Files
picoctf/forensics/sidechannel/solve.py
T
2026-07-02 04:53:57 +09:00

61 lines
1.5 KiB
Python
Executable File

#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages (ppkgs: with ppkgs; [ pwntools ])"
from datetime import datetime, timedelta
from pwn import *
def gen_pin(prefix: str, i: int) -> str:
return f"{prefix}{i}".ljust(8, '0')
def try_pin(pin: str) -> (int, bool):
p = process("./pin_checker")
p.recvuntil(b":\n")
before = datetime.now()
p.sendline(pin.encode())
assert((line := p.recvline().strip()) == '8', f"{line}")
assert((line := p.recvline().strip()) == 'Checking PIN...', f"{line}")
result = p.recvline().decode()
after = datetime.now()
duration = after - before
if result.strip() == 'Access denied.':
return duration, False
# NOTE: found by strings | grep "Access"
elif result.startswith('Access granted'):
return duration, True
else:
print("Unexpected result:")
print(result)
return duration, False
def main():
current_prefix = ""
for i in range(8):
max_time = timedelta.min
max_digit = None
for d in range(10):
pin = gen_pin(current_prefix, d)
time, result = try_pin(pin)
if max_time < time:
max_time = time
max_digit = d
if result:
print(f'FOUND PIN: {pin}')
break
else:
print(f"{pin} -> {time}")
current_prefix = current_prefix + str(max_digit)
print(current_prefix)
if __name__ == '__main__':
main()