Ordine nelle cartelle. Modificato encrypt+decrypt

polictf/asms/decrypt.pstc

@@ -0,0 +1,128 @@
+def datastrlen:
+###############
+# r0 = offset of str in data
+# retval (r0) = strlen
+###############
+push r1
+push r2
+push r3
+movr s2, r0
+movi s1, 0
+lodr s0, s2
+cmpb s0, 0
+jpei exit
+loop:
+movi s2, 0
+addi s1, 1
+addr s2, s1
+lodr s0, s2
+cmpb s0, 0
+jpni loop
+exit:
+movr r0, s1
+poop r3
+poop r2
+poop r1
+retn
+
+def round: # round(uint16_t text[2])
+#################
+# r0 = offset of text[0] in data
+# r1 = offset of text[1] in data
+# r2 = text[0]
+# r3 = text[1]
+# retval = void
+################
+push r1
+push r2
+push r3
+lodr r2, r0 # text[0]
+lodr r3, r1 # text[1]
+movi s0, 0 # i
+movi s1, 0 # sum
+loop:
+push s0 # saving i
+addi s1, 0x626f # sum += delta
+push s1 # saving sum
+# s0 and s1 will be used as tmps
+#########
+# calc v0
+#########
+movr s0, r3
+shli s0, 4
+addi s0, 0x7065 # s0 = (text[1] << 4) + k0
+movr s1, r3
+poop s3 # restoring sum in s3
+addr s1, s3 # s1 = text[1] + sum
+push s3 # saving sum again
+xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum)
+push s0
+movr s0, r3
+shri s0, 5
+addi s0, 0x7065 # s0 = (text[1] >> 5) + k1
+poop s1
+xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) ^ ((text[1] >> 5) + k1)
+addr r2, s0 # r2 += s0
+#########
+# calc v1
+#########
+movr s0, r2
+shli s0, 4
+addi s0, 0x7275 # s0 = (text[0] << 4) + k2
+movr s1, r2
+poop s3 # restoring sum in s3
+addr s1, s3 # s1 = text[0] + sum
+push s3 # saving sum again
+xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum)
+push s0
+movr s0, r2
+shri s0, 5
+addi s0, 0x6e73 # s0 = (text[0] >> 5) + k3
+poop s1
+xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) ^ ((text[0] >> 5) + k3)
+addr r3, s0 # r3 += s0
+######
+# end loop
+#####
+poop s1 # restoring sum
+poop s0 # restoring i
+addi s0, 1
+cmpb s0, 127 # while (i < 128)
+jpbi loop
+# saving the values
+strr r0, r2
+strr r1, r3
+poop r3
+poop r2
+poop r1
+retn
+
+def main:
+movi r0, 0xadde
+movi r1, 0x0bb0
+stri 0, r0
+stri 2, r1
+movi r0, 0x0bb0
+movi r1, 0xcefa
+stri 0x4, r0
+stri 0x6, r1
+movi r0, 0
+call datastrlen
+movr r2, r0
+movi s0, 0
+encrypt:
+push s0
+movi r0, 0
+movi r1, 2
+addr r0, s0
+addr r1, s0
+call round
+poop s0
+addi s0, 1
+cmpr s0, r2
+jpbi encrypt
+lodi r0, 0
+lodi r1, 2
+lodi r2, 4
+lodi r3, 6
+shit

polictf/asms/encrypt.pstc

@@ -0,0 +1,128 @@
+def datastrlen:
+###############
+# r0 = offset of str in data
+# retval (r0) = strlen
+###############
+push r1
+push r2
+push r3
+movr s2, r0
+movi s1, 0
+lodr s0, s2
+cmpb s0, 0
+jpei exit
+loop:
+movi s2, 0
+addi s1, 1
+addr s2, s1
+lodr s0, s2
+cmpb s0, 0
+jpni loop
+exit:
+movr r0, s1
+poop r3
+poop r2
+poop r1
+retn
+
+def round: # round(uint16_t text[2])
+#################
+# r0 = offset of text[0] in data
+# r1 = offset of text[1] in data
+# r2 = text[0]
+# r3 = text[1]
+# retval = void
+################
+push r1
+push r2
+push r3
+lodr r2, r0 # text[0]
+lodr r3, r1 # text[1]
+movi s0, 0 # i
+movi s1, 0 # sum
+loop:
+push s0 # saving i
+addi s1, 0x626f # sum += delta
+push s1 # saving sum
+# s0 and s1 will be used as tmps
+#########
+# calc v0
+#########
+movr s0, r3
+shli s0, 4
+addi s0, 0x7065 # s0 = (text[1] << 4) + k0
+movr s1, r3
+poop s3 # restoring sum in s3
+addr s1, s3 # s1 = text[1] + sum
+push s3 # saving sum again
+xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum)
+push s0
+movr s0, r3
+shri s0, 5
+addi s0, 0x7065 # s0 = (text[1] >> 5) + k1
+poop s1
+xorr s0, s1 # s0 = ((text[1] << 4) + k0) ^ (text[1] + sum) ^ ((text[1] >> 5) + k1)
+addr r2, s0 # r2 += s0
+#########
+# calc v1
+#########
+movr s0, r2
+shli s0, 4
+addi s0, 0x7275 # s0 = (text[0] << 4) + k2
+movr s1, r2
+poop s3 # restoring sum in s3
+addr s1, s3 # s1 = text[0] + sum
+push s3 # saving sum again
+xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum)
+push s0
+movr s0, r2
+shri s0, 5
+addi s0, 0x6e73 # s0 = (text[0] >> 5) + k3
+poop s1
+xorr s0, s1 # s0 = ((text[0] << 4) + k2) ^ (text[0] + sum) ^ ((text[0] >> 5) + k3)
+addr r3, s0 # r3 += s0
+######
+# end loop
+#####
+poop s1 # restoring sum
+poop s0 # restoring i
+addi s0, 1
+cmpb s0, 127 # while (i < 128)
+jpbi loop
+# saving the values
+strr r0, r2
+strr r1, r3
+poop r3
+poop r2
+poop r1
+retn
+
+def main:
+movi r0, 0xadde
+movi r1, 0x0bb0
+stri 0, r0
+stri 2, r1
+movi r0, 0x0bb0
+movi r1, 0xcefa
+stri 0x4, r0
+stri 0x6, r1
+movi r0, 0
+call datastrlen
+movr r2, r0
+movi s0, 0
+encrypt:
+push s0
+movi r0, 0
+movi r1, 2
+addr r0, s0
+addr r1, s0
+call round
+poop s0
+addi s0, 1
+cmpr s0, r2
+jpbi encrypt
+lodi r0, 0
+lodi r1, 2
+lodi r2, 4
+lodi r3, 6
+shit

polictf/client/pasticciotto_local.cpp

@@ -0,0 +1,115 @@
+#include "../../vm/vm.h"
+#include <fstream>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) {
+  unsigned char banner[] = {
+      0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20,
+      0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f,
+      0x5f, 0x0a, 0x7c, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x2f, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20,
+      0x7c, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x7c, 0x5f, 0x5f, 0x5f,
+      0x20, 0x20, 0x2f, 0x0a, 0x7c, 0x20, 0x7c, 0x5f, 0x2f, 0x20, 0x2f, 0x5f,
+      0x20, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x7c, 0x20, 0x7c, 0x5f, 0x20, 0x5f,
+      0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x20,
+      0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x7c, 0x20, 0x7c,
+      0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20,
+      0x20, 0x5f, 0x5f, 0x60, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20,
+      0x20, 0x2f, 0x20, 0x2f, 0x20, 0x0a, 0x7c, 0x20, 0x20, 0x5f, 0x5f, 0x2f,
+      0x20, 0x5f, 0x60, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x7c, 0x20, 0x5f, 0x5f,
+      0x7c, 0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x5f, 0x7c,
+      0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x7c, 0x20, 0x5f, 0x5f, 0x7c,
+      0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x5c, 0x20,
+      0x5c, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x5c, 0x20, 0x5c, 0x20, 0x20, 0x20, 0x20, 0x5c, 0x20, 0x5c,
+      0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x0a, 0x7c, 0x20, 0x7c, 0x20,
+      0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x5c, 0x5f, 0x5f, 0x20, 0x5c, 0x20,
+      0x7c, 0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x28, 0x5f,
+      0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20, 0x7c,
+      0x5f, 0x7c, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20,
+      0x20, 0x5c, 0x20, 0x56, 0x20, 0x2f, 0x20, 0x5f, 0x7c, 0x20, 0x7c, 0x5f,
+      0x2e, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x2e, 0x5f, 0x5f, 0x5f, 0x2f,
+      0x20, 0x2f, 0x2e, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x0a, 0x5c, 0x5f,
+      0x7c, 0x20, 0x20, 0x5c, 0x5f, 0x5f, 0x2c, 0x5f, 0x7c, 0x5f, 0x5f, 0x5f,
+      0x2f, 0x5c, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x5c,
+      0x5f, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x20,
+      0x5c, 0x5f, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f,
+      0x20, 0x20, 0x20, 0x20, 0x5c, 0x5f, 0x28, 0x5f, 0x29, 0x5c, 0x5f, 0x5f,
+      0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f,
+      0x5f, 0x5f, 0x2f, 0x20, 0x5c, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x0a,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+      0x20, 0x20, 0x20, 0x0a, 0x20, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f,
+      0x5c, 0x2f, 0x7c, 0x20, 0x20, 0x0a, 0x7c, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c,
+      0x2f, 0x2f, 0x5c, 0x2f, 0x20, 0x20, 0x20};
+  unsigned char bc[] = {
+      0x48, 0x00, 0xde, 0xad, 0x48, 0x01, 0xb0, 0x0b, 0xd4, 0x00, 0x00, 0x00,
+      0xd4, 0x02, 0x00, 0x01, 0x48, 0x00, 0xb0, 0x0b, 0x48, 0x01, 0xfa, 0xce,
+      0xd4, 0x04, 0x00, 0x00, 0xd4, 0x06, 0x00, 0x01, 0x48, 0x00, 0x00, 0x00,
+      0xd8, 0xd9, 0x00, 0xcb, 0x20, 0x48, 0x04, 0x00, 0x00, 0xde, 0x04, 0x48,
+      0x00, 0x00, 0x00, 0x48, 0x01, 0x02, 0x00, 0x39, 0x04, 0x39, 0x14, 0xd8,
+      0x5a, 0x00, 0x5c, 0x04, 0x05, 0x04, 0x01, 0x00, 0xd7, 0x42, 0x93, 0x2d,
+      0x00, 0x22, 0x00, 0x00, 0x00, 0x22, 0x01, 0x02, 0x00, 0x22, 0x02, 0x04,
+      0x00, 0x22, 0x03, 0x06, 0x00, 0x5d, 0xde, 0x01, 0xde, 0x02, 0xde, 0x03,
+      0x12, 0x20, 0x12, 0x31, 0x48, 0x04, 0x00, 0x00, 0x48, 0x05, 0x00, 0x00,
+      0xde, 0x04, 0x05, 0x05, 0x6f, 0x62, 0xde, 0x05, 0xcb, 0x43, 0x20, 0x04,
+      0x04, 0x00, 0x05, 0x04, 0x65, 0x70, 0xcb, 0x53, 0x5c, 0x07, 0x39, 0x57,
+      0xde, 0x07, 0xb1, 0x45, 0xde, 0x04, 0xcb, 0x43, 0x36, 0x04, 0x05, 0x00,
+      0x05, 0x04, 0x65, 0x70, 0x5c, 0x05, 0xb1, 0x45, 0x39, 0x24, 0xcb, 0x42,
+      0x20, 0x04, 0x04, 0x00, 0x05, 0x04, 0x75, 0x72, 0xcb, 0x52, 0x5c, 0x07,
+      0x39, 0x57, 0xde, 0x07, 0xb1, 0x45, 0xde, 0x04, 0xcb, 0x42, 0x36, 0x04,
+      0x05, 0x00, 0x05, 0x04, 0x73, 0x6e, 0x5c, 0x05, 0xb1, 0x45, 0x39, 0x34,
+      0x5c, 0x05, 0x5c, 0x04, 0x05, 0x04, 0x01, 0x00, 0xf4, 0x04, 0x7f, 0x93,
+      0x6c, 0x00, 0x4e, 0x02, 0x4e, 0x13, 0x5c, 0x03, 0x5c, 0x02, 0x5c, 0x01,
+      0xbb, 0xde, 0x01, 0xde, 0x02, 0xde, 0x03, 0xcb, 0x60, 0x48, 0x05, 0x00,
+      0x00, 0x12, 0x46, 0xf4, 0x04, 0x00, 0x38, 0xff, 0x00, 0x48, 0x06, 0x00,
+      0x00, 0x05, 0x05, 0x01, 0x00, 0x39, 0x65, 0x12, 0x46, 0xf4, 0x04, 0x00,
+      0xae, 0xed, 0x00, 0xcb, 0x05, 0x5c, 0x03, 0x5c, 0x02, 0x5c, 0x01, 0xbb};
+  unsigned int bclen = 264;
+
+  unsigned char opcode_key[] = {0x48, 0x61, 0x76, 0x65, 0x46, 0x75, 0x6e,
+                                0x21, 0x50, 0x6f, 0x6c, 0x69, 0x43, 0x54,
+                                0x46, 0x32, 0x30, 0x31, 0x37, 0x21};
+
+  printf("%s", banner);
+  printf("\nHmmm...\n");
+  VM vm(opcode_key, bc, bclen);
+  vm.run();
+  return 0;
+}

polictf/server/pasticciotto_server.cpp

@@ -0,0 +1,90 @@
+#include "../../vm/vm.h"
+#include "../../vm/debug.h"
+#include <fstream>
+#include <iostream>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <unistd.h>
+
+#define KEYLEN 15
+#define CODESIZE 0x300
+#define DATAKEYLEN 30
+
+void gen_random(uint8_t *s, const int len) {
+  srand(time(NULL));
+  static const char alphanum[] = "0123456789"
+                                 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                 "abcdefghijklmnopqrstuvwxyz";
+  for (int i = 0; i < len; ++i) {
+    s[i] = alphanum[rand() % (sizeof(alphanum) - 1)];
+  }
+
+  s[len] = 0;
+}
+
+unsigned char encrypted_data[] = {
+    0xcc, 0x8d, 0x5a, 0xcc, 0x73, 0xb5, 0xf2, 0xa3, 0xf3, 0x92,
+    0xa8, 0x8f, 0x2f, 0xf1, 0x3e, 0xf4, 0x69, 0x00, 0x4a, 0xcb,
+    0xed, 0xc4, 0x57, 0x9b, 0xf6, 0x9a, 0x78, 0x46, 0x83, 0xe9};
+unsigned int encrypted_data_len = 30;
+
+int main(int argc, char *argv[]) {
+  uint8_t *key = new uint8_t[KEYLEN], *decdatasec = new uint8_t[DATAKEYLEN],
+          *flag = new uint8_t[DATAKEYLEN];
+  uint8_t *clientcode;
+  uint8_t i;
+  uint32_t clientcodesize, bytesread;
+  FILE *datap, *flagp;
+
+  gen_random(key, KEYLEN);
+  printf("Use this: \"%s\"\n", key);
+  fflush(stdout);
+  printf("How much data are you sending me?\n");
+  fflush(stdout);
+  scanf("%d", &clientcodesize);
+  printf("Go ahead then!\n");
+  fflush(stdout);
+  clientcode = new uint8_t[clientcodesize];
+  bytesread = read(0, clientcode, clientcodesize);
+  if (bytesread != clientcodesize) {
+    printf("ERROR! Couldn't read everything!\n");
+    fflush(stdout);
+    exit(1);
+  }
+  VM vm(key, clientcode, clientcodesize);
+  vm.as.insData(encrypted_data, encrypted_data_len);
+  vm.run();
+
+  datap = fopen("../res/decrypteddatasection.txt", "r");
+  if (datap == NULL) {
+      printf("Couldn't open decrypteddatasection.txt!\n");
+      fflush(stdout);
+      exit(1);
+  }
+  fscanf(datap, "%s", decdatasec);
+  fclose(datap);
+
+  for (i = 0; i < DATAKEYLEN; i++) {
+    if (vm.as.data[i] != decdatasec[i]) {
+        DBG_INFO(("Checking data[%d]..\n", i));
+        fflush(stdout);
+      printf("Nope!\n");
+      fflush(stdout);
+      exit(1);
+    }
+  }
+
+  flagp = fopen("../res/flag.txt", "r");
+  if (flagp == NULL) {
+      printf("Couldn't open flag.txt!\n");
+      fflush(stdout);
+      exit(1);
+  }
+  fscanf(flagp, "%s", flag);
+  fclose(flagp);
+  printf("Congratulations!\nThe flag is: %s\n", flag);
+  fflush(stdout);
+  return 0;
+}

polictf/tea_cversion/decrypt_test

@@ -0,0 +1 @@
+4 test

polictf/tea_cversion/encrypted

@@ -0,0 +1 @@
+¯“©žÚÈÓÛgJW‰\µž1bímŒ«Úre

polictf/tea_cversion/tea-decrypt.c

@@ -0,0 +1,44 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void decrypt(uint16_t *v) {
+  uint16_t v0 = v[0], v1 = v[1], sum = 0x3780, i; /* set up */
+  uint16_t delta = 0x626f;                        /* a key schedule constant */
+  uint16_t k0 = 0x7065;                           // "pe"
+  uint16_t k1 = 0x7065;                           // "pe"
+  uint16_t k2 = 0x7275;                           // "ru"
+  uint16_t k3 = 0x6e73;                           // "ns"
+  for (i = 0; i < 128; i++) {
+    // printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1); /* basic cycle
+    // start */
+    v1 -= ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3);
+    v0 -= ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1);
+    sum -= delta;
+  } /* end cycle */
+  v[0] = v0;
+  v[1] = v1;
+}
+
+int main(int argc, char *argv[]) {
+  uint8_t buf[1000];
+  uint32_t buflen, i;
+
+  fprintf(stdout, "Length of the string?\n");
+  fflush(stdout);
+  fscanf(stdin, "%d", &buflen);
+  printf("Length: %d\n", buflen);
+  read(0, buf, buflen);
+
+  for (i = 0; i < buflen && i + 2 * (sizeof(uint16_t)) <= buflen;
+       i += sizeof(uint32_t)) {
+    decrypt((uint16_t *)&buf[i]);
+  }
+  for (i = 0; i < buflen; i++) {
+    fprintf(stdout, "buf[%d] = 0x%02x\n", i, buf[i]);
+  }
+  printf("STRING: %s\n", buf);
+  fflush(stdout);
+}

polictf/tea_cversion/tea-encrypt.c

@@ -0,0 +1,46 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void encrypt(uint16_t *v) {
+  uint16_t v0 = v[0], v1 = v[1], sum = 0, i; /* set up */
+  uint16_t delta = 0x626f;
+  uint16_t k0 = 0x7065; // "pe"
+  uint16_t k1 = 0x7065; // "pe"
+  uint16_t k2 = 0x7275; // "ru"
+  uint16_t k3 = 0x6e73; // "ns"
+  // printf("v0: 0x%x, v1: 0x%x\n", v0, v1);
+  for (i = 0; i < 128; i++) {
+    sum += delta;
+    v0 += ((v1 << 4) + k0) ^ (v1) ^ ((v1 >> 5) + k1);
+    v1 += ((v0 << 4) + k2) ^ (v0) ^ ((v0 >> 5) + k3);
+    // printf("Intermediate v0: 0x%x | v1: 0x%x\n", v0, v1);
+  }
+  // printf("SUM: 0x%x\n", sum);
+  // printf("v0: 0x%x, v1: 0x%x\n", v0, v1);
+  v[0] = v0;
+  v[1] = v1;
+}
+
+int main(int argc, char *argv[]) {
+  uint8_t *buf;
+  uint32_t buflen, i;
+  FILE *f;
+  if (argc != 2) {
+    printf("Usage: %s text_to_encrypt", argv[0]);
+    exit(1);
+  }
+  buflen = strlen(argv[1]);
+  buf = (uint8_t *)malloc(buflen);
+  memcpy(buf, argv[1], buflen);
+
+  for (i = 0; i < buflen && i + 2 * (sizeof(uint16_t)) <= buflen;
+       i += sizeof(uint32_t)) {
+    encrypt((uint16_t *)&buf[i]);
+  }
+
+  write(1, buf, buflen);
+  return 0;
+}

polictf/tea_cversion/test.py

@@ -0,0 +1,12 @@
+from pwn import *
+
+r = remote("127.0.0.1", 8888)
+
+
+with open("./encrypted") as f:
+    data = f.read()
+
+print(r.recv())
+r.send("{}\n".format(len(data)))
+r.send("{}\n".format(data))
+print(r.recv())