From d6964e25c4ff2e0ad5c10bab9fe15aa7f55e3278 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Mon, 29 May 2017 16:08:56 +0200 Subject: [PATCH] Ordine nelle cartelle. Modificato encrypt+decrypt --- polictf/asms/decrypt.pstc | 128 +++++++++++++++++++++++++ polictf/asms/encrypt.pstc | 128 +++++++++++++++++++++++++ polictf/client/pasticciotto_local.cpp | 115 ++++++++++++++++++++++ polictf/server/pasticciotto_server.cpp | 90 +++++++++++++++++ polictf/tea_cversion/decrypt_test | 1 + polictf/tea_cversion/encrypted | 1 + polictf/tea_cversion/tea-decrypt.c | 44 +++++++++ polictf/tea_cversion/tea-encrypt.c | 46 +++++++++ polictf/tea_cversion/test.py | 12 +++ 9 files changed, 565 insertions(+) create mode 100644 polictf/asms/decrypt.pstc create mode 100644 polictf/asms/encrypt.pstc create mode 100644 polictf/client/pasticciotto_local.cpp create mode 100644 polictf/server/pasticciotto_server.cpp create mode 100644 polictf/tea_cversion/decrypt_test create mode 100644 polictf/tea_cversion/encrypted create mode 100644 polictf/tea_cversion/tea-decrypt.c create mode 100644 polictf/tea_cversion/tea-encrypt.c create mode 100644 polictf/tea_cversion/test.py diff --git a/polictf/asms/decrypt.pstc b/polictf/asms/decrypt.pstc new file mode 100644 index 0000000..b7623b6 --- /dev/null +++ b/polictf/asms/decrypt.pstc @@ -0,0 +1,128 @@ +def datastrlen: +############### +# r0 = offset of str in data +# retval (r0) = strlen +############### +push r1 +push r2 +push r3 +movr s2, r0 +movi s1, 0 +lodr s0, s2 +cmpb s0, 0 +jpei exit +loop: +movi s2, 0 +addi s1, 1 +addr s2, s1 +lodr s0, s2 +cmpb s0, 0 +jpni loop +exit: +movr r0, s1 +poop r3 +poop r2 +poop r1 +retn + +def round: # round(uint16_t text[2]) +################# +# r0 = offset of text[0] in data +# r1 = offset of text[1] in data +# r2 = text[0] +# r3 = text[1] +# retval = void +################ +push r1 +push r2 +push r3 +lodr r2, r0 # text[0] +lodr r3, r1 # text[1] +movi s0, 0 # i +movi s1, 0 # sum +loop: +push s0 # saving i +addi s1, 0x626f # sum += delta +push s1 # saving sum +# s0 and s1 will be used as tmps +######### +# calc v0 +######### +movr s0, r3 +shli s0, 4 +addi s0, 0x7065 # s0 = (text[1] << 4) + k0 +movr s1, r3 +poop s3 # restoring sum in s3 +addr s1, s3 # s1 = text[1] + sum +push s3 # saving sum again +xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) +push s0 +movr s0, r3 +shri s0, 5 +addi s0, 0x7065 # s0 = (text[1] >> 5) + k1 +poop s1 +xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) ^ ((text[1] >> 5) + k1) +addr r2, s0 # r2 += s0 +######### +# calc v1 +######### +movr s0, r2 +shli s0, 4 +addi s0, 0x7275 # s0 = (text[0] << 4) + k2 +movr s1, r2 +poop s3 # restoring sum in s3 +addr s1, s3 # s1 = text[0] + sum +push s3 # saving sum again +xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) +push s0 +movr s0, r2 +shri s0, 5 +addi s0, 0x6e73 # s0 = (text[0] >> 5) + k3 +poop s1 +xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) ^ ((text[0] >> 5) + k3) +addr r3, s0 # r3 += s0 +###### +# end loop +##### +poop s1 # restoring sum +poop s0 # restoring i +addi s0, 1 +cmpb s0, 127 # while (i < 128) +jpbi loop +# saving the values +strr r0, r2 +strr r1, r3 +poop r3 +poop r2 +poop r1 +retn + +def main: +movi r0, 0xadde +movi r1, 0x0bb0 +stri 0, r0 +stri 2, r1 +movi r0, 0x0bb0 +movi r1, 0xcefa +stri 0x4, r0 +stri 0x6, r1 +movi r0, 0 +call datastrlen +movr r2, r0 +movi s0, 0 +encrypt: +push s0 +movi r0, 0 +movi r1, 2 +addr r0, s0 +addr r1, s0 +call round +poop s0 +addi s0, 1 +cmpr s0, r2 +jpbi encrypt +lodi r0, 0 +lodi r1, 2 +lodi r2, 4 +lodi r3, 6 +shit \ No newline at end of file diff --git a/polictf/asms/encrypt.pstc b/polictf/asms/encrypt.pstc new file mode 100644 index 0000000..b7623b6 --- /dev/null +++ b/polictf/asms/encrypt.pstc @@ -0,0 +1,128 @@ +def datastrlen: +############### +# r0 = offset of str in data +# retval (r0) = strlen +############### +push r1 +push r2 +push r3 +movr s2, r0 +movi s1, 0 +lodr s0, s2 +cmpb s0, 0 +jpei exit +loop: +movi s2, 0 +addi s1, 1 +addr s2, s1 +lodr s0, s2 +cmpb s0, 0 +jpni loop +exit: +movr r0, s1 +poop r3 +poop r2 +poop r1 +retn + +def round: # round(uint16_t text[2]) +################# +# r0 = offset of text[0] in data +# r1 = offset of text[1] in data +# r2 = text[0] +# r3 = text[1] +# retval = void +################ +push r1 +push r2 +push r3 +lodr r2, r0 # text[0] +lodr r3, r1 # text[1] +movi s0, 0 # i +movi s1, 0 # sum +loop: +push s0 # saving i +addi s1, 0x626f # sum += delta +push s1 # saving sum +# s0 and s1 will be used as tmps +######### +# calc v0 +######### +movr s0, r3 +shli s0, 4 +addi s0, 0x7065 # s0 = (text[1] << 4) + k0 +movr s1, r3 +poop s3 # restoring sum in s3 +addr s1, s3 # s1 = text[1] + sum +push s3 # saving sum again +xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) +push s0 +movr s0, r3 +shri s0, 5 +addi s0, 0x7065 # s0 = (text[1] >> 5) + k1 +poop s1 +xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) ^ ((text[1] >> 5) + k1) +addr r2, s0 # r2 += s0 +######### +# calc v1 +######### +movr s0, r2 +shli s0, 4 +addi s0, 0x7275 # s0 = (text[0] << 4) + k2 +movr s1, r2 +poop s3 # restoring sum in s3 +addr s1, s3 # s1 = text[0] + sum +push s3 # saving sum again +xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) +push s0 +movr s0, r2 +shri s0, 5 +addi s0, 0x6e73 # s0 = (text[0] >> 5) + k3 +poop s1 +xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) ^ ((text[0] >> 5) + k3) +addr r3, s0 # r3 += s0 +###### +# end loop +##### +poop s1 # restoring sum +poop s0 # restoring i +addi s0, 1 +cmpb s0, 127 # while (i < 128) +jpbi loop +# saving the values +strr r0, r2 +strr r1, r3 +poop r3 +poop r2 +poop r1 +retn + +def main: +movi r0, 0xadde +movi r1, 0x0bb0 +stri 0, r0 +stri 2, r1 +movi r0, 0x0bb0 +movi r1, 0xcefa +stri 0x4, r0 +stri 0x6, r1 +movi r0, 0 +call datastrlen +movr r2, r0 +movi s0, 0 +encrypt: +push s0 +movi r0, 0 +movi r1, 2 +addr r0, s0 +addr r1, s0 +call round +poop s0 +addi s0, 1 +cmpr s0, r2 +jpbi encrypt +lodi r0, 0 +lodi r1, 2 +lodi r2, 4 +lodi r3, 6 +shit \ No newline at end of file diff --git a/polictf/client/pasticciotto_local.cpp b/polictf/client/pasticciotto_local.cpp new file mode 100644 index 0000000..2a918b0 --- /dev/null +++ b/polictf/client/pasticciotto_local.cpp @@ -0,0 +1,115 @@ +#include "../../vm/vm.h" +#include +#include +#include +#include + +int main(int argc, char *argv[]) { + unsigned char banner[] = { + 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, + 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, + 0x5f, 0x0a, 0x7c, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x2f, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, + 0x7c, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x7c, 0x5f, 0x5f, 0x5f, + 0x20, 0x20, 0x2f, 0x0a, 0x7c, 0x20, 0x7c, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, + 0x20, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x7c, 0x20, 0x7c, 0x5f, 0x20, 0x5f, + 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x20, + 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x7c, 0x20, 0x7c, + 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, + 0x20, 0x5f, 0x5f, 0x60, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, + 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x0a, 0x7c, 0x20, 0x20, 0x5f, 0x5f, 0x2f, + 0x20, 0x5f, 0x60, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x7c, 0x20, 0x5f, 0x5f, + 0x7c, 0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x5f, 0x7c, + 0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x7c, 0x20, 0x5f, 0x5f, 0x7c, + 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x5c, 0x20, + 0x5c, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x5c, 0x20, 0x5c, 0x20, 0x20, 0x20, 0x20, 0x5c, 0x20, 0x5c, + 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x0a, 0x7c, 0x20, 0x7c, 0x20, + 0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x5c, 0x5f, 0x5f, 0x20, 0x5c, 0x20, + 0x7c, 0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x28, 0x5f, + 0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20, 0x7c, + 0x5f, 0x7c, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20, + 0x20, 0x5c, 0x20, 0x56, 0x20, 0x2f, 0x20, 0x5f, 0x7c, 0x20, 0x7c, 0x5f, + 0x2e, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x2e, 0x5f, 0x5f, 0x5f, 0x2f, + 0x20, 0x2f, 0x2e, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x0a, 0x5c, 0x5f, + 0x7c, 0x20, 0x20, 0x5c, 0x5f, 0x5f, 0x2c, 0x5f, 0x7c, 0x5f, 0x5f, 0x5f, + 0x2f, 0x5c, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x5c, + 0x5f, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, + 0x5c, 0x5f, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, + 0x20, 0x20, 0x20, 0x20, 0x5c, 0x5f, 0x28, 0x5f, 0x29, 0x5c, 0x5f, 0x5f, + 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f, + 0x5f, 0x5f, 0x2f, 0x20, 0x5c, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x0a, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x0a, 0x20, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x7c, 0x20, 0x20, 0x0a, 0x7c, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x20, 0x20, 0x20}; + unsigned char bc[] = { + 0x48, 0x00, 0xde, 0xad, 0x48, 0x01, 0xb0, 0x0b, 0xd4, 0x00, 0x00, 0x00, + 0xd4, 0x02, 0x00, 0x01, 0x48, 0x00, 0xb0, 0x0b, 0x48, 0x01, 0xfa, 0xce, + 0xd4, 0x04, 0x00, 0x00, 0xd4, 0x06, 0x00, 0x01, 0x48, 0x00, 0x00, 0x00, + 0xd8, 0xd9, 0x00, 0xcb, 0x20, 0x48, 0x04, 0x00, 0x00, 0xde, 0x04, 0x48, + 0x00, 0x00, 0x00, 0x48, 0x01, 0x02, 0x00, 0x39, 0x04, 0x39, 0x14, 0xd8, + 0x5a, 0x00, 0x5c, 0x04, 0x05, 0x04, 0x01, 0x00, 0xd7, 0x42, 0x93, 0x2d, + 0x00, 0x22, 0x00, 0x00, 0x00, 0x22, 0x01, 0x02, 0x00, 0x22, 0x02, 0x04, + 0x00, 0x22, 0x03, 0x06, 0x00, 0x5d, 0xde, 0x01, 0xde, 0x02, 0xde, 0x03, + 0x12, 0x20, 0x12, 0x31, 0x48, 0x04, 0x00, 0x00, 0x48, 0x05, 0x00, 0x00, + 0xde, 0x04, 0x05, 0x05, 0x6f, 0x62, 0xde, 0x05, 0xcb, 0x43, 0x20, 0x04, + 0x04, 0x00, 0x05, 0x04, 0x65, 0x70, 0xcb, 0x53, 0x5c, 0x07, 0x39, 0x57, + 0xde, 0x07, 0xb1, 0x45, 0xde, 0x04, 0xcb, 0x43, 0x36, 0x04, 0x05, 0x00, + 0x05, 0x04, 0x65, 0x70, 0x5c, 0x05, 0xb1, 0x45, 0x39, 0x24, 0xcb, 0x42, + 0x20, 0x04, 0x04, 0x00, 0x05, 0x04, 0x75, 0x72, 0xcb, 0x52, 0x5c, 0x07, + 0x39, 0x57, 0xde, 0x07, 0xb1, 0x45, 0xde, 0x04, 0xcb, 0x42, 0x36, 0x04, + 0x05, 0x00, 0x05, 0x04, 0x73, 0x6e, 0x5c, 0x05, 0xb1, 0x45, 0x39, 0x34, + 0x5c, 0x05, 0x5c, 0x04, 0x05, 0x04, 0x01, 0x00, 0xf4, 0x04, 0x7f, 0x93, + 0x6c, 0x00, 0x4e, 0x02, 0x4e, 0x13, 0x5c, 0x03, 0x5c, 0x02, 0x5c, 0x01, + 0xbb, 0xde, 0x01, 0xde, 0x02, 0xde, 0x03, 0xcb, 0x60, 0x48, 0x05, 0x00, + 0x00, 0x12, 0x46, 0xf4, 0x04, 0x00, 0x38, 0xff, 0x00, 0x48, 0x06, 0x00, + 0x00, 0x05, 0x05, 0x01, 0x00, 0x39, 0x65, 0x12, 0x46, 0xf4, 0x04, 0x00, + 0xae, 0xed, 0x00, 0xcb, 0x05, 0x5c, 0x03, 0x5c, 0x02, 0x5c, 0x01, 0xbb}; + unsigned int bclen = 264; + + unsigned char opcode_key[] = {0x48, 0x61, 0x76, 0x65, 0x46, 0x75, 0x6e, + 0x21, 0x50, 0x6f, 0x6c, 0x69, 0x43, 0x54, + 0x46, 0x32, 0x30, 0x31, 0x37, 0x21}; + + printf("%s", banner); + printf("\nHmmm...\n"); + VM vm(opcode_key, bc, bclen); + vm.run(); + return 0; +} \ No newline at end of file diff --git a/polictf/server/pasticciotto_server.cpp b/polictf/server/pasticciotto_server.cpp new file mode 100644 index 0000000..70bc1d7 --- /dev/null +++ b/polictf/server/pasticciotto_server.cpp @@ -0,0 +1,90 @@ +#include "../../vm/vm.h" +#include "../../vm/debug.h" +#include +#include +#include +#include +#include +#include +#include + +#define KEYLEN 15 +#define CODESIZE 0x300 +#define DATAKEYLEN 30 + +void gen_random(uint8_t *s, const int len) { + srand(time(NULL)); + static const char alphanum[] = "0123456789" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz"; + for (int i = 0; i < len; ++i) { + s[i] = alphanum[rand() % (sizeof(alphanum) - 1)]; + } + + s[len] = 0; +} + +unsigned char encrypted_data[] = { + 0xcc, 0x8d, 0x5a, 0xcc, 0x73, 0xb5, 0xf2, 0xa3, 0xf3, 0x92, + 0xa8, 0x8f, 0x2f, 0xf1, 0x3e, 0xf4, 0x69, 0x00, 0x4a, 0xcb, + 0xed, 0xc4, 0x57, 0x9b, 0xf6, 0x9a, 0x78, 0x46, 0x83, 0xe9}; +unsigned int encrypted_data_len = 30; + +int main(int argc, char *argv[]) { + uint8_t *key = new uint8_t[KEYLEN], *decdatasec = new uint8_t[DATAKEYLEN], + *flag = new uint8_t[DATAKEYLEN]; + uint8_t *clientcode; + uint8_t i; + uint32_t clientcodesize, bytesread; + FILE *datap, *flagp; + + gen_random(key, KEYLEN); + printf("Use this: \"%s\"\n", key); + fflush(stdout); + printf("How much data are you sending me?\n"); + fflush(stdout); + scanf("%d", &clientcodesize); + printf("Go ahead then!\n"); + fflush(stdout); + clientcode = new uint8_t[clientcodesize]; + bytesread = read(0, clientcode, clientcodesize); + if (bytesread != clientcodesize) { + printf("ERROR! Couldn't read everything!\n"); + fflush(stdout); + exit(1); + } + VM vm(key, clientcode, clientcodesize); + vm.as.insData(encrypted_data, encrypted_data_len); + vm.run(); + + datap = fopen("../res/decrypteddatasection.txt", "r"); + if (datap == NULL) { + printf("Couldn't open decrypteddatasection.txt!\n"); + fflush(stdout); + exit(1); + } + fscanf(datap, "%s", decdatasec); + fclose(datap); + + for (i = 0; i < DATAKEYLEN; i++) { + if (vm.as.data[i] != decdatasec[i]) { + DBG_INFO(("Checking data[%d]..\n", i)); + fflush(stdout); + printf("Nope!\n"); + fflush(stdout); + exit(1); + } + } + + flagp = fopen("../res/flag.txt", "r"); + if (flagp == NULL) { + printf("Couldn't open flag.txt!\n"); + fflush(stdout); + exit(1); + } + fscanf(flagp, "%s", flag); + fclose(flagp); + printf("Congratulations!\nThe flag is: %s\n", flag); + fflush(stdout); + return 0; +} \ No newline at end of file diff --git a/polictf/tea_cversion/decrypt_test b/polictf/tea_cversion/decrypt_test new file mode 100644 index 0000000..4892903 --- /dev/null +++ b/polictf/tea_cversion/decrypt_test @@ -0,0 +1 @@ +4 test diff --git a/polictf/tea_cversion/encrypted b/polictf/tea_cversion/encrypted new file mode 100644 index 0000000..7638b8a --- /dev/null +++ b/polictf/tea_cversion/encrypted @@ -0,0 +1 @@ +¯“©žÚÈÓÛgJ W‰\µž1bímŒ«Úre \ No newline at end of file diff --git a/polictf/tea_cversion/tea-decrypt.c b/polictf/tea_cversion/tea-decrypt.c new file mode 100644 index 0000000..62ae21c --- /dev/null +++ b/polictf/tea_cversion/tea-decrypt.c @@ -0,0 +1,44 @@ +#include +#include +#include +#include +#include + +void decrypt(uint16_t *v) { + uint16_t v0 = v[0], v1 = v[1], sum = 0x3780, i; /* set up */ + uint16_t delta = 0x626f; /* a key schedule constant */ + uint16_t k0 = 0x7065; // "pe" + uint16_t k1 = 0x7065; // "pe" + uint16_t k2 = 0x7275; // "ru" + uint16_t k3 = 0x6e73; // "ns" + for (i = 0; i < 128; i++) { + // printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1); /* basic cycle + // start */ + v1 -= ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3); + v0 -= ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1); + sum -= delta; + } /* end cycle */ + v[0] = v0; + v[1] = v1; +} + +int main(int argc, char *argv[]) { + uint8_t buf[1000]; + uint32_t buflen, i; + + fprintf(stdout, "Length of the string?\n"); + fflush(stdout); + fscanf(stdin, "%d", &buflen); + printf("Length: %d\n", buflen); + read(0, buf, buflen); + + for (i = 0; i < buflen && i + 2 * (sizeof(uint16_t)) <= buflen; + i += sizeof(uint32_t)) { + decrypt((uint16_t *)&buf[i]); + } + for (i = 0; i < buflen; i++) { + fprintf(stdout, "buf[%d] = 0x%02x\n", i, buf[i]); + } + printf("STRING: %s\n", buf); + fflush(stdout); +} \ No newline at end of file diff --git a/polictf/tea_cversion/tea-encrypt.c b/polictf/tea_cversion/tea-encrypt.c new file mode 100644 index 0000000..7227f07 --- /dev/null +++ b/polictf/tea_cversion/tea-encrypt.c @@ -0,0 +1,46 @@ +#include +#include +#include +#include +#include + +void encrypt(uint16_t *v) { + uint16_t v0 = v[0], v1 = v[1], sum = 0, i; /* set up */ + uint16_t delta = 0x626f; + uint16_t k0 = 0x7065; // "pe" + uint16_t k1 = 0x7065; // "pe" + uint16_t k2 = 0x7275; // "ru" + uint16_t k3 = 0x6e73; // "ns" + // printf("v0: 0x%x, v1: 0x%x\n", v0, v1); + for (i = 0; i < 128; i++) { + sum += delta; + v0 += ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1); + v1 += ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3); + // printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1); + } + // printf("SUM: 0x%x\n", sum); + // printf("v0: 0x%x, v1: 0x%x\n", v0, v1); + v[0] = v0; + v[1] = v1; +} + +int main(int argc, char *argv[]) { + uint8_t *buf; + uint32_t buflen, i; + FILE *f; + if (argc != 2) { + printf("Usage: %s text_to_encrypt", argv[0]); + exit(1); + } + buflen = strlen(argv[1]); + buf = (uint8_t *)malloc(buflen); + memcpy(buf, argv[1], buflen); + + for (i = 0; i < buflen && i + 2 * (sizeof(uint16_t)) <= buflen; + i += sizeof(uint32_t)) { + encrypt((uint16_t *)&buf[i]); + } + + write(1, buf, buflen); + return 0; +} \ No newline at end of file diff --git a/polictf/tea_cversion/test.py b/polictf/tea_cversion/test.py new file mode 100644 index 0000000..cd58135 --- /dev/null +++ b/polictf/tea_cversion/test.py @@ -0,0 +1,12 @@ +from pwn import * + +r = remote("127.0.0.1", 8888) + + +with open("./encrypted") as f: + data = f.read() + +print(r.recv()) +r.send("{}\n".format(len(data))) +r.send("{}\n".format(data)) +print(r.recv()) \ No newline at end of file