06.AdultOtter
2023-10-06 15:23:26 # 23.0xHackedCTF

AdultOtter

又是一道算法题,如下是分析:

1
2
3
4
(1)2 ** 255刚好能被2**64除断。
(2)对b[i]展开:b[i]=(2 ** 255 + code[i] - 7 *i ** i * code[i]+ b[i-1]) % 2**64;
(3)b[15] =  15 *2 ** 255 + code[15] - 7 *i ** i * code[15] + code[14] - 7 *i ** i * code[14] +  ......  code[1] - 7 *i**i * code[1] + b[0]
(4)那么使 code[15] - 7 *i ** i * code[15] + code[14] - 7 *i** i * code[14] +  ......  code[1] - 7 *i ** i * code[1]+ b[0] 为2**64倍数即可。

最终构造出来的结果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;

interface IAdultOtter {
    function pwn(uint[16] memory code) external;
}

contract Exploit{

    function exploit() public  {
    address addr = 0x6D40aCf2EF8F8F99247666AEE922E79CB605DE3B;
    uint[16] memory DataNumber;
    DataNumber[0] = 11;
    DataNumber[1] = 1513;
    DataNumber[2] = 3859;
    DataNumber[3] = 5192;
    DataNumber[4] = 6112;
    DataNumber[5] = 7966;
    DataNumber[6] = 9263;
    DataNumber[7] = 10432;
    DataNumber[8] = 11709;
    DataNumber[9] = 13320;
    DataNumber[10] = 14564;
    DataNumber[11] = 15480;
    DataNumber[12] = 16614;
    DataNumber[13] = 18200;
    DataNumber[14] = 19485;
    DataNumber[15] = 21344;
    IAdultOtter(addr).pwn(DataNumber);
    }

}
Prev
2023-10-06 15:23:26 # 23.0xHackedCTF
Next