The-Homebrew-Cloud/letterbomb
2
0
Fork 0
mirror of https://github.com/fail0verflow/letterbomb.git synced 2024-06-07 02:58:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

update to python 3

Browse Source 
Hector Martin <marcan@marcan.st>: additional fixes
This commit is contained in:
advaithm 2021-03-05 11:28:01 +05:30 committed by Hector Martin
parent 25a0f3ff49
commit 7c6fb77f1f
1 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
app.py
View File

@ -1,4 +1,6 @@
import os, zipfile, StringIO, hashlib, hmac, struct, logging, urllib, random, json
import os, zipfile, hashlib, hmac, struct, logging, random, json
import urllib
from io import BytesIO
import geoip2.database
from logging.handlers import SMTPHandler
from datetime import datetime, timedelta
@ -61,7 +63,7 @@ def _index(error=None):
rs = make_response(render_template('index.html', region=region(), error=error))
#rs.headers['Cache-Control'] = 'private, max-age=0, no-store, no-cache, must-revalidate'
#rs.headers['Etag'] = str(random.randrange(2**64))
rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT'
rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT'
return rs
@ -80,9 +82,8 @@ def captcha_check():
#"response": request.form.get('recaptcha_response_field',[''])
"response": request.form.get('g-recaptcha-response',[''])
}
#f = urllib.urlopen("http://api-verify.recaptcha.net/verify", urllib.urlencode(oform))
f = urllib.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.urlencode(oform))
f = urllib.request.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.parse.urlencode(oform).encode("utf-8"))
#result = f.readline().replace("\n","")
#error = f.readline().replace("\n","")
@ -103,14 +104,13 @@ def captcha_check():
@app.route('/haxx', methods=["POST"])
def haxx():
OUI_LIST = [i.decode('hex') for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i)==6]
OUI_LIST = [bytes.fromhex(i) for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i) == 6]
g.recaptcha_args = 'k=%s' % app.config['RECAPTCHA_PUBLICKEY']
dt = datetime.utcnow() - timedelta(1)
delta = (dt - datetime(2000, 1, 1))
timestamp = delta.days * 86400 + delta.seconds
try:
mac = ''.join([chr(int(request.form[i],16)) for i in "abcdef"])
mac = bytes((int(request.form[i],16)) for i in "abcdef")
template = TEMPLATES[request.form['region']]
bundle = 'bundle' in request.form
except:
@ -118,39 +118,38 @@ def haxx():
if not captcha_check():
return _index("Are you a human?")
if mac == "\x00\x17\xab\x99\x99\x99":
app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
if mac == b"\x00\x17\xab\x99\x99\x99":
app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
return _index("If you're using Dolphin, try File->Open instead ;-).")
if not any([mac.startswith(i) for i in OUI_LIST]):
app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
return _index("The exploit will only work if you enter your Wii's MAC address.")
key = hashlib.sha1(mac+"\x75\x79\x79").digest()
blob = bytearray(open(os.path.join(app.root_path, template),'rb').read())
key = hashlib.sha1(mac + b"\x75\x79\x79").digest()
blob = bytearray(open(os.path.join(app.root_path, template), 'rb').read())
blob[0x08:0x10] = key[:8]
blob[0xb0:0xc4] = "\x00"*20
blob[0xb0:0xc4] = bytes(20)
blob[0x7c:0x80] = struct.pack(">I", timestamp)
blob[0x80:0x8a] = "%010d"%timestamp
blob[0xb0:0xc4] = hmac.new(key[8:], str(blob), hashlib.sha1).digest()
blob[0x80:0x8a] = (b"%010d" % timestamp)
blob[0xb0:0xc4] = hmac.new(key[8:], bytes(blob), hashlib.sha1).digest()
path = "private/wii/title/HAEA/%s/%s/%04d/%02d/%02d/%02d/%02d/HABA_#1/txt/%08X.000" % (
key[:4].encode('hex').upper(), key[4:8].encode('hex').upper(),
key[:4].hex().upper(), key[4:8].hex().upper(),
dt.year, dt.month-1, dt.day, dt.hour, dt.minute, timestamp
)
zipdata = StringIO.StringIO()
zipdata = BytesIO()
zip = zipfile.ZipFile(zipdata, 'w')
zip.writestr(path, str(blob))
zip.writestr(path, blob)
BUNDLE = [(name, os.path.join(BUNDLEBASE,name)) for name in os.listdir(BUNDLEBASE) if not name.startswith(".")]
if bundle:
for name, path in BUNDLE:
zip.write(path, name)
zip.close()
app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
rs = make_response(zipdata.getvalue())
zipdata.close()