The-Homebrew-Cloud/letterbomb
2
0
Fork 0
mirror of https://github.com/fail0verflow/letterbomb.git synced 2024-11-16 15:39:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

update to python 3

Browse Source 
Hector Martin <marcan@marcan.st>: additional fixes
This commit is contained in:
advaithm 2021-03-05 11:28:01 +05:30 committed by Hector Martin
parent 25a0f3ff49
commit 7c6fb77f1f
1 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
app.py
View File

@ -1,4 +1,6 @@
import os, zipfile, StringIO, hashlib, hmac, struct, logging, urllib, random, json import os, zipfile, hashlib, hmac, struct, logging, random, json
import urllib
from io import BytesIO
import geoip2.database import geoip2.database
from logging.handlers import SMTPHandler from logging.handlers import SMTPHandler
from datetime import datetime, timedelta from datetime import datetime, timedelta
@ -61,7 +63,7 @@ def _index(error=None):
rs = make_response(render_template('index.html', region=region(), error=error)) rs = make_response(render_template('index.html', region=region(), error=error))
#rs.headers['Cache-Control'] = 'private, max-age=0, no-store, no-cache, must-revalidate' #rs.headers['Cache-Control'] = 'private, max-age=0, no-store, no-cache, must-revalidate'
#rs.headers['Etag'] = str(random.randrange(2**64)) #rs.headers['Etag'] = str(random.randrange(2**64))
rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT' rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT'
return rs return rs
@ -80,9 +82,8 @@ def captcha_check():
#"response": request.form.get('recaptcha_response_field',['']) #"response": request.form.get('recaptcha_response_field',[''])
"response": request.form.get('g-recaptcha-response',['']) "response": request.form.get('g-recaptcha-response',[''])
} }
#f = urllib.urlopen("http://api-verify.recaptcha.net/verify", urllib.urlencode(oform)) #f = urllib.urlopen("http://api-verify.recaptcha.net/verify", urllib.urlencode(oform))
f = urllib.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.urlencode(oform)) f = urllib.request.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.parse.urlencode(oform).encode("utf-8"))
#result = f.readline().replace("\n","") #result = f.readline().replace("\n","")
#error = f.readline().replace("\n","") #error = f.readline().replace("\n","")
@ -103,14 +104,13 @@ def captcha_check():
@app.route('/haxx', methods=["POST"]) @app.route('/haxx', methods=["POST"])
def haxx(): def haxx():
OUI_LIST = [i.decode('hex') for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i)==6] OUI_LIST = [bytes.fromhex(i) for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i) == 6]
g.recaptcha_args = 'k=%s' % app.config['RECAPTCHA_PUBLICKEY'] g.recaptcha_args = 'k=%s' % app.config['RECAPTCHA_PUBLICKEY']
dt = datetime.utcnow() - timedelta(1) dt = datetime.utcnow() - timedelta(1)
delta = (dt - datetime(2000, 1, 1)) delta = (dt - datetime(2000, 1, 1))
timestamp = delta.days * 86400 + delta.seconds timestamp = delta.days * 86400 + delta.seconds
try: try:
mac = ''.join([chr(int(request.form[i],16)) for i in "abcdef"]) mac = bytes((int(request.form[i],16)) for i in "abcdef")
template = TEMPLATES[request.form['region']] template = TEMPLATES[request.form['region']]
bundle = 'bundle' in request.form bundle = 'bundle' in request.form
except: except:
@ -118,39 +118,38 @@ def haxx():
if not captcha_check(): if not captcha_check():
return _index("Are you a human?") return _index("Are you a human?")
if mac == "\x00\x17\xab\x99\x99\x99": if mac == b"\x00\x17\xab\x99\x99\x99":
app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
return _index("If you're using Dolphin, try File->Open instead ;-).") return _index("If you're using Dolphin, try File->Open instead ;-).")
if not any([mac.startswith(i) for i in OUI_LIST]): if not any([mac.startswith(i) for i in OUI_LIST]):
app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
return _index("The exploit will only work if you enter your Wii's MAC address.") return _index("The exploit will only work if you enter your Wii's MAC address.")
key = hashlib.sha1(mac+"\x75\x79\x79").digest() key = hashlib.sha1(mac + b"\x75\x79\x79").digest()
blob = bytearray(open(os.path.join(app.root_path, template), 'rb').read())
blob = bytearray(open(os.path.join(app.root_path, template),'rb').read())
blob[0x08:0x10] = key[:8] blob[0x08:0x10] = key[:8]
blob[0xb0:0xc4] = "\x00"*20 blob[0xb0:0xc4] = bytes(20)
blob[0x7c:0x80] = struct.pack(">I", timestamp) blob[0x7c:0x80] = struct.pack(">I", timestamp)
blob[0x80:0x8a] = "%010d"%timestamp blob[0x80:0x8a] = (b"%010d" % timestamp)
blob[0xb0:0xc4] = hmac.new(key[8:], str(blob), hashlib.sha1).digest() blob[0xb0:0xc4] = hmac.new(key[8:], bytes(blob), hashlib.sha1).digest()
path = "private/wii/title/HAEA/%s/%s/%04d/%02d/%02d/%02d/%02d/HABA_#1/txt/%08X.000" % ( path = "private/wii/title/HAEA/%s/%s/%04d/%02d/%02d/%02d/%02d/HABA_#1/txt/%08X.000" % (
key[:4].encode('hex').upper(), key[4:8].encode('hex').upper(), key[:4].hex().upper(), key[4:8].hex().upper(),
dt.year, dt.month-1, dt.day, dt.hour, dt.minute, timestamp dt.year, dt.month-1, dt.day, dt.hour, dt.minute, timestamp
) )
zipdata = StringIO.StringIO() zipdata = BytesIO()
zip = zipfile.ZipFile(zipdata, 'w') zip = zipfile.ZipFile(zipdata, 'w')
zip.writestr(path, str(blob)) zip.writestr(path, blob)
BUNDLE = [(name, os.path.join(BUNDLEBASE,name)) for name in os.listdir(BUNDLEBASE) if not name.startswith(".")] BUNDLE = [(name, os.path.join(BUNDLEBASE,name)) for name in os.listdir(BUNDLEBASE) if not name.startswith(".")]
if bundle: if bundle:
for name, path in BUNDLE: for name, path in BUNDLE:
zip.write(path, name) zip.write(path, name)
zip.close() zip.close()
app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle) app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
rs = make_response(zipdata.getvalue()) rs = make_response(zipdata.getvalue())
zipdata.close() zipdata.close()