diff --git a/app.py b/app.py index e3e7b6a..0e27f6a 100644 --- a/app.py +++ b/app.py @@ -1,4 +1,6 @@ -import os, zipfile, StringIO, hashlib, hmac, struct, logging, urllib, random, json +import os, zipfile, hashlib, hmac, struct, logging, random, json +import urllib +from io import BytesIO import geoip2.database from logging.handlers import SMTPHandler from datetime import datetime, timedelta @@ -61,7 +63,7 @@ def _index(error=None): rs = make_response(render_template('index.html', region=region(), error=error)) #rs.headers['Cache-Control'] = 'private, max-age=0, no-store, no-cache, must-revalidate' #rs.headers['Etag'] = str(random.randrange(2**64)) - rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT' + rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT' return rs @@ -80,9 +82,8 @@ def captcha_check(): #"response": request.form.get('recaptcha_response_field',['']) "response": request.form.get('g-recaptcha-response',['']) } - #f = urllib.urlopen("http://api-verify.recaptcha.net/verify", urllib.urlencode(oform)) - f = urllib.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.urlencode(oform)) + f = urllib.request.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.parse.urlencode(oform).encode("utf-8")) #result = f.readline().replace("\n","") #error = f.readline().replace("\n","") @@ -103,14 +104,13 @@ def captcha_check(): @app.route('/haxx', methods=["POST"]) def haxx(): - OUI_LIST = [i.decode('hex') for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i)==6] + OUI_LIST = [bytes.fromhex(i) for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i) == 6] g.recaptcha_args = 'k=%s' % app.config['RECAPTCHA_PUBLICKEY'] dt = datetime.utcnow() - timedelta(1) delta = (dt - datetime(2000, 1, 1)) timestamp = delta.days * 86400 + delta.seconds - try: - mac = ''.join([chr(int(request.form[i],16)) for i in "abcdef"]) + mac = bytes((int(request.form[i],16)) for i in "abcdef") template = TEMPLATES[request.form['region']] bundle = 'bundle' in request.form except: @@ -118,39 +118,38 @@ def haxx(): if not captcha_check(): return _index("Are you a human?") - if mac == "\x00\x17\xab\x99\x99\x99": - app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) + if mac == b"\x00\x17\xab\x99\x99\x99": + app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle) return _index("If you're using Dolphin, try File->Open instead ;-).") if not any([mac.startswith(i) for i in OUI_LIST]): - app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) + app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle) return _index("The exploit will only work if you enter your Wii's MAC address.") - key = hashlib.sha1(mac+"\x75\x79\x79").digest() - - blob = bytearray(open(os.path.join(app.root_path, template),'rb').read()) + key = hashlib.sha1(mac + b"\x75\x79\x79").digest() + blob = bytearray(open(os.path.join(app.root_path, template), 'rb').read()) blob[0x08:0x10] = key[:8] - blob[0xb0:0xc4] = "\x00"*20 + blob[0xb0:0xc4] = bytes(20) blob[0x7c:0x80] = struct.pack(">I", timestamp) - blob[0x80:0x8a] = "%010d"%timestamp - blob[0xb0:0xc4] = hmac.new(key[8:], str(blob), hashlib.sha1).digest() + blob[0x80:0x8a] = (b"%010d" % timestamp) + blob[0xb0:0xc4] = hmac.new(key[8:], bytes(blob), hashlib.sha1).digest() path = "private/wii/title/HAEA/%s/%s/%04d/%02d/%02d/%02d/%02d/HABA_#1/txt/%08X.000" % ( - key[:4].encode('hex').upper(), key[4:8].encode('hex').upper(), + key[:4].hex().upper(), key[4:8].hex().upper(), dt.year, dt.month-1, dt.day, dt.hour, dt.minute, timestamp ) - zipdata = StringIO.StringIO() + zipdata = BytesIO() zip = zipfile.ZipFile(zipdata, 'w') - zip.writestr(path, str(blob)) + zip.writestr(path, blob) BUNDLE = [(name, os.path.join(BUNDLEBASE,name)) for name in os.listdir(BUNDLEBASE) if not name.startswith(".")] if bundle: for name, path in BUNDLE: zip.write(path, name) zip.close() - app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) + app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle) rs = make_response(zipdata.getvalue()) zipdata.close()