SECCON 2017 × CEDEC CHALLENGE - ガチャ

gacha.py

import hashlib
import hmac
import json
import sys
import urlparse

import requests
from Crypto.Cipher import AES

def xor(a, b):
  res = ''
  if len(a) < len(b):
    a, b = b, a
  for k, c in enumerate(a):
    res += chr(ord(c) ^ ord(b[k % len(b)]))
  return res

HMAC_KEY = 'calcHmac'
def calc_hmac(msg):
  return hmac.new(HMAC_KEY, msg, hashlib.sha256).hexdigest()

def pad(msg):
  x = 16 - len(msg) % 16
  return msg + chr(x) * x

def unpad(msg):
  return msg[:-ord(msg[-1])]

def encrypt(key, iv, msg):
  c = AES.new(key, AES.MODE_CBC, IV=iv).encrypt(pad(msg))
  sig = calc_hmac(msg)
  return c.encode('base64').strip(), sig

def decrypt(key, iv, c):
  s = AES.new(key, AES.MODE_CBC, IV=iv).decrypt(c)
  return unpad(s)

URL = 'https://cedec.seccon.jp'
KEY_A = 'def4ul7KeY1Z3456'
KEY_B = 'K33pK3y53cr3TYea'
KEY = xor(KEY_A, KEY_B)
IV = 'IVisNotSecret123'

key, iv = KEY, IV

uuid = sys.argv[1]

data, sig = encrypt(key, iv, json.dumps({'uuid': uuid}))
r = requests.post(urlparse.urljoin(URL, '/2017/key'), data={'data': data}, headers={'X-Signature': sig})
cookies = r.cookies
metadata = json.loads(decrypt(key, iv, r.content.decode('base64')))['metadata']
key, iv = metadata['key'], metadata['iv']

data, sig = encrypt(key, iv, json.dumps({'gacha': 3}))
r = requests.post(urlparse.urljoin(URL, '/2017/gacha'), data={'data': data}, headers={'X-Signature': sig}, cookies=cookies)
cookies = r.cookies
res = json.loads(decrypt(key, iv, r.content.decode('base64')))
skills, metadata = res['skills'], res['metadata']
iv = metadata['iv']
print json.dumps(skills)