Last active
September 4, 2017 02:44
-
-
Save st98/e6f17c9fd574ff264a8173d4b651767a to your computer and use it in GitHub Desktop.
SECCON 2017 × CEDEC CHALLENGE - 通信の復号を行うスクリプト (デモ: https://www.youtube.com/watch?v=PGL6lmuB7DI)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# mitmdump -s mitmproxy_decrypt.py | |
import hashlib | |
import json | |
import sys | |
from mitmproxy import ctx | |
from Crypto.Cipher import AES | |
def xor(a, b): | |
res = '' | |
if len(a) < len(b): | |
a, b = b, a | |
for k, c in enumerate(a): | |
res += chr(ord(c) ^ ord(b[k % len(b)])) | |
return res | |
def unpad(msg): | |
return msg[:-ord(msg[-1])] | |
def decrypt(key, iv, c): | |
s = AES.new(key, AES.MODE_CBC, IV=iv).decrypt(c) | |
return json.loads(unpad(s)) | |
KEY_A = 'def4ul7KeY1Z3456' | |
KEY_B = 'K33pK3y53cr3TYea' | |
KEY = xor(KEY_A, KEY_B) | |
IV = 'IVisNotSecret123' | |
key, iv = KEY, IV | |
def request(flow): | |
global key, iv | |
if flow.request.path in ('/2017/key', '/2017/uuid'): | |
key, iv = KEY, IV | |
if flow.request.urlencoded_form: | |
data = flow.request.urlencoded_form['data'].decode('base64') | |
data = decrypt(key, iv, data) | |
ctx.log.info('>%s: %s' % (flow.request.path, data)) | |
def response(flow): | |
global key, iv | |
data = flow.response.get_content() | |
if data: | |
data = decrypt(key, iv, data.decode('base64')) | |
if 'metadata' in data: | |
metadata = data['metadata'] | |
if 'key' in metadata: | |
key = metadata['key'] | |
if 'iv' in metadata: | |
iv = metadata['iv'] | |
ctx.log.info('<%s: %s' % (flow.request.path, data)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment