mirror of
https://github.com/fail0verflow/letterbomb.git
synced 2024-11-16 15:39:18 +01:00
update to python 3
Hector Martin <marcan@marcan.st>: additional fixes
This commit is contained in:
advaithm
Hector Martin
parent
25a0f3ff49
commit
7c6fb77f1f
39
app.py
39
app.py
@ -1,4 +1,6 @@
|
||||
import os, zipfile, StringIO, hashlib, hmac, struct, logging, urllib, random, json
|
||||
import os, zipfile, hashlib, hmac, struct, logging, random, json
|
||||
import urllib
|
||||
from io import BytesIO
|
||||
import geoip2.database
|
||||
from logging.handlers import SMTPHandler
|
||||
from datetime import datetime, timedelta
|
||||
@ -61,7 +63,7 @@ def _index(error=None):
|
||||
rs = make_response(render_template('index.html', region=region(), error=error))
|
||||
#rs.headers['Cache-Control'] = 'private, max-age=0, no-store, no-cache, must-revalidate'
|
||||
#rs.headers['Etag'] = str(random.randrange(2**64))
|
||||
rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT'
|
||||
rs.headers['Expires'] = 'Thu, 01 Dec 1983 20:00:00 GMT'
|
||||
return rs
|
||||
|
||||
|
||||
@ -80,9 +82,8 @@ def captcha_check():
|
||||
#"response": request.form.get('recaptcha_response_field',[''])
|
||||
"response": request.form.get('g-recaptcha-response',[''])
|
||||
}
|
||||
|
||||
#f = urllib.urlopen("http://api-verify.recaptcha.net/verify", urllib.urlencode(oform))
|
||||
f = urllib.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.urlencode(oform))
|
||||
f = urllib.request.urlopen("https://www.google.com/recaptcha/api/siteverify", urllib.parse.urlencode(oform).encode("utf-8"))
|
||||
|
||||
#result = f.readline().replace("\n","")
|
||||
#error = f.readline().replace("\n","")
|
||||
@ -103,14 +104,13 @@ def captcha_check():
|
||||
|
||||
@app.route('/haxx', methods=["POST"])
|
||||
def haxx():
|
||||
OUI_LIST = [i.decode('hex') for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i)==6]
|
||||
OUI_LIST = [bytes.fromhex(i) for i in open(os.path.join(app.root_path, 'oui_list.txt')).read().split("\n") if len(i) == 6]
|
||||
g.recaptcha_args = 'k=%s' % app.config['RECAPTCHA_PUBLICKEY']
|
||||
dt = datetime.utcnow() - timedelta(1)
|
||||
delta = (dt - datetime(2000, 1, 1))
|
||||
timestamp = delta.days * 86400 + delta.seconds
|
||||
|
||||
try:
|
||||
mac = ''.join([chr(int(request.form[i],16)) for i in "abcdef"])
|
||||
mac = bytes((int(request.form[i],16)) for i in "abcdef")
|
||||
template = TEMPLATES[request.form['region']]
|
||||
bundle = 'bundle' in request.form
|
||||
except:
|
||||
@ -118,39 +118,38 @@ def haxx():
|
||||
if not captcha_check():
|
||||
return _index("Are you a human?")
|
||||
|
||||
if mac == "\x00\x17\xab\x99\x99\x99":
|
||||
app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
|
||||
if mac == b"\x00\x17\xab\x99\x99\x99":
|
||||
app.logger.info('Derp MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
|
||||
return _index("If you're using Dolphin, try File->Open instead ;-).")
|
||||
|
||||
if not any([mac.startswith(i) for i in OUI_LIST]):
|
||||
app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
|
||||
app.logger.info('Bad MAC %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
|
||||
return _index("The exploit will only work if you enter your Wii's MAC address.")
|
||||
|
||||
|
||||
key = hashlib.sha1(mac+"\x75\x79\x79").digest()
|
||||
|
||||
blob = bytearray(open(os.path.join(app.root_path, template),'rb').read())
|
||||
key = hashlib.sha1(mac + b"\x75\x79\x79").digest()
|
||||
blob = bytearray(open(os.path.join(app.root_path, template), 'rb').read())
|
||||
blob[0x08:0x10] = key[:8]
|
||||
blob[0xb0:0xc4] = "\x00"*20
|
||||
blob[0xb0:0xc4] = bytes(20)
|
||||
blob[0x7c:0x80] = struct.pack(">I", timestamp)
|
||||
blob[0x80:0x8a] = "%010d"%timestamp
|
||||
blob[0xb0:0xc4] = hmac.new(key[8:], str(blob), hashlib.sha1).digest()
|
||||
blob[0x80:0x8a] = (b"%010d" % timestamp)
|
||||
blob[0xb0:0xc4] = hmac.new(key[8:], bytes(blob), hashlib.sha1).digest()
|
||||
|
||||
path = "private/wii/title/HAEA/%s/%s/%04d/%02d/%02d/%02d/%02d/HABA_#1/txt/%08X.000" % (
|
||||
key[:4].encode('hex').upper(), key[4:8].encode('hex').upper(),
|
||||
key[:4].hex().upper(), key[4:8].hex().upper(),
|
||||
dt.year, dt.month-1, dt.day, dt.hour, dt.minute, timestamp
|
||||
)
|
||||
|
||||
zipdata = StringIO.StringIO()
|
||||
zipdata = BytesIO()
|
||||
zip = zipfile.ZipFile(zipdata, 'w')
|
||||
zip.writestr(path, str(blob))
|
||||
zip.writestr(path, blob)
|
||||
BUNDLE = [(name, os.path.join(BUNDLEBASE,name)) for name in os.listdir(BUNDLEBASE) if not name.startswith(".")]
|
||||
if bundle:
|
||||
for name, path in BUNDLE:
|
||||
zip.write(path, name)
|
||||
zip.close()
|
||||
|
||||
app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.encode('hex'), timestamp, request.form['region'], bundle)
|
||||
app.logger.info('LetterBombed %s at %d ver %s bundle %r', mac.hex(), timestamp, request.form['region'], bundle)
|
||||
|
||||
rs = make_response(zipdata.getvalue())
|
||||
zipdata.close()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user