maride/barf
1
0
Fork 0
mirror of https://github.com/maride/barf.git synced 2024-12-22 06:27:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add the option to specify a custom charset

Browse Source
This commit is contained in:
maride 2022-05-13 23:53:09 +02:00
parent 9f0806e9ed
commit 7f16a30516
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
barf.py
View File

@ -23,6 +23,8 @@
# include project path as include path # include project path as include path
sys.path.insert(1, barf_path) sys.path.insert(1, barf_path)
from base64 import b64decode
# include project files # include project files
from BreakpointManager import BreakpointManager from BreakpointManager import BreakpointManager
from TargetManager import TargetManager from TargetManager import TargetManager
@ -44,7 +46,7 @@ def main():
tm = TargetManager(bm, args["persistent"], args["startAddr"], args["endAddr"], args["buffAddr"]) tm = TargetManager(bm, args["persistent"], args["startAddr"], args["endAddr"], args["buffAddr"])
# start the bruteforcing madness ;) # start the bruteforcing madness ;)
Bruteforce(bm, tm, args["knownPrefix"], args["knownSuffix"], args["chunksize"]) Bruteforce(bm, tm, args["knownPrefix"], args["knownSuffix"], args["chunksize"], args["charset"])
# g'night, gdb # g'night, gdb
gdb.execute("set confirm off") gdb.execute("set confirm off")
@ -64,6 +66,7 @@ def getArguments():
a["knownPrefix"] = barf_known_prefix a["knownPrefix"] = barf_known_prefix
a["knownSuffix"] = barf_known_suffix a["knownSuffix"] = barf_known_suffix
a["chunksize"] = barf_chunksize a["chunksize"] = barf_chunksize
a["charset"] = b64decode(barf_charset_b64).decode()
a["persistent"] = barf_persistent a["persistent"] = barf_persistent
return a return a

8
barf.sh
View File

@ -17,6 +17,7 @@ KNOWNPREFIX=""
KNOWNSUFFIX="" KNOWNSUFFIX=""
BARFPATH="$(dirname $(realpath $0))/src" BARFPATH="$(dirname $(realpath $0))/src"
CHUNKSIZE=1 CHUNKSIZE=1
CHARSET=""
PERSISTENT="False" PERSISTENT="False"
# show the help and exit # show the help and exit
@ -39,6 +40,7 @@ function show_help {
echo " -b | --prefix CTF{ a known prefix, e.g. the prefix of your flag" echo " -b | --prefix CTF{ a known prefix, e.g. the prefix of your flag"
echo " -a | --suffix } a known suffix, e.g. the suffix of your flag" echo " -a | --suffix } a known suffix, e.g. the suffix of your flag"
echo " -c | --chunksize 2 amount of characters to try at once (default: 1)" echo " -c | --chunksize 2 amount of characters to try at once (default: 1)"
echo " --charset 23@fl4g! characters to use (default: printable ASCII)"
echo " -h | --help a great and useful help message, you should try it!" echo " -h | --help a great and useful help message, you should try it!"
echo "" echo ""
echo "See https://github.com/maride/barf for more information and examples!" echo "See https://github.com/maride/barf for more information and examples!"
@ -95,6 +97,10 @@ while [[ $# -gt 0 ]]; do
CHUNKSIZE="$2" CHUNKSIZE="$2"
shift; shift shift; shift
;; ;;
--charset)
CHARSET=$(echo -n "$2" | base64)
shift; shift
;;
-x|--persistent) -x|--persistent)
PERSISTENT="1" PERSISTENT="1"
shift shift
@ -135,5 +141,5 @@ if [[ "$PERSISTENT" == "1" && ("$STARTADDR" == "" || "$ENDADDR" == "" || "$BUFFA
fi fi
# ready for take-off # ready for take-off
gdb --quiet -nx --eval-command "py barf_positive_addr='$POSITIVEADDR';barf_negative_addr='$NEGATIVEADDR';barf_win_addr='$WINADDR';barf_lose_addr='$LOSEADDR';barf_start_addr='$STARTADDR';barf_end_addr='$ENDADDR';barf_buff_addr='$BUFFADDR';barf_known_prefix='$KNOWNPREFIX';barf_known_suffix='$KNOWNSUFFIX';barf_path='$BARFPATH';barf_chunksize=$CHUNKSIZE;barf_persistent=$PERSISTENT" --command barf.py $TARGETFILE gdb --quiet -nx --eval-command "py barf_positive_addr='$POSITIVEADDR';barf_negative_addr='$NEGATIVEADDR';barf_win_addr='$WINADDR';barf_lose_addr='$LOSEADDR';barf_start_addr='$STARTADDR';barf_end_addr='$ENDADDR';barf_buff_addr='$BUFFADDR';barf_known_prefix='$KNOWNPREFIX';barf_known_suffix='$KNOWNSUFFIX';barf_path='$BARFPATH';barf_chunksize=$CHUNKSIZE;barf_charset_b64='$CHARSET';barf_persistent=$PERSISTENT" --command barf.py $TARGETFILE

9
src/Bruteforce.py
View File

@ -6,11 +6,11 @@ from Helper import *
from TargetManager import TargetManager from TargetManager import TargetManager
# The charset to try, sorted by the likelihood of a character class # The charset to try, sorted by the likelihood of a character class
charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}_!?'#%+/ ;[`@-\".<,*|&$(]=)^>\\:~" default_charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}_!?'#%+/ ;[`@-\".<,*|&$(]=)^>\\:~"
# bruteforces a single character, sandwiched between the known parts. # bruteforces a single character, sandwiched between the known parts.
# Returns the most promising string. # Returns the most promising string.
def BruteforceChar(bm, tm, knownPrefix, knownSuffix, chunksize): def BruteforceChar(bm, tm, knownPrefix, knownSuffix, chunksize, charset):
# keyFragment is the variable were we store our found-to-be-correct chars # keyFragment is the variable were we store our found-to-be-correct chars
keyFragment = "" keyFragment = ""
@ -42,9 +42,10 @@ def BruteforceChar(bm, tm, knownPrefix, knownSuffix, chunksize):
# Bruteforce calls BruteforceChar until: # Bruteforce calls BruteforceChar until:
# - BruteforceChar was unable to increase the score using any character in the charset, OR # - BruteforceChar was unable to increase the score using any character in the charset, OR
# - the "win" breakpoint is hit :) # - the "win" breakpoint is hit :)
def Bruteforce(bm, tm, knownPrefix, knownSuffix, chunksize): def Bruteforce(bm, tm, knownPrefix, knownSuffix, chunksize, charset):
charset_to_use = charset or default_charset
while True: while True:
res = BruteforceChar(bm, tm, knownPrefix, knownSuffix, chunksize) res = BruteforceChar(bm, tm, knownPrefix, knownSuffix, chunksize, charset_to_use)
if res is False: if res is False:
# no character from the given charset matched. :( # no character from the given charset matched. :(
EnableLogging() EnableLogging()