In [1]:
from flask import Flask,render_template, request
app = Flask(__name__)


'''
"What is identity? It is the difference between us. Difference is experienced in the mind, yet the Buddha said this mind creates the world, that this world only exists in the mind and nowhere else."
'''

from hashlib import sha256
import os
from binascii import * 
#from flag import flag
flag = "help"

class MerkleTree(object): 
    def __init__(self):
        self.leaves = list()
        self.levels = None
        self.is_ready = False

    def add_leaf(self, value):         
        self.leaves.append(sha256(value).digest())

    def _calculate_next_level(self):
        solo_leave = None
        N = len(self.levels[0])  # number of leaves on the level
        if N % 2 == 1:  # if odd number of leaves on the level
            solo_leave = self.levels[0][-1]
            N -= 1

        new_level = []
        for l, r in zip(self.levels[0][0:N:2], self.levels[0][1:N:2]):
            new_level.append(sha256(l+r).digest())
            print(sha256(l+r).digest())
        if solo_leave is not None:
            new_level.append(solo_leave)
        self.levels = [new_level, ] + self.levels  # prepend new level

    def make_tree(self):
        self.is_ready = False
        if len(self.leaves) > 0:
            self.levels = [self.leaves, ]
            while len(self.levels[0]) > 1:
                self._calculate_next_level()
        self.is_ready = True

    def get_merkle_root(self):
        if self.is_ready:
            if self.levels is not None:
                return self.levels[0][0]
            else:
                return None
        else:
            return None

def hashPassword(p):
    mt = MerkleTree()
    for c in p: 
        mt.add_leaf(c)
    mt.make_tree()
    return hexlify(mt.get_merkle_root())

def generateRandomPassword(length):
    p = os.urandom(length)
    return hexlify(p)

def splitPassword(p, isString=True):
    if isString:
        return ",".join([c for c in p]).split(",")
    else:
        return b",".join([chr(c).encode() for c in p]).split(b",")

def validatePassword(user_password, password_hashes, denyList=[], debug=False):    
    try:
        joined_password = unhexlify("".join(user_password.split(",")))
    except Exception as e: 
        raise Exception("ERROR: Formatting error. Exiting")
        
    if joined_password in denyList: 
        raise Exception("Nice try, but that password is not allowed...")
    
    split_password = [unhexlify(c) for c in user_password.split(",")]
    user_password_hash = hashPassword(split_password)

    if debug: 
        print("user_password entered: [", user_password, "]")
        print("hashes", password_hashes)
        print("deny list", denyList)
        print("hash", user_password_hash)

    if (user_password_hash in password_hashes): 
        return True

    return False

test_password = b"SuperSecretPassword"
test_password_list = splitPassword(test_password, isString=False)
test_password_hash = hashPassword(test_password_list)
password_hashes = [test_password_hash]

for i in range(0,9):
    new_password = generateRandomPassword(32)
    new_password_list = splitPassword(new_password, isString=False)
    new_password_hash = hashPassword(new_password_list)
    password_hashes.append(new_password_hash)

@app.route('/')
def hello_world():
    return render_template("login.html")

@app.route('/auth', methods=['GET'])
def do_auth():
    TP = request.args.get('transformed','')
    P = request.args.get('password','').encode()
    
    if P == test_password:
        return 'Nice try, but that password is not allowed :P'

    try:
        res = validatePassword(TP, password_hashes, denyList=[test_password])
    except Exception as e: 
        return str(e)    

    if res:
        return 'Authed! Here is your flag: '+flag
    else:
        return 'Wrong Password'

In [2]:
password_hashes[0]

b'af0bd175f2c542c6aacf667c5c270a4c13a8d1cb6895807d6a9ed5d74fe71307'

In [18]:
a = generateRandomPassword(32); print(a)

b'cd6945c693e715197e2f12c464a96ffcb7416d8026041ad77ce82edb76cc870d'


In [19]:
hashPassword(splitPassword(a, isString=False))

b'abebc476df7796929775ffee58478decd0dff2d4cf99e4f596a3aaacfc1c6cea'

In [23]:
aa = MerkleTree()
for c in test_password_list:
    aa.add_leaf(c)
aa.make_tree()

In [38]:
aa.levels[1]

[b'`gU\xae\xed\x86\xf9\x89#)\xe3\xdcb+\xb2\x85\x91\r\xea,\xabA\xda\x92\x92\x17\xbbu\xe5i\xa1\xce',
 b'B4=\x1b\xc3\x02\x1c.|\xd8\xbc\xb2i(\xe3\xdcB\xbe\x0c8S\x84\x98\x88Q\x8e\x88\x84\x14x\x9a\x9e']

In [31]:
aa.levels[1][0].hex()+','+aa.levels[1][1].hex()

'606755aeed86f9892329e3dc622bb285910dea2cab41da929217bb75e569a1ce,42343d1bc3021c2e7cd8bcb26928e3dc42be0c3853849888518e888414789a9e'

In [32]:
payload = aa.levels[1][0].hex()+','+aa.levels[1][1].hex()

In [35]:
validatePassword(payload, password_hashes, denyList=[test_password], debug=True)

user_password entered: [ 606755aeed86f9892329e3dc622bb285910dea2cab41da929217bb75e569a1ce,42343d1bc3021c2e7cd8bcb26928e3dc42be0c3853849888518e888414789a9e ]
hashes [b'af0bd175f2c542c6aacf667c5c270a4c13a8d1cb6895807d6a9ed5d74fe71307', b'ffa3469ad6da3debcc00487910370a012574c2048af7451049c19f8766939e03', b'947cebedac42e8f992ff3bbf5dc0995d80538a5fcb7046bc912ea2ece7f5c7f7', b'7816bedf4da46c75811674f40e855fb978cf4c6a81a45cdfd40c0b3111025560', b'7f495c1572a603e7f5645d7b283b67e46ccede96eb25ef6c311a4990406b27b3', b'655938de459f028a1ea10459d85bf385cdbe9c7cd5bdb212e66e80b7aaab963e', b'4ad32423173bb0265d00e72435172be8d68c27fc23d1b9ba677dd3a345e6b2ec', b'59d900d8d641b3bfbbd57049b858e4be121ab070f4de77e1b48e669dea59d4fe', b'9d9bb7978b42b335d2b9fc91e8594cf2df99870ed74c55847814aa9c4af7b4e1', b'166fa6ade3b96b0e9370ff180f47ad2176221d1d7e685c920bf8953e462ba852']
deny list [b'SuperSecretPassword']
hash b'8dffb9a4bd415199403f2a9813b88bc5f0af4a8b64ac808312dd19d0dc5d2475'


False

In [34]:
payload

'606755aeed86f9892329e3dc622bb285910dea2cab41da929217bb75e569a1ce,42343d1bc3021c2e7cd8bcb26928e3dc42be0c3853849888518e888414789a9e'

In [36]:
split_password = [unhexlify(c) for c in payload.split(",")]
user_password_hash = hashPassword(split_password)

In [37]:
split_password

[b'`gU\xae\xed\x86\xf9\x89#)\xe3\xdcb+\xb2\x85\x91\r\xea,\xabA\xda\x92\x92\x17\xbbu\xe5i\xa1\xce',
 b'B4=\x1b\xc3\x02\x1c.|\xd8\xbc\xb2i(\xe3\xdcB\xbe\x0c8S\x84\x98\x88Q\x8e\x88\x84\x14x\x9a\x9e']

In [39]:
hashPassword(split_password)

b'8dffb9a4bd415199403f2a9813b88bc5f0af4a8b64ac808312dd19d0dc5d2475'

In [20]:
while True:
    
    a = generateRandomPassword(32)
    
    b = hashPassword(splitPassword(a, isString=False))
    
    if b == password_hashes[0]:
        
        print(a)
        print(b)
        break

KeyboardInterrupt: 