-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path32.py
More file actions
87 lines (75 loc) · 2.79 KB
/
32.py
File metadata and controls
87 lines (75 loc) · 2.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import convert
import mac
import random
import string
from time import time
import urllib
realTimes = []
'''For testing purposes. Obtains 1000 samples of real latency, and then replays them,
inserting additional delay for comparison as appropriate. Also only works for fileName foo'''
def simulateTimeSignatureGuess(fileName, signature, address, port):
actualSignature = 'b95e9bce3829ac97c6d813861b06841983bff6c1'
if signature == actualSignature:
return float('inf')
global realTimes
if len(realTimes) < 1000:
latency = timeSignatureGuess("foo", chr(0), address, port)
realTimes.append(latency)
else:
latency = random.sample(realTimes, 1)[0]
sameCharacters = 0
while sameCharacters < min(len(signature), len(actualSignature)) and actualSignature[sameCharacters] == signature[sameCharacters]:
sameCharacters += 1
return latency+(.005*sameCharacters)
'''Returns the length of time it took to submit and recieve the response for guessing
the particular fileName and signature. Returns float('inf') if the signature is correct.
'''
def timeSignatureGuess(fileName, signature, address, port):
paramString = urllib.urlencode({"signature": signature, "file": fileName})
start = time()
response = urllib.urlopen(address+":"+str(port)+"/?"+paramString)
end = time()
elapsed = end-start
if response.getcode() == 200:
return float('inf')
return elapsed
'''Performs the attack to get the appropriate signature for the filename
'''
def guessSignature(filename, address, port):
signatureGuess = ""
#For each possible byte, a list of all the times for that byte
guessTimes = []
for i in range(255):
guessTimes.append([])
#The number of guess attempts taken for each digit
numAttempts = 0
maxTime = 0
maxByte = 0
while timeSignatureGuess(filename, convert.byteStringToHex(signatureGuess), address, port) < float('inf'):
for byteGuess in range(255):
guessTime =timeSignatureGuess(filename, convert.byteStringToHex(signatureGuess)+string.rjust(hex(byteGuess)[2:], 2, '0'), address, port)
guessTimes[byteGuess].append(guessTime)
#Sum is an equivalent measure to average
currentAvg = sum(guessTimes[byteGuess])
if currentAvg > maxTime:
maxTime = currentAvg
maxByte = byteGuess
numAttempts += 1
#Find the second highest average time
secondTime = max(filter(lambda x: x != maxTime, map(sum, guessTimes)))
#The % of the difference between the maximum and second place sum times
percentAhead = (maxTime-secondTime)/secondTime
if ((numAttempts >= 100)):
signatureGuess += chr(maxByte)
#Progress indicator
print ".",
#re-initialize
guessTimes = []
for i in range(255):
guessTimes.append([])
numAttempts = 0
maxTime = 0
maxByte = 0
return convert.byteStringToHex(signatureGuess)
if __name__ == "__main__":
print guessSignature("foo", "http://localhost", 8080)