Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #數據相加
- def stringAdd(hexadecimal_string):
- eee = ''
- b = []
- i=0
- for byte in hexadecimal_string:
- i=i+1
- eee = eee+byte
- if i%2 ==0 and i !=0:
- b.append(eee)
- eee = ''
- return b
- #算字串長度
- #輸入帳密(輸入數據中間要空白區分)
- Mystring = "Server001 test4"
- needEncodeString = Mystring.encode()
- hexCode = 0xABCDABCD
- for i in range(0,len(needEncodeString)+1):
- if i==0:
- hexCode = hexCode+ 1
- elif hex(int(needEncodeString[i-1])) != "0x20":
- hexCode = hexCode + (needEncodeString[i-1] << i)
- print(hex(hexCode))
- hexCode = str(hex(hexCode)).replace("0x","")
- hexCode = stringAdd(hexCode)
- hexCode.reverse()
- tempString = []
- needEncode = []
- tick = 0
- for i in range(0,len(needEncodeString)):
- if i==0:
- tick = tick+1
- tempString.append("01")
- if hex(int(needEncodeString[i])) == "0x20":
- tempString.append("00")
- else:
- tempString.append(str(hex(int(needEncodeString[i]))).replace("0x",""))
- tick = tick+1
- if tick ==2:
- tempString.reverse()
- needEncode.append(tempString[0]+tempString[1])
- tempString = []
- tick = 0
- if i == len(needEncodeString)-1:
- if tick ==1:
- needEncode.append(tempString[0]+"00")
- x00 = '00'
- for i in range(0,len(hexCode)-1):
- if i+1==1 :
- needEncode.append(hexCode[i] + "00")
- elif (i+1) % 2 ==0:
- needEncode.append(hexCode[i+1] + hexCode[i])
- i=i+1
- else :
- x00 = hexCode[i+1] +"00"
- packLen = 32
- if len(needEncode) > 5:
- packLen = packLen + (len(needEncode)-6)*2
- packLen = str(hex(packLen)).replace("0x","")
- #加總暫存
- esi = 0
- for i in range(0,len(needEncodeString)+1):
- if i==0:
- esi = esi+ 1
- elif hex(int(needEncodeString[i-1])) != "0x20":
- esi = esi + needEncodeString[i-1]
- for i in range(0,len(hexCode)):
- esi = esi+ int(hexCode[i],16)
- print("esi : " + str(hex(esi)))
- EncodeHex = 0xBA59
- keyTemp = "59BA"
- keynum = EncodeHex +EncodeHex
- outesi = esi
- for i in range(0,8):
- eax = i
- eax = eax & 0x80000001
- ecx = EncodeHex
- dx = 0x10000
- ecx = ecx + 5
- eax =eax +1
- EncodeHex = ecx
- if i <6 :
- dx = dx ^ ecx
- else:
- if i ==6 :
- dx = dx + outesi
- dx = dx ^ ecx
- #print(hex(dx))
- if i ==7 :
- dx = dx + 0x594B
- dx = dx ^ ecx
- ecx = 0x10
- esi = dx
- ecx = ecx - eax
- esi = esi << ecx
- if (i+1) % 2 ==1:
- ecx = 1
- else:
- ecx = 2
- eax = keynum
- dx = ((dx-0x10000) >> ecx) + 0x10000
- esi = esi | dx
- esi = esi + eax
- keynum = esi
- keyTemp = keyTemp +''.join(hex(esi)[-2:] + hex(esi)[-4:-2] )
- print(keyTemp)
- x01 = 'ec'+packLen+'0000'+keyTemp
- x01 = bytearray.fromhex(x01);
- x00 = bytearray.fromhex(x00);
- finish =bytearray(0)
- EncodeHex = 0xBA59
- key_int = EncodeHex +0x1234
- ebx_hex = hex(key_int*key_int)
- print("EBX : " + str(ebx_hex))
- ebx_hex = str(ebx_hex)
- ebx_hex = ebx_hex[len(ebx_hex)-4:len(ebx_hex)]
- print("BX : " + str(ebx_hex))
- nbits = 16
- temp = 0
- high_temp = 0
- low_temp = 0
- sec_temp =0
- oplen = 0
- for i in range(0,len(needEncode)):
- key_int = key_int +3
- temp = int(needEncode[i],16) - key_int
- temp = int('{:04X}'.format(temp & ((1 << nbits)-1)),nbits)
- if oplen ==7:
- oplen = 0
- left = 16-oplen-1
- right = oplen+1
- oplen = oplen+1
- if left ==8:
- left = 15
- right = 1
- high_temp = temp << left
- low_temp = temp >> right
- new_temp = high_temp | low_temp
- new_temp = hex(new_temp)
- new_temp = new_temp[-4:]
- if i == 0:
- last = hex(int(ebx_hex,16) + int(new_temp,16))
- else:
- last = hex(sec_temp + int(new_temp,16))
- right_temp = last[-4:]
- sec_temp =int(right_temp,16) >>2
- last = last[-2:] + last[-4:-2]
- finish.extend(bytes(bytearray.fromhex(last)))
- x01.extend(finish)
- x01.extend(x00)
- x01 = bytes(x01)
- def resv_Pack_key(a):
- start = 5
- a_int = int(a[4],16)
- a_int = a_int >> 1
- a_int = a_int & 3
- for i in range(1,4):
- numa_int = a_int +i-1 & 3
- #原來位置
- temp_dl = a[start]
- #替換位置
- blInt = start+numa_int+1
- temp_bl = a[blInt]
- a[start] = temp_bl
- a[blInt] = temp_dl
- start = start+5
- return a
- b = stringAdd(x01.hex())
- b = resv_Pack_key(b)
- c = ''
- for i in range(0,len(b)):
- c = c +''.join(b[i])
- x01 = bytes(bytearray.fromhex(c))
- print("需偽造字串 : " + Mystring)
- print("----------代碼--------")
- print(x01)
Add Comment
Please, Sign In to add comment