rev/vault_door_8
This commit is contained in:
@@ -0,0 +1,18 @@
|
||||
// These pesky special agents keep reverse engineering our source code and then
|
||||
// breaking into our secret vaults. THIS will teach those sneaky sneaks a
|
||||
// lesson.
|
||||
//
|
||||
// -Minion #0891
|
||||
import java.util.*; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec;
|
||||
import java.security.*; class VaultDoor8 {public static void main(String args[]) {
|
||||
Scanner b = new Scanner(System.in); System.out.print("Enter vault password: ");
|
||||
String c = b.next(); String f = c.substring(8,c.length()-1); VaultDoor8 a = new VaultDoor8(); if (a.checkPassword(f)) {System.out.println("Access granted."); }
|
||||
else {System.out.println("Access denied!"); } } public char[] scramble(String password) {/* Scramble a password by transposing pairs of bits. */
|
||||
char[] a = password.toCharArray(); for (int b=0; b<a.length; b++) {char c = a[b]; c = switchBits(c,1,2); c = switchBits(c,0,3); /* c = switchBits(c,14,3); c = switchBits(c, 2, 0); */ c = switchBits(c,5,6); c = switchBits(c,4,7);
|
||||
c = switchBits(c,0,1); /* d = switchBits(d, 4, 5); e = switchBits(e, 5, 6); */ c = switchBits(c,3,4); c = switchBits(c,2,5); c = switchBits(c,6,7); a[b] = c; } return a;
|
||||
} public char switchBits(char c, int p1, int p2) {/* Move the bit in position p1 to position p2, and move the bit
|
||||
that was in position p2 to position p1. Precondition: p1 < p2 */ char mask1 = (char)(1 << p1);
|
||||
char mask2 = (char)(1 << p2); /* char mask3 = (char)(1<<p1<<p2); mask1++; mask1--; */ char bit1 = (char)(c & mask1); char bit2 = (char)(c & mask2); /* System.out.println("bit1 " + Integer.toBinaryString(bit1));
|
||||
System.out.println("bit2 " + Integer.toBinaryString(bit2)); */ char rest = (char)(c & ~(mask1 | mask2)); char shift = (char)(p2 - p1); char result = (char)((bit1<<shift) | (bit2>>shift) | rest); return result;
|
||||
} public boolean checkPassword(String password) {char[] scrambled = scramble(password); char[] expected = {
|
||||
0xF4, 0xC0, 0x97, 0xF0, 0x77, 0x97, 0xC0, 0xE4, 0xF0, 0x77, 0xA4, 0xD0, 0xC5, 0x77, 0xF4, 0x86, 0xD0, 0xA5, 0x45, 0x96, 0x27, 0xB5, 0x77, 0xC1, 0xC0, 0x95, 0x94, 0x94, 0xC1, 0xD1, 0xE1, 0xF1 }; return Arrays.equals(scrambled, expected); } }
|
||||
@@ -0,0 +1,75 @@
|
||||
import java.security.*;
|
||||
import java.util.*;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
class VaultDoor8 {
|
||||
public static void main(String args[]) {
|
||||
Scanner b = new Scanner(System.in);
|
||||
System.out.print("Enter vault password: ");
|
||||
String c = b.next();
|
||||
String f = c.substring(8, c.length() - 1);
|
||||
VaultDoor8 a = new VaultDoor8();
|
||||
if (a.checkPassword(f)) {
|
||||
System.out.println("Access granted.");
|
||||
} else {
|
||||
System.out.println("Access denied!");
|
||||
}
|
||||
}
|
||||
|
||||
/* Scramble a password by transposing pairs of bits. */
|
||||
public char[] scramble(String password) {
|
||||
char[] a = password.toCharArray();
|
||||
for (int b = 0; b < a.length; b++) {
|
||||
char c = a[b];
|
||||
c = switchBits(c, 1, 2);
|
||||
c = switchBits(c, 0, 3);
|
||||
/*
|
||||
c = switchBits(c,14,3);
|
||||
c = switchBits(c, 2, 0);
|
||||
*/
|
||||
c = switchBits(c, 5, 6);
|
||||
c = switchBits(c, 4, 7);
|
||||
c = switchBits(c, 0, 1);
|
||||
/*
|
||||
d = switchBits(d, 4, 5);
|
||||
e = switchBits(e, 5, 6);
|
||||
*/
|
||||
c = switchBits(c, 3, 4);
|
||||
c = switchBits(c, 2, 5);
|
||||
c = switchBits(c, 6, 7);
|
||||
a[b] = c;
|
||||
}
|
||||
return a;
|
||||
}
|
||||
|
||||
/* Move the bit in position p1 to position p2, and move the bit
|
||||
that was in position p2 to position p1. Precondition: p1 < p2
|
||||
*/
|
||||
public char switchBits(char c, int p1, int p2) {
|
||||
char mask1 = (char) (1 << p1);
|
||||
char mask2 = (char) (1 << p2);
|
||||
/*
|
||||
char mask3 = (char)(1<<p1<<p2);
|
||||
mask1++; mask1--;
|
||||
*/
|
||||
char bit1 = (char) (c & mask1);
|
||||
char bit2 = (char) (c & mask2);
|
||||
/*
|
||||
System.out.println("bit1 " + Integer.toBinaryString(bit1));
|
||||
System.out.println("bit2 " + Integer.toBinaryString(bit2));
|
||||
*/
|
||||
char rest = (char) (c & ~(mask1 | mask2));
|
||||
char shift = (char) (p2 - p1);
|
||||
char result = (char) ((bit1 << shift) | (bit2 >> shift) | rest);
|
||||
return result;
|
||||
}
|
||||
|
||||
public boolean checkPassword(String password) {
|
||||
char[] scrambled = scramble(password);
|
||||
char[] expected = {0xF4, 0xC0, 0x97, 0xF0, 0x77, 0x97, 0xC0, 0xE4, 0xF0,
|
||||
0x77, 0xA4, 0xD0, 0xC5, 0x77, 0xF4, 0x86, 0xD0, 0xA5, 0x45, 0x96, 0x27,
|
||||
0xB5, 0x77, 0xC1, 0xC0, 0x95, 0x94, 0x94, 0xC1, 0xD1, 0xE1, 0xF1};
|
||||
return Arrays.equals(scrambled, expected);
|
||||
}
|
||||
}
|
||||
Executable
+36
@@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
EXPECTED = [
|
||||
0xF4, 0xC0, 0x97, 0xF0, 0x77, 0x97, 0xC0, 0xE4,
|
||||
0xF0, 0x77, 0xA4, 0xD0, 0xC5, 0x77, 0xF4, 0x86,
|
||||
0xD0, 0xA5, 0x45, 0x96, 0x27, 0xB5, 0x77, 0xC1,
|
||||
0xC0, 0x95, 0x94, 0x94, 0xC1, 0xD1, 0xE1, 0xF1,
|
||||
]
|
||||
|
||||
def switch_bits(c: int, p1: int, p2: int) -> int:
|
||||
bits = list(bin(c)[2:].rjust(8, '0'))
|
||||
bits[p1], bits[p2] = bits[p2], bits[p1]
|
||||
return int(''.join(bits), 2)
|
||||
|
||||
def unscramble_char(c: int) -> int:
|
||||
c = switch_bits(c, 7, 6)
|
||||
c = switch_bits(c, 5, 2)
|
||||
c = switch_bits(c, 4, 3)
|
||||
c = switch_bits(c, 1, 0)
|
||||
c = switch_bits(c, 7, 4)
|
||||
c = switch_bits(c, 6, 5)
|
||||
c = switch_bits(c, 3, 0)
|
||||
c = switch_bits(c, 2, 1)
|
||||
return c
|
||||
|
||||
def unscramble(xs: list[int]) -> str:
|
||||
return ''.join(chr(unscramble_char(x)) for x in xs)
|
||||
|
||||
def main():
|
||||
print('picoCTF{', end='')
|
||||
print(unscramble(EXPECTED), end='')
|
||||
print('}')
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
||||
Reference in New Issue
Block a user