Careless Padding

#!/usr/local/bin/python
import random
import os
from secret import flag
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import json

N = 16

# 0 -> 0, 1~N -> 1, (N+1)~(2N) -> 2 ...
def count_blocks(length):
    block_count = (length-1) // N + 1
    return block_count

def find_repeat_tail(message):
    Y = message[-1]
    message_len = len(message)
    for i in range(len(message)-1, -1, -1):
        if message[i] != Y:
            X = message[i]
            message_len = i + 1
            break
    return message_len, X, Y

def my_padding(message):
    message_len = len(message)
    block_count = count_blocks(message_len)
    result_len =  block_count * N
    if message_len % N == 0:
        result_len += N
    X = message[-1]
    Y = message[(block_count-2)*N+(X%N)]
    if X==Y:
        Y = Y^1
    padded = message.ljust(result_len, bytes([Y]))
    return padded

def my_unpad(message):
    message_len, X, Y = find_repeat_tail(message)
    block_count = count_blocks(message_len)
    _Y = message[(block_count-2)*N+(X%N)]
    if (Y != _Y and Y != _Y^1):
        raise ValueError("Incorrect Padding")
    return message[:message_len]

def chal():
    k = os.urandom(16)
    m = json.dumps({'key':flag}).encode()

    iv = os.urandom(16)
    cipher = AES.new(k, AES.MODE_CBC, iv)

    padded = my_padding(m)
    enc = cipher.encrypt(padded)
    print(f"""
*********************************************************
You are put into the careless prison and trying to escape.
Thanksfully, someone forged a key for you, but seems like it's encrypted... 
Fortunately they also leave you a copied (and apparently alive) prison door.
The replica pairs with this encrypted key. Wait, how are this suppose to help?
Anyway, here's your encrypted key: {(iv+enc).hex()}
*********************************************************
""")

    while True:
        enc = input("Try unlock:")
        enc = bytes.fromhex(enc)
        iv = enc[:16]
        cipher = AES.new(k, AES.MODE_CBC, iv)
        try:
            message = my_unpad(cipher.decrypt(enc[16:]))
            if message == m:
                print("Hey you unlock me! At least you know how to use the key")  
            else:
                print("Bad key... do you even try?")
        except ValueError:
            print("Don't put that weirdo in me!")
        except Exception:
            print("What? Are you trying to unlock me with a lock pick?")

if __name__ == "__main__":
    chal()

        try:
            message = my_unpad(cipher.decrypt(enc[16:]))
            if message == m:
                print("Hey you unlock me! At least you know how to use the key")  
            else:
                print("Bad key... do you even try?")
        except ValueError:
            print("Don't put that weirdo in me!")

def my_padding(message):
    message_len = len(message)
    block_count = count_blocks(message_len)
    result_len =  block_count * N
    if message_len % N == 0:
        result_len += N
    X = message[-1]
    Y = message[(block_count-2)*N+(X%N)]
    if X==Y:
        Y = Y^1
    padded = message.ljust(result_len, bytes([Y]))  
    return padded

def my_unpad(message):
    message_len, X, Y = find_repeat_tail(message)
    block_count = count_blocks(message_len)
    _Y = message[(block_count-2)*N+(X%N)]
    if (Y != _Y and Y != _Y^1):
        raise ValueError("Incorrect Padding")
    return message[:message_len]

>>> my_padding(b'0123456789abcdef' + b'A')  
b'0123456789abcdefA111111111111111'
>>> my_padding(b'0123456789abcdef' + b'B')
b'0123456789abcdefB222222222222222'
>>> my_padding(b'0123456789abcdef' + b'C')
b'0123456789abcdefC333333333333333'
>>> my_padding(b'0123456789abcdef' + b'D')
b'0123456789abcdefD444444444444444'
>>> my_padding(b'0123456789abcdef' + b'E')
b'0123456789abcdefE555555555555555'

>>> my_padding(b'0123456789abcdef' + b'!')  
b'0123456789abcdef!111111111111111'
>>> my_padding(b'0123456789abcdef' + b'1')
b'0123456789abcdef1000000000000000'
>>> my_padding(b'0123456789abcdef' + b'A')
b'0123456789abcdefA111111111111111'
>>> my_padding(b'0123456789abcdef' + b'Q')
b'0123456789abcdefQ111111111111111'
>>> my_padding(b'0123456789abcdef' + b'a')
b'0123456789abcdefa111111111111111'
>>> my_padding(b'0123456789abcdef' + b'q')
b'0123456789abcdefq111111111111111'

{"key": "hitcon{tmperory_flag_for_testing_and_no_more}"}  

>>> import json
>>> flag = "hitcon{tmperory_flag_for_testing_and_no_more}"
>>> m = json.dumps({'key': flag}).encode()
>>> padded = my_padding(m)
>>> print('\n'.join(padded[i:i+N].decode() for i in range(0, len(padded), N)))  
{"key": "hitcon{
tmperory_flag_fo
r_testing_and_no
_more}"}________

>>> import os
>>> from Crypto.Cipher import AES
>>>
>>> k = os.urandom(16)
>>> iv = os.urandom(16)
>>>
>>> ct = AES.new(k, AES.MODE_CBC, iv).encrypt(padded)
>>> ct
b'\x0f\xae\xa0\x18\xceh\x06\x08\xd42\xc6=\xf8\xce\x1c\xc4\xcbUn\xfd4\xd7+\x95\xc1\x94\xa5o\xaf\x01\xcb\x0c\xea\x05\xee\xb1\xbf\xb0\xd7\xdb\xa2Cw\x12A\x94\xad\xb6\xe2\x16A$\xe4\xb4r\x1d\x0c\xeadW\xe4\n\xb1\x8f'  
>>>
>>> AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:16] + ct[16:32])
b'{"key": "hitcon{tmperory_flag_fo'
>>> my_unpad(AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:16] + ct[16:32]))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 6, in my_unpad
ValueError: Incorrect Padding

>>> iv[6] ^ ord('o') ^ ord(':')
112
>>> AES.new(k, AES.MODE_CBC, iv[:6] + bytes([112]) + iv[7:]).decrypt(ct[:16] + ct[16:32])
b'{"key"o "hitcon{tmperory_flag_fo'
>>> my_unpad(AES.new(k, AES.MODE_CBC, iv[:6] + bytes([112]) + iv[7:]).decrypt(ct[:16] + ct[16:32]))  
b'{"key"o "hitcon{tmperory_flag_f'

>>> for b in range(256):
...     try:
...         my_unpad(AES.new(k, AES.MODE_CBC, iv[:6] + bytes([iv[6] ^ b ^ ord(':')]) + iv[7:]).decrypt(ct[:16] + ct[16:32]))  
...         print(b, chr(b))
...     except ValueError:
...         pass
...
b'{"key"n "hitcon{tmperory_flag_f'
110 n
b'{"key"o "hitcon{tmperory_flag_f'
111 o

>>> pt = b'{"key": "hitcon{'
>>>
>>> for i in range(16):
...     for b in range(256):
...         try:
...             my_unpad(AES.new(k, AES.MODE_CBC, iv[:i] + bytes([iv[i] ^ b ^ pt[i]]) + iv[i + 1:]).decrypt(ct[:16] + ct[16:32]))  
...             print(i, b, chr(b))
...         except ValueError:
...             pass
...
b'{"key"n "hitcon{tmperory_flag_f'
6 110 n
b'{"key"o "hitcon{tmperory_flag_f'
6 111 o

>>> pt = b'{"key": "hitcon{..............&n'
>>>
>>> padding = pt[-1]
>>> AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:14] + bytes([ct[14] ^ pt[16:32][14] ^ padding]) + ct[15:16] + ct[16:32])  
b'\x1b\xd1\x06;\x16{\xfe\x03NIN\xe5\xd5\xcd\x1d\x11tmperory_flag_.o'
>>>
>>> padding = pt[-2]
>>> AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:15] + bytes([ct[15] ^ pt[16:32][15] ^ padding]) + ct[16:32])
b'\xf9_\xc9\x00wG\xf0C\x8aX\xa4h\xba"\x1f\xbatmperory_flag_f\''

>>> pt = b'{"key": "hitcon{..............fo'
>>>
>>> padding = pt[-1]
>>> AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:14] + bytes([ct[14] ^ pt[16:32][14] ^ padding]) + ct[15:16] + ct[16:32])  
b'\x98u\xbc\xc8\xba^\xfa\xe14\xd5%\x86\x1a\xa2o\xf1tmperory_flag_oo'
>>>
>>> padding = pt[-2]
>>> AES.new(k, AES.MODE_CBC, iv).decrypt(ct[:15] + bytes([ct[15] ^ pt[16:32][15] ^ padding]) + ct[16:32])
b'\xd8k\x041$Y\x84\xa66\xb2\x0eu\xdf[\x91\xa5tmperory_flag_ff'

>>> pt = b'{"key": "hitcon{..............&n'
>>>
>>> for padding in (pt[-1], pt[-2]):
...     print('Force padding to', chr(padding) * 2)
...     for i in range(16):
...         for b in range(256):
...             try:
...                 _iv = iv[:i] + bytes([b]) + iv[i + 1:]
...                 _ct = ct[:14] + bytes([ct[14] ^ pt[16:32][14] ^ padding, ct[15] ^ pt[16:32][15] ^ padding]) + ct[16:32]  
...                 my_unpad(AES.new(k, AES.MODE_CBC, _iv).decrypt(_ct))
...                 print([chr(x) for x in range(0x20, 0x7f) if x % N == i])
...             except ValueError:
...                 pass
...
Force padding to nn
b'\x1b\xd1\x06;\x16{\xfe\x03NIN\xe5\xd5\xcdn\x11tmperory_flag_.'
['.', '>', 'N', '^', 'n', '~']
b'\x1b\xd1\x06;\x16{\xfe\x03NIN\xe5\xd5\xcdo\x11tmperory_flag_.'
['.', '>', 'N', '^', 'n', '~']
Force padding to &&
b'\xf9_\xc9\x00wG\'C\x8aX\xa4h\xba"\x1f\xbatmperory_flag_f'
['&', '6', 'F', 'V', 'f', 'v']
b'\xf9_\xc9\x00wG&C\x8aX\xa4h\xba"\x1f\xbatmperory_flag_f'
['&', '6', 'F', 'V', 'f', 'v']

>>> pt = b'{"key": "hitcon{..............fo'
>>>
>>> for padding in (pt[-1], pt[-2]):
...     print('Force padding to', chr(padding) * 2)
...     for i in range(16):
...         for b in range(256):
...             try:
...                 _iv = iv[:i] + bytes([b]) + iv[i + 1:]
...                 _ct = ct[:14] + bytes([ct[14] ^ pt[16:32][14] ^ padding, ct[15] ^ pt[16:32][15] ^ padding]) + ct[16:32]  
...                 my_unpad(AES.new(k, AES.MODE_CBC, _iv).decrypt(_ct))
...                 print([chr(x) for x in range(0x20, 0x7f) if x % N == i])
...             except ValueError:
...                 pass
...
Force padding to oo
b'\x98u\xbc\xc8\xba^\xfa\xe14\xd5%\x86\x1a\xa2ontmperory_flag_'
['/', '?', 'O', '_', 'o']
b'\x98u\xbc\xc8\xba^\xfa\xe14\xd5%\x86\x1a\xa2ootmperory_flag_'
['/', '?', 'O', '_', 'o']
Force padding to ff
b'\xd8k\x041$Y\x84\xa66\xb2\x0eu\xdf[\x91ftmperory_flag_'
['/', '?', 'O', '_', 'o']
b'\xd8k\x041$Y\x84\xa66\xb2\x0eu\xdf[\x91gtmperory_flag_'
['/', '?', 'O', '_', 'o']

>>> pt = b'{"key": "hitcon{.............?fo'
>>>
>>> for padding in (pt[-1], pt[-2], pt[-3]):
...     print('Force padding to', chr(padding) * 3)
...     for i in range(16):
...         for b in range(256):
...             try:
...                 _iv = iv[:i] + bytes([b]) + iv[i + 1:]
...                 _ct = ct[:13] + bytes([ct[j] ^ pt[16:32][j] ^ padding for j in range(16 - 3, 16)]) + ct[16:32]  
...                 my_unpad(AES.new(k, AES.MODE_CBC, _iv).decrypt(_ct))
...                 print([chr(x) for x in range(0x20, 0x7f) if x % N == i])
...             except ValueError:
...                 pass
...
Force padding to ooo
b'\x19\x91\x94\xd0P\xdf\xeb\x110\xd0\xb8 \t\tSntmperory_flag\x0f'
['/', '?', 'O', '_', 'o']
b'\x19\x91\x94\xd0P\xdf\xeb\x110\xd0\xb8 \t\tSotmperory_flag\x0f'
['/', '?', 'O', '_', 'o']
Force padding to fff
b'\x16\xae\xf0\xddMzf\x7f\xb2SAx\xf5^;\xa6tmperory_flag\x06'
['&', '6', 'F', 'V', 'f', 'v']
b'\x16\xae\xf0\xddMzg\x7f\xb2SAx\xf5^;\xa6tmperory_flag\x06'
['&', '6', 'F', 'V', 'f', 'v']
Force padding to ???
b'@\xcb\xa1\x16\x8f\xe2FYt\x1cy\x1b\xed\xf2o?tmperory_flag_'
['/', '?', 'O', '_', 'o']
b'@\xcb\xa1\x16\x8f\xe2FYt\x1cy\x1b\xed\xf2o>tmperory_flag_'
['/', '?', 'O', '_', 'o']
>>>
>>> pt = b'{"key": "hitcon{............._fo'
>>>
>>> for padding in (pt[-1], pt[-2], pt[-3]):
...     print('Force padding to', chr(padding) * 3)
...     for i in range(16):
...         for b in range(256):
...             try:
...                 _iv = iv[:i] + bytes([b]) + iv[i + 1:]
...                 _ct = ct[:13] + bytes([ct[j] ^ pt[16:32][j] ^ padding for j in range(16 - 3, 16)]) + ct[16:32]
...                 my_unpad(AES.new(k, AES.MODE_CBC, _iv).decrypt(_ct))
...                 print([chr(x) for x in range(0x20, 0x7f) if x % N == i])
...             except ValueError:
...                 pass
...
Force padding to ooo
b'A\x95Y\x9d\xbcf\x1co\x90\x94\xba{\xfb\x0bn\x1etmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']
b'A\x95Y\x9d\xbcf\x1cn\x90\x94\xba{\xfb\x0bn\x1etmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']
Force padding to fff
b'\xc8\xd67\xcf\xbe~\x9afAf\xf7\xe0\x9eZ,\x7ftmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']
b'\xc8\xd67\xcf\xbe~\x9agAf\xf7\xe0\x9eZ,\x7ftmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']
Force padding to ___
b'\x9aZK\xee1\xc4\xc8^\x99\x15\xc0a\xc2/Vctmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']
b'\x9aZK\xee1\xc4\xc8_\x99\x15\xc0a\xc2/Vctmperory_flag'
["'", '7', 'G', 'W', 'g', 'w']

def get_process():
    if len(sys.argv) < 3:
        return process(['python3', 'chal.py'], level='CRITICAL')

    host, port = sys.argv[1], sys.argv[2]
    return remote(host, port, level='CRITICAL')


def prepare():
    io = get_process()
    io.recvuntil(b"Anyway, here's your encrypted key: ")
    enc_data = bytes.fromhex(io.recvline().decode())
    io.recv()

    iv, ct = enc_data[:16], enc_data[16:]

    if len(sys.argv) < 3:
        pt = sys.argv[1].encode()
    else:
        pt = sys.argv[3].encode()

    assert len(pt) % 16 == 0

    if len(pt) > 32:
        iv = ct[(len(pt) // 16 - 3) * 16: (len(pt) // 16 - 2) * 16]  
        ct = ct[(len(pt) // 16 - 2) * 16:]
        pt = pt[(len(pt) // 16 - 2) * 16:]

    known = pt[::-1].index(b'.')

io, iv, ct, pt, known = prepare()

if known == 0:
    for i in range(16):
        payload = ''

        for b in range(256):
            _iv = iv[:i] + bytes([b]) + iv[i + 1:]
            _ct = ct[:16] + ct[16:32]

            payload += _iv.hex() + _ct.hex() + '\n'  

        io.send(payload.encode())

        for b in range(256):
            if b'weirdo' not in io.recvline():
                print(chr(iv[i] ^ b ^ pt[i]))

        io.recv()

    exit()

for k in range(1, known + 1):
    padding = pt[-k]
    print('Force padding to', chr(padding) * known)

    for i in range(16):
        payload = ''

        for b in range(256):
            _iv = iv[:i] + bytes([b]) + iv[i + 1:]
            _ct = ct[:16 - known] + \
                bytes([ct[j] ^ pt[16:32][j] ^ padding for j in range(16 - known, 16)]) + \  
                ct[16:32]

            payload += _iv.hex() + _ct.hex() + '\n'

        io.send(payload.encode())

        for b in range(256):
            if b'weirdo' not in io.recvline():
                print([chr(x) for x in range(0x20, 0x7f) if x % N == i])

        io.recv()

        io.close()
        io, iv, ct, pt, _ = prepare()

$ H=chal-careless-padding.chal.hitconctf.com

$ P=11111

$ python3 solve.py $H $P '{"key": "hitcon{................'  
w
v

$ python3 solve.py $H $P '{"key": "hitcon{...............w'  
Force padding to w
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{...............v'
Force padding to v
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{..............4w'  
Force padding to ww
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to 44
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{..............4v'
Force padding to vv
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 44
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{..............dw'
Force padding to ww
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to dd
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{..............dv'
Force padding to vv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to dd
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{..............tw'
Force padding to ww
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to tt
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{..............tv'
Force padding to vv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to tt
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']

$ python3 solve.py $H $P '{"key": "hitcon{.............#4v'  
Force padding to vvv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to 444
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']
Force padding to ###
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{.............34v'
Force padding to vvv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to 444
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']
Force padding to 333
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{.............C4v'
Force padding to vvv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to 444
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']
Force padding to CCC
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{.............S4v'
Force padding to vvv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to 444
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']
Force padding to SSS
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{.............c4v'
Force padding to vvv
['&', '6', 'F', 'V', 'f', 'v']
['&', '6', 'F', 'V', 'f', 'v']
Force padding to 444
['$', '4', 'D', 'T', 'd', 't']
['$', '4', 'D', 'T', 'd', 't']
Force padding to ccc
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{.............s4v'
Force padding to vvv
['/', '?', 'O', '_', 'o']
['/', '?', 'O', '_', 'o']
Force padding to 444
['/', '?', 'O', '_', 'o']
['/', '?', 'O', '_', 'o']
Force padding to sss
['/', '?', 'O', '_', 'o']
['/', '?', 'O', '_', 'o']

$ python3 solve.py $H $P '{"key": "hitcon{............_s4v'  
Force padding to vvvv
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to 4444
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to ssss
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to ____
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']

$ python3 solve.py $H $P '{"key": "hitcon{.4dd1ng_w0n7_s4v'  
Force padding to vvvvvvvvvvvvvvv
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to 444444444444444
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to sssssssssssssss
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to _______________
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to 777777777777777
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to nnnnnnnnnnnnnnn
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to 000000000000000
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to wwwwwwwwwwwwwww
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to _______________
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to ggggggggggggggg
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to nnnnnnnnnnnnnnn
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to 111111111111111
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to ddddddddddddddd
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to ddddddddddddddd
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to 444444444444444
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v................'  
a
`

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v...............a'  
Force padding to a
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v..............ra'  
Force padding to aa
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']
Force padding to rr
[' ', '0', '@', 'P', '`', 'p']
[' ', '0', '@', 'P', '`', 'p']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v._y0u_Fr0m_4_0ra'  
Force padding to aaaaaaaaaaaaaaa
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to rrrrrrrrrrrrrrr
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 000000000000000
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to _______________
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 444444444444444
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to _______________
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to mmmmmmmmmmmmmmm
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 000000000000000
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to rrrrrrrrrrrrrrr
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to FFFFFFFFFFFFFFF
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to _______________
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to uuuuuuuuuuuuuuu
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 000000000000000
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to yyyyyyyyyyyyyyy
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to _______________
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0ra................'  
7
6

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0ra.13_617aa68c06d7'  
Force padding to 777777777777777
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to ddddddddddddddd
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 666666666666666
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 000000000000000
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to ccccccccccccccc
...
Force padding to 888888888888888
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 666666666666666
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to aaaaaaaaaaaaaaa
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to aaaaaaaaaaaaaaa
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 777777777777777
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 111111111111111
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 666666666666666
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to _______________
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 333333333333333
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']
Force padding to 111111111111111
['#', '3', 'C', 'S', 'c', 's']
['#', '3', 'C', 'S', 'c', 's']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7................'  
8
9

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7...............8'
Force padding to 8
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7...............9'
Force padding to 9
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7..............58'  
Force padding to 88
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']
Force padding to 55
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7..............59'
Force padding to 99
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']
Force padding to 55
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7..............e8'
Force padding to 88
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to ee
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7..............e9'
Force padding to 99
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']
Force padding to ee
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7............e8e8'  
Force padding to 8888
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']
Force padding to eeee
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']
Force padding to 8888
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']
Force padding to eeee
[')', '9', 'I', 'Y', 'i', 'y']
[')', '9', 'I', 'Y', 'i', 'y']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7.b91f57d1969e8e8'  
Force padding to 888888888888888
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to eeeeeeeeeeeeeee
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 888888888888888
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to eeeeeeeeeeeeeee
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 999999999999999
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 666666666666666
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 999999999999999
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 111111111111111
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to ddddddddddddddd
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 777777777777777
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 555555555555555
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to fffffffffffffff
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 111111111111111
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to 999999999999999
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']
Force padding to bbbbbbbbbbbbbbb
['!', '1', 'A', 'Q', 'a', 'q']
['!', '1', 'A', 'Q', 'a', 'q']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d71b91f57d1969e8e8............}"}8'  
Force padding to 8888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to }}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']
Force padding to """"
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to }}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d71b91f57d1969e8e8...........}"}88'
Force padding to 88888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to 88888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to }}}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']
Force padding to """""
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to }}}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d71b91f57d1969e8e8..........}"}888'
Force padding to 888888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to 888888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to 888888
['-', '=', 'M', ']', 'm', '}']
['-', '=', 'M', ']', 'm', '}']
Force padding to }}}}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']
Force padding to """"""
["'", '7', 'G', 'W', 'g', 'w']
["'", '7', 'G', 'W', 'g', 'w']
Force padding to }}}}}}
['(', '8', 'H', 'X', 'h', 'x']
['(', '8', 'H', 'X', 'h', 'x']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d71b91f57d1969e8e8...}"}8888888888'  
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to 8888888888888
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to }}}}}}}}}}}}}
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to """""""""""""
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']
Force padding to }}}}}}}}}}}}}
['"', '2', 'B', 'R', 'b', 'r']
['"', '2', 'B', 'R', 'b', 'r']

$ python3 solve.py $H $P '{"key": "hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d71b91f57d1969e8e8.32}"}8888888888'  
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 888888888888888
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to }}}}}}}}}}}}}}}
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to """""""""""""""
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to }}}}}}}}}}}}}}}
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 222222222222222
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']
Force padding to 333333333333333
['%', '5', 'E', 'U', 'e', 'u']
['%', '5', 'E', 'U', 'e', 'u']

hitcon{p4dd1ng_w0n7_s4v3_y0u_Fr0m_4_0rac13_617aa68c06d7ab91f57d1969e8e8532}