Skip to content

Instantly share code, notes, and snippets.

@DHager
Created August 4, 2016 00:56
Show Gist options
  • Save DHager/b53bc8d17dec0b957c537d3cfe0c1bc7 to your computer and use it in GitHub Desktop.
Save DHager/b53bc8d17dec0b957c537d3cfe0c1bc7 to your computer and use it in GitHub Desktop.
An experiment to try to reproduce part of the "openssl" command line tool's behavior through Python. See blog post: http://technofovea.com/blog/archives/1054
#!/usr/bin/python
import sys
import itertools
import binascii
import StringIO
from Crypto.Hash import SHA, MD5
from Crypto.Cipher import AES, ARC4
from Crypto import Random
class Breaker:
def __init__(self,e,puzzle):
self.e = e
self.puzzle = puzzle
self.last = None
def attempt(self, password):
self.last = password
result = self.e.decryptString(self.puzzle, password)
return result
def comboAttack(self, sequence, tester):
for pw in sequence:
result = b.attempt(pw)
if tester(result):
yield (pw, result)
@staticmethod
def CheckBoringAscii(result):
for c in result:
d = ord(c)
if d > 127:
return False
elif d < 32:
return False
return True
@staticmethod
def GenPasswordList(passwordFile):
with open(passwordFile,'rb') as pwdict:
for line in pwdict:
pw = line.strip()
yield pw
@staticmethod
def GenBrute(charset, maxlength):
for i in range(1, maxlength + 1):
for c in itertools.product(charset,repeat=i):
yield ''.join(c)
class SimpleRc4:
def __init__(self):
self.random = Random.new()
self.header = "Salted__"
self.saltLen = 8
def encryptString(self, in_str, password):
salt = self.random.read(self.saltLen)
tempkey = MD5.new(password+salt).digest()
cipher = ARC4.new(tempkey)
enc = cipher.encrypt(in_str)
return self.header + salt + enc
def decryptString(self, in_str, password):
salt = in_str[len(self.header) : len(self.header)+self.saltLen]
body = in_str[len(self.header)+self.saltLen:]
tempkey = MD5.new(password+salt).digest()
cipher = ARC4.new(tempkey)
dec = cipher.decrypt(body)
return dec
def selftest(self):
password = "selftest"
a = "Content"
b = self.encryptString(a,password)
c = self.decryptString(b,password)
assert(a == c)
if __name__ == "__main__":
e = SimpleRc4()
e.selftest()
sample = e.encryptString("brute decode challenge", "test")
b = Breaker(e, sample)
source = Breaker.GenBrute('abcdefghijklmnopqrstuvwxyz',4)
tester = Breaker.CheckBoringAscii
for pw,result in b.comboAttack(source, tester):
print pw, result
#Output: test brute decode challenge
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment