
return a >= 48 and a <= 57
def check2(a) :
return a >= 65 and a <= 90
def check3(a) :
return a >= 97 and a <= 122
def valid(a) :
#bytes return True of False
for i in range (0, len(a)) :
if (check1(a[i]) or check2(a[i]) or check3(a[i]) or a[i] == 95 or a[i] == 125 or a[i] == 123) :
continue
else :
return False
return True
def xor(a, b):
return bytes(x ^ y for x, y in zip(a, b))
x = bytes.fromhex("2f01090a6f042b4447101f0047460d6e0e5d001100422d156443022c4a3e074a392b033e531d1b47401b44423c411e08")
def ok(a) :
for i in range(3, len(a) - 2) :
if (a[i] == 123 or a[i] == 125) :
return False
for i in range (0, len(a)) :
if (check1(a[i]) or check2(a[i]) or check3(a[i]) or a[i] == 95 or a[i] == 125 or a[i] == 123) :
continue
else :
return False
return True
ans = [0] * (len(x) // 3)
used = [0] * (len(x) // 3)
ans[0] = b'W1{'
used[0] = 1
mx_len = len(x) // 3 - 1
print(len(x) // 3)
nb = [x[i:i+3] for i in range(0, len(x), 3)]
print(nb)
def dfs(cnt, bef, tnt) :
#print(cnt, bef)
if (cnt == len(x) // 3 - 1) :
t = b''.join(ans)
if (ok(t)) :
print(t)
return
for i in range(0, len(x)//3) :
if (used[i]) :
continue
cur = xor(nb[i], bef)
if (valid(cur)) :
ans[i] = bef
used[i] = 1
dfs(cnt+1, cur, tnt)
used[i] = 0
#W1{x0r_p3rmut4t1on_a3r_v3ry_3asy_t0_brut3f0rc3s}
```
Sign in with Wallet
Connect another wallet