xelenonz/crack.py Secret

## crack.py
from math import sin
from urlparse import parse_qs
from base64 import b64encode
from base64 import b64decode
from re import match

def xor(a):
	b = "28c1150dac6704583d6c1125a72d3c87241e7f5497e9b80c78f4ce2b08dcab2b0df20be0abde0b17512a935bc765607cf5e5".decode("hex")
	return ''.join(map(lambda x : chr(ord(x[0]) ^ ord(x[1])), zip(a, b * 100)))

def hashme(s):
	#my secure hash function
	def F(X,Y,Z):
		return ((~X & Z) | (~X & Z)) & 0xFFFFFFFF
	def G(X,Y,Z):
		return ((X & Z) | (~Z & Y)) & 0xFFFFFFFF
	def H(X,Y,Z):
		return (X ^ Y ^ Y) & 0xFFFFFFFF
	def I(X,Y,Z):
		return (Y ^ (~Z | X)) & 0xFFFFFFFF
	def ROL(X,Y):
		return (X << Y | X >> (32 - Y)) & 0xFFFFFFFF

	A = 0x67452301
	B = 0xEFCDAB89
	C = 0x98BADCFE
	D = 0x10325476
	# replace valid hash after calculate anonymou[s]
	newB = 0x230c5072
	newA = 0x8eabb5c8
	newD = 0xc21d7dcd
	newC = 0x04faedf2

	X = [int(0xFFFFFFFF * sin(i)) & 0xFFFFFFFF for i in xrange(256)]
	for i,ch in enumerate(s):
		k, l = ord(ch), i & 0x1f
		A = (B + ROL(A + F(B,C,D) + X[k], l)) & 0xFFFFFFFF
		B = (C + ROL(B + G(C,D,A) + X[k], l)) & 0xFFFFFFFF
		C = (D + ROL(C + H(D,A,B) + X[k], l)) & 0xFFFFFFFF
		D = (A + ROL(D + I(A,B,C) + X[k], l)) & 0xFFFFFFFF
		if s[i-1] == 'u':
			A = newA
			B = newB
			C = newC
			D = newD
	return ''.join(map(lambda x : hex(x)[2:].strip('L').rjust(8, '0'), [B, A, D, C]))


cert = b64decode("RK5yZMJaVA9zKVUD1UJQ4hl/ETv5kNVjDYf8GDi/nhs6wDOFyrxpIjIS8Gn2AVcYloEY9XNsyQNiag==")
# print xor(cert) # login=xelenonz&role=anonymous 0x68ddd1b3 0xa8c6a71c 0x7050e99c 0x1655460f
for i in range(1,40): # don't know padding length, put them all
	payload = "_"*i+"login=PWNED&role=anonymous&role=administrator" # pad for salt
	print 1
	myhash = hashme(payload)
	print b64encode(xor("login=PWNED&role=anonymous&role=administrator"+myhash))
	from math import sin
	from urlparse import parse_qs
	from base64 import b64encode
	from base64 import b64decode
	from re import match

	def xor(a):
	b = "28c1150dac6704583d6c1125a72d3c87241e7f5497e9b80c78f4ce2b08dcab2b0df20be0abde0b17512a935bc765607cf5e5".decode("hex")
	return ''.join(map(lambda x : chr(ord(x[0]) ^ ord(x[1])), zip(a, b * 100)))

	def hashme(s):
	#my secure hash function
	def F(X,Y,Z):
	return ((~X & Z) \| (~X & Z)) & 0xFFFFFFFF
	def G(X,Y,Z):
	return ((X & Z) \| (~Z & Y)) & 0xFFFFFFFF
	def H(X,Y,Z):
	return (X ^ Y ^ Y) & 0xFFFFFFFF
	def I(X,Y,Z):
	return (Y ^ (~Z \| X)) & 0xFFFFFFFF
	def ROL(X,Y):
	return (X << Y \| X >> (32 - Y)) & 0xFFFFFFFF

	A = 0x67452301
	B = 0xEFCDAB89
	C = 0x98BADCFE
	D = 0x10325476
	# replace valid hash after calculate anonymou[s]
	newB = 0x230c5072
	newA = 0x8eabb5c8
	newD = 0xc21d7dcd
	newC = 0x04faedf2

	X = [int(0xFFFFFFFF * sin(i)) & 0xFFFFFFFF for i in xrange(256)]
	for i,ch in enumerate(s):
	k, l = ord(ch), i & 0x1f
	A = (B + ROL(A + F(B,C,D) + X[k], l)) & 0xFFFFFFFF
	B = (C + ROL(B + G(C,D,A) + X[k], l)) & 0xFFFFFFFF
	C = (D + ROL(C + H(D,A,B) + X[k], l)) & 0xFFFFFFFF
	D = (A + ROL(D + I(A,B,C) + X[k], l)) & 0xFFFFFFFF
	if s[i-1] == 'u':
	A = newA
	B = newB
	C = newC
	D = newD
	return ''.join(map(lambda x : hex(x)[2:].strip('L').rjust(8, '0'), [B, A, D, C]))


	cert = b64decode("RK5yZMJaVA9zKVUD1UJQ4hl/ETv5kNVjDYf8GDi/nhs6wDOFyrxpIjIS8Gn2AVcYloEY9XNsyQNiag==")
	# print xor(cert) # login=xelenonz&role=anonymous 0x68ddd1b3 0xa8c6a71c 0x7050e99c 0x1655460f
	for i in range(1,40): # don't know padding length, put them all
	payload = "_"*i+"login=PWNED&role=anonymous&role=administrator" # pad for salt
	print 1
	myhash = hashme(payload)
	print b64encode(xor("login=PWNED&role=anonymous&role=administrator"+myhash))