|
| 1 | +import itertools |
| 2 | +import os |
| 3 | +import sys |
| 4 | +from datetime import datetime, timedelta |
| 5 | + |
| 6 | +import zmq |
| 7 | +from Crypto.Cipher import AES |
| 8 | + |
| 9 | +filename = 'emotiv_encrypted_data_UD20160103001874_2017-04-05.17-21-32.384061.txt' |
| 10 | +# filename = 'emotiv_encrypted_data_UD20160103001874_2017-04-05.17-42-23.292665.txt' |
| 11 | +serial_number = 'UD20160103001874' |
| 12 | +iv = os.urandom(AES.block_size) |
| 13 | + |
| 14 | +# Probably need to expand this and probably use a serial brute force like approach, but meh |
| 15 | +# Lets just see if it works. |
| 16 | +charset = [char for char in serial_number[-4:]] |
| 17 | +charset.extend(['\x00', '\x10', 'H', 'T', 'B', 'P']) |
| 18 | +possible_combinations = len(charset) * 16 * 16 |
| 19 | + |
| 20 | + |
| 21 | +# Credit http://stackoverflow.com/questions/11747254/python-brute-force-algorithm |
| 22 | +def next_value(): |
| 23 | + return (''.join(candidate) |
| 24 | + for candidate in itertools.chain.from_iterable(itertools.product(charset, repeat=i) |
| 25 | + for i in range(16, 16 + 1))) |
| 26 | + |
| 27 | + |
| 28 | +def nex(): |
| 29 | + for value in next_value(): |
| 30 | + yield value |
| 31 | + |
| 32 | + |
| 33 | +def counter_check(file_data, cipher, swap_data=False): |
| 34 | + counter_misses = 0 |
| 35 | + counter_checks = 0 |
| 36 | + last_counter = 0 |
| 37 | + for line in file_data: |
| 38 | + data = line.split(',')[1:] |
| 39 | + data = [int(value, 2) for value in data] |
| 40 | + data = ''.join(map(chr, data)) |
| 41 | + if not swap_data: |
| 42 | + decrypted = cipher.decrypt(data[:16]) + cipher.decrypt(data[16:]) |
| 43 | + else: |
| 44 | + decrypted = cipher.decrypt(data[16:]) + cipher.decrypt(data[:16]) |
| 45 | + counter = ord(decrypted[0]) |
| 46 | + # Uncomment this |
| 47 | + # print(counter) |
| 48 | + if counter <= 127: |
| 49 | + if counter != last_counter + 1: |
| 50 | + counter_misses += 1 |
| 51 | + elif not (counter == 0 and last_counter > 127): |
| 52 | + counter_misses += 1 |
| 53 | + if counter_misses > 2 and counter_checks > 64: |
| 54 | + return False |
| 55 | + if counter_checks > 64 and counter_misses < 2: |
| 56 | + return True |
| 57 | + counter_checks += 1 |
| 58 | + last_counter = counter |
| 59 | + |
| 60 | + |
| 61 | +with open('{}'.format(filename), 'r') as encrypted_data: |
| 62 | + file_data = encrypted_data.readlines() |
| 63 | + |
| 64 | + |
| 65 | +def check_key(next_check): |
| 66 | + new_cipher = AES.new(''.join(next_check), AES.MODE_ECB, iv) |
| 67 | + if counter_check(file_data, new_cipher): |
| 68 | + print("Correct Key Found! {}".format(next_check)) |
| 69 | + sys.exit() |
| 70 | + |
| 71 | + |
| 72 | +context = zmq.Context() |
| 73 | +socket = context.socket(zmq.REP) |
| 74 | +socket.bind('tcp://{}:{}'.format('*', 1777)) |
| 75 | +then = datetime.now() |
| 76 | +i = 0 |
| 77 | +last_i = 0 |
| 78 | +key_to_check = "" |
| 79 | +print('running') |
| 80 | +for value in next_value(): |
| 81 | + i += 1 |
| 82 | + now = datetime.now() |
| 83 | + if now - then > timedelta(minutes=1): |
| 84 | + print("{} keys per second, last key {}".format((i - last_i) / 60, value)) |
| 85 | + last_i = i |
| 86 | + then = now |
| 87 | + message = "" |
| 88 | + while message != 'next': |
| 89 | + message = socket.recv() |
| 90 | + if message == 'next': |
| 91 | + socket.send(''.join(value)) |
| 92 | + elif message.startswith('validate ') and 42 > len(message) > 9: |
| 93 | + key_to_validate = message.split()[1] |
| 94 | + if check_key(key_to_validate): |
| 95 | + socket.send("LGTM") |
| 96 | + print("Valid Key: {}".format(key_to_validate)) |
| 97 | + else: |
| 98 | + socket.send("NOPE") |
| 99 | + else: |
| 100 | + socket.send('uhh what') |
0 commit comments