PillowReader

hack.py

global g_pki_server
import socket
import struct
import sys
import binascii
import time
from PKI import PKI
from PKI import PubKey
g_guestkey = 'á笩\x19c\x0cð'
g_pki_client = PKI()
g_pki_server = PKI()

def s2i(s):
    b = s2b(s)
    t = binascii.hexlify(b)
    return int(t, 16)

def b2s(b):
    res = ''
    for x in b:
        res += chr(x)
    return res

def s2b(s):
    res = b''
    for x in s:
        res += bytes([ord(x)])
    return res

def i2s(i):
    d = hex(i)
    if d[-1] == 'L':
        d = d[:-1]
    if d[:2] == '0x':
        d = d[2:]
    if len(d) % 2 == 1:
        d = '0' + d
    res = bytes.fromhex(d)
    res = b2s(res)
    return res

def create_socket(host, port):
    global s
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    return s

def exchange_key():
    s.recv(1024)
    write(hex(g_pki_client.pubkey.n), False)
    time.sleep(0.5)
    data = read(1024, False)
    if data[-1] == 76:
        data = data[:-1]
    n = int(data, 16)
    return PubKey(n)

def write(data, with_encryption=True):
    if with_encryption:
        if not len(data) < 128.0:
            raise AssertionError
        data = i2s(g_pki_server.encrypt(s2i(data)))
    size = b2s(struct.pack('<I', len(data)))
    send_data = size + data
    s.send(s2b(send_data))

def read(size, with_encryption=True):
    size_str = s.recv(4)
    size = struct.unpack('<I', size_str)[0]
    data = s.recv(size)
    if size != len(data):
        print('Wrong data size.\n')
        sys.exit(1)
    if with_encryption:
        data_int = s2i(b2s(data))
        data = i2s(g_pki_client.decrypt(data_int))
    return data

def read_secret():
    raw_str = "800000001f59856dbbbe90995cf94975afd94dcf46bf2d16d8b8a3754685d3eb3765d6918462378a2f7e948182e84a857a25be057a122e9d65e32fb01a984f442e781fa02e8a4d2728b1a4c3ea3905aa95ab9fba7b7dfa3b39116d49c10d161725aa0beeac18b7a2a9c9d55a0bf6f1a2b2ca903eb15086995b2f77d77d3f01678708ee60"
    raw_data = b""
    for i in range(0, len(raw_str), 2):
    		raw_data += bytes([int(raw_str[i:i+2], 16)])
    s.send(raw_data)
    res = read(1024)
    return res

def read_files(authkey, filenames):
    cmd = 'cat '
    for filename in filenames:
        cmd += filename + ' '
    cmd = cmd.rstrip() + '\n'
    write(authkey + cmd)
    res = ""
    for _ in range(len(filenames)):
        res += read(1024)
    return res

def main():
    global s, g_pki_server
    if len(sys.argv) < 4:
        print('Usage> %s <host> <port> <filename> <optional:authkey>' % sys.argv[0])
        return 1
    host = sys.argv[1]
    port = sys.argv[2]
    filename = sys.argv[3]
    if len(sys.argv) >= 5:
        key = sys.argv[4]
    else:
        key = g_guestkey
    s = create_socket(host, int(port))
    pubkey_server = exchange_key()
    g_pki_server = PKI(pubkey_server)
    #print(read_secret())
    print(read_files(key, [filename]))

if __name__ == '__main__':
    main()

pillow_reader.py

global g_pki_server
import socket
import struct
import sys
import binascii
import time
from PKI import PKI
from PKI import PubKey
g_guestkey = 'á笩\x19c\x0cð'
g_pki_client = PKI()
g_pki_server = PKI()

def s2i(s):
    b = s2b(s)
    t = binascii.hexlify(b)
    return int(t, 16)

def b2s(b):
    res = ''
    for x in b:
        res += chr(x)
    return res

def s2b(s):
    res = b''
    for x in s:
        res += bytes([ord(x)])
    return res

def i2s(i):
    d = hex(i)
    if d[-1] == 'L':
        d = d[:-1]
    if d[:2] == '0x':
        d = d[2:]
    if len(d) % 2 == 1:
        d = '0' + d
    res = bytes.fromhex(d)
    res = b2s(res)
    return res

def create_socket(host, port):
    global s
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    return s

def exchange_key():
    s.recv(1024)
    write(hex(g_pki_client.pubkey.n), False)
    time.sleep(0.5)
    data = read(1024, False)
    if data[-1] == 76:
        data = data[:-1]
    n = int(data, 16)
    return PubKey(n)

def write(data, with_encryption=True):
    if with_encryption:
        if not len(data) < 128.0:
            raise AssertionError
        data = i2s(g_pki_server.encrypt(s2i(data)))
    size = b2s(struct.pack('<I', len(data)))
    send_data = size + data
    s.send(s2b(send_data))

def read(size, with_encryption=True):
    size_str = s.recv(4)
    size = struct.unpack('<I', size_str)[0]
    data = s.recv(size)
    if size != len(data):
        print('Wrong data size.\n')
        sys.exit(1)
    if with_encryption:
        data_int = s2i(b2s(data))
        data = i2s(g_pki_client.decrypt(data_int))
    return data

def read_files(authkey, filenames):
    cmd = 'cat '
    for filename in filenames:
        cmd += filename + ' '
    cmd = cmd.rstrip() + '\n'
    write(authkey + cmd)
    res = ''
    for _ in range(len(filenames)):
        res += read(1024)
    return res

def main():
    global s, g_pki_server
    if len(sys.argv) < 4:
        print('Usage> %s <host> <port> <filename> <optional:authkey>' % sys.argv[0])
        return 1
    host = sys.argv[1]
    port = sys.argv[2]
    filename = sys.argv[3]
    if len(sys.argv) >= 5:
        key = sys.argv[4]
    else:
        key = g_guestkey
    s = create_socket(host, int(port))
    pubkey_server = exchange_key()
    g_pki_server = PKI(pubkey_server)
    print(read_files(key, [filename]))

if __name__ == '__main__':
    main()

PKI.py

import math
import PrimeUtils

class PrivKey(object):

    def __init__(self, p, q, n):
        self.p = p
        self.q = q
        self.n = n
        self.l = (p - 1)*(q - 1)
        self.m = PrimeUtils.modinv(self.l, n)

class PubKey(object):

    def __init__(self, n):
        self.n = n
        self.n_sq = n*n
        self.g = n + 1

class PKI:

    def __init__(self, pubkey=None, privkey=None):
        if pubkey is not None:
            self.pubkey = pubkey
            self.privkey = privkey
            return
        self.privkey, self.pubkey = PKI.gen_keypair()

    @staticmethod
    def gen_keypair(bits=512):
        p = PrimeUtils.get_prime(bits//2)
        q = PrimeUtils.get_prime(bits//2)
        n = p*q
        return PrivKey(p, q, n), PubKey(n)

    def encrypt(self, plain):
        if not self.pubkey is not None:
            raise AssertionError('Public key must be exist')
        pubkey = self.pubkey
        while True:
            r = PrimeUtils.get_prime(int(math.ceil(math.log(pubkey.n, 2))))
            if r > 0 and r < pubkey.n:
                continue
            cipher = pow(pubkey.g, plain, pubkey.n_sq)*pow(r, pubkey.n, pubkey.n_sq) % pubkey.n_sq
            return cipher

    def decrypt(self, cipher):
        if not self.privkey is not None:
            raise AssertionError('Private key must be exist')
        if not self.pubkey is not None:
            raise AssertionError('Public key must be exist')
        privkey = self.privkey
        pubkey = self.pubkey
        plain = privkey.m*((pow(cipher, privkey.l, pubkey.n_sq) - 1)//pubkey.n) % pubkey.n
        return plain

PrimeUtils.py

import random


TRIAL_NUM = 50


def is_prime(n):

	assert(n >= 2)

	if n == 2:
		return True
	if n % 2 == 0:
		return False

	s = 0
	d = n - 1

	while True:
		quotient, remainder = divmod(d, 2)
		if remainder == 1:
			break
		s += 1
		d = quotient

	assert((2 ** s) * d == n - 1)

	def try_composite(a):
		if pow(a, d, n) == 1:
			return False
		for i in range(s):
			if pow(a, (2 ** i) * d, n) == n - 1:
				return False
		return True

	for i in range(TRIAL_NUM):
		a = random.randrange(2, n)
		if try_composite(a):
			return False

	return True


def extgcd(a, b):
	if b == 0:
		return 1, 0, a
	else:
		x, y, gcd = extgcd(b, a % b)
		return y, x - y * (a // b), gcd


def modinv(a, m):
	x, y, gcd = extgcd(a, m)
	if gcd == 1:
		return x % m
	else:
		return None


def get_prime(bit):

	while True:
		max_range = 2 ** bit
		min_range = (2 ** (bit - 1)) + 1
		val = random.randint(min_range, max_range)
		if is_prime(val):
			return val
	return None