tyage/bingo.cgi Secret

## bingo.cgi
#!/usr/bin/python
# -*- coding: utf-8 -*-

from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
import SocketServer
import urlparse
import os
import sys
import random
import json
import cgi
import cv2
import threading
import time

status = json.loads(open("status.json").read())
bingotitle = cv2.imread("bingotitle.jpg")

blue_images = {}
for n in range(75):
	blue_images[n+1] = cv2.imread("numbers/blue_" + ("%02d" % (n + 1)) + ".jpg")
gray_images = {}
for n in range(99):
	gray_images[n+1] = cv2.imread("numbers/gray_" + ("%02d" % (n + 1)) + ".jpg")

digit = 0
def rnd(a):
	global digit
	digit = digit + 1
	return str(digit)

def new_bingo(max_number=75):
	num_base = []
	if max_number == 75:
		I15 = [i+1 for i in range( 0, 15)]
		I30 = [i+1 for i in range(15, 30)]
		I45 = [i+1 for i in range(30, 45)]
		I60 = [i+1 for i in range(45, 60)]
		I75 = [i+1 for i in range(60, 75)]
		random.shuffle(I15)
		random.shuffle(I30)
		random.shuffle(I45)
		random.shuffle(I60)
		random.shuffle(I75)
		for i in range(5):
			num_base.append(I15[i])
			num_base.append(I30[i])
			num_base.append(I45[i])
			num_base.append(I60[i])
			num_base.append(I75[i])
	else:
		for i in range(max_number):
			num_base.append(i+1)
		random.shuffle(num_base)
	num_base[12] = 99
	return num_base[:25]

def check_bingo(bingo, called_nums):
	ck_list = [
		# yoko
		[ 0, 1, 2, 3, 4],
		[ 5, 6, 7, 8, 9],
		[10,11,12,13,14],
		[15,16,17,18,19],
		[20,21,22,23,24],
		# tate
		[ 0, 5,10,15,20],
		[ 1, 6,11,16,21],
		[ 2, 7,12,17,22],
		[ 3, 8,13,18,23],
		[ 4, 9,14,19,24],
		# naname
		[ 0, 6,12,18,24],
		[ 4, 8,12,16,20]
	]
	for ck in ck_list:
		flag = True
		for i in range(5):
			if not bingo[ck[i]] in called_nums:
				flag = False
				break
		if flag == True:
			return 1
	return 0

def save_jpg_for_size(original, size, baseurl):
	cv2.imwrite(baseurl + "/" + str(size) + ".jpg", original)

#def make_imagemap_from_data(userid, bingo, called_nums):
#	global status
#	global bingotitle
#	global blue_images
#	global gray_images
#	card = [bingotitle]
#	for i in range(5):
#		line_ = []
#		for j in range(5):
#			n = bingo[ (i * 5) + j ]
#			if not n in called_nums:
#				one = blue_images[n]
#			else:
#				one = gray_images[n]
#			line_.append(one)
#		card.append(cv2.hconcat(line_))
#	img = cv2.vconcat(card)
#	baseurl = status["local_pics_path"] + userid
#	if os.path.isdir(baseurl) == False:
#		os.mkdir(baseurl)
#	imageid = rnd(20)
#	baseurl = status["local_pics_path"] + userid + "/" + imageid
#	os.mkdir(baseurl)
#	save_jpg_for_size(img, 305, baseurl)
#	return status["web_pics_path"] + userid + "/" + imageid

def make_image_from_data(bingo, called_nums):
	global bingotitle
	global blue_images
	global gray_images
	card = [bingotitle]
	for i in range(5):
		line_ = []
		for j in range(5):
			n = bingo[ (i * 5) + j ]
			if not n in called_nums:
				one = blue_images[n]
			else:
				one = gray_images[n]
			line_.append(one)
		card.append(cv2.hconcat(line_))
	return cv2.vconcat(card)

pics_data = {}
def save_image(imageid, userid, bingo, called_nums):
	global status
	#baseurl = status["local_pics_path"] + userid
	#if os.path.isdir(baseurl) == False:
	#	os.mkdir(baseurl)
	#baseurl = status["local_pics_path"] + userid + "/" + imageid
	#os.mkdir(baseurl)
	#save_jpg_for_size(img, 305, baseurl)
	pics_data[(userid, imageid)] = [bingo, called_nums]
	return status["web_pics_path"] + userid + "/" + imageid

def html(text):
	return "{'result': '" + text + "'}"

#def branch():
#	form = cgi.FieldStorage()
#	num  = form.getvalue("num")
#	if num != None:
#		return (0, num)
#	uid  = form.getvalue("uid")
#	call = form.getvalue("call")
#	if uid != None and call != None:
#		return (1, uid, call)
#	return (-1, "error")
#
#def main():
#	result = branch()
#	if result[0] == 0:
#		routineA(result[1])
#		return
#	if result[0] == 1:
#		routineB(result[1], result[2])
#		return
#	html("404 not found")
#	return

a_cache = None
ginfo = None
def routineA_pre(num):
	global status
	global a_cache
	global ginfo
	num = int(num)
	uid = rnd(3)
	data= {
		'data': [],
		'result': 'ok',
		'called': [99]
	}
	for i in range(num):
		bingo = new_bingo(75)
		imageid = rnd(10)
		pic = make_image_from_data(bingo, [99])
		baseurl = "a/" + uid
		if os.path.isdir(baseurl) == False:
			os.mkdir(baseurl)
		baseurl = "a/" + uid + "/" + imageid
		os.mkdir(baseurl)
		save_jpg_for_size(pic, 305, baseurl)
		url = "a/" + uid + "/" + imageid
		one = {
			"url":  url,
			"data": bingo
		}
		data['data'].append(one)
	ginfo = data
	#a_cache = json.dumps(data, indent=4)
	a_cache = json.dumps(data, separators=(',', ':'))
	return a_cache

def routineA(num):
	if num == None:
		return html('404 not found')
	if int(num) < 1:
		return html('404 not found')

	global a_cache
	if a_cache == None:
		return routineA_pre(num)

	return a_cache

b_caches = {}
def routineB_pre(uid, call):
	global status
	global b_cache
	global ginfo
	call = int(call)
	if not call in ginfo["called"]:
		ginfo["called"].append(call)
		data = {
			'data': [],
			'result': 'ok',
			'called': ginfo["called"]
		}
		for v in ginfo["data"]:
			imageid = rnd(10)
			url = save_image(imageid, uid, v["data"], ginfo["called"])
			one = {
				"url": url,
				"data": v["data"],
				"bingo": check_bingo(v["data"], ginfo["called"])
			}
			data['data'].append(one)
		ginfo = data
	else:
		data = ginfo
	#1b_caches[(uid, call)] = data
	return json.dumps(data, separators=(',', ':'))

def routineB(uid, call):
	global b_cache
#	if (uid, call) in b_caches:
#		cache = b_caches[(uid, call)]
#		cache["called"].append(int(call))
#		return json.dumps(cache)

	return routineB_pre(uid, call)

class S(BaseHTTPRequestHandler):
	def do_GET(self):
		parsed_path = urlparse.urlparse(self.path)

		if parsed_path.path.find('/pics') == 0:
			self.send_response(200)
			self.send_header('Content-type', 'image/jpg')
			self.end_headers()

			data = parsed_path.path.split('/')
			key = (data[2], data[3])
			data = pics_data[key]
			pic = make_image_from_data(data[0], data[1])
			self.wfile.write(cv2.imencode('.jpg', pic)[1].tostring())
		else:
			self.send_response(200)
			self.send_header('Content-type', 'application/json')
			self.end_headers()

			queries = {}
			for q in parsed_path.query.split('&'):
				queries[q.split('=')[0]] = q.split('=')[1]

			if 'num' in queries:
				self.wfile.write(routineA(queries['num']))
			else:
				self.wfile.write(routineB(queries['uid'], queries['call']))

def run(server_class=HTTPServer, handler_class=S, port=80):
		server_address = ('', port)
		httpd = server_class(server_address, handler_class)
		print 'Starting httpd...'
		game_info = routineA_pre("200")
		#d = json.loads(game_info)
		#game_id = d["data"][0]["url"].split("/")[1]
		#routineB_pre(game_id, "1")

		print 'Creating a cache file...'
#		open('cgi-files/num=200', 'w').write(game_info)
#		for i in range(1, 76):
#			result = routineB(game_id, str(i))
#			open('cgi-files/uid=%s&call=%d' % (game_id, i), 'w').write(result)

		print 'httpd Started.'
		httpd.serve_forever()

if __name__ == "__main__":
		from sys import argv

		if len(argv) == 2:
			run(port=int(argv[1]))
		else:
			run()

## nginx.conf
worker_processes  1;

events {
  worker_connections  1024;
}

http {
  include       mime.types;

#  log_format  ltsv  "host:$remote_addr"
#    "\tuser:$remote_user"
#    "\ttime:$time_local"
#    "\treq:$request"
#    "\tstatus:$status"
#    "\tsize:$body_bytes_sent"
#    "\treferer:$http_referer"
#    "\tua:$http_user_agent"
#    "\tforwardedfor:$http_x_forwarded_for"
#    "\treqtime:$request_time"
#    "\tapptime:$upstream_response_time";
#
#  access_log /usr/local/var/log/nginx/access.log ltsv;
#  error_log /usr/local/var/log/nginx/error.log;
  access_log off;

  sendfile        on;

  keepalive_timeout  65;

  gzip  on;
  gzip_types image/jpeg;

  server {
    listen       80;
    server_name  localhost;
    deny 10.0.26.10;

    root /Users/tyage/.ghq/github.com/tyage/ctf/contests/seccon-2017-finals/bingom/;
    #location /cgi-bin2 {
    #  add_header 'Content-Type' 'application/json';
    #  try_files /cgi-files/$args 404;
    #}
    location /cgi-bin {
      proxy_pass http://127.0.0.1:8000/;
    }
    location /pics {
      proxy_pass http://127.0.0.1:8000/pics;
    }
  }

  include servers/*;
}
	#!/usr/bin/python
	# -- coding: utf-8 --

	from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
	import SocketServer
	import urlparse
	import os
	import sys
	import random
	import json
	import cgi
	import cv2
	import threading
	import time

	status = json.loads(open("status.json").read())
	bingotitle = cv2.imread("bingotitle.jpg")

	blue_images = {}
	for n in range(75):
	blue_images[n+1] = cv2.imread("numbers/blue_" + ("%02d" % (n + 1)) + ".jpg")
	gray_images = {}
	for n in range(99):
	gray_images[n+1] = cv2.imread("numbers/gray_" + ("%02d" % (n + 1)) + ".jpg")

	digit = 0
	def rnd(a):
	global digit
	digit = digit + 1
	return str(digit)

	def new_bingo(max_number=75):
	num_base = []
	if max_number == 75:
	I15 = [i+1 for i in range( 0, 15)]
	I30 = [i+1 for i in range(15, 30)]
	I45 = [i+1 for i in range(30, 45)]
	I60 = [i+1 for i in range(45, 60)]
	I75 = [i+1 for i in range(60, 75)]
	random.shuffle(I15)
	random.shuffle(I30)
	random.shuffle(I45)
	random.shuffle(I60)
	random.shuffle(I75)
	for i in range(5):
	num_base.append(I15[i])
	num_base.append(I30[i])
	num_base.append(I45[i])
	num_base.append(I60[i])
	num_base.append(I75[i])
	else:
	for i in range(max_number):
	num_base.append(i+1)
	random.shuffle(num_base)
	num_base[12] = 99
	return num_base[:25]

	def check_bingo(bingo, called_nums):
	ck_list = [
	# yoko
	[ 0, 1, 2, 3, 4],
	[ 5, 6, 7, 8, 9],
	[10,11,12,13,14],
	[15,16,17,18,19],
	[20,21,22,23,24],
	# tate
	[ 0, 5,10,15,20],
	[ 1, 6,11,16,21],
	[ 2, 7,12,17,22],
	[ 3, 8,13,18,23],
	[ 4, 9,14,19,24],
	# naname
	[ 0, 6,12,18,24],
	[ 4, 8,12,16,20]
	]
	for ck in ck_list:
	flag = True
	for i in range(5):
	if not bingo[ck[i]] in called_nums:
	flag = False
	break
	if flag == True:
	return 1
	return 0

	def save_jpg_for_size(original, size, baseurl):
	cv2.imwrite(baseurl + "/" + str(size) + ".jpg", original)

	#def make_imagemap_from_data(userid, bingo, called_nums):
	# global status
	# global bingotitle
	# global blue_images
	# global gray_images
	# card = [bingotitle]
	# for i in range(5):
	# line_ = []
	# for j in range(5):
	# n = bingo[ (i * 5) + j ]
	# if not n in called_nums:
	# one = blue_images[n]
	# else:
	# one = gray_images[n]
	# line_.append(one)
	# card.append(cv2.hconcat(line_))
	# img = cv2.vconcat(card)
	# baseurl = status["local_pics_path"] + userid
	# if os.path.isdir(baseurl) == False:
	# os.mkdir(baseurl)
	# imageid = rnd(20)
	# baseurl = status["local_pics_path"] + userid + "/" + imageid
	# os.mkdir(baseurl)
	# save_jpg_for_size(img, 305, baseurl)
	# return status["web_pics_path"] + userid + "/" + imageid

	def make_image_from_data(bingo, called_nums):
	global bingotitle
	global blue_images
	global gray_images
	card = [bingotitle]
	for i in range(5):
	line_ = []
	for j in range(5):
	n = bingo[ (i * 5) + j ]
	if not n in called_nums:
	one = blue_images[n]
	else:
	one = gray_images[n]
	line_.append(one)
	card.append(cv2.hconcat(line_))
	return cv2.vconcat(card)

	pics_data = {}
	def save_image(imageid, userid, bingo, called_nums):
	global status
	#baseurl = status["local_pics_path"] + userid
	#if os.path.isdir(baseurl) == False:
	# os.mkdir(baseurl)
	#baseurl = status["local_pics_path"] + userid + "/" + imageid
	#os.mkdir(baseurl)
	#save_jpg_for_size(img, 305, baseurl)
	pics_data[(userid, imageid)] = [bingo, called_nums]
	return status["web_pics_path"] + userid + "/" + imageid

	def html(text):
	return "{'result': '" + text + "'}"

	#def branch():
	# form = cgi.FieldStorage()
	# num = form.getvalue("num")
	# if num != None:
	# return (0, num)
	# uid = form.getvalue("uid")
	# call = form.getvalue("call")
	# if uid != None and call != None:
	# return (1, uid, call)
	# return (-1, "error")
	#
	#def main():
	# result = branch()
	# if result[0] == 0:
	# routineA(result[1])
	# return
	# if result[0] == 1:
	# routineB(result[1], result[2])
	# return
	# html("404 not found")
	# return

	a_cache = None
	ginfo = None
	def routineA_pre(num):
	global status
	global a_cache
	global ginfo
	num = int(num)
	uid = rnd(3)
	data= {
	'data': [],
	'result': 'ok',
	'called': [99]
	}
	for i in range(num):
	bingo = new_bingo(75)
	imageid = rnd(10)
	pic = make_image_from_data(bingo, [99])
	baseurl = "a/" + uid
	if os.path.isdir(baseurl) == False:
	os.mkdir(baseurl)
	baseurl = "a/" + uid + "/" + imageid
	os.mkdir(baseurl)
	save_jpg_for_size(pic, 305, baseurl)
	url = "a/" + uid + "/" + imageid
	one = {
	"url": url,
	"data": bingo
	}
	data['data'].append(one)
	ginfo = data
	#a_cache = json.dumps(data, indent=4)
	a_cache = json.dumps(data, separators=(',', ':'))
	return a_cache

	def routineA(num):
	if num == None:
	return html('404 not found')
	if int(num) < 1:
	return html('404 not found')

	global a_cache
	if a_cache == None:
	return routineA_pre(num)

	return a_cache

	b_caches = {}
	def routineB_pre(uid, call):
	global status
	global b_cache
	global ginfo
	call = int(call)
	if not call in ginfo["called"]:
	ginfo["called"].append(call)
	data = {
	'data': [],
	'result': 'ok',
	'called': ginfo["called"]
	}
	for v in ginfo["data"]:
	imageid = rnd(10)
	url = save_image(imageid, uid, v["data"], ginfo["called"])
	one = {
	"url": url,
	"data": v["data"],
	"bingo": check_bingo(v["data"], ginfo["called"])
	}
	data['data'].append(one)
	ginfo = data
	else:
	data = ginfo
	#1b_caches[(uid, call)] = data
	return json.dumps(data, separators=(',', ':'))

	def routineB(uid, call):
	global b_cache
	# if (uid, call) in b_caches:
	# cache = b_caches[(uid, call)]
	# cache["called"].append(int(call))
	# return json.dumps(cache)

	return routineB_pre(uid, call)

	class S(BaseHTTPRequestHandler):
	def do_GET(self):
	parsed_path = urlparse.urlparse(self.path)

	if parsed_path.path.find('/pics') == 0:
	self.send_response(200)
	self.send_header('Content-type', 'image/jpg')
	self.end_headers()

	data = parsed_path.path.split('/')
	key = (data[2], data[3])
	data = pics_data[key]
	pic = make_image_from_data(data[0], data[1])
	self.wfile.write(cv2.imencode('.jpg', pic)[1].tostring())
	else:
	self.send_response(200)
	self.send_header('Content-type', 'application/json')
	self.end_headers()

	queries = {}
	for q in parsed_path.query.split('&'):
	queries[q.split('=')[0]] = q.split('=')[1]

	if 'num' in queries:
	self.wfile.write(routineA(queries['num']))
	else:
	self.wfile.write(routineB(queries['uid'], queries['call']))

	def run(server_class=HTTPServer, handler_class=S, port=80):
	server_address = ('', port)
	httpd = server_class(server_address, handler_class)
	print 'Starting httpd...'
	game_info = routineA_pre("200")
	#d = json.loads(game_info)
	#game_id = d["data"][0]["url"].split("/")[1]
	#routineB_pre(game_id, "1")

	print 'Creating a cache file...'
	# open('cgi-files/num=200', 'w').write(game_info)
	# for i in range(1, 76):
	# result = routineB(game_id, str(i))
	# open('cgi-files/uid=%s&call=%d' % (game_id, i), 'w').write(result)

	print 'httpd Started.'
	httpd.serve_forever()

	if __name__ == "__main__":
	from sys import argv

	if len(argv) == 2:
	run(port=int(argv[1]))
	else:
	run()
	worker_processes 1;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;

	# log_format ltsv "host:$remote_addr"
	# "\tuser:$remote_user"
	# "\ttime:$time_local"
	# "\treq:$request"
	# "\tstatus:$status"
	# "\tsize:$body_bytes_sent"
	# "\treferer:$http_referer"
	# "\tua:$http_user_agent"
	# "\tforwardedfor:$http_x_forwarded_for"
	# "\treqtime:$request_time"
	# "\tapptime:$upstream_response_time";
	#
	# access_log /usr/local/var/log/nginx/access.log ltsv;
	# error_log /usr/local/var/log/nginx/error.log;
	access_log off;

	sendfile on;

	keepalive_timeout 65;

	gzip on;
	gzip_types image/jpeg;

	server {
	listen 80;
	server_name localhost;
	deny 10.0.26.10;

	root /Users/tyage/.ghq/github.com/tyage/ctf/contests/seccon-2017-finals/bingom/;
	#location /cgi-bin2 {
	# add_header 'Content-Type' 'application/json';
	# try_files /cgi-files/$args 404;
	#}
	location /cgi-bin {
	proxy_pass http://127.0.0.1:8000/;
	}
	location /pics {
	proxy_pass http://127.0.0.1:8000/pics;
	}
	}

	include servers/*;
	}