minhtt159/tiktok.py

## tiktok.py
#!/usr/bin/env python3
import sys, hashlib

def decrypt_password(user, pass_enc):
    key = hashlib.md5(user + b"283i4jfkai3389").digest()

    passw = ""
    for i in range(0, len(pass_enc)):
        passw += chr(pass_enc[i] ^ key[i % len(key)])

    return passw.split("\x00")[0]

def extract_user_pass_from_entry(entry):
    user_data = entry.split(b"\x01\x00\x00\x21")[1]
    pass_data = entry.split(b"\x11\x00\x00\x21")[1]

    user_len = user_data[0]
    pass_len = pass_data[0]

    username = user_data[1:1 + user_len]
    password = pass_data[1:1 + pass_len]

    return username, password

def get_pair(data):

    user_list = []

    entries = data.split(b"M2")[1:]
    for entry in entries:
        try:
            user, pass_encrypted = extract_user_pass_from_entry(entry)
        except:
            continue

        pass_plain = decrypt_password(user, pass_encrypted)
        user  = user.decode("ascii")

        user_list.append((user, pass_plain))

    return user_list

data = bytes.fromhex('ff0101a84d320100ff88020000000000080000000200ff8802000200000002000000040000010300ff09020600ff09060300003076015a004d32100000a800001c0000000a00fe00050000090006000009000b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c7420757365721100002100010000210561646d696e8a004d32100000a800001c0000010a00fe00050000090006000009000b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c742075736572110000213005dabb563e344d794fae9e46c23db3e32ddead7f163966446abe9e49ee2085e932abffc6a306495a0e2d09d5fb27b144ec93010000210561646d696e92004d32100000a800001c0000010a00fe00050000090006000009001f0000080a567a5b0b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c742075736572110000213005dabb563e344d794fae9e46c23db3e32ddead7f163966446abe9e49ee2085e932c6a306495a0e2d09d5fb27b144ec93010000210561646d696e')
user_pass = get_pair(data)
print (user_pass)

# [('admin', ''), ('admin', 'MeePwnCTF{easy_peasy_chicken_dizz\x14!Àê\\Gw\x07øòòJc]×'), ('admin', 'MeePwnCTF{easy_peasy_chicken_dizzy}')]
	#!/usr/bin/env python3
	import sys, hashlib

	def decrypt_password(user, pass_enc):
	key = hashlib.md5(user + b"283i4jfkai3389").digest()

	passw = ""
	for i in range(0, len(pass_enc)):
	passw += chr(pass_enc[i] ^ key[i % len(key)])

	return passw.split("\x00")[0]

	def extract_user_pass_from_entry(entry):
	user_data = entry.split(b"\x01\x00\x00\x21")[1]
	pass_data = entry.split(b"\x11\x00\x00\x21")[1]

	user_len = user_data[0]
	pass_len = pass_data[0]

	username = user_data[1:1 + user_len]
	password = pass_data[1:1 + pass_len]

	return username, password

	def get_pair(data):

	user_list = []

	entries = data.split(b"M2")[1:]
	for entry in entries:
	try:
	user, pass_encrypted = extract_user_pass_from_entry(entry)
	except:
	continue

	pass_plain = decrypt_password(user, pass_encrypted)
	user = user.decode("ascii")

	user_list.append((user, pass_plain))

	return user_list

	data = bytes.fromhex('ff0101a84d320100ff88020000000000080000000200ff8802000200000002000000040000010300ff09020600ff09060300003076015a004d32100000a800001c0000000a00fe00050000090006000009000b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c7420757365721100002100010000210561646d696e8a004d32100000a800001c0000010a00fe00050000090006000009000b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c742075736572110000213005dabb563e344d794fae9e46c23db3e32ddead7f163966446abe9e49ee2085e932abffc6a306495a0e2d09d5fb27b144ec93010000210561646d696e92004d32100000a800001c0000010a00fe00050000090006000009001f0000080a567a5b0b000008feff070012000009020100fe090102000009030900fe211373797374656d2064656661756c742075736572110000213005dabb563e344d794fae9e46c23db3e32ddead7f163966446abe9e49ee2085e932c6a306495a0e2d09d5fb27b144ec93010000210561646d696e')
	user_pass = get_pair(data)
	print (user_pass)

	# [('admin', ''), ('admin', 'MeePwnCTF{easy_peasy_chicken_dizz\x14!Àê\\Gw\x07øòòJc]×'), ('admin', 'MeePwnCTF{easy_peasy_chicken_dizzy}')]