Construct Random Relations For Flag Check

cons.py

import sys
import random

EQ_CNT = 24
RN_CNT = 10
passwd = sys.argv[1]

rnd  = lambda n: [random.randrange(0x1, 0x100) for _ in range(n)]

assert len(passwd) > 4

print '// Kittens in the zero locus'
print '// Hint: Use symbolic execution'
print
print '#define PASSLEN (%d)' % len(passwd)
print '#define MAGIC (0x%s)' % passwd[:4].encode('hex')
print

rels = []
for i in range(len(passwd)):
    for j in range(EQ_CNT):
        rel = []
        rel.append(i)
        for x in range(random.randrange(len(passwd) / 2, len(passwd))):
            rel.append(random.randrange(0, len(passwd)))
        random.shuffle(rel)
        rels.append(rel)
        rel = []

def build(terms):
    if len(terms) == 1:
        term = terms[0]
        if isinstance(term, tuple):
            i, v = term
            return 'buf[%d]' % i, v
        else:
            return '%d' % term, term
    else:
        n     = random.randrange(1, len(terms))
        a, av = build(terms[:n])
        b, bv = build(terms[n:])
        op    = random.choice([
            ('*', lambda x, y: (x*y) % 0x100),
            ('+', lambda x, y: (x+y) % 0x100),
            ('-', lambda x, y: (x-y) % 0x100),
            ('&', lambda x, y: x&y),
            ('^', lambda x, y: x^y)
        ])

        return '((uint8_t) (%s%s%s))' % (a, op[0], b), op[1](av, bv)

relx = []
for rel in rels:
    r = []
    r += [(r, ord(passwd[r])) for r in rel]
    r += rnd(random.randrange(1, RN_CNT))
    random.shuffle(r)
    relx.append(r)

print 'int check(uint8_t* buf) {'
for rel in relx:
    s, v = build(rel)
    print '  if (%s^0x%x) return 1;' % (s, v)
print '  return 0;'
print '}'