Hackvent_2018/Teaser/_ZOoxjUSe1OVB7OPoVrsX.pdf.extracted/decode.py

#!/usr/bin/python

import subprocess
import math
import hashlib
import base64
from itertools import chain, product
from zipfile import ZipFile

# for x in ["Dasher", "Dancer", "Prancer", "Vixen", "Comet", "Cupid", "Donder", "Blitzen"]:
#     subprocess.call(["unzip", "-P", x, "z.zip"])


# print(bytes(int(x) for x in "5 8 16 20 27".split(" ")).decode("cp500"))

# x = [chr(i + ord('a')) for i in range(0, 26)] + [chr(i + ord('A')) for i in range(0, 26)] + [str(i) for i in range(10)]
# print(x)
#
# try:
#     for s in x:
#         data = ZipFile.open("Final_easy.zip", mode='r', pwd=s)
#         if data != '':
#             print("found pw")
# except:
#     pass


# we know that b * c = 6497 and b < c
prod = 6497
for b in range(2,math.floor(math.sqrt(prod))):
    if math.floor(prod / b) == prod / b:
        c = prod // b
        break

# which gives us:
# b = 73
# c = 89
# print("b=%d c=%d" % (b, c))

hash = "CF945B5A36D1D3E68FFF78829CC8DBF6".lower()
hash_reversed = "H0b0"

def bruteforce(charset, minlength, maxlength):
    return (''.join(candidate)
        for candidate in chain.from_iterable(product(charset, repeat=i)
        for i in range(1, maxlength + 1)))

# alphabet = 'abcdefghiklmnopqrstuvwxyz'
# alphabet += alphabet.upper()
# alphabet += ''.join([str(i) for i in range(10)])
#
# for i in bruteforce(alphabet, 4, 4):
#     try:
#         m = hashlib.md5()
#         m.update(i.encode("utf-8"))
#         new_hash = m.hexdigest()
#         if new_hash == hash:
#             hash_reversed = i
#             break
#     except:
#         pass

if hash_reversed == None:
    exit("could not find hash")

# Step 3: squareRoot
squareRoot = int(math.sqrt(8814961))

# Step 4: XOR
result = 'zvru'
part3 = ''.join([chr(ord(result[i]) ^ ord(str(squareRoot)[i])) for i in range(4)])
# print(part3)

# Step 5: Base64
b64 = base64.b64decode('RjBtMA==').decode("utf-8")
# print(b64)

flag = "HV18-%02d%02d-%s-%s-%04d-%s" % (b, c, hash_reversed, part3, squareRoot, b64)
print(flag)
Progress 2018-12-05 12:58:22 +01:00			`#!/usr/bin/python`

			`import subprocess`
			`import math`
			`import hashlib`
			`import base64`
			`from itertools import chain, product`
			`from zipfile import ZipFile`

			`# for x in ["Dasher", "Dancer", "Prancer", "Vixen", "Comet", "Cupid", "Donder", "Blitzen"]:`
			`# subprocess.call(["unzip", "-P", x, "z.zip"])`


			`# print(bytes(int(x) for x in "5 8 16 20 27".split(" ")).decode("cp500"))`

			`# x = [chr(i + ord('a')) for i in range(0, 26)] + [chr(i + ord('A')) for i in range(0, 26)] + [str(i) for i in range(10)]`
			`# print(x)`
			`#`
			`# try:`
			`# for s in x:`
			`# data = ZipFile.open("Final_easy.zip", mode='r', pwd=s)`
			`# if data != '':`
			`# print("found pw")`
			`# except:`
			`# pass`


			`# we know that b * c = 6497 and b < c`
			`prod = 6497`
			`for b in range(2,math.floor(math.sqrt(prod))):`
			`if math.floor(prod / b) == prod / b:`
			`c = prod // b`
			`break`

			`# which gives us:`
			`# b = 73`
			`# c = 89`
			`# print("b=%d c=%d" % (b, c))`

			`hash = "CF945B5A36D1D3E68FFF78829CC8DBF6".lower()`
			`hash_reversed = "H0b0"`

			`def bruteforce(charset, minlength, maxlength):`
			`return (''.join(candidate)`
			`for candidate in chain.from_iterable(product(charset, repeat=i)`
			`for i in range(1, maxlength + 1)))`

			`# alphabet = 'abcdefghiklmnopqrstuvwxyz'`
			`# alphabet += alphabet.upper()`
			`# alphabet += ''.join([str(i) for i in range(10)])`
			`#`
			`# for i in bruteforce(alphabet, 4, 4):`
			`# try:`
			`# m = hashlib.md5()`
			`# m.update(i.encode("utf-8"))`
			`# new_hash = m.hexdigest()`
			`# if new_hash == hash:`
			`# hash_reversed = i`
			`# break`
			`# except:`
			`# pass`

			`if hash_reversed == None:`
			`exit("could not find hash")`

			`# Step 3: squareRoot`
			`squareRoot = int(math.sqrt(8814961))`

			`# Step 4: XOR`
			`result = 'zvru'`
			`part3 = ''.join([chr(ord(result[i]) ^ ord(str(squareRoot)[i])) for i in range(4)])`
			`# print(part3)`

			`# Step 5: Base64`
			`b64 = base64.b64decode('RjBtMA==').decode("utf-8")`
			`# print(b64)`

			`flag = "HV18-%02d%02d-%s-%s-%04d-%s" % (b, c, hash_reversed, part3, squareRoot, b64)`
			`print(flag)`