#!/usr/bin/env python3 import hashlib from Crypto.Util.number import bytes_to_long, long_to_bytes from ecdsa.ecdsa import Public_key, Private_key, Signature, generator_192 from utils import listener from datetime import datetime from random import randrange FLAG = "crypto{?????????????????????????}" g = generator_192 n = g.order() class Challenge(): def __init__(self): self.before_input = "Welcome to ProSign 3. You can sign_time or verify.\n" secret = randrange(1, n) self.pubkey = Public_key(g, g * secret) self.privkey = Private_key(self.pubkey, secret) def sha1(self, data): sha1_hash = hashlib.sha1() sha1_hash.update(data) return sha1_hash.digest() def sign_time(self): now = datetime.now() m, n = int(now.strftime("%m")), int(now.strftime("%S")) current = f"{m}:{n}" msg = f"Current time is {current}" hsh = self.sha1(msg.encode()) sig = self.privkey.sign(bytes_to_long(hsh), randrange(1, n)) return {"msg": msg, "r": hex(sig.r), "s": hex(sig.s)} def verify(self, msg, sig_r, sig_s): hsh = bytes_to_long(self.sha1(msg.encode())) sig_r = int(sig_r, 16) sig_s = int(sig_s, 16) sig = Signature(sig_r, sig_s) if self.pubkey.verifies(hsh, sig): return True else: return False # # This challenge function is called on your input, which must be JSON # encoded # def challenge(self, your_input): if 'option' not in your_input: return {"error": "You must send an option to this server"} elif your_input['option'] == 'sign_time': signature = self.sign_time() return signature elif your_input['option'] == 'verify': msg = your_input['msg'] r = your_input['r'] s = your_input['s'] verified = self.verify(msg, r, s) if verified: if msg == "unlock": self.exit = True return {"flag": FLAG} return {"result": "Message verified"} else: return {"result": "Bad signature"} else: return {"error": "Decoding fail"} import builtins; builtins.Challenge = Challenge # hack to enable challenge to be run locally, see https://cryptohack.org/faq/#listener listener.start_server(port=13381)