zuBux/quizdom.py

## quizdom.py
# For more information you can visit the relevant blog post https://projectzero.gr/en/2015/09/the-keys-to-the-quizdom/
# Sensitive data (keys,iv etc.) have been removed for obvious reasons

import json
from libmproxy.protocol.http import decoded
from aesdecr import AESCipher
from Crypto.Cipher import AES
from Crypto import Random

BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s : s[0:-ord(s[-1])]

class AESCipher:
    def __init__( self, key ):
        """
        Requires hex encoded param as a key
        """
        self.key = key.decode('hex')

    def encrypt( self, raw ):
        """
        Returns hex encoded encrypted value!
        """
        raw = pad(raw)
        iv = Random.new().read(AES.block_size);
        cipher = AES.new( self.key, AES.MODE_CBC, iv )
        return ( iv + cipher.encrypt( raw ) ).encode("hex")

    def decrypt( self, enc ):
        """
        Requires hex encoded param to decrypt
        """
        enc = enc.decode("hex")
        iv = "abcdfghijklmnopq"
        cipher = AES.new(self.key, AES.MODE_CBC, iv )
        return unpad(cipher.decrypt( enc))

def response(context, flow):
    key = "12345678901234567890123456789012"
    decryptor = AESCipher(key)
    with decoded(flow.response):  # automatically decode gzipped responses.
        cipher = flow.response.content
        cipher = cipher.strip()
        if (flow.request.host == "yourhost.com"):
            decr_body = decryptor.decrypt(cipher)
            jsn = json.loads(decr_body)
            with open('output','a') as file:
                if "questions" in jsn:
                    q1 = jsn['questions']['q1']['correctAnswer']
                    q2 = jsn['questions']['q2']['correctAnswer']
                    q3 = jsn['questions']['q3']['correctAnswer']
                    q4 = jsn['questions']['q4']['correctAnswer']
                    ans = "Q1 Ans: %s Q2 Ans: %s \nQ3 Ans: %s Q4 Ans: %s\n" %(q1,q2,q3,q4)
                    file.write("------------------------------------")
                    file.write(ans)
                else:
                    raise ValueError("Not a question")
	# For more information you can visit the relevant blog post https://projectzero.gr/en/2015/09/the-keys-to-the-quizdom/
	# Sensitive data (keys,iv etc.) have been removed for obvious reasons

	import json
	from libmproxy.protocol.http import decoded
	from aesdecr import AESCipher
	from Crypto.Cipher import AES
	from Crypto import Random

	BS = 16
	pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
	unpad = lambda s : s[0:-ord(s[-1])]

	class AESCipher:
	def __init__( self, key ):
	"""
	Requires hex encoded param as a key
	"""
	self.key = key.decode('hex')

	def encrypt( self, raw ):
	"""
	Returns hex encoded encrypted value!
	"""
	raw = pad(raw)
	iv = Random.new().read(AES.block_size);
	cipher = AES.new( self.key, AES.MODE_CBC, iv )
	return ( iv + cipher.encrypt( raw ) ).encode("hex")

	def decrypt( self, enc ):
	"""
	Requires hex encoded param to decrypt
	"""
	enc = enc.decode("hex")
	iv = "abcdfghijklmnopq"
	cipher = AES.new(self.key, AES.MODE_CBC, iv )
	return unpad(cipher.decrypt( enc))

	def response(context, flow):
	key = "12345678901234567890123456789012"
	decryptor = AESCipher(key)
	with decoded(flow.response): # automatically decode gzipped responses.
	cipher = flow.response.content
	cipher = cipher.strip()
	if (flow.request.host == "yourhost.com"):
	decr_body = decryptor.decrypt(cipher)
	jsn = json.loads(decr_body)
	with open('output','a') as file:
	if "questions" in jsn:
	q1 = jsn['questions']['q1']['correctAnswer']
	q2 = jsn['questions']['q2']['correctAnswer']
	q3 = jsn['questions']['q3']['correctAnswer']
	q4 = jsn['questions']['q4']['correctAnswer']
	ans = "Q1 Ans: %s Q2 Ans: %s \nQ3 Ans: %s Q4 Ans: %s\n" %(q1,q2,q3,q4)
	file.write("------------------------------------")
	file.write(ans)
	else:
	raise ValueError("Not a question")