Create a gist now

Instantly share code, notes, and snippets.

@st98 /
Last active Sep 4, 2017

import hashlib
import hmac
import json
import sys
import urlparse
import requests
from Crypto.Cipher import AES
def xor(a, b):
res = ''
if len(a) < len(b):
a, b = b, a
for k, c in enumerate(a):
res += chr(ord(c) ^ ord(b[k % len(b)]))
return res
HMAC_KEY = 'calcHmac'
def calc_hmac(msg):
return, msg, hashlib.sha256).hexdigest()
def pad(msg):
x = 16 - len(msg) % 16
return msg + chr(x) * x
def unpad(msg):
return msg[:-ord(msg[-1])]
def encrypt(key, iv, msg):
c =, AES.MODE_CBC, IV=iv).encrypt(pad(msg))
sig = calc_hmac(msg)
return c.encode('base64').strip(), sig
def decrypt(key, iv, c):
s =, AES.MODE_CBC, IV=iv).decrypt(c)
return unpad(s)
URL = ''
KEY_A = 'def4ul7KeY1Z3456'
KEY_B = 'K33pK3y53cr3TYea'
KEY = xor(KEY_A, KEY_B)
IV = 'IVisNotSecret123'
key, iv = KEY, IV
uuid = sys.argv[1]
data, sig = encrypt(key, iv, json.dumps({'uuid': uuid}))
r =, '/2017/key'), data={'data': data}, headers={'X-Signature': sig})
cookies = r.cookies
metadata = json.loads(decrypt(key, iv, r.content.decode('base64')))['metadata']
key, iv = metadata['key'], metadata['iv']
data, sig = encrypt(key, iv, json.dumps({'gacha': 3}))
r =, '/2017/gacha'), data={'data': data}, headers={'X-Signature': sig}, cookies=cookies)
cookies = r.cookies
res = json.loads(decrypt(key, iv, r.content.decode('base64')))
skills, metadata = res['skills'], res['metadata']
iv = metadata['iv']
print json.dumps(skills)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment