def generate_keys(self):
self.key_material()
self.conn.read_key = self.conn.key_material[:16]
self.conn.write_key = self.conn.key_material[16:]
self.hexprint("generate_keys:\n", self.conn.read_key)
self.hexprint("", self.conn.write_key)
d = RC4.RC4()
self.conn.rc4_read_key = d.RC4_set_key(self.conn.read_key)
del d
d = RC4.RC4()
self.conn.rc4_write_key = d.RC4_set_key(self.conn.write_key)
del d
def read_ssl(self, len=0):
buf = self.recvstuff(self.sck, 2)
if not buf:
raise OpenSSLException, "read_ssl: recv returned nothing. (IIS with no SSL config?)"
a = struct.unpack(">B", buf[0])[0]
b = struct.unpack(">B", buf[1])[0]
if not (a & 0x80):
read_len = ((a & 0x3f) << 8) | b
buf = self.recvstuff(self.sck, 1)
padding = struct.unpack(">B", buf[0])[0]
else:
read_len = ((a & 0x7f) << 8) | b
padding = 0
if len:
if read_len <= 0 or read_len > len:
print "warning! ssl_returned read_len: %d user_asked len: %d" % (
read_len, len)
if self.debug:
print "read_len %d padding %d" % (read_len, padding)
buf = self.recvstuff(self.sck, read_len)
if self.conn.encrypted:
if (MD5_DIGEST_LENGTH + padding) >= read_len:
if struct.unpack("B",
buf[0])[0] == SSL2_MT_ERROR and read_len == 3:
raise OpenSSLException, "error in read_ssl: crypto related."
else:
raise OpenSSLException, "read_ssl: short ssl packet."
else:
return buf
self.hexprint("read_ssl enc(md5+pad+text): ", buf)
d = RC4.RC4()
#self.hexprint("read_key: ", self.conn.read_key)
#d.RC4_set_key(self.conn.read_key)
text = d.RC4_update(self.conn.rc4_read_key, buf)
if padding > 0:
text = text[MD5_DIGEST_LENGTH:-padding]
else:
text = text[MD5_DIGEST_LENGTH:]
#text = MD5_DIGEST + clear text + padding
#strip padding and MD5_DIGEST
self.hexprint("read_ssl clear text:\n", text)
if struct.unpack("B", text[0])[0] == SSL2_MT_ERROR:
if read_len != 3:
raise OpenSSLException, "read_ssl: bad reply from server"
else:
raise OpenSSLException, "read_ssl: error from server"
return text
def check(key):
"""
Encrypt the IV with the given key and checks with the keystream
"""
rc4 = RC4.RC4(key)
keystream = rc4.getKeystream(CHALLENGE_LEN)[16:]
#keystream = rc4.getKeystream(CHALLENGE_LEN)
if keystream == KEY_STREAM:
secret_key = unconvert_key(key)
print('\n -----KEY FOUNDED----\n\nKey : {0}\n'.format(secret_key))
raise Exception("Key founded stopping pool")
def write_ssl(self, data):
if self.conn.encrypted:
total_len = len(data) + MD5_DIGEST_LENGTH
else:
total_len = len(data)
if total_len + 2 > MAX_BUFSIZ:
raise OpenSSLException, "write_ssl: buffer size too big"
if self.debug:
print "write_ssl total_len %d" % total_len
buf = struct.pack(">H", total_len | 0x8000)
if self.debug:
print "write seq: %d" % self.conn.write_seq
if self.conn.encrypted:
d = md5.new()
d.update(self.conn.write_key)
d.update(data)
seq = struct.pack(">L", self.conn.write_seq)
self.hexprint("sequence: ", seq)
d.update(seq)
self.hexprint("MD5 digest: \n", d.digest())
#RC4 encrypt the md5_hash+data
r = RC4.RC4()
#r.RC4_set_key(self.conn.write_key)
buf += r.RC4_update(self.conn.rc4_write_key, (d.digest() + data))
#append
else:
buf += data
if self.conn.encrypted:
self.hexprint("write_ssl encrypt text:\n", buf)
self.sendstuff(self.sck, buf)
self.conn.write_seq += 1
def main():
#get the config instance
config = Config()
scrap = scrap_website(config.getUserId(), config.getCourseNumber())
soup = BeautifulSoup(scrap.text, "html.parser")
ciphertext = soup.find('input', {"name": "Ciphertext"})['value']
if ciphertext:
key = config.getKey()
ciphertext, key = parsing_key_ciphertext(key, ciphertext)
rc4 = RC4()
rc4.set_key(key)
for i in range(len(ciphertext)):
ciphertext[i] ^= rc4.decrypt(i)
#verify our key
for i in range(20, 2):
if (ciphertext[i] != ciphertext[i + 1]):
print("wrong key")
return
res = ciphertext[20:len(ciphertext)].decode("ascii")
print(res)
elif ciphertext == None:
print("We couldnt find any input text called ciphertext")
print("Check to ensure you have the right website")
return
else:
print("No grade to show at the moment")
