cscg24-cry3

commit 18d634e054fcd895cab71859b79e6ddec3cf364e
Author: Louis Burda <quent.burda@gmail.com>
Date:   Mon,  1 Apr 2024 20:58:17 +0200

Add solution

Diffstat:
A
chall/description
 | 
1
+
A
chall/intro-crypto-3.zip
 | 
0

A
solve/flag
 | 
1
+
A
solve/main.py
 | 
29
+++++++++++++++++++++++++++++
A
solve/msg.txt
 | 
140
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
solve/solve
 | 
34
++++++++++++++++++++++++++++++++++

6 files changed, 205 insertions(+), 0 deletions(-)
diff --git a/chall/description b/chall/description
@@ -0,0 +1 @@
+Just guess the flag. If you don't, it makes me sat.
diff --git a/chall/intro-crypto-3.zip b/chall/intro-crypto-3.zip
Binary files differ.
diff --git a/solve/flag b/solve/flag
@@ -0,0 +1 @@
+CSCG{QWxmYSBCcmF2byBHb2xmIFVuaWZvcm0gVmljdG9yIEFsZmEgVGFuZ28gR29sZiBCcmFAAbyBGb3h0cm90IFJvbWVvIFJvbWVvIFVuaWZvcm0gUm9tZW8gRWNobyBSb21lbyA=}
diff --git a/solve/main.py b/solve/main.py
@@ -0,0 +1,28 @@
+import os
+import struct
+
+BITS = 56
+
+FLAG = os.getenv("FLAG", "CSCG{TESTFLAG}")
+
+A = int.from_bytes(os.urandom(BITS//8), "little")
+B = int.from_bytes(os.urandom(BITS//8), "little")
+SEED = int.from_bytes(os.urandom(BITS//8), "little")
+
+def rng(x, size):
+    return (x*A+B) & ((2**size)-1)
+
+def gen_random(seed, bits, mask):
+    state = seed
+    while True:
+        state = rng(state, bits)
+        yield state & mask
+
+def main():
+    print("Here are some random numbers, now guess the flag")
+    rng = gen_random(SEED, BITS, 0xFF)
+    for i in range(len(FLAG)):
+        print(next(rng) ^ ord(FLAG[i]))
+
+if __name__ == "__main__":
+    main()
+\ No newline at end of file
diff --git a/solve/msg.txt b/solve/msg.txt
@@ -0,0 +1,140 @@
+Here are some random numbers, now guess the flag
+215
+234
+109
+180
+115
+60
+117
+95
+17
+120
+69
+25
+179
+182
+103
+201
+86
+235
+135
+129
+144
+95
+192
+143
+33
+184
+160
+125
+181
+196
+141
+5
+66
+58
+163
+163
+207
+91
+175
+171
+118
+165
+241
+194
+233
+60
+239
+105
+119
+115
+243
+38
+31
+139
+213
+209
+153
+203
+180
+243
+7
+23
+72
+198
+167
+163
+7
+113
+11
+206
+15
+33
+253
+32
+52
+226
+114
+82
+40
+252
+204
+249
+93
+110
+33
+77
+123
+113
+198
+71
+68
+60
+86
+147
+83
+217
+62
+239
+108
+132
+190
+59
+75
+65
+10
+116
+151
+108
+138
+195
+137
+2
+116
+14
+139
+206
+129
+105
+136
+128
+20
+182
+148
+92
+238
+234
+216
+70
+86
+106
+204
+65
+185
+129
+192
+222
+189
+156
+235
diff --git a/solve/solve b/solve/solve
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+from z3 import *
+
+nums = [int(l) for l in open("msg.txt").read().split("\n")[1:] if l != ""]
+
+s = Solver()
+
+flag = [BitVec(f"flag{i}", 8) for i in range(len(nums))]
+a = BitVec("A", 56)
+b = BitVec("B", 56)
+seed = BitVec("SEED", 56)
+
+state = seed
+state = state * a + b
+for i,num in enumerate(nums):
+    state = state * a + b
+    s.add(Extract(7, 0, state) ^ flag[i] == num)
+    s.add(flag[i] & 0x80 == 0)
+
+s.add(flag[0] == ord(b"C"))
+s.add(flag[1] == ord(b"S"))
+s.add(flag[2] == ord(b"C"))
+s.add(flag[3] == ord(b"G"))
+s.add(flag[4] == ord(b"{"))
+s.add(flag[-1] == ord(b"}"))
+
+while str(s.check()) == "sat":
+    m = s.model()
+    for fc in flag:
+        print(chr(int(str(m[fc]))), end="")
+        s.add(fc != m[fc])
+    print()
+