Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from scapy.all import *
- import ctypes
- def dump_ints16(data_int, fl):
- dt = (ctypes.c_uint16 * len(data_int))(*data_int)
- ch_buf = (c_char * ctypes.sizeof(dt)).from_buffer(dt)
- open(fl, "wb").write(ch_buf.raw)
- def dump_ints32(data_int, fl):
- dt = (ctypes.c_uint32 * len(data_int))(*data_int)
- ch_buf = (c_char * ctypes.sizeof(dt)).from_buffer(dt)
- open(fl, "wb").write(ch_buf.raw)
- def main():
- packets = rdpcap('packets.pcapng')
- data = [("I" if p.haslayer(ICMP) else "U", str(p.lastlayer())) for p in packets if p.haslayer(ICMP) or p.haslayer(UDP)]
- data_int = [int(i[1]) for i in data]
- dump_ints32(data_int, "dump.bin")
- tcp_idseq = [(p.getlayer(TCP).sport, p.getlayer(IP).id) for p in packets if p.haslayer(TCP)]
- # Try pairs for xor keys
- tcp_sport_id = []
- tcp_id_sport = []
- for i in tcp_idseq:
- tcp_sport_id.append(i[0])
- tcp_sport_id.append(i[1])
- tcp_id_sport.append(i[1])
- tcp_id_sport.append(i[0])
- dump_ints16(tcp_sport_id, "tcp_sport_id.bin")
- dump_ints16(tcp_id_sport, "tcp_id_sport.bin")
- dump = open("dump.bin", "rb").read()
- tcp_sport_id_f = open("tcp_sport_id.bin", "rb").read()
- tcp_id_sport_f = open("tcp_id_sport.bin", "rb").read()
- c = []
- for i in range(2048):
- c.append(chr(ord(dump[i]) ^ ord(tcp_sport_id_f[i])))
- print "".join(c)
- c = []
- for i in range(2048):
- c.append(chr(ord(dump[i]) ^ ord(tcp_id_sport_f[i])))
- print "".join(c)
- if __name__ == '__main__':
- main()
Add Comment
Please, Sign In to add comment
