Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
SECCON 2017 × CEDEC CHALLENGE - スコアのチート 2
import hashlib
import hmac
import json
import sys
import urlparse
import requests
from Crypto.Cipher import AES
def xor(a, b):
res = ''
if len(a) < len(b):
a, b = b, a
for k, c in enumerate(a):
res += chr(ord(c) ^ ord(b[k % len(b)]))
return res
HMAC_KEY = 'calcHmac'
def calc_hmac(msg):
return hmac.new(HMAC_KEY, msg, hashlib.sha256).hexdigest()
def pad(msg):
x = 16 - len(msg) % 16
return msg + chr(x) * x
def unpad(msg):
return msg[:-ord(msg[-1])]
def encrypt(key, iv, msg):
c = AES.new(key, AES.MODE_CBC, IV=iv).encrypt(pad(msg))
sig = calc_hmac(msg)
return c.encode('base64').strip(), sig
def decrypt(key, iv, c):
s = AES.new(key, AES.MODE_CBC, IV=iv).decrypt(c)
return unpad(s)
URL = 'https://cedec.seccon.jp'
KEY_A = 'def4ul7KeY1Z3456'
KEY_B = 'K33pK3y53cr3TYea'
KEY = xor(KEY_A, KEY_B)
IV = 'IVisNotSecret123'
key, iv = KEY, IV
uuid = sys.argv[1]
data, sig = encrypt(key, iv, json.dumps({'uuid': uuid}))
r = requests.post(urlparse.urljoin(URL, '/2017/key'), data={'data': data}, headers={'X-Signature': sig})
cookies = r.cookies
metadata = json.loads(decrypt(key, iv, r.content.decode('base64')))['metadata']
key, iv = metadata['key'], metadata['iv']
data = json.dumps({
"myScore": {
"musicId": 100,
"difficulty": 100,
"score": 123456789,
"name": "",
"uuid": uuid
}
})
data, sig = encrypt(key, iv, data)
r = requests.post(urlparse.urljoin(URL, '/2017/score'), data={'data': data}, headers={'X-Signature': sig}, cookies=cookies)
cookies = r.cookies
res = json.loads(decrypt(key, iv, r.content.decode('base64')))
scores, metadata = res['gameScores'], res['metadata']
iv = metadata['iv']
print json.dumps(scores)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment