code hacking, zen coding


HackYou 2014 – Crypto 400 – CRYPTONET

Posted by aXs

We have intercepted communication in a private network.
It is used a strange protocol based on RSA cryptosystem.

Can you still prove that it is not secure enough and get the flag?

We have a pcap files with multiples TCP sessions and a python script:

import sys
import struct
import zlib
import socket

class Client:
  def __init__(self, ip):
    self.ip = ip
    self.port = 0x1337
    self.conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    self.conn.connect((self.ip, self.port))
    #recieve e
    self.e = self.Recv()
    #recieve n
    self.n = self.Recv()
    self.e, self.n = int(self.e), int(self.n)

  def Recv(self):
    #unpack data
    length = struct.unpack('!H', self.conn.recv(2))
    data = zlib.decompress(self.conn.recv(length[0]))
    return data

  def Pack(self, data):
    #compress data
    data = zlib.compress('%s' % data)
    length = struct.pack