Qwaz
diff --git a/‎Internetwache/2016/code90/code90.py
+46 b/‎Internetwache/2016/code90/code90.py
+46
diff --git a/‎Internetwache/2016/crypto60/1.enc
+1 b/‎Internetwache/2016/crypto60/1.enc
+1
diff --git a/‎Internetwache/2016/crypto60/1.pem
+6 b/‎Internetwache/2016/crypto60/1.pem
+6
diff --git a/‎Internetwache/2016/crypto60/2.enc
+2 b/‎Internetwache/2016/crypto60/2.enc
+2
diff --git a/‎Internetwache/2016/crypto60/2.pem
+6 b/‎Internetwache/2016/crypto60/2.pem
+6
diff --git a/‎Internetwache/2016/crypto60/3.enc
29 Bytes b/‎Internetwache/2016/crypto60/3.enc
29 Bytes
diff --git a/‎Internetwache/2016/crypto60/3.pem
+6 b/‎Internetwache/2016/crypto60/3.pem
+6
diff --git a/‎Internetwache/2016/crypto60/bob1.pub
+4 b/‎Internetwache/2016/crypto60/bob1.pub
+4
diff --git a/‎Internetwache/2016/crypto60/bob2.pub
+4 b/‎Internetwache/2016/crypto60/bob2.pub
+4
diff --git a/‎Internetwache/2016/crypto60/bob3.pub
+4 b/‎Internetwache/2016/crypto60/bob3.pub
+4
diff --git a/‎Internetwache/2016/crypto60/decode.py
+2 b/‎Internetwache/2016/crypto60/decode.py
+2
diff --git a/‎Internetwache/2016/crypto60/memo.txt
+31 b/‎Internetwache/2016/crypto60/memo.txt
+31
diff --git a/‎Internetwache/2016/crypto60/secret.enc
+5 b/‎Internetwache/2016/crypto60/secret.enc
+5
diff --git a/‎Internetwache/2016/crypto70/crypto70.py
+112 b/‎Internetwache/2016/crypto70/crypto70.py
+112
diff --git a/‎Internetwache/2016/crypto70/myhash.py
+79 b/‎Internetwache/2016/crypto70/myhash.py
+79
@@ -0,0 +1,46 @@
+from pwn import *
+
+class Node:
+    def __init__(self, val):
+        self.left = None
+        self.right = None
+        self.val = val
+
+    def add(self, val):
+        if val <= self.val:
+            if self.left:
+                self.left.add(val)
+            else:
+                self.left = Node(val)
+        else:
+            if self.right:
+                self.right.add(val)
+            else:
+                self.right = Node(val)
+
+    def traverse(self):
+        ret = [self.val]
+        if self.right:
+            ret += self.right.traverse()
+        if self.left:
+            ret += self.left.traverse()
+        return ret
+
+def invert(text):
+    print text[:-1]
+    arr = list(map(int, text[1:-2].split(', ')))
+
+    root = Node(arr[0])
+
+    for t in arr[1:]:
+        root.add(t)
+
+    return '['+', '.join(map(str, root.traverse()))+']'
+
+p = remote('188.166.133.53', 11491)
+
+for i in range(50):
+    print p.recvuntil(': ')
+    p.sendline(invert(p.recvline()))
+
+print p.recvall()
@@ -0,0 +1 @@
+�]�cɳ*G?���j���� ���ً�v
@@ -0,0 +1,6 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIGaAgEAAh0NVkuXj50jNQSVju2LdENzKB7RQYsp8ez6gJPYzwIDAQABAh0BAmb2
+MYhTAdA3AXo487MZazSRzhyXAHBV/SIAAQIPA3WskWGtfkMevd8B5RTPAg8D2uLh
+0oll0yiwbWFd/AECDwGvxpeBtSEO+9e49qWFxQIOEF5Y/oP242S2YGoQBAECDwDN
+jer8WhuTNBTaClzKlQ==
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,2 @@
+
+"�y5�25�Vx����R{Vu��Gr�v
 
@@ -0,0 +1,6 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIGZAgEAAh0KIzcOfQ+wAjIWSsbWQoQPxU6SAkM/knpg61rb2QIDAQABAh0AqPhN
+tjDOSeZO80Fs89lRNazVYNah8coVsUMJTQIPAy414Z+b/fCjkNz8KHEzAg8DL/l+
+pGzenAB9MeZk1sMCDkTTwTLg2OKSsRg9KJ4JAg8CjJ9vZBFTZtCZUYzlgEMCDmNH
+Hcos5qItEq00hJQe
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,6 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIGbAgEAAh0MW2nhl55UH4XazeKqFNJyKoRvQbPbg+Zn47PRHQIDAQABAh0L3+SV
+tt+dM1Wr9+FzU9xLvYnlLw0MMkxCRFZGAQIPA1fMr9PDmMNYK6oE7b1BAg8DskoJ
+LhXyEwsmwqXrcN0CDwIqdDbGYEcs6IcBlEfjAQIPAiHd3W/NTwg3PZO5PJitAg8D
+O055NebR/IYkH5ghhZk=
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDgwDQYJKoZIhvcNAQEBBQADJwAwJAIdDVZLl4+dIzUElY7ti3RDcyge0UGLKfHs
++oCT2M8CAwEAAQ==
+-----END PUBLIC KEY-----
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDgwDQYJKoZIhvcNAQEBBQADJwAwJAIdCiM3Dn0PsAIyFkrG1kKED8VOkgJDP5J6
+YOta29kCAwEAAQ==
+-----END PUBLIC KEY-----
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDgwDQYJKoZIhvcNAQEBBQADJwAwJAIdDFtp4ZeeVB+F2s3iqhTSciqEb0Gz24Pm
+Z+Oz0R0CAwEAAQ==
+-----END PUBLIC KEY-----
@@ -0,0 +1,2 @@
+import sys
+sys.stdout.write(raw_input().decode('base64'))
@@ -0,0 +1,31 @@
+<check public key information>
+openssl rsa -pubin -inform PEM -text -noout < bob1.pub
+
+<check private key information>
+openssl rsa -inform PEM -text -noout < 1.pem
+
+<decrypt>
+openssl rsautl -decrypt -inkey 1.pem -in 1.enc
+
+e is all 0x10001
+
+bob1.pub
+0d:56:4b:97:8f:9d:23:35:04:95:8e:ed:8b:74:43:73:28:1e:d1:41:8b:29:f1:ec:fa:80:93:d8:cf
+359567260516027240236814314071842368703501656647819140843316303878351
+
+17963604736595708916714953362445519
+20016431322579245244930631426505729
+
+bob2.pub
+0a:23:37:0e:7d:0f:b0:02:32:16:4a:c6:d6:42:84:0f:c5:4e:92:02:43:3f:92:7a:60:eb:5a:db:d9
+273308045849724059815624389388987562744527435578575831038939266472921
+
+16514150337068782027309734859141427
+16549930833331357120312254608496323
+
+bob3.pub
+0c:5b:69:e1:97:9e:54:1f:85:da:cd:e2:aa:14:d2:72:2a:84:6f:41:b3:db:83:e6:67:e3:b3:d1:1d
+333146335555060589623326457744716213139646991731493272747695074955549
+
+17357677172158834256725194757225793
+19193025210159847056853811703017693
@@ -0,0 +1,5 @@
+DK9dt2MTybMqRz/N2RUMq2qauvqFIOnQ89mLjXY=
+
+AK/WPYsK5ECFsupuW98bCFKYUApgrQ6LTcm3KxY=
+
+CiLSeTUCCKkyNf8NVnifGKKS2FJ7VnWKnEdygXY=
@@ -0,0 +1,112 @@
+from pwn import *
+import hashlib
+import binascii
+import textwrap
+import random
+
+def binary_string(s):
+	return bin(int(binascii.hexlify(s),16)).lstrip("0b")
+
+def te(s):
+	p = 1 << 7
+	return s + "0" * (p-len(s)%p)
+
+def wrap64(s):
+	return textwrap.wrap(s, 64) #64
+
+def wrap16(s):
+	return textwrap.wrap(s, 16) #16
+
+def ti(l):
+	return int(l,2)
+
+def tr(x,y):
+	return (x<< y) or (x >> (16-y));
+
+def th(x):
+	return "{0:#0{1}x}".format(x,8)
+
+def tp(x,y):
+	s = th(x) + th(y)
+	s = s.replace("0x","")
+	return s
+
+def myhash(text):
+
+	b = binary_string(text)
+
+	p = te(b)
+
+	bl = wrap64(p)
+
+	t11 = 3
+	q2 = 5
+
+	tu = [ y**2 for y in range(16)]
+	to = [2, 7, 8, 2, 5, 3, 7, 8, 9, 4, 11, 13, 5, 8, 14, 15]
+
+	for i in bl:
+		t1 = t11
+		t2 = q2
+
+		tl = wrap16(i)
+		tq = map(ti, tl)
+
+		for j in range(16):
+			if(j >= 12 ):
+				tz = (tq[0] & tq[1]) | ~tq[2]
+			elif(j >= 8):
+				tz = (tq[3] | tq[2])
+			elif(j >= 4):
+				tz = (~tq[2] & tq[0]) & (tq[1] | ~tq[0])
+			elif(j >= 0):
+				tz = (tq[0] | ~tq[2]) | tq[1]
+			else:
+				pass
+
+			t1 = t1 + tr(tz + tu[j] + tq[j%(16>>2)],to[j])
+			t2 = t1 + tr(t2,to[j]) %t1
+
+		t11 += t1
+		q2 += t2
+
+	t11 = t11 % 0xFF # Should be 0xFFFFFFFF, right?
+	q2 = q2 % 0xFF # Same here... 0xFFFFFFFF
+
+	return tp(t11,q2)
+
+p = remote('188.166.133.53', 10009)
+
+p.recvuntil('It has ')
+prefix = p.recvn(8)
+log.info('prefix is %s' % prefix)
+
+now = 0
+while 1:
+	cand = prefix + '%07x' % now
+	m = hashlib.sha1()
+	m.update(cand)
+	h = m.digest().encode('hex')
+	if h[-4:] == '0000':
+		log.info('string is %s' % cand)
+		log.info('hash is %s' % h)
+		break
+	now += 1
+
+p.sendline(cand)
+
+now = 0
+while 1:
+	cand = ''
+	for i in range(18):
+		cand += random.choice('0123456789abcdefghijklmnopqrstuvwxyz')
+	h = myhash(cand)
+	log.info('string %s - hash %s' % (cand, h))
+	if h == '00006800007d':
+		break
+	now += 1
+
+log.info(cand)
+log.info(myhash(cand))
+p.interactive()
+
@@ -0,0 +1,79 @@
+#!/usr/bin/python2
+import binascii
+import textwrap
+
+def binary_string(s):
+	return bin(int(binascii.hexlify(s),16)).lstrip("0b")
+
+def te(s):
+	p = 1 << 7
+	return s + "0" * (p-len(s)%p)
+
+def wrap64(s):
+	return textwrap.wrap(s, 64) #64
+
+def wrap16(s):
+	return textwrap.wrap(s, 16) #16
+
+def ti(l):
+	return int(l,2)
+
+def tr(x,y):
+	return (x<< y) or (x >> (16-y));
+
+def th(x):
+	return "{0:#0{1}x}".format(x,8)
+
+def tp(x,y):
+	s = th(x) + th(y)
+	s = s.replace("0x","")
+	return s
+
+def myhash(text):
+
+	b = binary_string(text)
+
+	p = te(b) # 뒤에 0을 붙여 길이를 128의 배수로 만듦
+
+	bl = wrap64(p)
+
+	t11 = 3
+	q2 = 5
+
+	tu = [ y**2 for y in range(16)]
+	to = [2, 7, 8, 2, 5, 3, 7, 8, 9, 4, 11, 13, 5, 8, 14, 15]
+
+	for i in bl:
+		t1 = t11
+		t2 = q2
+
+		tl = wrap16(i)
+		tq = map(ti, tl)
+
+		for j in range(16):
+			if(j >= 12 ):
+				tz = (tq[0] & tq[1]) | ~tq[2]
+			elif(j >= 8):
+				tz = (tq[3] | tq[2])
+			elif(j >= 4):
+				tz = (~tq[2] & tq[0]) & (tq[1] | ~tq[0])
+			elif(j >= 0):
+				tz = (tq[0] | ~tq[2]) | tq[1]
+			else:
+				pass
+
+			t1 = t1 + tr(tz + tu[j] + tq[j%(16>>2)],to[j])
+			t2 = t1 + tr(t2,to[j]) %t1
+
+		t11 += t1
+		q2 += t2
+
+	t11 = t11 % 0xFF # Should be 0xFFFFFFFF, right?
+	q2 = q2 % 0xFF # Same here... 0xFFFFFFFF
+
+	return tp(t11,q2)
+
+
+while 1:
+	r = raw_input("Text: ")
+	print myhash(r)
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+`
	`2`	`+"�y5�25�Vx��R{Vu��Gr�v`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+import sys`
	`2`	`+sys.stdout.write(raw_input().decode('base64'))`