SITCON 雲林定期聚 #1

1. -ZeroMu (Xu Ting-You)
#1
Students’Information Technology Conference

9. X

10. X

11. X

12. X

17. HTTPS
HTTPS
HTTPS
HTTP

21. X X

22. def post(self, uri, postdata = '', usecookie = True, setcookie = True, extraheader = {'Cookie2': '$Version=1'}, noencrypt = False, savetraffic = False, no2ndkey = False):
header = {}
header.update(self.header)
header.update(extraheader)
if usecookie and not self.has_2ndkey:
header.update({'Cookie':self.cookie})
if not noencrypt :
if self.shortloc not in ['jp', 'my', 'kr']:#pass key to server
#add sign to param
self.crypt.gen_random_cipher()
sign='K=%s'%self.crypt.urlunescape(
self.crypt.encode_rsa_64(
base64.encodestring(
self.crypt.random_cipher_plain))).rstrip('n')
if postdata:#has real stuff
if uri in ['login','regist'] and self.shortloc not in ['kr', 'sg']:
postdata = self.crypt.encode_param(postdata, mode=MOD_RSA_AES_RANDOM) #remove .encode('utf-8')
else:
postdata = self.crypt.encode_param(postdata, mode=MOD_AES_RANDOM)

28. !

29. from Crypto.Cipher import AES
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
serv = {'tw':['game.ma.mobimon.com.tw', ‘210.59.2__.241’, 10001],’tw_data’:’http://
download.ma.mobimon.com.tw/'}

31. def gen_rsa(self):
pkey = “MFwwDQYJKoZIhvcNAQEBBQADS NezMH/yn/
uDu6qabQ3XHhmqqW8C4ZLxG7uW6bNmUdZQSUk8dO2+7ZTbN5lQw/u70Av2ECAwEAAQ=="
pkey = [pk[i:i+64] for i in range(0, len(pk), 64)]
pkey = '-----BEGIN PUBLIC KEY-----n' + 'n'.join(pkey) + 'n-----END PUBLIC
KEY-----'
self.rsa = PKCS1_v1_5.new(RSA.importKey(pkey))

33. key_cn = key_tw = key_kr = key_sg = {'res': 'A1dPUcrvur ', ‘helper':'A1dPUcrvur ', ‘crypt':'0112185254 '}
key_jp = key_my = {'res': 'A1dPUcr ', 'helper':'A1dPUcr ', ‘crypt’:'uH9JF2cH '}
def encode_data(self, bytein, mode):
if mode==MOD_AES:
return self.cipher_data.encrypt(pad(bytein))
elif mode >= MOD_AES_RANDOM:
return self.random_cipher.encrypt(pad(bytein))
def decode_data(self, bytein, second_cipher = False):
if len(bytein) == 0:
return ''
else:
if second_cipher:
return unpad(b2u(self.AES2ndKey.decrypt(bytein)))
else:
return unpad(b2u(self.cipher_data.decrypt(bytein)))

35. def login(self, uname = '', pwd = '', fast = False):
while True:
if os.path.exists(self.playerfile) and self._read_config('account_%s' % self.loc, 'session') != ''
and (time.time() - os.path.getmtime(self.playerfile) < 43200) and uname == '':
self.logger.info(' ')
dec = open(self.playerfile, 'r').read() # .encode('utf-8')
ct = xmldict = XML2Dict.fromstring(dec).response
else:
self.username = uname or self.username
self.password = pwd or self.password
if self.username == '':
self.username = raw_inputd('Username:')
if self.password == '' or (uname != '' and pwd == ''):
self.password = getpass('Password:')
if raw_inputd(' ') == 'y':
self._write_config('account_%s' % self.loc, 'password', self.password)
self.logger.warning(' ')
token = self._read_config('system', 'device_token').replace('n', 'n') or
'nuigiBoiNuinuijIUJiubHOhUIbKhuiGVIKIhoNikUGIbikuGBVININihIUniYTdRTdREujhbjhj'
if not fast:

41. #END