You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.2 KiB

2 years ago
#!/usr/bin/env python3
# Only possible after dumping GRLTS02 monitor...
# See brute_GRLTS02.sh/timepwn_GRLTS02.py for the initial entry
pass_arwen = [
0xc6, 0x44, 0x99, 0xe3, 0xe9, 0x19, 0x0d, 0x07, 0x0d, 0x12, 0x79
]
pass_shadow = [
0xe9, 0x22, 0xd8, 0x7c, 0x3c, 0x07, 0x54, 0x2d, 0x5e, 0x53, 0x6a, 0xff,
0x80, 0x5e, 0xcd, 0xc8, 0xcf, 0xff, 0x44, 0x74, 0xc8, 0xd8, 0x4b
]
enctable = open("../GRLTS02/ENCTABLE.BIN", "rb").read()
sumtable = []
for x in range(0x100):
b = enctable[x+0x000]
b += enctable[x+0x100]
b += enctable[x+0x200]
b += enctable[x+0x300]
b &= 0xff
sumtable.append(b)
chars = b"{}*02357@BFLOSTXY_degilnps"
def decode(pwd):
dec = bytearray()
for i, x in enumerate(pwd):
# candidates = ""
# for ni, y in enumerate(sumtable):
# if x == y:
# c = (ni - i) & 0xff
# if c < 0x20 or c >= 0x80:
# continue
# candidates += chr(c)
# print(candidates)
for y in chars:
if sumtable[(y + i) & 0xff] == x:
dec.append(y)
break
return dec
print(decode(pass_arwen).decode())
print(decode(pass_shadow).decode())