def _constant_time_compare(a, b):
if len(a) != len(b):
return False
result = 0
for x, y in zip(six.iterbytes(a), six.iterbytes(b)):
result |= x ^ y
return result == 0
def encrypt(self, value):
value_s = six.iterbytes(value)
repeated_iv = six.iterbytes(list(int(math.ceil(float(len(value)) / len(self.iv))) * self.iv))
repeated_password = six.iterbytes(list(int(math.ceil(float(len(value)) / len(self.password))) * self.password))
xor1 = [a ^ b for a, b in zip(value_s, repeated_iv)]
xor2 = [a ^ b for a, b in zip(xor1, repeated_password)]
return b''.join(map(six.int2byte, xor2))
def nasm_null_safe_mutable_data_finalizer(env, code, data):
"""
Simple data allocation strategy that expects the code to be in a writable
segment. We just append the data to the end of the code.
"""
if data or env.buffers:
# Determine length of nullify + shellcode and adjust data pointer
xor_offsets = []
masked_data = OrderedDict()
for datum, (offset, orig_datum) in six.iteritems(data):
xor_offsets.extend([
offset + i
for i, b in enumerate(six.iterbytes(datum))
if b in (0, 10, 13)
])
masked_datum = b''.join([
six.int2byte(b) if b not in (0, 10, 13)
else six.int2byte(b ^ 0xff)
for b in six.iterbytes(datum)
])
masked_data[masked_datum] = (offset, orig_datum)
if xor_offsets:
# Build code to restore NUL, \r and \n
temp_reg = env.TEMP_REG[env.target.bits]
null_code = env.reg_load(env.BL, 255) + \
env.reg_load(temp_reg, env.OFFSET_REG)
last_offset = 0
for offset in xor_offsets:
offset -= last_offset
null_code.extend(
env.reg_add(temp_reg, offset) +
['xor [%s], bl' % temp_reg]
)
last_offset += offset
code = ['\t%s' % line for line in null_code] + code
data = masked_data
code_len = len(asm('\n'.join(code), target=env.target))
adjust_ebp = env.reg_add(env.OFFSET_REG, code_len)
return [
'\tjmp __getpc1',
'__getpc0:',
'\tpop %s' % env.OFFSET_REG,
] + [
'\t%s' % line for line in adjust_ebp
] + [
'\tjmp __realstart',
'__getpc1:',
'\tcall __getpc0',
'__realstart:',
] + code + _pack_data(data)
else:
return code
def constant_time_compare(val1, val2):
"""
Returns True if the two strings are equal, False otherwise.
The time taken is independent of the number of characters that match.
"""
if len(val1) != len(val2):
return False
result = 0
for x, y in zip(six.iterbytes(val1), six.iterbytes(val2)):
result |= x ^ y
return result == 0
def line_number(self):
lnotab = self.f_code.co_lnotab
byte_increments = six.iterbytes(lnotab[0::2])
line_increments = six.iterbytes(lnotab[1::2])
byte_num = 0
line_num = self.f_code.co_firstlineno
for byte_incr, line_incr in zip(byte_increments, line_increments):
byte_num += byte_incr
if byte_num > self.f_lasti:
break
line_num += line_incr
return line_num
def emit_repr(data, width=0, message=' .. skipped {leftover} chars .. ', padding=' ', **formats):
"""Return a string replaced with ``message`` if larger than ``width``
Message can contain the following format operands:
width = width to be displayed
charwidth = width of each character
bytewidth = number of bytes that can fit within width
length = number of bytes displayed
leftover = approximate number of bytes skipped
**format = extra format specifiers for message
"""
size = len(data)
charwidth = len(r'\xFF')
bytewidth = width / charwidth
leftover = size - bytewidth
hexify = lambda s: str().join(map(r'\x{:02x}'.format, six.iterbytes(s)))
if width <= 0 or bytewidth >= len(data):
return hexify(data)
# FIXME: the skipped/leftover bytes are being calculated incorrectly..
msg = message.format(size=size, charwidth=charwidth, width=width, leftover=leftover, **formats)
# figure out how many bytes we can print
bytefrac,bytewidth = math.modf((width - len(msg)) * 1.0 / charwidth)
padlength = math.trunc(charwidth*bytefrac)
msg = padding*math.trunc(padlength/2.0+0.5) + msg + padding*math.trunc(padlength/2)
left,right = data[:math.trunc(bytewidth/2 + 0.5)], data[size-math.trunc(bytewidth/2):]
return hexify(left) + msg + hexify(right)
def write_dap_register(self, port, addr, value):
assert ((addr & 0xf0) == 0) or (port != self.DP_PORT), "banks are not allowed for DP registers"
assert (addr >> 16) == 0, "register address must be 16-bit"
cmd = [Commands.JTAG_COMMAND, Commands.JTAG_WRITE_DAP_REG]
cmd.extend(six.iterbytes(struct.pack('<HHI', port, addr, value)))
response = self._device.transfer(cmd, readSize=2)
self._check_status(response)
def _write_mem(self, addr, data, memcmd, max, apsel):
while len(data):
thisTransferSize = min(len(data), max)
thisTransferData = data[:thisTransferSize]
cmd = [Commands.JTAG_COMMAND, memcmd]
cmd.extend(six.iterbytes(struct.pack('<IHB', addr, thisTransferSize, apsel)))
self._device.transfer(cmd, writeData=thisTransferData)
addr += thisTransferSize
data = data[thisTransferSize:]
# Check status of this write.
response = self._device.transfer([Commands.JTAG_COMMAND, Commands.JTAG_GETLASTRWSTATUS2], readSize=12)
status, _, faultAddr = struct.unpack('<HHI', response[0:8])
if status in (Status.JTAG_UNKNOWN_ERROR, Status.SWD_AP_FAULT, Status.SWD_DP_FAULT):
# Clear sticky errors.
self._clear_sticky_error()
exc = exceptions.TransferFaultError()
exc.fault_address = faultAddr
exc.fault_length = thisTransferSize - (faultAddr - addr)
raise exc
elif status != Status.JTAG_OK:
raise STLinkException("STLink error ({}): {}".format(status, Status.MESSAGES.get(status, "Unknown error")))
def load_from_file(self, filename, offset = 0):
""" Load this ROM with the contents of a file. """
with open(filename, "rb") as fileptr:
data = fileptr.read()
for index, byte in enumerate(six.iterbytes(data), start = offset):
self.contents[index] = byte
def run(self):
"""Overrides base class run method. Do not call directly."""
settings = self.serial_port.getSettingsDict()
settings['timeout'] = 0.1 # seconds
self.serial_port.applySettingsDict(settings)
self._ready()
while not self.finished.isSet():
# Grab data from the serial port, or wait for timeout if none available.
raw = self.serial_port.read(max(1, self.serial_port.inWaiting()))
if not raw:
# Timeout, finish the current stroke.
self._finish_stroke()
continue
for byte in iterbytes(raw):
key_set = byte >> 6
if key_set <= self._last_key_set:
# Starting a new stroke, finish previous one.
self._finish_stroke()
self._last_key_set = key_set
for i in range(5 if key_set == 3 else 6):
if (byte >> i) & 1:
key = STENO_KEY_CHART[(key_set * 6) + i]
self._pressed_keys.append(key)
if key_set == 3:
# Last possible set, the stroke is finished.
self._finish_stroke()
def run(self):
"""Overrides base class run method. Do not call directly."""
settings = self.serial_port.getSettingsDict()
settings["timeout"] = 0.1 # seconds
self.serial_port.applySettingsDict(settings)
self._ready()
while not self.finished.isSet():
# Grab data from the serial port, or wait for timeout if none available.
raw = self.serial_port.read(max(1, self.serial_port.inWaiting()))
if not raw and len(self._pressed_keys) > 0:
self._finish_stroke()
continue
for byte in iterbytes(raw):
key_set = byte >> 6
if key_set <= self._last_key_set and len(self._pressed_keys) > 0:
self._finish_stroke()
self._last_key_set = key_set
for i in range(6):
if (byte >> i) & 1:
self._pressed_keys.append(STENO_KEY_CHART[(key_set * 6) + i])
if 3 == key_set:
# Last possible set, the stroke is finished.
self._finish_stroke()
def clean_bin(s, keep_spacing=True):
"""
Cleans binary data to make it safe to display.
Args:
keep_spacing: If False, tabs and newlines will also be replaced.
"""
if isinstance(s, six.text_type):
if keep_spacing:
keep = u" \n\r\t"
else:
keep = u" "
return u"".join(
ch if (unicodedata.category(ch)[0] not in "CZ" or ch in keep) else u"."
for ch in s
)
else:
if keep_spacing:
keep = (9, 10, 13) # \t, \n, \r,
else:
keep = ()
return b"".join(
six.int2byte(ch) if (31 < ch < 127 or ch in keep) else b"."
for ch in six.iterbytes(s)
)
def fnv1a(d):
h = FNV_32_INIT
for c in six.iterbytes(d):
h ^= c
h *= FNV_32_PRIME
h &= 0xffffffff
return h
def ascii85decode(data):
"""
In ASCII85 encoding, every four bytes are encoded with five ASCII
letters, using 85 different types of characters (as 256**4 < 85**5).
When the length of the original bytes is not a multiple of 4, a special
rule is used for round up.
The Adobe's ASCII85 implementation is slightly different from
its original in handling the last characters.
"""
n = b = 0
out = b''
for i in six.iterbytes(data):
c=six.int2byte(i)
if b'!' <= c and c <= b'u':
n += 1
b = b*85+(ord(c)-33)
if n == 5:
out += struct.pack('>L', b)
n = b = 0
elif c == b'z':
assert n == 0, str(n)
out += b'\0\0\0\0'
elif c == b'~':
if n:
for _ in range(5-n):
b = b*85+84
out += struct.pack('>L', b)[:n-1]
break
return out
def nthash(password=b''):
"""Generates nt md4 password hash for a given password."""
password = password[:128]
password = b''.join([
six.int2byte(c) + b'\000' for c in six.iterbytes(password)])
return md4.new(password).hexdigest().translate(toupper).encode('ascii')
def xor(key, data):
"""
Perform cyclical exclusive or operations on ``data``.
The ``key`` can be a an integer *(0 <= key < 256)* or a byte sequence. If
the key is smaller than the provided ``data``, the ``key`` will be
repeated.
Args:
key(int or bytes): The key to xor ``data`` with.
data(bytes): The data to perform the xor operation on.
Returns:
bytes: The result of the exclusive or operation.
Examples:
>>> from pwny import *
>>> xor(5, b'ABCD')
b'DGFA'
>>> xor(5, b'DGFA')
b'ABCD'
>>> xor(b'pwny', b'ABCDEFGHIJKLMNOPQRSTUVWXYZ')
b'15-=51)19=%5=9!)!%=-%!9!)-'
>>> xor(b'pwny', b'15-=51)19=%5=9!)!%=-%!9!)-')
b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
"""
if type(key) is int:
key = six.int2byte(key)
key_len = len(key)
return b''.join(
six.int2byte(c ^ six.indexbytes(key, i % key_len))
for i, c in enumerate(six.iterbytes(data))
)
def read_loose(stream):
"""Turn a HL7-like blob of text into a real HL7 messages"""
# look for the START_BLOCK to delineate messages
START_BLOCK = b'MSH|^~\&|'
# load all the data
data = stream.read()
# take out all the typical MLLP separators. In Python 3, iterating
# through a bytestring returns ints, so we need to filter out the int
# versions of the separators, then convert back from a list of ints to
# a bytestring (In Py3, we could just call bytes([ints]))
separators = [six.byte2int(bs) for bs in [EB, FF, SB]]
data = b''.join([six.int2byte(c) for c in six.iterbytes(data) if c not in separators])
# Windows & Unix new lines to segment separators
data = data.replace(b'\r\n', b'\r').replace(b'\n', b'\r')
for m in data.split(START_BLOCK):
if not m:
# the first element will not have any data from the split
continue
# strip any trailing whitespace
m = m.strip(CR + b'\n ')
# re-insert the START_BLOCK, which was removed via the split
yield START_BLOCK + m
def decode(s):
"""Decode a folder name from IMAP modified UTF-7 encoding to unicode.
Input is bytes (Python 3) or str (Python 2); output is always
unicode. If non-bytes/str input is provided, the input is returned
unchanged.
"""
if not isinstance(s, binary_type):
return s
r = []
_in = bytearray()
for c in iterbytes(s):
if c == AMPERSAND_ORD and not _in:
_in.append(c)
elif c == DASH_ORD and _in:
if len(_in) == 1:
r.append('&')
else:
r.append(modified_deutf7(_in[1:]))
_in = bytearray()
elif _in:
_in.append(c)
else:
r.append(unichr(c))
if _in:
r.append(modified_deutf7(_in[1:]))
return ''.join(r)
def _write_mem(self, addr, data, memcmd, max, apsel):
with self._lock:
while len(data):
thisTransferSize = min(len(data), max)
thisTransferData = data[:thisTransferSize]
cmd = [Commands.JTAG_COMMAND, memcmd]
cmd.extend(six.iterbytes(struct.pack('<IHB', addr, thisTransferSize, apsel)))
self._device.transfer(cmd, writeData=thisTransferData)
addr += thisTransferSize
data = data[thisTransferSize:]
# Check status of this write.
response = self._device.transfer([Commands.JTAG_COMMAND, Commands.JTAG_GETLASTRWSTATUS2], readSize=12)
status, _, faultAddr = struct.unpack('<HHI', response[0:8])
# Handle transfer faults specially so we can assign the address info.
if status != Status.JTAG_OK:
error_message = Status.get_error_message(status)
if status in self._MEM_FAULT_ERRORS:
# Clear sticky errors.
self._clear_sticky_error()
exc = exceptions.TransferFaultError()
exc.fault_address = faultAddr
exc.fault_length = thisTransferSize - (faultAddr - addr)
raise exc
elif status in self._ERROR_CLASSES:
raise self._ERROR_CLASSES[status](error_message)
elif status != Status.JTAG_OK:
raise exceptions.ProbeError(error_message)
def _generate_kernel_bin(self, k, ctx):
gk = gpuarray.GpuKernel(k.code, k.name, k.params, context=ctx,
**k.flags)
bin = gk._binary
bcode = ','.join(hex(c) for c in iterbytes(bin))
return ("""static const char %(bname)s[] = { %(bcode)s };""" %
dict(bname=k.binvar, bcode=bcode))
def swo_start(self, baudrate):
with self._lock:
bufferSize = 4096
cmd = [Commands.JTAG_COMMAND, Commands.SWV_START_TRACE_RECEPTION]
cmd.extend(six.iterbytes(struct.pack('<HI', bufferSize, baudrate)))
response = self._device.transfer(cmd, readSize=2)
self._check_status(response)
def compress_pubkey(pubkey):
x = pubkey[:32]
y = pubkey[33:64]
y_int = 0;
for c in six.iterbytes(y):
y_int = 256 * y_int + c
return six.int2byte(2+(y_int % 2)) + x
def extend(self, values):
if isinstance(values, six.text_type):
self.__text += values
else:
assert isinstance(values, six.binary_type)
for b in six.iterbytes(values):
self.append(b)
def decode(self, codepoints):
"""
Given an iterable of integer codepoints, yields the
corresponding bytes, one at a time, as byte strings of length
E{1}. Retains the state of the codebook from call to call, so
if you have another stream, you'll likely need another
decoder!
Decoders will NOT handle END_OF_INFO_CODE (rather, they will
handle the code by throwing an exception); END_OF_INFO should
be handled by the upstream codepoint generator (see
L{BitUnpacker}, for example)
>>> import lzw
>>> dec = lzw.Decoder()
>>> result = b''.join(dec.decode([103, 97, 98, 98, 97, 32, 258, 260, 262, 121, 111, 263, 259, 261, 256]))
>>> result == b'gabba gabba yo gabba'
True
"""
codepoints = [ cp for cp in codepoints ]
for cp in codepoints:
decoded = self._decode_codepoint(cp)
for character in six.iterbytes(decoded):
# TODO optimize, casting back to bytes when bytes above
yield six.int2byte(character)
def feed(self, data):
"""
Feed data to the parser.
"""
assert isinstance(data, binary_type)
for b in iterbytes(data):
self._parser.send(int2byte(b))
def crc16_kermit(data, crc=0):
"""Calculate/Update the Kermit CRC16 checksum for some data"""
tab = CRC16_KERMIT_TAB # minor optimization (now in locals)
for byte in six.iterbytes(data):
tbl_idx = (crc ^ byte) & 0xff
crc = (tab[tbl_idx] ^ (crc >> 8)) & 0xffff
return crc & 0xffff
def test_receiving_doesnt_block_if_there_is_already_decrypted_buffered_data(self):
# Here's what could (and would) happen before the relevant bug was fixed (assuming method
# M was trampolining unconditionally before actually reading):
# 1. One side sends n bytes, leaves connection open (important)
# 2. The other side uses method M to read m (where m < n) bytes, the underlying SSL
# implementation reads everything from the underlying socket, decrypts all n bytes,
# returns m of them and buffers n-m to be read later.
# 3. The other side tries to read the remainder of the data (n-m bytes), this blocks
# because M trampolines uncoditionally and trampoline will hang because reading from
# the underlying socket would block. It would block because there's no data to be read
# and the connection is still open; leaving the connection open /mentioned in 1./ is
# important because otherwise trampoline would return immediately and the test would pass
# even with the bug still present in the code).
#
# The solution is to first request data from the underlying SSL implementation and only
# trampoline if we actually need to read some data from the underlying socket.
#
# GreenSSLSocket.recv() wasn't broken but I've added code to test it as well for
# completeness.
content = b'xy'
def recv(sock, expected):
assert sock.recv(len(expected)) == expected
def recv_into(sock, expected):
buf = bytearray(len(expected))
assert sock.recv_into(buf, len(expected)) == len(expected)
assert buf == expected
for read_function in [recv, recv_into]:
print('Trying %s...' % (read_function,))
listener = listen_ssl_socket()
def accept(listener):
sock, addr = listener.accept()
sock.sendall(content)
return sock
accepter = eventlet.spawn(accept, listener)
client_to_server = None
try:
client_to_server = ssl.wrap_socket(eventlet.connect(listener.getsockname()))
for character in six.iterbytes(content):
character = six.int2byte(character)
print('We have %d already decrypted bytes pending, expecting: %s' % (
client_to_server.pending(), character))
read_function(client_to_server, character)
finally:
if client_to_server is not None:
client_to_server.close()
server_to_client = accepter.wait()
# Very important: we only want to close the socket *after* the other side has
# read the data it wanted already, otherwise this would defeat the purpose of the
# test (see the comment at the top of this test).
server_to_client.close()
listener.close()
def dispatch(self):
try:
target = voltron.debugger.target(self.target_id)
# if 'words' was specified, get the addr_size and calculate the length to read
if self.words:
self.length = self.words * target['addr_size']
# calculate the address at which to begin reading
if self.address:
addr = self.address
elif self.command:
output = voltron.debugger.command(self.args.command)
if output:
for item in reversed(output.split()):
log.debug("checking item: {}".format(item))
try:
addr = int(item)
break
except:
try:
addr = int(item, 16)
break
except:
pass
elif self.register:
regs = voltron.debugger.registers(registers=[self.register])
addr = list(regs.values())[0]
# read memory
memory = voltron.debugger.memory(address=addr, length=self.length, target_id=self.target_id)
# deref pointers
deref = None
if self.deref:
fmt = ('<' if target['byte_order'] == 'little' else '>') + {2: 'H', 4: 'L', 8: 'Q'}[target['addr_size']]
deref = []
for chunk in zip(*[six.iterbytes(memory)]*target['addr_size']):
chunk = ''.join([six.unichr(x) for x in chunk]).encode('latin1')
try:
deref.append(voltron.debugger.dereference(pointer=list(struct.unpack(fmt, chunk))[0]))
except:
deref.append([])
res = APIMemoryResponse()
res.address = addr
res.memory = six.u(memory)
res.bytes = len(memory)
res.deref = deref
except TargetBusyException:
res = APITargetBusyErrorResponse()
except NoSuchTargetException:
res = APINoSuchTargetErrorResponse()
except Exception as e:
msg = "Exception getting memory from debugger: {}".format(repr(e))
log.exception(msg)
res = APIGenericErrorResponse(msg)
return res
def readbytes(filename, buffersize=1024):
"""
Opens a file named by filename and iterates over the L{filebytes}
found therein. Will close the file when the bytes run out.
"""
with open(filename, "rb") as infile:
for byte in six.iterbytes(filebytes(infile, buffersize)):
yield six.int2byte(byte) # TODO optimize, we are re-casting to bytes
def get_interface_mac(interface):
MAC_START = 18
MAC_END = 24
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
dev = interface[:constants.DEVICE_NAME_MAX_LEN]
dev = encodeutils.to_utf8(dev)
info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', dev))
return ':'.join(["%02x" % b for b in iterbytes(info[MAC_START:MAC_END])])
def _read_version(self):
return tuple(six.iterbytes(self.send_cmd(INS.GET_VERSION)))
def hex_to_byte_list(data):
"""Convert string of hex bytes to list of integers"""
return list(six.iterbytes(binascii.unhexlify(data)))
def main():
interface1 = 'CAN1'
interface2 = 'CAN2'
with nixnet.FrameInStreamSession(interface1) as input_session:
with nixnet.FrameOutStreamSession(interface2) as output_session:
terminated_cable = six.moves.input(
'Are you using a terminated cable (Y or N)? ')
if terminated_cable.lower() == "y":
input_session.intf.can_term = constants.CanTerm.ON
output_session.intf.can_term = constants.CanTerm.OFF
elif terminated_cable.lower() == "n":
input_session.intf.can_term = constants.CanTerm.ON
output_session.intf.can_term = constants.CanTerm.ON
else:
print("Unrecognised input ({}), assuming 'n'".format(
terminated_cable))
input_session.intf.can_term = constants.CanTerm.ON
output_session.intf.can_term = constants.CanTerm.ON
input_session.intf.baud_rate = 125000
output_session.intf.baud_rate = 125000
# Start the input session manually to make sure that the first
# frame value sent before the initial read will be received.
input_session.start()
user_value = six.moves.input('Enter payload [int, int]: ')
try:
payload_list = [int(x.strip()) for x in user_value.split(",")]
except ValueError:
payload_list = [2, 4, 8, 16]
print('Unrecognized input ({}). Setting data buffer to {}'.
format(user_value, payload_list))
id = types.CanIdentifier(0)
payload = bytearray(payload_list)
frame = types.CanFrame(id, constants.FrameType.CAN_DATA, payload)
print('The same values should be received. Press q to quit')
i = 0
while True:
for index, byte in enumerate(payload):
payload[index] = byte + i
frame.payload = payload
output_session.frames.write([frame])
print('Sent frame with ID: {} payload: {}'.format(
frame.identifier, list(frame.payload)))
# Wait 1 s and then read the received values.
# They should be the same as the ones sent.
time.sleep(1)
count = 1
frames = input_session.frames.read(count)
for frame in frames:
print('Received frame with ID: {} payload: {}'.format(
frame.identifier, list(six.iterbytes(frame.payload))))
i += 1
if max(payload) + i > 0xFF:
i = 0
inp = six.moves.input('Hit enter to continue (q to quit): ')
if inp.lower() == 'q':
break
print('Data acquisition stopped.')
def dispatch(self):
try:
target = voltron.debugger.target(self.target_id)
# if 'words' was specified, get the addr_size and calculate the length to read
if self.words:
self.length = self.words * target['addr_size']
# calculate the address at which to begin reading
if self.address:
addr = self.address
elif self.command:
output = voltron.debugger.command(self.args.command)
if output:
for item in reversed(output.split()):
log.debug("checking item: {}".format(item))
try:
addr = int(item)
break
except:
try:
addr = int(item, 16)
break
except:
pass
elif self.register:
regs = voltron.debugger.registers(registers=[self.register])
addr = list(regs.values())[0]
if self.offset:
if self.words:
addr += self.offset * target['addr_size']
else:
addr += self.offset
# read memory
memory = voltron.debugger.memory(address=int(addr),
length=int(self.length),
target_id=int(self.target_id))
# deref pointers
deref = None
if self.deref:
fmt = ('<' if target['byte_order'] == 'little' else '>') + {
2: 'H',
4: 'L',
8: 'Q'
}[target['addr_size']]
deref = []
for chunk in zip(*[six.iterbytes(memory)] *
target['addr_size']):
chunk = ''.join([six.unichr(x)
for x in chunk]).encode('latin1')
p = list(struct.unpack(fmt, chunk))[0]
if p > 0:
try:
deref.append(
voltron.debugger.dereference(pointer=p))
except:
deref.append([])
else:
deref.append([])
res = APIMemoryResponse()
res.address = addr
res.memory = six.u(memory)
res.bytes = len(memory)
res.deref = deref
except TargetBusyException:
res = APITargetBusyErrorResponse()
except NoSuchTargetException:
res = APINoSuchTargetErrorResponse()
except Exception as e:
msg = "Exception getting memory from debugger: {}".format(repr(e))
log.exception(msg)
res = APIGenericErrorResponse(msg)
return res
('s2', lambda name: rq.String8(name, pad=1), "one two three",
partial(packstr, padding=3)),
('s3', lambda name: rq.String8(name, pad=1),
"supercalifragilisticexpialidocious", partial(packstr, padding=2)),
))
_struct_test(
'simple string16',
(
(None, lambda name: rq.LengthOf('s1', 1), None, pack('B', 3)),
(None, lambda name: rq.LengthOf('s2', 2), None, pack('H', 3)),
('s1', lambda name: rq.String16(name, pad=0),
(0, 1, 2), lambda s: struct.pack('>' + 'H' * len(s), *s)),
# An 8-bits string is also allowed on input.
('s2', lambda name: rq.String16(name, pad=0), b'\x03\x04\x05',
lambda s: struct.pack('>' + 'H' * len(s), *iterbytes(s)), (3, 4, 5)),
))
_struct_test('binary', (
(None, lambda name: rq.LengthOf('s1', 1), None, pack('B', 7)),
(None, lambda name: rq.LengthOf('s2', 2), None, pack('H', 13)),
(None, lambda name: rq.LengthOf('s3', 4), None, pack('L', 34)),
('s1', lambda name: rq.Binary(name, pad=0), b"testing", lambda v: v),
('s2', lambda name: rq.Binary(name, pad=0), b"one two three", lambda v: v),
('s3', lambda name: rq.Binary(name, pad=0),
b"supercalifragilisticexpialidocious", lambda v: v),
))
_struct_test('binary pad', (
(None, lambda name: rq.LengthOf('s1', 1), None, pack('B', 7)),
(None, lambda name: rq.LengthOf('s2', 2), None, pack('H', 13)),
def get_scan_codes(ascii):
if isinstance(ascii, six.text_type):
ascii = ascii.encode('ascii')
return bytes(bytearray(us.scancodes[c] for c in six.iterbytes(ascii)))
def _pack_data(data):
return ['__data:'] + [
'\tdb ' + ','.join(hex(b) for b in six.iterbytes(datum)) + ' ; ' +
repr(orig_datum) for datum, (_, orig_datum) in six.iteritems(data)
]
def bytes_to_long(s):
n = 0
for b in six.iterbytes(s):
n = (n << 8) | b
return n
from functools import reduce
import six
response = b"\x01\x02\x03"
r = ()
for b in six.iterbytes(response):
r += (b % 16, b // 16)
# flatten = lambda a, b: a + (six.byte2int(b) % 16, six.byte2int(b) / 16)
# r = reduce(flatten, response, ())
print(r[:2])
def _next_layer(self, top_layer):
try:
d = top_layer.client_conn.rfile.peek(3)
except netlib.exceptions.TcpException as e:
six.reraise(exceptions.ProtocolException,
exceptions.ProtocolException(str(e)),
sys.exc_info()[2])
client_tls = protocol.is_tls_record_magic(d)
# 1. check for --ignore
if self.config.check_ignore:
ignore = self.config.check_ignore(top_layer.server_conn.address)
if not ignore and client_tls:
try:
client_hello = protocol.TlsClientHello.from_client_conn(
self.client_conn)
except exceptions.TlsProtocolException as e:
self.log("Cannot parse Client Hello: %s" % repr(e),
"error")
else:
ignore = self.config.check_ignore((client_hello.sni, 443))
if ignore:
return protocol.RawTCPLayer(top_layer, ignore=True)
# 2. Always insert a TLS layer, even if there's neither client nor server tls.
# An inline script may upgrade from http to https,
# in which case we need some form of TLS layer.
if isinstance(top_layer, modes.ReverseProxy):
return protocol.TlsLayer(top_layer, client_tls,
top_layer.server_tls)
if isinstance(top_layer, protocol.ServerConnectionMixin) or isinstance(
top_layer, protocol.UpstreamConnectLayer):
return protocol.TlsLayer(top_layer, client_tls, client_tls)
# 3. In Http Proxy mode and Upstream Proxy mode, the next layer is fixed.
if isinstance(top_layer, protocol.TlsLayer):
if isinstance(top_layer.ctx, modes.HttpProxy):
return protocol.Http1Layer(top_layer, "regular")
if isinstance(top_layer.ctx, modes.HttpUpstreamProxy):
return protocol.Http1Layer(top_layer, "upstream")
# 4. Check for other TLS cases (e.g. after CONNECT).
if client_tls:
return protocol.TlsLayer(top_layer, True, True)
# 4. Check for --tcp
if self.config.check_tcp(top_layer.server_conn.address):
return protocol.RawTCPLayer(top_layer)
# 5. Check for TLS ALPN (HTTP1/HTTP2)
if isinstance(top_layer, protocol.TlsLayer):
alpn = top_layer.client_conn.get_alpn_proto_negotiated()
if alpn == b'h2':
return protocol.Http2Layer(top_layer, 'transparent')
if alpn == b'http/1.1':
return protocol.Http1Layer(top_layer, 'transparent')
# 6. Check for raw tcp mode
is_ascii = (
len(d) == 3 and
# expect A-Za-z
all(65 <= x <= 90 or 97 <= x <= 122 for x in six.iterbytes(d)))
if self.config.options.rawtcp and not is_ascii:
return protocol.RawTCPLayer(top_layer)
# 7. Assume HTTP1 by default
return protocol.Http1Layer(top_layer, 'transparent')
def _get_pin_tries(self):
data = self.send_apdu(0, INS.GET_DATA, 0, 0xc4)
return tuple(six.iterbytes(data[4:7]))
def hexdump(self, data, offset=0):
b_to_h = lambda b: ' '.join('%02x' % i for i in six.iterbytes(b))
result = []
while len(data) > 0:
chunk_size = 16
if len(data) < chunk_size:
chunk_size = len(data)
hexline = ''
n = data[0:chunk_size]
y = 0
while len(n) > 0:
ptr_min = 4
if len(n) >= ptr_min:
try:
i_val = struct.unpack('>L', n[0:4])[0]
if i_val < 255:
ptr = struct.unpack('<L', n[0:4])[0]
if self.frida_script.exports.ivp(ptr):
hexline += '%s' % Color.colorify(
b_to_h(n[0:4]).upper(), 'red highlight')
n = n[ptr_min:]
y += 4
if y % 8 == 0:
hexline += ' '
else:
hexline += ' '
continue
except:
pass
else:
ptr_min = len(n)
var_hex = b_to_h(n[0:ptr_min])
var_i = int('0x%s' % ''.join(var_hex.split(' ')), 16)
if var_i > 0:
hexline += '%s' % Color.colorify(var_hex.upper(),
'green highlight')
else:
hexline += '%s' % var_hex.upper()
n = n[ptr_min:]
y += ptr_min
if y % 8 == 0:
hexline += ' '
else:
hexline += ' '
diff = 16 - y
while diff > 0:
hexline += ' '
diff -= 1
address = Color.colorify(
('%08x' % (offset + (16 * len(result)))).upper(),
'yellow highlight')
tail = ''
for i in range(0, chunk_size):
char = data[i:i + 1]
if ord(char) < 32 or ord(char) > 126:
tail += '.'
continue
t = ''
try:
t = data[i:i + 1].decode('ascii')
except:
pass
if len(t) < 1:
t = '.'
tail += t
tail = Color.colorify(
tail.replace('\n', '.').replace('\t', '.').replace(' ', '.'),
'yellow highlight')
result.append('%s: %s%s' % (address, hexline, tail))
data = data[chunk_size:]
if len(result) > 0:
self.context_title('0x%x' % offset)
print('\n'.join(result))
def test_bytesiter():
it = six.iterbytes(six.b("hi"))
assert six.next(it) == ord("h")
assert six.next(it) == ord("i")
pytest.raises(StopIteration, six.next, it)
def _to_int(s):
"""Computes the integer value of a raw byte string."""
value = 0
for offset, c in enumerate(iterbytes(s[::-1])):
value += c << offset*8
return value
def checksum(data):
return ("%02x" % (sum(six.iterbytes(data)) % 256)).encode()
def handleData(self, chunk):
# buffer, assemble into tokens
# call self.receiveToken(token) with each
if self.skipBytes:
if len(chunk) <= self.skipBytes:
# skip the whole chunk
self.skipBytes -= len(chunk)
return
# skip part of the chunk, and stop skipping
chunk = chunk[self.skipBytes:]
self.skipBytes = 0
self.buffer.append(chunk)
# Loop through the available input data, extracting one token per
# pass.
while len(self.buffer):
first65 = self.buffer.popleft(65)
pos = 0
for ch in six.iterbytes(first65):
if ch >= 0x80:
break
pos = pos + 1
if pos > 64:
# drop the connection. We log more of the buffer, but not
# all of it, to make it harder for someone to spam our
# logs.
s = first65 + self.buffer.popleft(200)
raise BananaError("token prefix is limited to 64 bytes: "
"but got %r" % s)
else:
# we've run out of buffer without seeing the high bit, which
# means we're still waiting for header to finish
self.buffer.appendleft(first65)
return
assert pos <= 64
# At this point, the header and type byte have been received.
# The body may or may not be complete.
typebyte = first65[pos:pos + 1] # byte
if pos:
header = b1282int(first65[:pos])
else:
header = 0
# rejected is set as soon as a violation is detected. It
# indicates that this single token will be rejected.
rejected = False
if self.discardCount:
rejected = True
wasInOpen = self.inOpen
if typebyte == OPEN:
self.inboundObjectCount = self.objectCounter
self.objectCounter += 1
if self.inOpen:
raise BananaError("OPEN token followed by OPEN")
self.inOpen = True
# the inOpen flag is set as soon as the OPEN token is
# witnessed (even it it gets rejected later), because it
# means that there is a new sequence starting that must be
# handled somehow (either discarded or given to a new
# Unslicer).
# The inOpen flag is cleared when the Index Phase ends. There
# are two possibilities: 1) a new Unslicer is pushed, and
# tokens are delivered to it normally. 2) a Violation was
# raised, and the tokens must be discarded
# (self.discardCount++). *any* rejection-caused True->False
# transition of self.inOpen must be accompanied by exactly
# one increment of self.discardCount
# determine if this token will be accepted, and if so, how large
# it is allowed to be (for STRING and LONGINT/LONGNEG)
if ((not rejected)
and (typebyte not in (PING, PONG, ABORT, CLOSE, ERROR))):
# PING, PONG, ABORT, CLOSE, and ERROR are always legal. All
# others (including OPEN) can be rejected by the schema: for
# example, a list of integers would reject STRING, VOCAB, and
# OPEN because none of those will produce integers. If the
# unslicer's .checkToken rejects the tokentype, its
# .receiveChild will immediately get an Failure
try:
# the purpose here is to limit the memory consumed by
# the body of a STRING, OPEN, LONGINT, or LONGNEG token
# (i.e., the size of a primitive type). If the sender
# wants to feed us more data than we want to accept, the
# checkToken() method should raise a Violation. This
# will never be called with ABORT or CLOSE types.
top = self.receiveStack[-1]
if wasInOpen:
top.openerCheckToken(typebyte, header, self.opentype)
else:
top.checkToken(typebyte, header)
except Violation:
rejected = True
f = BananaFailure()
if wasInOpen:
methname = "openerCheckToken"
else:
methname = "checkToken"
self.handleViolation(f, methname, inOpen=self.inOpen)
self.inOpen = False
if typebyte == ERROR and header > SIZE_LIMIT:
# someone is trying to spam us with an ERROR token. Drop
# them with extreme prejudice.
raise BananaError("oversized ERROR token")
self.buffer.appendleft(first65[pos + 1:])
# determine what kind of token it is. Each clause finishes in
# one of four ways:
#
# raise BananaError: the protocol was violated so badly there is
# nothing to do for it but hang up abruptly
#
# return: if the token is not yet complete (need more data)
#
# continue: if the token is complete but no object (for
# handleToken) was produced, e.g. OPEN, CLOSE, ABORT
#
# obj=foo: the token is complete and an object was produced
#
# note that if rejected==True, the object is dropped instead of
# being passed up to the current Unslicer
if typebyte == OPEN:
self.inboundOpenCount = header
if rejected:
if self.debugReceive:
print("DROP (OPEN)")
if self.inOpen:
# we are discarding everything at the old level, so
# discard everything in the new level too
self.discardCount += 1
if self.debugReceive:
print("++discardCount (OPEN), now %d" \
% self.discardCount)
self.inOpen = False
else:
# the checkToken handleViolation has already started
# discarding this new sequence, we don't have to
pass
else:
self.inOpen = True
self.opentype = []
continue
elif typebyte == CLOSE:
count = header
if self.discardCount:
self.discardCount -= 1
if self.debugReceive:
print("--discardCount (CLOSE), now %d" \
% self.discardCount)
else:
self.handleClose(count)
continue
elif typebyte == ABORT:
count = header
# TODO: this isn't really a Violation, but we need something
# to describe it. It does behave identically to what happens
# when receiveChild raises a Violation. The .handleViolation
# will pop the now-useless Unslicer and start discarding
# tokens just as if the Unslicer had made the decision.
if rejected:
if self.debugReceive:
print("DROP (ABORT)")
# I'm ignoring you, LALALALALA.
#
# In particular, do not deliver a second Violation
# because of the ABORT that we're supposed to be
# ignoring because of a first Violation that happened
# earlier.
continue
try:
# slightly silly way to do it, but nice and uniform
raise Violation("ABORT received")
except Violation:
f = BananaFailure()
self.handleViolation(f, "receive-abort")
continue
elif typebyte == ERROR:
strlen = header
if len(self.buffer) >= strlen:
# the whole string is available
obj = self.buffer.popleft(strlen)
# handleError must drop the connection
self.handleError(obj)
return
else:
self.buffer.appendleft(first65[:pos + 1])
return # there is more to come
elif typebyte == LIST:
raise BananaError("oldbanana peer detected, " +
"compatibility code not yet written")
#listStack.append((header, []))
elif typebyte == STRING:
strlen = header
if len(self.buffer) >= strlen:
# the whole string is available
obj = self.buffer.popleft(strlen)
# although it might be rejected
else:
# there is more to come
if rejected:
# drop all we have and note how much more should be
# dropped
if self.debugReceive:
print("DROPPED some string bits")
self.skipBytes = strlen - len(self.buffer)
self.buffer.clear()
else:
self.buffer.appendleft(first65[:pos + 1])
return
elif typebyte == INT:
obj = int(header)
elif typebyte == NEG:
# -2**31 is too large for a positive int, so go through
# LongType first
obj = int(-long_type(header))
elif typebyte == LONGINT or typebyte == LONGNEG:
strlen = header
if len(self.buffer) >= strlen:
# the whole number is available
obj = bytes_to_long(self.buffer.popleft(strlen))
if typebyte == LONGNEG:
obj = -obj
# although it might be rejected
else:
# there is more to come
if rejected:
# drop all we have and note how much more should be
# dropped
self.skipBytes = strlen - len(self.buffer)
self.buffer.clear()
else:
self.buffer.appendleft(first65[:pos + 1])
return
elif typebyte == VOCAB:
obj = self.incomingVocabulary[header] # yieds bytes
# TODO: bail if expanded string is too big
# this actually means doing self.checkToken(VOCAB, len(obj))
# but we have to make sure we handle the rejection properly
elif typebyte == FLOAT:
if len(self.buffer) >= 8:
obj = struct.unpack("!d", self.buffer.popleft(8))[0]
else:
# this case is easier than STRING, because it is only 8
# bytes. We don't bother skipping anything.
self.buffer.appendleft(first65[:pos + 1])
return
elif typebyte == PING:
self.sendPONG(header)
continue # otherwise ignored
elif typebyte == PONG:
continue # otherwise ignored
else:
raise BananaError("Invalid Type Byte 0x%x" %
six.byte2int(typebyte))
if not rejected:
if self.inOpen:
self.handleOpen(self.inboundOpenCount,
self.inboundObjectCount, obj)
# handleOpen might push a new unslicer and clear
# .inOpen, or leave .inOpen true and append the object
# to .indexOpen
else:
self.handleToken(obj)
else:
if self.debugReceive:
print("DROP", type(obj), obj)
pass # drop the object
# while loop ends here
# note: this is redundant, as there are no 'break' statements in that
# loop, and the loop exit condition is 'while len(self.buffer)'
self.buffer.clear()
def check_invalid_utf8_sequences(utf8_string, meaning, conn_id=None):
"""
Examine a UTF-8 encoded string and raise a `pywbem.XMLParseError` exception
if the string contains invalid UTF-8 sequences (incorrectly encoded or
ill-formed).
This function works in both "wide" and "narrow" Unicode builds of Python
and supports the full range of Unicode characters from U+0000 to U+10FFFF.
This function is used to improve the error information raised from Python's
`xml.dom.minidom` and `xml.sax` packages and should be called only after
having catched an `ExpatError` from `xml.dom.minidom` or a
`SAXParseException` from `xml.sax` .
Parameters:
utf8_string (:term:`byte string`):
The UTF-8 encoded XML string to be examined.
meaning (:term:`string`):
Short text with meaning of the XML string, for messages in exceptions.
conn_id (:term:`connection id`): Connection ID to be used in any
exceptions that may be raised.
Returns:
:term:`unicode string`: The input string, converted to Unicode.
Raises:
TypeError: Invoked with incorrect Python object type for `utf8_xml`.
pywbem.XMLParseError: `utf8_xml` contains invalid UTF-8 sequences.
Notes on Unicode support in Python:
(1) For internally representing Unicode characters in the unicode type, a
"wide" Unicode build of Python uses UTF-32, while a "narrow" Unicode
build uses UTF-16. The difference is visible to Python programs for
Unicode characters assigned to code points above U+FFFF: The "narrow"
build uses 2 characters (a surrogate pair) for them, while the "wide"
build uses just 1 character. This affects all position- and
length-oriented functions, such as `len()` or string slicing.
(2) In a "wide" Unicode build of Python, the Unicode characters assigned to
code points U+10000 to U+10FFFF are represented directly (using code
points U+10000 to U+10FFFF) and the surrogate code points
U+D800...U+DFFF are never used; in a "narrow" Unicode build of Python,
the Unicode characters assigned to code points U+10000 to U+10FFFF are
represented using pairs of the surrogate code points U+D800...U+DFFF.
Notes on the Unicode code points U+D800...U+DFFF ("surrogate code points"):
(1) These code points have no corresponding Unicode characters assigned,
because they are reserved for surrogates in the UTF-16 encoding.
(2) The UTF-8 encoding can technically represent the surrogate code points.
ISO/IEC 10646 defines that a UTF-8 sequence containing the surrogate
code points is ill-formed, but it is technically possible that such a
sequence is in a UTF-8 encoded XML string.
(3) The Python escapes ``\\u`` and ``\\U`` used in literal strings can
represent the surrogate code points (as well as all other code points,
regardless of whether they are assigned to Unicode characters).
That is the case in both Python 2 and Python 3.
(4) In Python 2, the `unicode.encode()` and `str.decode()` methods
successfully translate surrogate code points back and forth for
encoding UTF-8, tolerating invalid surrogate sequences.
For example, ``b'\\xed\\xb0\\x80'.decode("utf-8") = u'\\udc00'``.
In Python 3, the `str.encode()` and `bytes.decode()` methods raise
UnicodeEncodeError / UnicodeDecodeError for invalid surrogate
sequences. However, the `codecs.encode()` and `codecs.decode()`
methods have an error handler 'surrogatepass' which tolerates
invalid surrogate sequences.
(5) Because Python 2 supports the encoding and decoding of UTF-8 sequences
also for the surrogate code points, the "narrow" Unicode build of
Python 2 can be (mis-)used to transport each surrogate unit separately
encoded in (ill-formed) UTF-8.
For example, code point U+10122 can be (illegally) created from a
sequence of code points U+D800,U+DD22 represented in UTF-8:
``b'\\xED\\xA0\\x80\\xED\\xB4\\xA2'.decode("utf-8") = u'\\U00010122'``
while the correct UTF-8 sequence for this code point is:
``u'\\U00010122'.encode("utf-8") = b'\\xf0\\x90\\x84\\xa2'``
"""
context_before = 16 # number of chars to print before any bad chars
context_after = 16 # number of chars to print after any bad chars
try:
assert isinstance(utf8_string, six.binary_type)
except AssertionError:
raise TypeError(
_format(
"utf8_string parameter is not a byte string, but has "
"type {0}", type(utf8_string)))
# Check for ill-formed UTF-8 sequences. This needs to be done
# before the str type gets decoded to unicode, because afterwards
# surrogates produced from ill-formed UTF-8 cannot be distinguished from
# legally produced surrogates (for code points above U+FFFF).
ifs_list = list()
for m in _ILL_FORMED_UTF8_RE.finditer(utf8_string):
ifs_pos = m.start(1)
ifs_seq = m.group(1)
ifs_list.append((ifs_pos, ifs_seq))
if ifs_list:
exc_txt = _format(
"Ill-formed (surrogate) UTF-8 Byte sequences found "
"in {0}:", meaning)
for (ifs_pos, ifs_seq) in ifs_list:
exc_txt += "\n At offset {0}:".format(ifs_pos)
for ifs_ord in six.iterbytes(ifs_seq):
exc_txt += " 0x{0:02X}".format(ifs_ord)
cpos1 = max(ifs_pos - context_before, 0)
cpos2 = min(ifs_pos + context_after, len(utf8_string))
exc_txt += _format(", CIM-XML snippet: {0!A}",
utf8_string[cpos1:cpos2])
raise XMLParseError(exc_txt, conn_id=conn_id)
# Check for incorrectly encoded UTF-8 sequences.
# @ibm.13@ Simplified logic (removed loop).
try:
utf8_string_u = utf8_string.decode("utf-8")
except UnicodeDecodeError as exc:
# Only raised for incorrectly encoded UTF-8 sequences; technically
# correct sequences that are ill-formed (e.g. representing surrogates)
# do not cause this exception to be raised.
# If more than one incorrectly encoded sequence is present, only
# information about the first one is returned in the exception object.
# Also, the stated reason (in _msg) is not always correct.
# pylint: disable=unbalanced-tuple-unpacking
unused_codec, unused_str, _p1, _p2, unused_msg = exc.args
exc_txt = "Incorrectly encoded UTF-8 Byte sequences found in {0}". \
format(meaning)
exc_txt += "\n At offset {0}:".format(_p1)
ies_seq = utf8_string[_p1:_p2 + 1]
for ies_ord in six.iterbytes(ies_seq):
exc_txt += " 0x{0:02X}".format(ies_ord)
cpos1 = max(_p1 - context_before, 0)
cpos2 = min(_p2 + context_after, len(utf8_string))
exc_txt += _format(", CIM-XML snippet: {0!A}",
utf8_string[cpos1:cpos2])
raise XMLParseError(exc_txt, conn_id=conn_id)
return utf8_string_u
import struct
def checksum(data):
return b"%02x" % (sum(six.iterbytes(data)) % 256)
def _serialize_clob(ion_event):
value = ion_event.value
return _bytes_text(six.iterbytes(value),
_DOUBLE_QUOTE,
prefix=_LOB_START,
suffix=_LOB_END)
def test_sign(self):
message = six.StringIO(u'Hello, World!')
sig_algs = (hash_.RS256, hash_.RS384, hash_.RS512)
origin_sig = ([
47, 53, 27, 154, 98, 40, 87, 246, 73, 49, 80, 241, 186, 20, 180,
75, 78, 152, 83, 140, 12, 163, 134, 214, 100, 92, 80, 104, 65, 36,
88, 234, 166, 131, 135, 85, 242, 96, 111, 191, 36, 177, 18, 245,
217, 173, 194, 139, 87, 220, 104, 213, 79, 205, 31, 137, 79, 137,
147, 45, 127, 139, 137, 234, 161, 175, 64, 21, 215, 232, 237, 138,
115, 212, 216, 219, 100, 104, 189, 113, 59, 169, 99, 43, 227, 122,
155, 51, 250, 244, 53, 247, 99, 249, 174, 72, 175, 131, 122, 166,
198, 148, 48, 54, 71, 15, 210, 18, 156, 57, 34, 107, 74, 76, 224,
62, 227, 228, 208, 139, 153, 252, 142, 37, 73, 54, 163, 165, 230,
12, 37, 54, 188, 147, 82, 239, 96, 56, 71, 10, 199, 180, 44, 213,
111, 101, 163, 246, 162, 239, 105, 2, 46, 121, 142, 153, 6, 90,
161, 254, 244, 52, 168, 82, 215, 181, 9, 237, 84, 116, 131, 38,
145, 126, 148, 44, 170, 119, 2, 9, 26, 184, 7, 86, 93, 22, 129, 63,
211, 196, 92, 219, 164, 168, 76, 76, 78, 1, 244, 172, 142, 134,
162, 75, 253, 236, 138, 193, 182, 16, 224, 2, 109, 2, 62, 40, 173,
30, 205, 99, 97, 189, 245, 136, 84, 196, 172, 52, 151, 208, 101,
228, 184, 90, 208, 73, 202, 81, 6, 22, 134, 141, 124, 186, 110,
227, 68, 145, 253, 244, 2, 154, 242, 33, 147, 115, 206, 138, 102,
88, 223, 184, 2, 193, 56, 170, 9, 5, 116, 22, 205, 36, 152, 51,
196, 35, 19, 54, 2, 23, 93, 120, 215, 107, 137, 79, 79, 186, 151,
186, 252, 146, 100, 47, 217, 232, 197, 218, 164, 16, 208, 37, 123,
126, 158, 103, 221, 111, 92, 24, 172, 223, 219, 136, 196, 20, 91,
163, 152, 195, 97, 155, 237, 11, 143, 98, 74, 30, 182, 186, 255,
24, 212, 138, 252, 41, 121, 169, 166, 125, 108, 116, 15, 71, 175,
241, 238, 22, 163, 149, 184, 244, 99, 193, 77, 242, 201, 20, 133,
41, 32, 26, 112, 48, 250, 148, 117, 80, 69, 179, 119, 202, 250,
204, 151, 196, 94, 25, 191, 40, 173, 60, 116, 234, 159, 37, 59, 43,
223, 253, 98, 31, 103, 243, 140, 150, 132, 252, 244, 88, 69, 158,
56, 86, 57, 58, 189, 80, 164, 213, 93, 169, 112, 231, 153, 150, 37,
185, 153, 94, 2, 104, 146, 146, 141, 80, 104, 129, 37, 74, 184, 8,
179, 228, 59, 79, 156, 19, 47, 193, 13, 238, 187, 220, 133, 176,
150, 13, 140, 162, 84, 217, 248, 66, 101, 206, 203, 8, 218, 106,
97, 102, 194, 106, 56, 86, 40, 64, 183, 16, 94, 127, 232, 119, 69,
56, 44, 182, 215, 34, 124, 167, 42, 125, 8, 172, 19, 144, 143, 166,
145, 24, 18, 167, 9, 231, 227, 83, 29, 149, 174, 184, 195, 106, 38,
97, 197, 175, 206, 155, 172, 157
], [
78, 220, 151, 16, 42, 6, 220, 1, 70, 30, 1, 181, 74, 193, 140, 54,
28, 26, 140, 60, 153, 128, 54, 68, 202, 42, 218, 127, 230, 140, 60,
120, 92, 229, 32, 15, 178, 123, 253, 132, 100, 54, 96, 6, 30, 148,
5, 168, 106, 48, 88, 244, 134, 192, 189, 225, 67, 96, 8, 210, 8,
12, 135, 250, 172, 255, 113, 1, 2, 126, 25, 173, 76, 96, 193, 165,
217, 109, 229, 15, 96, 200, 68, 42, 167, 164, 224, 84, 210, 4, 180,
56, 104, 245, 119, 24, 16, 31, 235, 1, 150, 181, 25, 11, 201, 29,
48, 206, 223, 54, 191, 246, 29, 127, 86, 137, 136, 84, 140, 172,
51, 240, 95, 156, 41, 245, 86, 215, 92, 50, 237, 74, 211, 31, 85,
41, 14, 142, 128, 213, 229, 29, 224, 163, 252, 102, 9, 148, 216,
128, 190, 143, 150, 208, 12, 231, 81, 105, 167, 161, 192, 65, 98,
28, 248, 215, 193, 167, 48, 196, 80, 156, 114, 134, 216, 231, 95,
232, 47, 117, 40, 110, 39, 247, 53, 61, 201, 216, 47, 149, 153, 39,
246, 86, 255, 79, 134, 55, 254, 187, 111, 235, 87, 44, 55, 85, 108,
144, 36, 137, 201, 43, 145, 216, 30, 221, 18, 101, 128, 105, 162,
50, 20, 92, 42, 121, 142, 232, 159, 20, 37, 136, 64, 160, 21, 216,
201, 49, 146, 43, 22, 92, 169, 162, 189, 7, 218, 50, 235, 246, 238,
212, 102, 153, 38, 218, 194, 4, 103, 168, 53, 50, 148, 94, 120,
216, 134, 122, 45, 40, 170, 27, 154, 248, 162, 18, 147, 182, 138,
209, 1, 50, 114, 182, 215, 132, 104, 186, 58, 97, 0, 163, 249, 105,
170, 254, 76, 26, 161, 247, 51, 195, 4, 151, 230, 32, 253, 120, 48,
155, 74, 168, 158, 222, 142, 17, 253, 62, 68, 46, 69, 145, 204,
188, 41, 194, 184, 210, 211, 146, 228, 116, 143, 239, 131, 203, 63,
89, 234, 129, 29, 122, 48, 131, 8, 103, 36, 110, 9, 126, 30, 85,
211, 153, 170, 125, 79, 29, 244, 213, 121, 12, 144, 142, 182, 165,
179, 198, 245, 86, 173, 0, 96, 189, 195, 129, 39, 37, 60, 13, 98,
112, 222, 134, 153, 12, 10, 194, 223, 166, 232, 122, 0, 162, 80,
35, 164, 253, 34, 19, 237, 177, 229, 141, 227, 166, 108, 183, 49,
246, 204, 17, 45, 218, 30, 73, 162, 189, 167, 204, 142, 68, 3, 194,
213, 38, 79, 194, 55, 195, 29, 192, 99, 135, 72, 24, 215, 8, 155,
97, 88, 9, 185, 187, 236, 217, 34, 156, 28, 111, 221, 209, 110,
163, 20, 90, 163, 251, 15, 40, 19, 226, 233, 115, 243, 36, 96, 180,
122, 90, 191, 203, 34, 32, 106, 34, 239, 24, 17, 89, 36, 221, 190,
246, 225, 141, 212, 200, 15, 11, 192, 11, 105, 83, 138, 98, 64,
177, 1, 71, 67, 105, 239, 164, 161, 123, 92, 21, 67, 51, 177, 161
], [
47, 17, 171, 73, 252, 150, 144, 127, 249, 242, 4, 175, 7, 192, 226,
130, 145, 236, 156, 65, 61, 231, 21, 197, 174, 141, 59, 93, 13, 51,
155, 30, 3, 153, 0, 68, 220, 36, 252, 141, 0, 208, 226, 92, 71, 16,
159, 46, 3, 61, 144, 110, 103, 38, 85, 131, 45, 31, 219, 8, 27,
117, 72, 101, 124, 60, 44, 105, 194, 104, 183, 214, 101, 180, 235,
72, 144, 230, 109, 103, 55, 215, 67, 189, 183, 9, 48, 206, 49, 211,
39, 118, 80, 192, 141, 48, 226, 250, 118, 255, 236, 163, 20, 207,
213, 158, 5, 12, 200, 163, 201, 51, 253, 34, 91, 75, 41, 30, 67,
48, 161, 75, 44, 70, 45, 31, 76, 179, 171, 136, 202, 20, 200, 227,
2, 18, 98, 197, 93, 13, 121, 181, 59, 92, 16, 204, 27, 123, 29, 43,
37, 246, 236, 43, 40, 173, 216, 255, 181, 85, 117, 193, 200, 208,
208, 171, 95, 103, 175, 188, 120, 159, 201, 142, 160, 4, 200, 14,
219, 128, 142, 70, 147, 229, 175, 39, 46, 142, 66, 98, 164, 103,
239, 197, 108, 28, 202, 27, 210, 63, 118, 127, 178, 137, 77, 209,
208, 34, 84, 56, 197, 181, 80, 243, 186, 132, 96, 20, 251, 28, 151,
179, 6, 140, 184, 204, 121, 89, 227, 51, 225, 175, 160, 188, 157,
253, 72, 184, 241, 225, 210, 231, 82, 35, 139, 228, 177, 51, 178,
49, 101, 181, 196, 141, 98, 55, 192, 210, 193, 224, 35, 113, 233,
219, 93, 185, 205, 173, 86, 128, 51, 149, 206, 161, 104, 67, 191,
146, 46, 219, 213, 67, 144, 254, 101, 63, 171, 65, 215, 203, 10,
19, 112, 4, 104, 11, 162, 132, 247, 157, 141, 103, 231, 133, 98,
127, 116, 97, 250, 170, 130, 79, 214, 239, 242, 169, 33, 114, 218,
76, 184, 46, 12, 64, 104, 236, 61, 238, 159, 163, 36, 33, 170, 168,
77, 25, 103, 238, 63, 84, 203, 11, 214, 148, 61, 181, 205, 72, 87,
229, 46, 207, 119, 173, 215, 187, 153, 193, 227, 212, 8, 182, 28,
153, 25, 33, 234, 78, 57, 20, 242, 28, 131, 234, 232, 26, 155, 215,
41, 89, 209, 7, 103, 241, 47, 226, 155, 12, 135, 152, 93, 92, 243,
38, 150, 45, 114, 252, 120, 126, 25, 131, 173, 89, 84, 208, 117,
186, 252, 168, 134, 128, 205, 203, 176, 29, 203, 142, 218, 61, 67,
126, 182, 66, 157, 248, 246, 246, 189, 233, 127, 67, 249, 158, 218,
83, 239, 52, 211, 201, 162, 101, 113, 1, 220, 113, 251, 102, 213,
22, 241, 63, 201, 193, 62, 98, 156, 119, 144, 98, 22, 40, 255, 158,
224, 236, 248, 170, 206, 186, 231, 11, 205, 167, 107, 33, 4, 151,
95, 212, 39, 128, 6, 140, 99, 131, 114, 219, 65, 198, 12, 46, 169,
236, 123, 64, 105, 76, 59, 233, 250, 249, 82, 201, 174, 137, 79,
123, 111, 191, 241, 39
])
for i, sa in enumerate(sig_algs):
message.seek(0)
sig, alg = self.private_key.sign(message, sa.hash_id)
message.seek(0)
self.assertTrue(self.public_key.verify(message, alg, sig))
self.assertEqual(origin_sig[i], list(six.iterbytes(sig)))
def test_receiving_doesnt_block_if_there_is_already_decrypted_buffered_data(
self):
# Here's what could (and would) happen before the relevant bug was fixed (assuming method
# M was trampolining unconditionally before actually reading):
# 1. One side sends n bytes, leaves connection open (important)
# 2. The other side uses method M to read m (where m < n) bytes, the underlying SSL
# implementation reads everything from the underlying socket, decrypts all n bytes,
# returns m of them and buffers n-m to be read later.
# 3. The other side tries to read the remainder of the data (n-m bytes), this blocks
# because M trampolines uncoditionally and trampoline will hang because reading from
# the underlying socket would block. It would block because there's no data to be read
# and the connection is still open; leaving the connection open /mentioned in 1./ is
# important because otherwise trampoline would return immediately and the test would pass
# even with the bug still present in the code).
#
# The solution is to first request data from the underlying SSL implementation and only
# trampoline if we actually need to read some data from the underlying socket.
#
# GreenSSLSocket.recv() wasn't broken but I've added code to test it as well for
# completeness.
content = b'xy'
def recv(sock, expected):
assert sock.recv(len(expected)) == expected
def recv_into(sock, expected):
buf = bytearray(len(expected))
assert sock.recv_into(buf, len(expected)) == len(expected)
assert buf == expected
for read_function in [recv, recv_into]:
print('Trying %s...' % (read_function, ))
listener = listen_ssl_socket()
def accept(listener):
sock, addr = listener.accept()
sock.sendall(content)
return sock
accepter = eventlet.spawn(accept, listener)
client_to_server = None
try:
client_to_server = ssl.wrap_socket(
eventlet.connect(listener.getsockname()))
for character in six.iterbytes(content):
character = six.int2byte(character)
print(
'We have %d already decrypted bytes pending, expecting: %s'
% (client_to_server.pending(), character))
read_function(client_to_server, character)
finally:
if client_to_server is not None:
client_to_server.close()
server_to_client = accepter.wait()
# Very important: we only want to close the socket *after* the other side has
# read the data it wanted already, otherwise this would defeat the purpose of the
# test (see the comment at the top of this test).
server_to_client.close()
listener.close()
def test_one_by_one(self):
for expected_byte in six.iterbytes(self.expected):
self.assertEqual(six.int2byte(expected_byte), self.stream.read(1))
self.assertEqual(b'', self.stream.read(1))
def get_remaining_pin_tries(self):
data = self.send_apdu(0, INS.GET_DATA, 0, 0xc4)
return PinRetries(*six.iterbytes(data[4:7]))
def render(self):
height, width = self.window_size()
# get info about target
target = None
res = self.client.perform_request('targets')
if res and res.is_success and len(res.targets) > 0:
target = res.targets[0]
if target and self.args.deref:
self.args.bytes = target['addr_size']
if not self.title:
self.title = "[memory]"
# find the address we're reading memory from
addr = None
if self.args.command:
res = self.client.perform_request('command',
command=self.args.command)
if res.is_success:
for item in reversed(res.output.split()):
log.debug("checking item: {}".format(item))
try:
addr = int(item)
break
except:
try:
addr = int(item, 16)
break
except:
pass
elif self.args.address:
addr = int(self.args.address, 16)
elif self.args.register:
res = self.client.perform_request('registers',
registers=[self.args.register])
if res and res.is_success:
addr = list(res.registers.values())[0]
# read memory
if addr != None:
res = self.client.perform_request('memory',
address=addr,
length=self.body_height() *
self.args.bytes)
if res and res.is_success:
lines = []
for c in range(0, res.bytes, self.args.bytes):
chunk = res.memory[c:c + self.args.bytes]
addr_str = self.colour(
self.format_address(addr + c,
size=target['addr_size'],
pad=False),
self.config.format.addr_colour)
if self.args.deref:
fmt = ('<' if target['byte_order'] == 'little' else '>') + \
{2: 'H', 4: 'L', 8: 'Q'}[target['addr_size']]
info_str = ''
if len(chunk) == target['addr_size']:
pointer = list(struct.unpack(fmt, chunk))[0]
memory_str = ' '.join(
["%02X" % x for x in six.iterbytes(chunk)])
deref_res = self.client.perform_request(
'dereference', pointer=pointer)
if deref_res.is_success:
info_str = self.format_deref(deref_res.output)
else:
memory_str = ' '.join(
["%02X" % x for x in six.iterbytes(chunk)])
info_str = ''
ascii_str = ''.join([
"%s" % ((x <= 127 and self.printable_filter[x]) or '.')
for x in six.iterbytes(chunk)
])
divider = self.colour('|',
self.config.format.divider_colour)
lines.append('{}: {} {} {} {} {}'.format(
addr_str, memory_str, divider, ascii_str, divider,
info_str))
self.body = '\n'.join(reversed(
lines)).strip() if self.args.reverse else '\n'.join(lines)
self.info = '[0x{0:0=4x}:'.format(len(
res.memory)) + self.config.format.addr_format.format(
addr) + ']'
else:
log.error("Error reading memory: {}".format(res.message))
self.body = self.colour(res.message, 'red')
self.info = '[0x{0:0=4x}:'.format(
0) + self.config.format.addr_format.format(addr) + ']'
else:
self.body = ""
self.info = "[no address]"
super(MemoryView, self).render()
def sender(f, content):
for ch in map(six.int2byte, six.iterbytes(content)):
eventlet.sleep(0.0001)
f.write(ch)
f.close()
def hexify(s):
return ' '.join(['%02x' % x for x in six.iterbytes(s)])
def reverse_bits(blob):
return b''.join(map(lambda x: six.int2byte(x ^ 0xFF), six.iterbytes(blob)))
def count_bits(x):
return sum(bin(z).count("1") for z in six.iterbytes(x.tobytes()))
def file_download_details(self, fixture):
"""FileDownloadStub (the GET response for a StaticFileResource) works correctly in
different scenarios of partial GETting too."""
file_content = b'some content'
server_file = temp_file_with(file_content, 'afile.css', mode='w+b')
@stubclass(FileDownload)
class FileDownloadStub(FileDownload):
chunk_size = 1
response = FileDownloadStub(FileOnDisk(server_file.name, '/path/for/the/file'))
# Case: The whole content is sent, in chunk_size bits
read = [i for i in response.app_iter]
expected = [six.int2byte(i) for i in six.iterbytes(file_content)]
vassert( read == expected )
# Case: Headers are set correctly
vassert( response.content_type == 'text/css' )
vassert( not response.content_encoding )
vassert( response.content_length == len(file_content) )
mtime = datetime.datetime.fromtimestamp(int(os.path.getmtime(server_file.name)))
vassert( response.last_modified.replace(tzinfo=None) == mtime )
tag_mtime, tag_size, tag_hash = response.etag.split('-')
mtime = six.text_type(os.path.getmtime(server_file.name))
vassert( tag_mtime == mtime )
vassert( tag_size == six.text_type(len(file_content)) )
vassert( tag_hash == six.text_type(abs(hash(server_file.name))) )
# Case: conditional response is supported
vassert( response.conditional_response )
# Case: partial response is supported - different cases:
# - normal case
actual = [i for i in response.app_iter.app_iter_range(3,7)]
expected = [six.int2byte(i) for i in six.iterbytes(file_content[3:8])]
vassert( actual == expected )
# - no end specified
actual = [i for i in response.app_iter.app_iter_range(3)]
expected = [six.int2byte(i) for i in six.iterbytes(file_content[3:])]
vassert( actual == expected )
# - no start specified
actual = [i for i in response.app_iter.app_iter_range(end=7)]
expected = [six.int2byte(i) for i in six.iterbytes(file_content[:8])]
vassert( actual == expected )
# - where the last chunk read would stretch past end
response.chunk_size = 2
actual = b''.join([i for i in response.app_iter.app_iter_range(end=6)])
expected = file_content[:7]
vassert( actual == expected )
# - where start > end
response.chunk_size = 1
actual = [i for i in response.app_iter.app_iter_range(start=7, end=3)]
expected = [b'']
vassert( actual == expected )
# - where start < 0
actual = [i for i in response.app_iter.app_iter_range(start=-10, end=7)]
expected = [six.int2byte(i) for i in six.iterbytes(file_content[:8])]
vassert( actual == expected )
# - where end > length of file
actual = [i for i in response.app_iter.app_iter_range(start=3, end=2000)]
expected = [six.int2byte(i) for i in six.iterbytes(file_content[3:])]
vassert( actual == expected )
# - where start > length of file
actual = [i for i in response.app_iter.app_iter_range(start=700)]
expected = [b'']
vassert( actual == expected )
