Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
58 lines (43 sloc) 2.39 KB
'''
g = r0 * b
pub = r1 * g = r0 * r1 * b
ct0 = r2 * g = r0 * r2 * b
ct1 = pub * r2 + c = r0 * r1 * r2 * b + c
'''
import binascii
from fastecdsa.curve import P521
from fastecdsa.point import Point
with open('pc.log', 'r') as f:
content = f.read()
lines = content.split('\n')
start_index = [i for i, x in enumerate(lines) if x == "0000000000401ee8"]
end_index = [i for i, x in enumerate(lines) if x == "0000000000402018"]
g_x = 5405424750907042817849523452244787490362599682385950687385382709003948286406876796594535643748818283262121138737076141597966012285810985633370824005103944416
g_y = 984970155278863317776905647274559677791525657478616051760985477946504010716818161185200198096532903279219172158326801022992897407628359999389646296263358663
pub_x = 4892656645518573331106701586397878976390433610692116750215231364193992297525681417236426633145141081722252828121588677507009668068565040851265421535903327698
pub_y = 445589854414539227925716617203051677345304928733141270115246729820043468361633813613863577404936314503047208205373086044049612015283264631681675748037596649
ct0_x = 552855983191477065625173490798701617711704046550323641029043197505267412733020855489986706517083352349729506878848234582442903346393633912672334490115627032
ct0_y = 4448288254968185929975292935301106070977300148734716422986283428819999541940872803146014484885544656926366780738305965546200127900163602523408778848349228434
ct1_x = 1172894324150563774663811643608960517627766591027738626927811162713249354115380380370221946441154957962746746084983424309132270981703866563921333244571945068
ct1_y = 1326862342442789403618364073625262255428404701645852537809124740716613376400513445402466174855564161338377255072099047633392029230168238302039238121549772049
traced = []
for (line_start, line_end) in zip(start_index, end_index):
now = 0
add_cand = 1
count = 0
for i in range(line_start, line_end):
if lines[i] == "0000000000401f95":
count += 1
if lines[i+1] == "0000000000401f97":
# bit is set
now += add_cand
add_cand *= 2
traced.append(now)
assert traced[2] == traced[3]
base_point = Point(P521.gx, P521.gy, curve=P521)
g_point = base_point * traced[0]
assert g_x == g_point.x and g_y == g_point.y
ct0 = Point(ct0_x, ct0_y, curve=P521)
ct1 = Point(ct1_x, ct1_y, curve=P521)
flag = ct1 - (ct0 * traced[1])
print binascii.unhexlify('%x' % flag.x)