11from os import urandom
22from pysmt .shortcuts import *
33from cipher import AEAD , dump
4- import subprocess
54from braindead import *
65log .enable ()
76args = Args ()
@@ -50,20 +49,12 @@ def aead_round(state):
5049
5150assertions = []
5251
53- r = io .connect ((args .RHOST , 31337 ))
54- pw = r .rla ('sha256' ).decode ().strip ().split ()
55- suff = pw [2 ][:- 1 ]
56- h = pw [- 1 ]
57- sol = subprocess .check_output (['./pow' , '4' , suff , h ])
58- r .sla ('Give me XXXX:\n ' , sol [:4 ])
59-
60- ct_normal = bytes .fromhex (r .rl ().decode ())
61- ct_fault = bytes .fromhex (r .rl ().decode ())
62-
6352ad = b'0CTF2022'
64-
53+ key = urandom (16 )
54+ iv = urandom (16 )
6555for do_fault in [ False , True ]:
66- ct = ct_fault if do_fault else ct_normal
56+ aead = AEAD (key , iv , do_fault )
57+ ct , _ = aead .encrypt (msg , ad )
6758 state = list (initial )
6859 for bi , b in enumerate (blocks (pad (msg )[:- 8 ], 8 )):
6960 for i in range (8 ):
@@ -96,7 +87,7 @@ def aead_round(state):
9687
9788log .success ('recovered state: %s' , dump (recovered ))
9889
99- c = AEAD (bytes ( 16 ), bytes ( 16 ) )
90+ c = AEAD (key , iv )
10091c .state [:] = recovered
10192for b in reversed (list (blocks (pad (ad ), 8 ))):
10293 c .inv_update (4 )
@@ -106,11 +97,8 @@ def aead_round(state):
10697recov_iv = bytes (c .state [16 :32 ])
10798
10899log .success ('recovered key: %s' , recov_key .hex ())
100+ log .success ('actual key: %s' , key .hex ())
109101log .success ('recovered iv: %s' , recov_iv .hex ())
110-
111- r .sl (recov_key .hex ())
112- r .sl (recov_iv .hex ())
113-
114- io .interactive (r )
102+ log .success ('actual iv: %s' , iv .hex ())
115103
116104#subprocess.check_output(['boolector',
0 commit comments