def generate_key(dump_to_path: Union[str, None] = None, random_max: int = 1024, random_min: int = 16) -> Union[bytes, None]: """ Generate a random 16-byte AES key bytestring, by creating a random \ string of characters, length between random_max and random_min, \ and hashing the string. Generated key can be returned or \ written to a file. :param dump_to_path: if provided string, parameter is interpreted as path to a file for key to be written to, otherwise key is returned, default None :type dump_to_path: Union[str, None] :param random_max: maximum random character length for key generation through hashing, default 1024 :type random_max: int :param random_min: int, minimum random character length for key generation through hashing, default 16 :type random_min: int :return: if dump_to_path is not string, return bytes being the key, otherwise return None :rtype: Union[bytes, None] """ random_min = min(max(random_min, 1), random_max) if isinstance(dump_to_path, str) is True: with open(dump_to_path, "wb") as key_dump: key_dump.write( MD5.new(urandom(randint( random_min, random_max))).hexdigest().encode("ascii")) else: return MD5.new(urandom(randint( random_min, random_max))).hexdigest().encode("ascii")
def create_decryption_key(self, gateway_password, private_password): part1 = MD5.new() part1.update( gateway_password.replace('-', '').encode() + bytes.fromhex(BUDERUS_MAGIC_BYTES)) part2 = MD5.new() part2.update( bytes.fromhex(BUDERUS_MAGIC_BYTES) + private_password.encode()) logging.debug(part1.digest()[:32] + part2.digest()[:32]) return part1.digest()[:32] + part2.digest()[:32]
def runTest(self): message = b("\x00") * 16 result1 = "4AE71336E44BF9BF79D2752E234818A5".lower() result2 = "1A83F51285E4D89403D00C46EF8508FE".lower() h = MD5.new(message) message = h.digest() self.assertEqual(h.hexdigest(), result1) for _ in range(99999): h = MD5.new(message) message = h.digest() self.assertEqual(h.hexdigest(), result2)
def sign(self): key = RSA.importKey(self.priKey) signer = PKCS1_v1_5.new(key) h = MD5.new(self.passwd) signature = signer.sign(h) code = base64.urlsafe_b64encode(signature) return code.decode()
def derive_rom_key(dna: (bytes, bytearray)) -> (bytes, bytearray): global ROM_SECRET digest = bytearray(MD5.new(dna).digest()) for i in range(16): digest[i] ^= ROM_SECRET[i] return digest
def remove(self, key): from Cryptodome.Hash import MD5 h = MD5.new() h.update(key.encode("utf-8")) enc = int(h.hexdigest(), 16) rem = enc % self.capacity if self.data[rem] == None: pass else: if self.data[rem].val == enc: self.data[rem] = self.data[rem].next else: curp = self.data[rem] cur = self.data[rem].next while cur != None and cur.val != enc: curp = cur cur = cur.next if cur == None: pass else: curp.next = cur.next cur = None
def remove(self, key): hashtable = MD5.new() hashtable.update(key.encode("utf-8")) hashtable = hashtable.hexdigest() bucket = int(hashtable , 16)%self.storage deletebucket = self.contents[bucket] if deletebucket != None: if deletebucket.link != None: if deletebucket.data == hashtable: self.contents[bucket] = deletebucket.link else: while deletebucket.link: if deletebucket.data == hashtable: prev.link = deletebucket.link deletebucket = deletebucket.link else: prev = deletebucket deletebucket = deletebucket.link if deletebucket.link == None: if deletebucket.data == hashtable: prev.link = deletebucket.link else: if deletebucket.data == hashtable: self.contents[bucket] = None if self.contains(key) == True: self.remove(key)
def contains(self, key): from Cryptodome.Hash import MD5 a = MD5.new() a.update(key.encode("utf-8")) val = int(a.hexdigest(), 16) rem = val % self.capacity if self.data[rem] == None: return False elif self.data[rem].val == val: return True else: if self.data[rem].next == None: return False else: prev = self.data[rem] remo = self.data[rem].next while remo != None and remo.val != val: prev = remo remo = remo.next if remo == None: return False else: return True
def _EVP_BytesToKey(data, salt, key_len): d = [ b'' ] m = (key_len + 15 ) // 16 for _ in range(m): nd = MD5.new(d[-1] + data + salt).digest() d.append(nd) return b"".join(d)[:key_len]
def remove(self, key): h = MD5.new() h.update(key.encode("utf-8")) h = h.hexdigest() bucket = int(h, 16) % self.capacity del_bucket = self.data[bucket] if del_bucket != None: if del_bucket.next != None: if del_bucket.val == h: self.data[bucket] = del_bucket.next else: while del_bucket.next: if del_bucket.val == h: prev.next = del_bucket.next del_bucket = del_bucket.next else: prev = del_bucket del_bucket = del_bucket.next if del_bucket.next == None: if del_bucket.val == h: prev.next = del_bucket.next else: if del_bucket.val == h: self.data[bucket] = None if self.contains(key) == True: self.remove(key)
def GSS_GetMIC(self, sessionKey, data, sequenceNumber, direction='init'): GSS_GETMIC_HEADER = '\x60\x23\x06\x09\x2a\x86\x48\x86\xf7\x12\x01\x02\x02' token = self.MIC() # Let's pad the data pad = (4 - (len(data) % 4)) & 0x3 padStr = chr(pad) * pad data += padStr token['SGN_ALG'] = GSS_HMAC if direction == 'init': token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\x00' * 4 else: token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\xff' * 4 Ksign = HMAC.new(sessionKey.contents, 'signaturekey\0', MD5).digest() Sgn_Cksum = MD5.new(struct.pack('<L', 15) + str(token)[:8] + data).digest() Sgn_Cksum = HMAC.new(Ksign, Sgn_Cksum, MD5).digest() token['SGN_CKSUM'] = Sgn_Cksum[:8] Kseq = HMAC.new(sessionKey.contents, struct.pack('<L', 0), MD5).digest() Kseq = HMAC.new(Kseq, token['SGN_CKSUM'], MD5).digest() token['SND_SEQ'] = ARC4.new(Kseq).encrypt(token['SND_SEQ']) finalData = GSS_GETMIC_HEADER + token.getData() return finalData
def GSS_GetMIC(self, sessionKey, data, sequenceNumber, direction = 'init'): GSS_GETMIC_HEADER = '\x60\x23\x06\x09\x2a\x86\x48\x86\xf7\x12\x01\x02\x02' token = self.MIC() # Let's pad the data pad = (4 - (len(data) % 4)) & 0x3 padStr = chr(pad) * pad data += padStr token['SGN_ALG'] = GSS_HMAC if direction == 'init': token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\x00'*4 else: token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\xff'*4 Ksign = HMAC.new(sessionKey.contents, 'signaturekey\0', MD5).digest() Sgn_Cksum = MD5.new( struct.pack('<L',15) + str(token)[:8] + data).digest() Sgn_Cksum = HMAC.new(Ksign, Sgn_Cksum, MD5).digest() token['SGN_CKSUM'] = Sgn_Cksum[:8] Kseq = HMAC.new(sessionKey.contents, struct.pack('<L',0), MD5).digest() Kseq = HMAC.new(Kseq, token['SGN_CKSUM'], MD5).digest() token['SND_SEQ'] = ARC4.new(Kseq).encrypt(token['SND_SEQ']) finalData = GSS_GETMIC_HEADER + token.getData() return finalData
def _get_key_and_iv(password: str, salt: bytes, key_length: int = 32, iv_length: int = 16) -> tuple: password = password.encode() try: max_length = key_length + iv_length key_iv = MD5.new(password + salt).digest() tmp = [key_iv] while len(tmp) < max_length: tmp.append(MD5.new(tmp[-1] + password + salt).digest()) key_iv += tmp[-1] # Append the last byte key = key_iv[:key_length] iv = key_iv[key_length:key_length + iv_length] return key, iv except UnicodeDecodeError: return None, None
def __init__(self, f, dna: (bytes, bytearray) = None) -> None: self.reset() self.stream = f self.verifier = PKCS1_v1_5.new(RSA_PUB_KEY) if dna is not None: self.dna_hash = MD5.new(dna).digest() iv = self.stream.read(16) cipher = AES.new(SYSTEM_SECRET, AES.MODE_CBC, iv) header_enc = self.stream.read(16) header_dec = cipher.decrypt(header_enc) with BytesIO(header_dec) as bio: with StreamIO(bio) as sio: magic = sio.read(4) version = sio.read_int() file_count = sio.read_int() sio.seek(4, SEEK_CUR) # this is unused if magic != SHARED_MAGIC: raise Exception("Invalid update magic") elif version > 1: raise Exception("Invalid update version") else: record_size = ((file_count * 256) + 16) + RSA_PUB_BYTES self.stream.seek(16) record_enc = self.stream.read(record_size) # re-init cipher = AES.new(SYSTEM_SECRET, AES.MODE_CBC, iv) record_dec = cipher.decrypt(record_enc) with BytesIO(record_dec) as bio: with StreamIO(bio) as sio: magic = sio.read(4) if magic != SHARED_MAGIC: raise Exception("Invalid update magic") signature = record_dec[-RSA_PUB_BYTES:] #assert self.verifier.verify(SHA1.new(record_dec[:-RSA_PUB_BYTES]), signature), "Invalid signature" sio.seek(16) for x in range(file_count): file = UpdateFile() file.valid = False # probably not going to check this ever file.name = sio.read(80).split(b"\x00")[0].decode( "utf8") # max file name size is 80 bytes file.offset = sio.read_int() file.size_nopad = sio.read_int() file.size_pad = sio.read_int() file.unique = sio.read_int() & 1 != 0 key = bytearray(sio.read(16)) if file.unique and dna is not None: # this is only used if it's a console-unique file key = strxor(key, self.dna_hash) file.key = key file.iv = sio.read(16) file.signature = sio.read(RSA_PUB_BYTES) self.update_files.append(file)
def md5(inp, hexdigest=False, return_object=False): if not strng.is_bin(inp): raise ValueError('input must by byte string') h = MD5.new(inp) if return_object: return h if hexdigest: return strng.to_bin(h.hexdigest()) return h.digest()
def getCipherKey(): if not is_number(VERSION): raise ValueError('Invalid argument: --Version') ver = float(VERSION) if 0 < ver and ver < 5.1: if IS_XSH: return MD5.new(b'!X@s#h$e%l^l&').digest() else: return MD5.new(b'!X@s#c$e%l^l&').digest() elif 5.1 <= ver and ver <= 5.2: return SHA256.new(SID.encode()).digest() elif 5.2 < ver: if MASTER_PWD == None: return SHA256.new((USERNAME + SID).encode()).digest() else: return SHA256.new(MASTER_PWD.encode()).digest() else: raise ValueError('Invalid argument: --Version')
def __init__(self, MODEL: str, STRING_SETTINGS: str, STRING_UPGRADE: str, STRING_LOCAL: str = ''): tmpKey: bytes = MD5.new((MODEL * 2).encode()).digest()[:8] self.key: bytes = bytes.fromhex( self.decryptStr(tmpKey, STRING_SETTINGS)) self.iv: bytes = bytes.fromhex(self.decryptStr(tmpKey, STRING_UPGRADE)) self.path: str = self.decryptStr(tmpKey, STRING_LOCAL)
def __init__(self, MODEL: str, STRING_7F00500: str, STRING_7F00501: str, STRING_7F00502: str = ''): tmpKey: bytes = MD5.new((MODEL * 2).encode()).digest()[:8] self.key: bytes = bytes.fromhex(self.decryptStr( tmpKey, STRING_7F00500)) self.iv: bytes = bytes.fromhex(self.decryptStr(tmpKey, STRING_7F00501)) self.path: str = self.decryptStr(tmpKey, STRING_7F00502)
def get_token(self, a): import time import base64 from Cryptodome.Hash import MD5 t = int(time.time() + 172800) s = '{0}{1} Yc8U6r8KjAKAepEA'.format(t, a) c = base64.b64encode(MD5.new( s.encode('utf-8')).digest()).decode('utf-8') c = c.replace('=', '').replace('+', '-').replace('/', '_') return '?token={0}&expires={1}'.format(c, t)
def _get_file_hash(file_path): result = MD5.new() with open(file_path, "rb") as input_file: while True: data = input_file.read(4096) if not data: break result.update(data) return result.hexdigest()
def eapi(cls, url: str, data: Union[str, Mapping[str, Any]]): if type(data) == str: text = data else: text = json.dumps(data) message = f"nobody{url}use{text}md5forencrypt" digest = MD5.new(message.encode('utf-8')).digest().hex() data = f"{url}-36cd479b6b5-{text}-36cd479b6b5-{digest}" return EAPIResult(params=Crypto.aes_encrypt(data.encode( 'utf-8'), eapi_key, '', MODE_ECB).hex().upper())
def ComputeResponsev1(NegFlg, ResponseKeyNT, ResponseKeyLM, ServerChallenge, ClientChallenge, Time=None, ServerName=None): if NegFlg & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY: NtChallengeResponse = DESL(ResponseKeyNT, MD5.new(ServerChallenge + \ ClientChallenge).digest()[:8]) LmChallengeResponse = ClientChallenge + "\0"*16 else: NtChallengeResponse = DESL(ResponseKeyNT, ServerChallenge) LmChallengeResponse = DESL(ResponseKeyLM, ServerChallenge) SessionBaseKey = MD4.new(ResponseKeyNT).digest() return NtChallengeResponse, LmChallengeResponse, SessionBaseKey
def cryptodome(): import Cryptodome from Cryptodome.Hash import MD2 from Cryptodome.Hash import MD4 from Cryptodome.Hash import MD5 from Cryptodome.Hash import SHA1 from Cryptodome.Hash import SHA224 from Cryptodome.Hash import SHA256 from Cryptodome.Hash import SHA384 from Cryptodome.Hash import SHA512 from Cryptodome.Hash import HMAC Cryptodome.Hash.MD2.new() # Noncompliant MD2.new() # Noncompliant MD4.new() # Noncompliant MD5.new() # Noncompliant SHA1.new() # Noncompliant SHA224.new() # Noncompliant SHA256.new() # OK SHA384.new() # OK SHA512.new() # OK HMAC.new(b"\x00") # OK
def add(self, key): hashtable = MD5.new() hashtable.update(key.encode("utf-8")) hashtable = hashtable.hexdigest() bucket = int(hashtable , 16)%self.storage if self.contents[bucket] == None: self.contents[bucket] = ListNode(hashtable) else: new = ListNode(hashtable) now = self.contents[bucket] while now.link != None: now = now.link now.link = new
def add(self, key): h = MD5.new() h.update(key.encode("utf-8")) h = h.hexdigest() bucket = int(h, 16) % self.capacity if self.data[bucket] == None: self.data[bucket] = ListNode(h) else: new = ListNode(h) now = self.data[bucket] while now.next != None: now = now.next now.next = new
def add(self, key): h = MD5.new() h.update(key.encode("utf-8")) h = int(h.hexdigest(), 16) h = int(h % self.capacity) if self.data[h] == None: self.data[h] = ListNode(key) else: self.data[h].next = ListNode(key) #self.data[h].append(key) #用list的append用太順,之後才發現錯誤... return
def pycrypto(): import Crypto from Crypto.Hash import MD2 from Crypto.Hash import MD4 from Crypto.Hash import MD5 from Crypto.Hash import SHA from Crypto.Hash import SHA224 from Crypto.Hash import SHA256 from Crypto.Hash import SHA384 from Crypto.Hash import SHA512 from Crypto.Hash import HMAC Crypto.Hash.MD2.new() # Noncompliant MD2.new() # Noncompliant MD4.new() # Noncompliant MD5.new() # Noncompliant SHA.new() # Noncompliant SHA224.new() # Noncompliant SHA256.new() # Noncompliant SHA384.new() # Noncompliant SHA512.new() # Noncompliant HMAC.new(b"\x00") # Noncompliant
def export_data(self, entrystore, password): "Exports data from an entrystore" # set up encryption engine salt = "".join( [ random.choice(string.ascii_lowercase) for i in range(8) ] ) password = MD5.new(salt + password).digest() cipher = Blowfish.new(password) # generate data xml = "<?xml version=\"1.0\" ?>\n" xml += "<FPM full_version=\"00.58.00\" min_version=\"00.58.00\" display_version=\"00.58.00\">\n" xml += " <KeyInfo salt=\"%s\" vstring=\"%s\" />\n" % ( salt, self.__encrypt(cipher, "FIGARO") ) xml += " <LauncherList></LauncherList>\n" xml += " <PasswordList>\n" iter = entrystore.iter_children(None) while iter is not None: e = entrystore.get_entry(iter) if type(e) != entry.FolderEntry: e = e.convert_generic() xml += " <PasswordItem>\n" xml += " <title>%s</title>\n" % e.name xml += " <url>%s</url>\n" % e.get_field(entry.HostnameField).value xml += " <user>%s</user>\n" % e.get_field(entry.UsernameField).value xml += " <password>%s</password>\n" % e.get_field(entry.PasswordField).value xml += " <notes>%s</notes>\n" % e.description path = entrystore.get_path(iter) if len(path) > 1: xml += " <category>%s</category>\n" % entrystore.get_entry(entrystore.get_iter(path[0])).name else: xml += " <category></category>\n" xml += " <launcher></launcher>\n" xml += " </PasswordItem>\n" iter = entrystore.iter_traverse_next(iter) xml += " </PasswordList>\n" xml += "</FPM>\n" return xml
def verify(message, signature, pub_key, hash="SHA256"): signer = PKCS1_v1_5.new(pub_key) if (hash == "SHA512"): digest = SHA512.new() elif (hash == "SHA384"): digest = SHA384.new() elif (hash == "SHA256"): digest = SHA256.new() elif (hash == "SHA1"): digest = SHA.new() else: digest = MD5.new() digest.update(message) return signer.verify(digest, signature)
def add(self, key): md5 = MD5.new() md5.update(key.encode("utf-8")) md5 = md5.hexdigest() #採用餘數存取 bucket = int(md5) #若有相同的則用link list if self.data[bucket] == None: self.data[bucket] = ListNode(md5) else: new = ListNode(md5) first = self.data[bucket] while first.next != None: first = first.next first.next = new
def md5(inp, hexdigest=False, return_object=False): global _CryptoLog # if _CryptoLog is None: # _CryptoLog = os.environ.get('CRYPTO_LOG') == '1' if not strng.is_bin(inp): raise ValueError('input must by byte string') h = MD5.new(inp) if _Debug: if _CryptoLog: lg.args(_DebugLevel, hexdigest=h.hexdigest()) if return_object: return h if hexdigest: return strng.to_bin(h.hexdigest()) return h.digest()
def sign(message, priv_key, hash="SHA256"): priv_key = importKey(priv_key) signer = PKCS1_v1_5.new(priv_key) if (hash == "SHA512"): digest = SHA512.new() elif (hash == "SHA384"): digest = SHA384.new() elif (hash == "SHA256"): digest = SHA256.new() elif (hash == "SHA1"): digest = SHA.new() else: digest = MD5.new() digest.update(message) return signer.sign(digest)
def checksum(cls, key, keyusage, text): ksign = HMAC.new(key.contents, b'signaturekey\0', MD5).digest() md5hash = MD5.new(_RC4.usage_str(keyusage) + text).digest() return HMAC.new(ksign, md5hash, MD5).digest()
def GSS_Wrap(self, sessionKey, data, sequenceNumber, direction = 'init', encrypt=True, authData=None): # Damn inacurate RFC, useful info from here # https://social.msdn.microsoft.com/Forums/en-US/fb98e8f4-e697-4652-bcb7-604e027e14cc/gsswrap-token-size-kerberos-and-rc4hmac?forum=os_windowsprotocols # and here # https://www.rfc-editor.org/errata_search.php?rfc=4757 GSS_WRAP_HEADER = '\x60\x2b\x06\x09\x2a\x86\x48\x86\xf7\x12\x01\x02\x02' token = self.WRAP() # Let's pad the data pad = (8 - (len(data) % 8)) & 0x7 padStr = chr(pad) * pad data += padStr token['SGN_ALG'] = GSS_HMAC token['SEAL_ALG'] = GSS_RC4 if direction == 'init': token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\x00'*4 else: token['SND_SEQ'] = struct.pack('>L', sequenceNumber) + '\xff'*4 # Random confounder :) token['Confounder'] = ''.join([rand.choice(string.letters) for _ in range(8)]) Ksign = HMAC.new(sessionKey.contents, 'signaturekey\0', MD5).digest() Sgn_Cksum = MD5.new(struct.pack('<L',13) + str(token)[:8] + token['Confounder'] + data).digest() Klocal = '' for n in sessionKey.contents: Klocal += chr(ord(n) ^ 0xF0) Kcrypt = HMAC.new(Klocal,struct.pack('<L',0), MD5).digest() Kcrypt = HMAC.new(Kcrypt,struct.pack('>L', sequenceNumber), MD5).digest() Sgn_Cksum = HMAC.new(Ksign, Sgn_Cksum, MD5).digest() token['SGN_CKSUM'] = Sgn_Cksum[:8] Kseq = HMAC.new(sessionKey.contents, struct.pack('<L',0), MD5).digest() Kseq = HMAC.new(Kseq, token['SGN_CKSUM'], MD5).digest() token['SND_SEQ'] = ARC4.new(Kseq).encrypt(token['SND_SEQ']) if authData is not None: from impacket.dcerpc.v5.rpcrt import SEC_TRAILER wrap = self.WRAP(authData[len(SEC_TRAILER()) + len(GSS_WRAP_HEADER):]) snd_seq = wrap['SND_SEQ'] Kseq = HMAC.new(sessionKey.contents, struct.pack('<L',0), MD5).digest() Kseq = HMAC.new(Kseq, wrap['SGN_CKSUM'], MD5).digest() snd_seq = ARC4.new(Kseq).encrypt(wrap['SND_SEQ']) Kcrypt = HMAC.new(Klocal,struct.pack('<L',0), MD5).digest() Kcrypt = HMAC.new(Kcrypt,snd_seq[:4], MD5).digest() rc4 = ARC4.new(Kcrypt) cipherText = rc4.decrypt(token['Confounder'] + data)[8:] elif encrypt is True: rc4 = ARC4.new(Kcrypt) token['Confounder'] = rc4.encrypt(token['Confounder']) cipherText = rc4.encrypt(data) else: cipherText = data finalData = GSS_WRAP_HEADER + token.getData() return cipherText, finalData
from cryptography.hazmat.primitives import hashes from Crypto.Hash import MD2 as pycrypto_md2 from Crypto.Hash import MD4 as pycrypto_md4 from Crypto.Hash import MD5 as pycrypto_md5 from Cryptodome.Hash import MD2 as pycryptodomex_md2 from Cryptodome.Hash import MD4 as pycryptodomex_md4 from Cryptodome.Hash import MD5 as pycryptodomex_md5 import hashlib hashlib.md5(1) hashlib.md5(1).hexdigest() abc = str.replace(hashlib.md5("1"), "###") print(hashlib.md5("1")) pycrypto_md2.new() pycrypto_md4.new() pycrypto_md5.new() pycryptodomex_md2.new() pycryptodomex_md4.new() pycryptodomex_md5.new() hashes.MD5()