Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
An experiment to try to reproduce part of the "openssl" command line tool's behavior through Python. See blog post: http://technofovea.com/blog/archives/1054
#!/usr/bin/python
import sys
import itertools
import binascii
import StringIO
from Crypto.Hash import SHA, MD5
from Crypto.Cipher import AES, ARC4
from Crypto import Random
class Breaker:
def __init__(self,e,puzzle):
self.e = e
self.puzzle = puzzle
self.last = None
def attempt(self, password):
self.last = password
result = self.e.decryptString(self.puzzle, password)
return result
def comboAttack(self, sequence, tester):
for pw in sequence:
result = b.attempt(pw)
if tester(result):
yield (pw, result)
@staticmethod
def CheckBoringAscii(result):
for c in result:
d = ord(c)
if d > 127:
return False
elif d < 32:
return False
return True
@staticmethod
def GenPasswordList(passwordFile):
with open(passwordFile,'rb') as pwdict:
for line in pwdict:
pw = line.strip()
yield pw
@staticmethod
def GenBrute(charset, maxlength):
for i in range(1, maxlength + 1):
for c in itertools.product(charset,repeat=i):
yield ''.join(c)
class SimpleRc4:
def __init__(self):
self.random = Random.new()
self.header = "Salted__"
self.saltLen = 8
def encryptString(self, in_str, password):
salt = self.random.read(self.saltLen)
tempkey = MD5.new(password+salt).digest()
cipher = ARC4.new(tempkey)
enc = cipher.encrypt(in_str)
return self.header + salt + enc
def decryptString(self, in_str, password):
salt = in_str[len(self.header) : len(self.header)+self.saltLen]
body = in_str[len(self.header)+self.saltLen:]
tempkey = MD5.new(password+salt).digest()
cipher = ARC4.new(tempkey)
dec = cipher.decrypt(body)
return dec
def selftest(self):
password = "selftest"
a = "Content"
b = self.encryptString(a,password)
c = self.decryptString(b,password)
assert(a == c)
if __name__ == "__main__":
e = SimpleRc4()
e.selftest()
sample = e.encryptString("brute decode challenge", "test")
b = Breaker(e, sample)
source = Breaker.GenBrute('abcdefghijklmnopqrstuvwxyz',4)
tester = Breaker.CheckBoringAscii
for pw,result in b.comboAttack(source, tester):
print pw, result
#Output: test brute decode challenge
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment