defcon-quals-2015: add dialects

Author: thotypous

content/sec/defcon-quals-2025/dialects/.gitignore

@@ -0,0 +1,5 @@
+/brute_hash
+/test
+/example.com.*
+*.o
+__pycache__

content/sec/defcon-quals-2025/dialects/Makefile

@@ -0,0 +1,16 @@
+all: test brute_hash example.com.crt
+
+test: test.c libchina.o
+	gcc -no-pie $^ -o $@
+
+brute_hash: brute_hash.c libchina.o libsha.o
+	gcc -no-pie -Ofast -fopenmp $^ -o $@
+
+libchina.o: libchina.asm
+	nasm -f elf64 $< -o $@
+
+libsha.o: sha512.c 
+	gcc -Ofast -c sha512.c -o libsha.o 
+
+example.com.crt:
+	openssl req -newkey rsa:2048 -nodes -keyout example.com.key -x509 -subj '/CN=lol/' -days 365 -out example.com.crt

content/sec/defcon-quals-2025/dialects/brute_hash.c

@@ -0,0 +1,74 @@
+#include <stdio.h>
+#include "libchina.h"
+#include <omp.h>
+#include <string.h>
+#include "sha512.h"
+#include <stdlib.h>
+
+char sha512_test(uint8_t *buffer) {
+    uint8_t md[128];
+    sha512_ctx ctx;
+
+    sha512_init(&ctx);
+    sha512_update(&ctx, buffer, 32);
+    sha512_final(&ctx, md);
+
+    return md[0] == 0x8d && md[1] == 0x36 && md[2] == 0;
+}
+char sm3_test(uint8_t *buffer) {
+    SM3_CTX ctx;
+    ossl_sm3_init(&ctx);
+    ossl_sm3_update(&ctx, buffer, 32);
+
+    uint8_t md[SM3_DIGEST_LENGTH];
+    ossl_sm3_final(md, &ctx);
+
+    return !(md[0] | md[1] | md[2]);
+}
+
+
+int main() {
+    uint8_t gbl_buffer[32];
+
+    puts("Algo: ");
+    char nome[100];
+    scanf("%s", nome);
+
+    char sm3 = 0;
+    if(nome[1] == 'm') {
+        // sm3 
+        sm3 = 1;
+    }  // outro eh sha512
+
+    puts("Buffer: ");
+    for(int i = 0; i < 32; i++) scanf("%x", gbl_buffer + i);
+
+    //memcpy(gbl_buffer, st, 32);
+
+    //printf("\nLeu: ");
+    //for(int i = 0; i < 32; i++) printf("%02x ", gbl_buffer[i]);
+    //puts("");
+
+    #pragma omp parallel for
+    for(int i = 0; i < (1<<30); i++) {
+        uint8_t buffer[32];
+
+        memcpy(buffer, gbl_buffer, 32);
+        buffer[4] = (i) & 0xff;
+        buffer[7] = (i>>8) & 0xff;
+        buffer[12] = (i >> 16) & 0xff;
+        buffer[3] = (i >> 24) & 0xff;
+
+        if((sm3 &&sm3_test(buffer)) || (!sm3 && sha512_test(buffer))) {
+#pragma omp critical 
+        {
+            printf("Achou i = %d:", i);        
+            for(int j = 0; j < 32; j++) printf("%02x", buffer[j]);
+            puts("");
+        }
+        exit(0);
+        }
+    }
+
+    return 0;
+}

content/sec/defcon-quals-2025/dialects/ctf

@@ -0,0 +1 @@
+defcon{test_flag}

content/sec/defcon-quals-2025/dialects/ctf-patch

@@ -0,0 +1,23 @@
+from pwn import *
+
+def start_conn():
+    #return process('./ctf_patch_hash')
+    p = process('./brute_hash')
+    p.sendlineafter(b'Algo: \n', b'sm3')
+    p.recvuntil(b'Buffer: \n')
+    return p 
+
+def get(io, nonce_todo):
+    pay = ' '.join(map(hex, nonce_todo))
+    print('Pay: ', pay)
+    io.sendline(pay.encode())
+
+    io.recvuntil(b':')
+    data = bytes.fromhex(io.recvline().decode().strip())
+
+    if len(data) == 0:
+        print('Hash not found')
+        exit(1)
+    assert len(data) == 32
+    return data
+

content/sec/defcon-quals-2025/dialects/flag.txt

@@ -0,0 +1,17 @@
+from pwn import *
+
+def start_conn():
+    return remote('localhost', 1337, ssl=True)
+
+
+def get(io, key):
+    io.recv(8)
+    io.send(key)
+
+    blk = b'\x00' * 0x100
+    io.send(blk)
+
+    result = io.recv(0x100)
+    io.close()
+    return result
+