Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| #!/usr/bin/env ruby | |
| # {{{ === requires === | |
| require 'digest' | |
| require 'json' | |
| require 'openssl' | |
| require 'securerandom' | |
| require 'timeout' | |
| # }}} | |
| Timeout::timeout(60000) do | |
| $stdout.sync = true | |
| # For xinetd | |
| Dir.chdir(File.dirname(__FILE__)) | |
| # {{{ === utility functions === | |
| # str_to_num('AB') = 0x4142 = 16706 | |
| def str_to_num(s) | |
| s.unpack('H*')[0].to_i(16) | |
| end | |
| # x^y (mod z) | |
| def pow(x, y, z) | |
| x.to_bn.mod_exp(y, z).to_i | |
| end | |
| # x^(-1) (mod y) | |
| def inv(x, y) | |
| x.to_bn.mod_inverse(y).to_i | |
| end | |
| def is_safe_prime(p) | |
| p.to_bn.prime? && ((p-1)/2).to_bn.prime? | |
| end | |
| # }}} | |
| =begin | |
| # {{{ === proof of work === | |
| # XXX: We only call this function once, no need to wrap it in a function. | |
| # def proof_of_work | |
| x = SecureRandom.random_bytes(6) | |
| puts 'Robot test' | |
| puts "prefix: #{[x].pack('m0')}" | |
| r = gets.strip.unpack('m0')[0] | |
| puts "r = #{r}" | |
| r = Digest::SHA1.digest(x + r) | |
| # We want the digest to begin with 23 bits of zero. | |
| # [0..15] | |
| unless r.start_with?("\0\0") | |
| puts 'FAIL! GO AWAY!' | |
| exit | |
| end | |
| c = r[2].ord | |
| r, s = c / 2, c % 2 | |
| # r: [16..22], s: [23] | |
| unless r == 0 | |
| puts 'FAIL! GO AWAY!' | |
| exit | |
| end | |
| print 'Good job! ' | |
| # end | |
| # proof_of_work | |
| # }}} | |
| =end | |
| # === Main starts here === | |
| # Our safe prime. | |
| p = 285370232948523998980902649176998223002378361587332218493775786752826166161423082436982297888443231240619463576886971476889906175870272573060319231258784649665194518832695848032181036303102119334432612172767710672560390596241136280678425624046988433310588364872005613290545811367950034187020564546262381876467 | |
| fail unless is_safe_prime(p) | |
| # Secret password | |
| # Although each password is small, we have 11 of them so we have 44 bits of entropy! | |
| passwords = IO.readlines('passwords').map(&:to_i) | |
| puts "passwords = #{passwords}" | |
| fail unless passwords.grep_v(1..16).empty? | |
| fail unless passwords.size == 11 | |
| passwords.map!{|pass| Digest::SHA512.hexdigest(pass.to_s).to_i(16)} | |
| # More secrets! | |
| flag = IO.read('./flag1.txt').strip | |
| fail unless flag =~ /\Ahitcon\{[a-zA-Z0-9_]+\}\z/ | |
| fail unless flag.size <= 60 | |
| flag = str_to_num(flag) | |
| # Print banner | |
| puts | |
| puts 'This is a simple secret-flag-sharing server.' | |
| puts | |
| # This is the key to be xor-ed | |
| key = 0 | |
| puts "p = #{p}" | |
| passwords.each.with_index(1) do |password, i| | |
| puts "Round #{i}" | |
| # Perform a simple PAKE handshake | |
| # You can find explanation in http://goo.gl/3foagq (In code comment :D) | |
| puts "Password #{password}" | |
| w = pow(password, 2, p) # NO to Legendre | |
| puts "w = #{w}" | |
| b = 2 + SecureRandom.random_number(p - 2) | |
| puts "debug, b = #{b}" | |
| bb = pow(w, b, p) | |
| puts "Server send #{bb}" | |
| aa = gets.to_i | |
| puts "debug, got #{aa}" | |
| if aa < 514 || aa >= p - 514 | |
| puts 'CHEATER!' | |
| exit | |
| end | |
| # If I give it the password, then k == bb (if correct) | |
| k = pow(aa, b, p) | |
| puts "debug, k = #{k}" | |
| key ^= Digest::SHA512.hexdigest(k.to_s).to_i(16) | |
| end | |
| # encrypt the flag! | |
| flag ^= key | |
| puts "Flag is (of course after encryption :D): #{flag}" | |
| # YAY! | |
| puts 'All done. Bye~' | |
| exit | |
| end | |
| # vim: fdm=marker:commentstring=\ \"\ %s:nowrap:autoread |