def status(self, password, *subsystems):
subsystems = map(ReprogrammingRequest.SUBSYSTEMS.index, subsystems)
req = ReprogrammingRequest(RequestId=self.__nextId(),
Opcode=1,
Subsystems=subsystems,
Data=[])
InsertChecksum(req, password=password)
#self.__requests[req.RequestId] = Deferred()
self.transport.write(req.__serialize__())
def reprogram(self, password, subsystem, data, *additionalSubsystems):
if len(additionalSubsystems) % 2 != 0:
raise Exception(
"Arguments to reprogram is both a subsystem and the data")
req = ReprogrammingRequest(RequestId=self.__nextId(), Opcode=0)
subsystems = [subsystem]
programs = [data]
while additionalSubsystems:
subsystems.append(additionalSubsystems.pop(0))
programs.append(additionalSubsystems.pop(0))
subsystems = map(ReprogrammingRequest.SUBSYSTEMS.index, subsystems)
req.Subsystems = subsystems
req.Data = programs
InsertChecksum(req, password=password)
#self.__requests[req.RequestId] = Deferred()
self.transport.write(req.__serialize__())
def dataReceived(self, data):
try:
packet, bytesUsed = ReprogrammingRequest.Deserialize(data)
packetType = "request"
except:
packet, bytesUsed = ReprogrammingResponse.Deserialize(data)
packetType = "response"
print "TAP received %d bytes from %s to %s, packetType: %s, checksum: %s" % (
len(data), self.transport.getPeer(), self.transport.getHost(), packetType, packet.Checksum)
# resp, bytesUsed = ReprogrammingResponse.Deserialize(data) # wherReprogramme 's' is the string above
# realChecksum = req.Checksum # should be 59a42a27f07347f94d5d9fa58fa51ba3
if packetType == "response":
Checksum = data.split(" ")[9]
print Checksum
with open("serialized_data", "w") as f:
f.write(Checksum)
f.close()
print "Extracted Checksum"
if packetType == "request":
time.sleep(0.5)
print "Starting"
f = open("serialized_data", "r")
realChecksum = f.read()
f.close()
# reqPacket, bytesUsed = ReprogrammingRequest.Deserialize(reqData)
for i in range(0, 999999):
packet.Checksum = str(int(i)).zfill(6)
testChecksum = md5.new(packet.__serialize__()).hexdigest()
if realChecksum == testChecksum:
print packet.Checksum
print "Found password: %s" % str(int(i)).zfill(6)
break
print "Ended"
from bot.common.network import ReprogrammingRequest
import md5
def crackRequestPW(msg):
realChecksum = msg.Checksum
for i in range(999999):
pw = checkPw(msg, i, realChecksum)
if pw:
return pw
def checkPw(msg, pwnum, realCS):
pw = "0" * (6 - len(str(pwnum))) + str(pwnum)
msg.Checksum = pw
testChecksum = md5.new(msg.__serialize__()).hexdigest()
if testChecksum == realCS:
return pw
if __name__ == "__main__":
s = "+cyberward.botinterface.ReprogrammingRequest\x031.0\x00\x06\x00\x01\x00\x00\x00\x01\x00\x02\x00\x00\x00 59a42a27f07347f94d5d9fa58fa51ba3\x00\x03\x00\x00\x04\x00\x00\x00\x05\x00\x0b\x00\x00\x00\x01H\x00\x00\x00\x01E\x00\x00\x00\x01L\x00\x00\x00\x01L\x00\x00\x00\x01O\x00\x00\x00\x01 \x00\x00\x00\x01W\x00\x00\x00\x01O\x00\x00\x00\x01R\x00\x00\x00\x01L\x00\x00\x00\x01D\x00\x06\xff]o\xb7\xd3\xd8\x8f\xf4"
req, bytesUsed = ReprogrammingRequest.Deserialize(s)
print(crackRequestPW(req))