User:Ihaveahax/OTP bitflip finder
User page
More actions
This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP.
check.py
from pyctr.crypto import CryptoEngine
from Cryptodome.Cipher import AES
from hashlib import sha256
a = CryptoEngine()
with open('otp_dec.bin', 'rb') as f:
beginning = f.read(0x90)
with open('otp.bin', 'rb') as f:
f.seek(0x80)
iv = f.read(0x10)
remaining = f.read()
ints = bytearray(remaining)
for x in range(len(remaining)):
orig = ints[x]
for bit in range(8):
new = orig ^ (1 << bit)
ints[x] = new
cipher = AES.new(a.otp_key, AES.MODE_CBC, iv)
data = cipher.decrypt(ints)
before_hash = data[0:0x50]
ohash = data[0x50:]
hash_before_hash = sha256(beginning + before_hash).hexdigest()
print(x, bit, hash_before_hash, ohash.hex(), hash_before_hash == ohash.hex())
if hash_before_hash == ohash.hex():
print(beginning + before_hash + ohash)
ints[x] = orig