< User:Ihaveahax
Revision as of 05:57, 21 December 2023 by Ihaveahax (talk | contribs) (Created page with "This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP. == check.py == <syntaxhighlight lang="python"> from pyctr.crypto import CryptoEngine from Cryptodome.Cipher import AES from hashlib import sha256 a = CryptoEngine() with open('otp_dec.bin', 'rb') as f: beginning = f.read(0x90) with open('otp.bin'...")
This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP.
check.py
from pyctr.crypto import CryptoEngine
from Cryptodome.Cipher import AES
from hashlib import sha256
a = CryptoEngine()
with open('otp_dec.bin', 'rb') as f:
beginning = f.read(0x90)
with open('otp.bin', 'rb') as f:
f.seek(0x80)
iv = f.read(0x10)
remaining = f.read()
ints = bytearray(remaining)
for x in range(len(remaining)):
orig = ints[x]
for bit in range(8):
new = orig ^ (1 << bit)
ints[x] = new
cipher = AES.new(a.otp_key, AES.MODE_CBC, iv)
data = cipher.decrypt(ints)
before_hash = data[0:0x50]
ohash = data[0x50:]
hash_before_hash = sha256(beginning + before_hash).hexdigest()
print(x, bit, hash_before_hash, ohash.hex(), hash_before_hash == ohash.hex())
if hash_before_hash == ohash.hex():
print(beginning + before_hash + ohash)
ints[x] = orig