Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.
< User:Ihaveahax
Revision as of 05:57, 21 December 2023 by Ihaveahax (talk | contribs) (Created page with "This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP. == check.py == <syntaxhighlight lang="python"> from pyctr.crypto import CryptoEngine from Cryptodome.Cipher import AES from hashlib import sha256 a = CryptoEngine() with open('otp_dec.bin', 'rb') as f: beginning = f.read(0x90) with open('otp.bin'...")

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)

This was used to find a bitflip in an OTP in mid 2021. It goes through each bit of the encrypted OTP, flips it, decrypts, and verifies hashes. It only checks keydata, though, it could be modified to check the entire OTP.

check.py

from pyctr.crypto import CryptoEngine
from Cryptodome.Cipher import AES
from hashlib import sha256

a = CryptoEngine()

with open('otp_dec.bin', 'rb') as f:
    beginning = f.read(0x90)

with open('otp.bin', 'rb') as f:
    f.seek(0x80)
    iv = f.read(0x10)
    remaining = f.read()

ints = bytearray(remaining)
for x in range(len(remaining)):
    orig = ints[x]
    for bit in range(8):
        new = orig ^ (1 << bit)
        ints[x] = new
        cipher = AES.new(a.otp_key, AES.MODE_CBC, iv)
        data = cipher.decrypt(ints)
        before_hash = data[0:0x50]
        ohash = data[0x50:]
        hash_before_hash = sha256(beginning + before_hash).hexdigest()
        print(x, bit, hash_before_hash, ohash.hex(), hash_before_hash == ohash.hex())
        if hash_before_hash == ohash.hex():
            print(beginning + before_hash + ohash)
    ints[x] = orig