blaise: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=00fb13e98a303dff4159e894942e363208415ba1, for GNU/Linux 3.2.0, not stripped$ ./blaise
15$ ./blaise
19
12
24
a
$def f(num):
ret = 1
counter = 2
while counter <= num:
ret *= counter
counter += 1
return ret
def c(ran, counter):
num1 = f(ran)
num2 = f(counter)
num3 = f(ran - counter)
return num1 / (num2 * num3)from pwn import *
from sys import argv
if argv[1] == "r":
p = remote("chall.csivit.com", 30808)
else:
e = ELF("./blaise")
p = e.process()
rand = int(p.recvline()) # Recieves random number
log.info(f"random number: {rand}")
def f(num):
ret = 1
counter = 2
while counter <= num:
ret *= counter
counter += 1
return ret
def c(ran, counter):
num1 = f(ran)
num2 = f(counter)
num3 = f(ran - counter)
return num1 / (num2 * num3)
for i in range(0, rand + 1):
data = int(c(rand, i)) # Gets required number
p.sendline(str(data)) # Sends
flag = p.clean()
if flag: # I was lazy :p
log.info(f"flag is: {flag.decode()}")
exit()
int main(void)
{
int random;
time_t tVar1;
long result;
long input;
time_t local_40;
time_t local_38;
time_t local_30;
long number2;
long number1;
char *time_to_execute;
int counter;
int check;
setbuf(stdin,(char *)0x0);
setbuf(stdout,(char *)0x0);
setbuf(stderr,(char *)0x0);
tVar1 = time(&local_30);
srand((uint)tVar1);
time(&local_38);
check = 1;
counter = 0;
while( true ) {
random = rand();
if (random % 3 + 4 < counter) break;
random = rand();
number1 = (long)(random % 10 + 6);
random = rand();
number2 = (long)(random % 10 + 6);
printf("%d %d\n",number1,number2);
__isoc99_scanf(&DAT_0040200f,&input);
result = function1(number1,number2);
result = function2(result + 3);
if (result != input) {
check = 0;
}
counter = counter + 1;
}
time(&local_40);
time_to_execute = (char *)(double)(local_40 - local_38);
printf(time_to_execute,"fun() took %f seconds to execute \n");
if ((check != 1) || (30.00000000 < (double)time_to_execute)) {
printf("Nahh.");
}
else {
puts("Hey, you got me!");
system("cat flag.txt");
}
return 0;
}number1 = (long) (random % 10 + 6);
random = rand();
number2 = (long) (random % 10 + 6);
printf("%d %d\n", number1, number2);
__isoc99_scanf(&DAT_0040200f, &input);
result = function1(number1, number2);
result = function2(result + 3);
if (result != input) {
check = 0;
}if ((check != 1) || (30.00000000 < (double)time_to_execute)) {
printf("Nahh.");
}
else {
puts("Hey, you got me!");
system("cat flag.txt");
}long function1(long num1,long num2)
{
int counter;
int answer;
answer = 0;
counter = 1;
while ((counter <= num1 || (counter <= num2))) {
if ((num1 % (long) counter == 0) && (num2 % (long) counter == 0)) {
answer = counter;
}
counter = counter + 1;
}
return (long)answer;
}long function2(long number)
{
long lVar1;
if (number == 0) {
lVar1 = 1;
}
else {
lVar1 = function2(number - 1);
lVar1 = lVar1 * number;
}
return lVar1;
}def function2(number):
if number == 0:
return 1
return number * function(number - 1)two numbers -> highest common factor -> +3 -> factorial -> compared to inputfrom pwn import *
from numpy import gcd
import numpy
p = remote('chall.csivit.com', 30827)
while True:
try:
num1, num2 = map(int, p.recvline().decode().split()) # Cast and assign the two numbers
log.info(f'{num1} {num2}')
hcf = gcd(num1, num2)
log.success(f'HCF of {num1} and {num2} is {hcf}')
fact = numpy.math.factorial(hcf + 3)
log.success(f'Factorial of {hcf + 3}: {fact}')
p.sendline(f'{fact}')
except ValueError:
# If it's ValueError it can't be cast to an int, so we've received the flag
break
print(p.clean(1).decode())