https://wiki.hacks.guide/w/index.php?action=history&feed=atom&title=User%3AIhaveahax%2FOTP_bitflip_finderUser:Ihaveahax/OTP bitflip finder - Revision history2026-05-17T04:30:52ZRevision history for this page on the wikiMediaWiki 1.43.8https://wiki.hacks.guide/w/index.php?title=User:Ihaveahax/OTP_bitflip_finder&diff=5040&oldid=prevIhaveahax: Created page with "This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP. == check.py == <syntaxhighlight lang="python"> from pyctr.crypto import CryptoEngine from Cryptodome.Cipher import AES from hashlib import sha256 a = CryptoEngine() with open('otp_dec.bin', 'rb') as f: beginning = f.read(0x90) with open('otp.bin'..."2023-12-21T05:57:18Z<p>Created page with "This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP. == check.py == <syntaxhighlight lang="python"> from pyctr.crypto import CryptoEngine from Cryptodome.Cipher import AES from hashlib import sha256 a = CryptoEngine() with open('otp_dec.bin', 'rb') as f: beginning = f.read(0x90) with open('otp.bin'..."</p>
<p><b>New page</b></p><div>This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP.<br />
<br />
== check.py ==<br />
<syntaxhighlight lang="python"><br />
from pyctr.crypto import CryptoEngine<br />
from Cryptodome.Cipher import AES<br />
from hashlib import sha256<br />
<br />
a = CryptoEngine()<br />
<br />
with open('otp_dec.bin', 'rb') as f:<br />
beginning = f.read(0x90)<br />
<br />
with open('otp.bin', 'rb') as f:<br />
f.seek(0x80)<br />
iv = f.read(0x10)<br />
remaining = f.read()<br />
<br />
ints = bytearray(remaining)<br />
for x in range(len(remaining)):<br />
orig = ints[x]<br />
for bit in range(8):<br />
new = orig ^ (1 << bit)<br />
ints[x] = new<br />
cipher = AES.new(a.otp_key, AES.MODE_CBC, iv)<br />
data = cipher.decrypt(ints)<br />
before_hash = data[0:0x50]<br />
ohash = data[0x50:]<br />
hash_before_hash = sha256(beginning + before_hash).hexdigest()<br />
print(x, bit, hash_before_hash, ohash.hex(), hash_before_hash == ohash.hex())<br />
if hash_before_hash == ohash.hex():<br />
print(beginning + before_hash + ohash)<br />
ints[x] = orig<br />
</syntaxhighlight></div>Ihaveahax