You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.2 KiB
46 lines
1.2 KiB
#!/usr/bin/env python3
|
|
|
|
# Only possible after dumping GRLTS02 monitor...
|
|
# See brute_GRLTS02.sh/timepwn_GRLTS02.py for the initial entry
|
|
|
|
pass_arwen = [
|
|
0xc6, 0x44, 0x99, 0xe3, 0xe9, 0x19, 0x0d, 0x07, 0x0d, 0x12, 0x79
|
|
]
|
|
pass_shadow = [
|
|
0xe9, 0x22, 0xd8, 0x7c, 0x3c, 0x07, 0x54, 0x2d, 0x5e, 0x53, 0x6a, 0xff,
|
|
0x80, 0x5e, 0xcd, 0xc8, 0xcf, 0xff, 0x44, 0x74, 0xc8, 0xd8, 0x4b
|
|
]
|
|
|
|
enctable = open("../GRLTS02/ENCTABLE.BIN", "rb").read()
|
|
|
|
sumtable = []
|
|
for x in range(0x100):
|
|
b = enctable[x+0x000]
|
|
b += enctable[x+0x100]
|
|
b += enctable[x+0x200]
|
|
b += enctable[x+0x300]
|
|
b &= 0xff
|
|
sumtable.append(b)
|
|
|
|
chars = b"{}*02357@BFLOSTXY_degilnps"
|
|
|
|
def decode(pwd):
|
|
dec = bytearray()
|
|
for i, x in enumerate(pwd):
|
|
# candidates = ""
|
|
# for ni, y in enumerate(sumtable):
|
|
# if x == y:
|
|
# c = (ni - i) & 0xff
|
|
# if c < 0x20 or c >= 0x80:
|
|
# continue
|
|
# candidates += chr(c)
|
|
# print(candidates)
|
|
|
|
for y in chars:
|
|
if sumtable[(y + i) & 0xff] == x:
|
|
dec.append(y)
|
|
break
|
|
return dec
|
|
|
|
print(decode(pass_arwen).decode())
|
|
print(decode(pass_shadow).decode())
|
|
|