robinp/bruteforcer.py

## bruteforcer.py
import subprocess as sp
import sys

# here you define general mutation rules
def upperCaseAllTs(x): return x.replace("t", "T")
def mySecretStrategy(x): return x.replace("34", "#$")
def cap(x): return x.capitalize()

# and put the mutator strategies here
strats = [upperCaseAllTs, mySecretStrategy, cap]

def subsets(lst):
  """ Returns all subsets of the list """
  bound = 1 << len(lst)
  subs = []
  for s in range(0, bound):
    sub = []
    for j in range(0, len(lst)):
      if ((s >> j) & 1) == 0: sub.append(lst[j])
    subs.append(sub)
  return subs

# stores all possible mutator combinations
# it is assumed that mutators can be independently applied in any order
strat_sets = subsets(strats)

# this will accumulate possible passwords
collection = set()

def variants(accum, parts):
  """
  Depth-first produce all password variants.
  Note that not all leafs are different, since a mutation strategy may leave a part intact

  """
  if len(parts) == 0:
    collection.add(accum)
  else:
    part = parts[0]
    for strat_seq in strat_sets:
      # apply the sequence
      p0 = part
      for strat in strat_seq:
        p0 = strat(p0)
      variants(accum + p0, parts[1:])

# ok, now you have to call the variants method with the ordered password parts to be mutated and joined
#
# if you think you had password like FooBarT or fooBar or Bartfoo or the like, then do:
variants("", ["foo", "bar"])
variants("", ["foo", "bart"])
variants("", ["bart", "foo"])
variants("", ["foo"])

for c in collection:
  print ">"+c+"<"
  # PHASE 1, recover the store password
  # comment next line in PHASE 2
  p = sp.Popen("keytool -list -keystore my.keystore -storepass " + c, stdout = sp.PIPE)
  # PHASE 2, recover the key password
  #p = sp.Popen("jarsigner -keystore my.keystore -storepass ThePassIRecoveredInPhase1 -keypass " + c + " -verbose some_unsigned.apk alias_name", stdout = sp.PIPE)
  ret = p.stdout.readline()
  print ret
  rc = p.wait()

  if rc == 0:
    print "FOUND", c
    sys.exit(0)
	import subprocess as sp
	import sys

	# here you define general mutation rules
	def upperCaseAllTs(x): return x.replace("t", "T")
	def mySecretStrategy(x): return x.replace("34", "#$")
	def cap(x): return x.capitalize()

	# and put the mutator strategies here
	strats = [upperCaseAllTs, mySecretStrategy, cap]

	def subsets(lst):
	""" Returns all subsets of the list """
	bound = 1 << len(lst)
	subs = []
	for s in range(0, bound):
	sub = []
	for j in range(0, len(lst)):
	if ((s >> j) & 1) == 0: sub.append(lst[j])
	subs.append(sub)
	return subs

	# stores all possible mutator combinations
	# it is assumed that mutators can be independently applied in any order
	strat_sets = subsets(strats)

	# this will accumulate possible passwords
	collection = set()

	def variants(accum, parts):
	"""
	Depth-first produce all password variants.
	Note that not all leafs are different, since a mutation strategy may leave a part intact

	"""
	if len(parts) == 0:
	collection.add(accum)
	else:
	part = parts[0]
	for strat_seq in strat_sets:
	# apply the sequence
	p0 = part
	for strat in strat_seq:
	p0 = strat(p0)
	variants(accum + p0, parts[1:])

	# ok, now you have to call the variants method with the ordered password parts to be mutated and joined
	#
	# if you think you had password like FooBarT or fooBar or Bartfoo or the like, then do:
	variants("", ["foo", "bar"])
	variants("", ["foo", "bart"])
	variants("", ["bart", "foo"])
	variants("", ["foo"])

	for c in collection:
	print ">"+c+"<"
	# PHASE 1, recover the store password
	# comment next line in PHASE 2
	p = sp.Popen("keytool -list -keystore my.keystore -storepass " + c, stdout = sp.PIPE)
	# PHASE 2, recover the key password
	#p = sp.Popen("jarsigner -keystore my.keystore -storepass ThePassIRecoveredInPhase1 -keypass " + c + " -verbose some_unsigned.apk alias_name", stdout = sp.PIPE)
	ret = p.stdout.readline()
	print ret
	rc = p.wait()

	if rc == 0:
	print "FOUND", c
	sys.exit(0)