# Main Idea

This challenge outputs 2 numbers. N and e(always 65537).
Than waits for input(hex string that length is devides to 256).
Our goal is to generate payoad that after proceessing by server outputs the hash that is zero hexstring(00 * 256)

# Reverse the code

1) Just creates hash object, waits for user input, validates the input


3) Generates the hash, than checks if hash is fully zero sends the flag


## Lets reverse the hash class and its methods that generates the hash

4) Firstly it devides our input srting to blocks containing 256 bytes


5) Then simply validates that this block is not even seen here, also converts the bytes to integer, than generates data by modular exponentiation operation pow(data, self.e, self.N), than again converts to bytes and returned to next operation


6) Next operation is custom xor function, it just xors current block with current _state(class attribute itially it is 00 * 256). Then xored value return to current _state. And loops over all blocks provided from input.



# Conclusion of reverse

After reversing the code we can now understand that main steps
1) Devides our input into blocks by 256 bytes
2) Each block calculates modular exponentiation than converts to bytes and xores with previous state and stores it to state

# Solution ([script](/IrisCTF/dhash/generate_payload.py))

Knowing that we can generate payload with three blocks, that after xor operations generate zero hash

I have written [script](/IrisCTF/dhash/generate_payload.py) that generate three blocks, third block is xored value of first two. And thats it


Also one steps, we cannot upload this payload because we know that our payload goes throw modular exponentiation operation, so we can predict that by function


Also in input we need to separate out bytes in hex format


An thats it, save payload to file


Boom! Get the flag


Original writeup (https://github.com/NOZ1000/CTF_Writeups_from_NOZi/tree/main/IrisCTF/dhash).