I came across following code to decode a password string, for example my password string is 'samplepassword', i can encode this using base64 algorithm and i got the below encoded value. I just used https://io/Utils/Base64/ to find encoded value.
"c2FtcGxlcGFzc3dvcmQ="
Below code hides the exact password of mine which is 'samplepassword', but anyone using the encodedvalue can easily find the original password using the same https://io/Utils/Base64/.
I'm confused in understanding what security base64 module providing, and Please suggest some best practices to hide the password in the python code.
def decode(encoded_value):
try:
import base64
try:
decoded_value = base64.b64decode(encoded_value).decode('ascii')
return decoded_value
except TypeError as e:
raise TypeError("Attempted to decode {value} once. Illegal Value. ".format(value=encoded_value))
except ImportError:
raise ImportError("Base64 import failed")
print(decode('c2FtcGxlcGFzc3dvcmQ='))
Related
Problem with encoding when i call request.urlopen() method.
Instance of ftplib.FTP() in urllib.request.ftpwrapper init() and retrfile() methods work with default latin-1 and i need to chose between utf-8 and cp1251
I see 3 ways:
Way i want, but don't know how.
Call request.urlopen() with param that contains encoding. And that encoding must be written to the self.ftp.encoding (ftplib.FTP())
Way I don't like.
Get file name encoding from ftp (ftp lib) and use it in request.urlopen(url.encode(file_name_encoding).decode('latin-1')).
Problem description.
I have a file with Cyrillic (rus) characters in its name.
Steps:
Connecting to FTP
con = ftplib.FTP()
con.connect(host, port)
con.login(username, password)
Getting files list
list_files = [_v for _v in self.con.nlst(_path)]
['Message.xml', 'Message_ÁÏ_TT.xml']
(For files Message.xml, Message_БП_TT.xml)
Fix it with using on the first step
con.encoding = 'utf-8'
con.sendcmd('OPTS UTF8 ON')
Then I need to use:
from urllib import request
url = 'ftp://login:password#ftpaddr:21/folder//Message_БП_TT.xml'
request.urlopen(url.encode().decode('latin-1'))
And then getting Exception:
{URLError}<urlopen error ftp error: URLError("ftp error: error_perm('550 The system cannot find the file specified. ')")>
In request lib there are init() and retrfile() where ftp connection initializing.
And i don't see the way how to change ftp default encoding "latin-1".
Use this method because with urllib.response.addinfourl parse heavy xml files.
P.S.
With some FTP this method works well and the file can be successfully read. And with some of them getting that exception. The reasons are not clear yet. And there is no way to get and analyze the FTP settings.
Solution I don't like.
As i understand file name on FTP can be in utf-8 or in cp1251 (win-1251) encoding.
When ftplib initing with standard encode (latin-1) its will look like:
Message_ÐÐ_TT.xml - utf-8
Message_ÁÏ_TT.xml - cp1251
I don't know what encoding uses on ftp while making request, and always use utf-8 (encode()). So i don't like it, but it works:
try:
return request.urlopen(url.encode('utf-8').decode('latin-1'))
except URLError:
return request.urlopen(url.encode('cp1251').decode('latin-1'))
P.S. utf-8 under try for clarity
I´m having problems to brute force the key for a string encrypted with RC4/ARC4.
This is the encrypted string:
E7Ev08_MEojYBixHRKTKQnRSC4hkriZ7XPsy3p4xAHUPj41Dlzu9
And the string is also hashed with base64, so complete encoded string is:
RTdFdjA4X01Fb2pZQml4SFJLVEtRblJTQzRoa3JpWjdYUHN5M3A0eEFIVVBqNDFEbHp1OQ==
#-*- coding: utf-8 -*-
import threading
import sys
import time
import re
import itertools
from itertools import product
from Crypto.Cipher import ARC4
import base64
def special_match(strg):
try:
strg.decode('utf-8')
except UnicodeDecodeError:
pass
else:
print('\nkey found at %s, key: %s' % (time.ctime(), rc4_key))
try:
f=open('key.txt','ab')
f.write('Key (%s): %s\n' % (time.ctime(), rc4_key))
f.write('Decrypted string: ' + strg + '\n')
f.close()
except Exception as e:
print('ERROR WRITING KEY TO FILE: ' + str(e))
chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
end_chars = chars[::-1][0:7]
encoded_string = 'RTdFdjA4X01Fb2pZQml4SFJLVEtRblJTQzRoa3JpWjdYUHN5M3A0eEFIVVBqNDFEbHp1OQ=='
spinner = itertools.cycle(['-', '/', '|', '\\'])
while 1:
try:
# Iteration processess of possibel keys
for length in range(7,8): # only do length of 7
for attempt in itertools.permutations(chars, length):
rc4_key = ''.join(attempt) # This key is unknown, we are looking for it..
Ckey = ARC4.new(rc4_key)
decoded = Ckey.decrypt(encoded_string.decode('base64'))
special_match(decoded)
sys.stdout.write(spinner.next()) # write the next character
sys.stdout.flush() # flush stdout buffer (actual character display)
sys.stdout.write('\b') # erase the last written char
# Exit the script when we have done all password-combination-iterations
if (rc4_key == end_chars):
print('iteration of combinations done! No key found.. :(\n' + time.ctime())
exit()
except KeyboardInterrupt:
print('\nKeybord interrupt, exiting gracefully anyway on %s at %s' % (rc4_key, time.ctime()))
sys.exit()
I´m using http://crypo.bz.ms/secure-rc4-online to encrypt the string and https://www.base64encode.org to encode it with UTF-8.
Question
Why doesn't my script work to find the key?
(Im not receiving any error message, it is more of a general question if I have missed something in my code, or approach of the problem.)
plaintext: This is something that I have encrypted, key: ABCFMSG
Alright, it seems that crypo.bz uses a realy weird system. Basically they have a really weird encoding which causes discrepancies if you simply use their characters.
For example encoding 'a' with key 'A' should produce a character with value 163.
In hex A3. In crypo.bz we get 'oc' instead.
So you have two possibilities. Either do some ciphertext analysis or use another site. I recommend this one as they tell you in what they encode the result:
http://www.fyneworks.com/encryption/RC4-Encryption/index.asp
Take the hex and convert it to string, the you should be able to decipher it
Your code seems to be working by the way ;)
Tell me if you have additional questions
EDIT: did some additional analysis, and it is really, really weird.
in crypo.bz IF the algorithm is correct 163 is oc
160 is nc
but 161 is mc ??
If anyone figures this out please tell me!
EDITEDIT:
here is the encrypted, but not encoded string '#ÔèïH§¢6pbpÊ]õªœIôŒ>Yœ5îfäGuæxÖa…ë6°'
Your program takes like half a second to find the key ;)
Hi can you help me decode this message and what to do:
main.py", line 1278, in post
message.body = "%s %s/%s/%s" % (msg, host, ad.key().id(), slugify(ad.title.encode('utf-8')))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1: ordinal not in range(128)
Thanks
UPDATE having tried removing the encode call it appears to work:
class Recommend(webapp.RequestHandler):
def post(self, key):
ad= db.get(db.Key(key))
email = self.request.POST['tip_email']
host = os.environ.get("HTTP_HOST", os.environ["SERVER_NAME"])
senderemail = users.get_current_user().email() if users.get_current_user() else 'info#monton.cl' if host.endswith('.cl') else 'info#monton.com.mx' if host.endswith('.mx') else 'info#montao.com.br' if host.endswith('.br') else 'admin#koolbusiness.com'
message = mail.EmailMessage(sender=senderemail, subject="%s recommends %s" % (self.request.POST['tip_name'], ad.title) )
message.to = email
message.body = "%s %s/%s/%s" % (self.request.POST['tip_msg'],host,ad.key().id(),slugify(ad.title))
message.send()
matched_images=ad.matched_images
count = matched_images.count()
if ad.text:
p = re.compile(r'(www[^ ]*|http://[^ ]*)')
text = p.sub(r'\1',ad.text.replace('http://',''))
else:
text = None
self.response.out.write("Message sent<br>")
path = os.path.join(os.path.dirname(__file__), 'market', 'market_ad_detail.html')
self.response.out.write(template.render(path, {'user_url':users.create_logout_url(self.request.uri) if users.get_current_user() else users.create_login_url(self.request.uri),
'user':users.get_current_user(), 'ad.user':ad.user,'count':count, 'ad':ad, 'matched_images': matched_images,}))
The problem here is your underlying model (message.body) only wants ASCII text but you're trying to give it a string encoded in unicode.
But since you've got a normal ascii string here, you can just make python print out the '?' character when you've got a non-ascii-printing string.
"UNICODE STRING".encode('ascii','replace').decode('ascii')
So like from your example above:
message.body = "%s %s/%s/%s" % \
(msgencode('ascii','replace').decode('ascii'),
hostencode('ascii','replace').decode('ascii'),
ad.key().id()encode('ascii','replace').decode('ascii'),
slugify(ad.title)encode('ascii','replace').decode('ascii'))
Or just encode/decode on the variable that has the unicode character.
But this isn't an optimal solution. The best idea is to make message.body a unicode string. Being that doesn't seem feasible (I'm not familiar with GAE), you can use this to at least not have errors.
You've got a Unicode character in a place that you're not supposed to. Most often I find this error is having MS Word-style slanted quotes.
One of these fields has some characters that cannot be encoded. If you switch to python 3 (it has better unicode support), or you change the encoding of the entire script the problem should stop, about the best way to change the encoding in 2.x is using the encoding comment line. If you see http://evanjones.ca/python-utf8.html you will see more of an explanation of using python with utf-8 support the best suggestion is add # -*- coding: utf-8 -*- to the top of your script. And handle scripts like this
s = "hello normal string"
u = unicode( s, "utf-8" )
backToBytes = u.encode( "utf-8" )
I had a similar problem when using Django norel and Google App Engine.
The problem was at the folder containing the application. Probably isn't this the problem described in this question, but, maybe helps someone don't waste time like me.
Try first change you application folder maybe to /home/ and try to run again, if doesn't works, try something more.
I'm using the active_directory module, and trying to print a list of the users. My code is:
import active_directory as ad
users = ad.AD_Object("LDAP://OU=Home, DC=dome, DC=net")
for user in users.search(objectCategory="Person"):
print str(user)
It prints some of the users until it meets an unicode username. Then it throws the following error:
UnicodeEncodeError: ascii codec
can't encode characthers in position
10-14: ordinaal not in range(128).
What can I do?
Thank you very much.
Try:
print user.decode('utf-8')
I have a function accepting requests from the network. Most of the time, the string passed in is not unicode, but sometimes it is.
I have code to convert everything to unicode, but it reports this error:
message.create(username, unicode(body, "utf-8"), self.get_room_name(),\
TypeError: decoding Unicode is not supported
I think the reason is the 'body' parameter is already unicode, so unicode() raises an exception.
Is there any way to avoid this exception, e.g. judge the type before the conversion?
You do not decode to UTF-8, you encode to UTF-8 or decode from.
You can safely decode from UTF8 even if it's just ASCII. ASCII is a subset of UTF8.
The easiest way to detect if it needs decoding or not is
if not isinstance(data, unicode):
# It's not Unicode!
data = data.decode('UTF8')
You can use either this:
try:
body = unicode(body)
except UnicodeDecodeError:
body = body.decode('utf8')
Or this:
try:
body = unicode(body, 'utf8')
except TypeError:
body = unicode(body)
Mark Pilgrim wrote a Python library to guess text encodings:
http://chardet.feedparser.org/
On Unicode and UTF-8, the first two sections of chapter 4 of his book ‘Dive into Python 3’ are pretty great:
http://diveintopython3.org/strings.html
This is what I use:
def to_unicode_or_bust(obj, encoding='utf-8'):
if isinstance(obj, basestring):
if not isinstance(obj, unicode):
obj = unicode(obj, encoding)
return obj
It's taken from this presentation: http://farmdev.com/talks/unicode/
And this is a sample code that uses it:
def hash_it_safe(s):
try:
s = to_unicode_or_bust(s)
return hash_it_basic(s)
except UnicodeDecodeError:
return hash_it_basic(s)
except UnicodeEncodeError:
assert type(s) is unicode
return hash_it_basic(s.encode('utf-8'))
Anyone have some thoughts on how to improve this code? ;)