For example when I run this command in my terminal:
echo -n 'something' | openssl dgst -sha256 -hmac 'NhqPtmdS'
This is returned:
caa686a03a502a0da2985dfea0b0b5798657fc30c2fd917db527d29ea5b23579
I'm trying to do this in Python, but I don't know why is returning something different.
This is my code:
import base64
from hashlib import sha256
import hmac
key = base64.b64decode('NhqPtmdS')
jsonBytes = bytes('something', "ascii")
hmac_result = hmac.new(key, jsonBytes, sha256).hexdigest()
print(hmac_result)
But I'm getting the next result:
6a964bd560a9dc763864ddf337d64e5f2ef958e6937ad296084166da0db83eb9
Also I tried this:
hmac_result = hmac.new(key, jsonBytes, sha256)
base64.b64encode(hmac_result.digest()).decode()
But it's not working either.
Any advice will be appreciated.
Related
I've been trying to figure out how to use HMAC to hash a string in Python for a TOTP generator I've already made in PHP. In PHP, I use the command echo -n "0x00000000035362f9" | xxd -r -p | openssl dgst -sha1 -mac HMAC -macopt hexkey:0080700040024c8581c2 which returns the desired value 7289e7b135d54b86a462a53da93ef6ad28b902f8. However, when I use the hmac library in Python 3.10
from hashlib import sha1
from hmac import new
key = "00000000035362f9"
msg = "0080700040024c8581c2"
byte_key = bytes(key, "UTF-8")
message = msg.encode()
print(new(byte_key, message, sha1).hexdigest())
print(new(message, byte_key, sha1).hexdigest())
The printed values are b05fe172b6a8a20767c18e1bfba159f0ea54c2bd and 0fe109b32b17aeff840255558e6b5c8ff3d8a115, neither match what I want.
I've tried making the key and message hex values first, I've made them raw bytes using b'0080700040024c8581c2', encoding them using UTF-8 and ASCII, and none of the solutions have worked.
I've looked at other post relating to this, and none of them worked.
Python hmac (sha1) calculation
Python HMAC OpenSSL equivalent
hmac returning different hexdigest values to openssl
Why Python and Node.js's HMAC result is different in this code?
Implementing SHA1-HMAC with Python
#jasonharper's answer from the comments was correct.
from hashlib import sha1
from hmac import new
from binascii import unhexlify
msg = unhexlify("00000000035362f9")
key = unhexlify("0080700040024c8581c2")
print(new(key, msg, sha1).hexdigest())
cannot import name 'XOR' from 'Crypto.Cipher'
(/usr/local/lib/python3.8/dist-packages/Crypto/Cipher/__init__.py)
I just tried importing XOR function into my code & this is the error that i have got when i executed my code in the google colab.
Can i get the solution for this?
I just need to import XOR function using Crypto.Cipher module. My code is as follows
import Crypto
from Crypto import Cipher
from Crypto.Cipher import XOR
key = "abcdefghijklij"
xor = XOR.XORCipher(key) # To encrypt
xor1 = XOR.XORCipher(key) # To decrypt
def enc(sock, message, addr):
abcd = str_xor.encrypt(message)
print (message == dec(sock, abcd, addr))
sock.sendto(abcd, addr)
return abcd
def dec(sock, message, addr):
abcd = str_xor1.decrypt(message)
return abcd
#message = "dfjsdfjsdfjdsfdfsk"4
#print message
#newm = enc(1, message, message)
#print newm
#print dec(1, newm, newm)
pip install crypto
installs https://github.com/chrissimpkins/crypto which does not appear to be import-able class-library. Its examples and test scripts suggest crypto and decrypto should be executes as commands.
Readme: https://github.com/chrissimpkins/crypto
Tests/examples: https://github.com/chrissimpkins/crypto/tree/master/tests
Please specify which crypto-library did you install?
Make sure your installation matches the library you are supposed to install.
I'm using the python hashlib to get a condensed sha256 value using the following command, can someone help me out with a compatible function?
import hashlib
biz_number = "000-00-00000"
total_amount = "45000"
external_auth_key = "00000000-0000-0000-0000-000000000000"
signature = hashlib.sha256(':'.join([biz_number, external_auth_key, total_amount]).encode()).hexdigest()
print(signature)
> b9c4510deb7e279687bac8503d12f0878e0955a0f247b9257cb600df10378895
I'm trying to encode the contents of a Python script in Linux. I just started off with a simple script called test.py -
# !/app/logs/Python/bin/python3
# -*- coding: ascii -*-
print ("hi")
Once I have the script, I execute the vim -x test.py and enter the encryption key twice. Then save the file as normal and then execute the script using python test.py
I tried almost all the examples provided in the link here but still i end up getting the below error -
SyntaxError: Non-ASCII character '\x97' in file test.py on line 1, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details
I checked the default encoding using print sys.getdefaultencoding() and it is acsii.
What am i missing here. kindly clarify. I know this question is a duplicate but none of the solutions helped.
Python knows how to execute clear text Python source code. If you encrypt the source file, it no longer contains valid Python source and cannot be directly executed.
There are 2 possible ways here. First is to only obfuscate your source. You should be aware that obfuscation is not security, and a user could recover some Python source with some work (not necessarily the original source, because comments and doc strings could have been stripped off and variable names could have been changed). You could read How do I protect Python code? and google for python obfuscate to find some possible ways of obfuscating Python source and their trade-offs.
The good news with obfuscated source is that it can be used by anybody without any password.
Second way is to encrypt the source. If you use a decent tool, you can assume that it will be impossible to read or execute the file without knowing the key. In that sense, vim crypto has not the highest possible reputation. In the simplest way (for example with your example vim -x) you will have to decrypt the file to execute it. Unfortunately, good crypto modules are not shipped in a standard Python installation and must be downloaded from pypi. Well known crypto modules include pycrypto and cryptography.
You can then encrypt the most part of the code, and then at run time ask for the key, decrypt it and execute it. Still a serious job but feasible.
Alternatively, you could build in another language (C/C++) a decryptor that decrypts the remaining of the file and feed it into a python interpretor, but functionally, this is only a variant of the above method.
As per your comment I assume that you want to encrypt the source code and decrypt it (with the password) at run time. The princips are:
build a Python script that will take another arbitrary Python script, encode it with a secure crypto module and prepend it with some decrypting code.
at run time, the prepended code will ask for the password, decrypt the encrypted code exec it
The builder could be (this code uses the cryptography module):
import cryptography.fernet
import cryptography.hazmat.primitives.kdf.pbkdf2
import cryptography.hazmat.primitives.hashes
import cryptography.hazmat.backends
import base64
import os
import sys
# the encryption function
def encrypt_source(infile, outfile, passwd):
with open(infile, 'rb') as fdin: # read original file
plain_data = fdin.read()
salt, key = gen_key(passwd) # derive a key from the password
f = cryptography.fernet.Fernet(key)
crypted_data = f.encrypt(plain_data) # encrypt the original code
with open(outfile, "w") as fdout: # prepend a decoding block
fdout.write("""#! /usr/bin/env python
import cryptography.fernet
import cryptography.hazmat.primitives.kdf.pbkdf2
import cryptography.hazmat.primitives.hashes
import cryptography.hazmat.backends
import base64
import os
def gen_key(passwd, salt): # key derivation
kdf = cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC(
algorithm = cryptography.hazmat.primitives.hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = cryptography.hazmat.backends.default_backend()
)
return base64.urlsafe_b64encode(kdf.derive(passwd))
passwd = input("Password:") # ask for the password
salt = base64.decodebytes({})
key = gen_key(passwd.encode(), salt) # derive the key from the password and the original salt
crypted_source = base64.decodebytes( # decode (base64) the crypted source
b'''{}'''
)
f = cryptography.fernet.Fernet(key)
plain_source = f.decrypt(crypted_source) # decrypt it
exec(plain_source) # and exec it
""".format(base64.encodebytes(salt),
base64.encodebytes(crypted_data).decode()))
# derive a key from a password and a random salt
def gen_key(passwd, salt=None):
if salt is None: salt = os.urandom(16)
kdf = cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC(
algorithm = cryptography.hazmat.primitives.hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = cryptography.hazmat.backends.default_backend()
)
return salt, base64.urlsafe_b64encode(kdf.derive(passwd))
if __name__ == '__main__':
if len(sys.argv) != 3:
print("Usage {} infile outfile".format(sys.argv[0]))
sys.exit(1)
passwd = input("Password:").encode() # ask for a password
encrypt_source(sys.argv[1], sys.argv[2], passwd) # and generates an encrypted Python script
Why does my code not decrypt the ts segment?
from Crypto.Cipher import AES
import requests as req
import os
import m3u8
with req.session() as req:
m3u = m3u8.load('https://svt1-a.akamaized.net/se/svt1/d132b755-8088-475e-91df-2c8f2de9cf6c/hls-v6/v6.m3u8')
key_url = m3u.keys[0].absolute_uri
seg = m3u.segments[0].absolute_uri
key = ''
for chunk in req.get(key_url,stream=True):
key+=chunk
cipher = AES.new(key, AES.MODE_CBC, os.urandom(16))
data = ''
for chunk in req.get(seg, stream=True):
data+=chunk
data = cipher.decrypt(data)
with open('ulk.ts','wb') as fil:
fil.write(data)
The m3u8 url is:
https://svt1-a.akamaized.net/se/svt1/d132b755-8088-475e-91df-2c8f2de9cf6c/hls-v6/v6.m3u8
Code from the m3u8:
EXTM3U
#EXT-X-VERSION:4
#EXT-X-TARGETDURATION:4
#EXT-X-MEDIA-SEQUENCE:220662
#EXTINF:3.20000,
#EXT-X-KEY:METHOD=AES-128,URI="../key-d132b755-8088-475e-91df-2c8f2de9cf6c.ts"
v6-220662.ts
#EXTINF:3.20000,
v6-220663.ts
#EXTINF:3.20000,
v6-220664.ts
#EXTINF:3.20000,
v6-220665.ts
#EXTINF:3.20000,
v6-220666.ts
#EXTINF:3.20000,
v6-220667.ts
#EXTINF:3.20000,
v6-220668.ts
#EXTINF:3.20000,
v6-220669.ts
#EXTINF:3.20000,
v6-220670.ts
#EXTINF:3.20000,
v6-220671.ts
Keystring:
'PB{\xf1\xb9\xf9.\xb7\x1d\xeb\x95\x8f=\xcd\x93\xce'
I have a perfect solution for your little problem.
Your code is great but it need some few little fixes - Than it will nicely run.
Python venv:
- python3 -m venv Your-Python-VEnviroment-Name-env
- cd Your-Python-VEnviroment-Name-env
- source bin/activate
Follow the Steps 1..5
deactivate
Step 01: Module-List must to install into python venv:
- python3 -m pip install m3u8
- python3 -m pip install requests
- python3 -m pip install pycryptodome
Step 02: Create a file GetSegments.py
Step 03: Fill it with the below code-boxes
List of imports:
import os
import m3u8
import requests
from Crypto.Cipher import AES
Set a own RequestsClient to get https to work.
class MyOwnReqClient():
def download(self, uri, timeout=None, headers={}, verify_ssl=True):
result = requests.get(uri, timeout=timeout, headers=headers)
return result.text, result.url
Set m3u8.load correctly with your own RequestsClient.Class.
#Other headers should you look at F12 ;-)
headers = {'host':'Your-Data-Here', 'User-Agent':'Your-Browser-User-Agent-Here-VERY-IMPORTANT'}
url = 'https://YOUR.URL.M3U8.Encrypted-ts-segments.HERE'
m3u = m3u8.load(url, http_client=MyOwnReqClient(), headers=headers)
Set key variable correctly.
key_url = m3u.keys[0].absolute_uri
key = []
for chunk in req.get(url=key_url,stream=True,headers=headers,method="get"):
key.append(chunk)
Set the correct IV for crypto.
lines = str(m3u.segments[0]).split('\n')
IV = lines[0].split("IV=")[1]
#convert into bytes and remove the first 2 chars
IV = bytes.fromhex(IV.replace("0x",""))
Init crypto.
cipher = AES.new(key[0], AES.MODE_CBC, IV=IV)
At least you must to change your data store routine.
#Get each segment of m3u8-file
for single_segment in m3u.segments:
#Get correct URL for ts-file
download_url = single_segment.absolute_uri
#Counter 1..n
num = 1
#Write bytes into a file
with open('Filename.part' + str(num) + '.ts', 'wb') as seg_ts:
#Get all chunks of current part-file
for chunk in requests.request(url=download_url, stream=True, headers=headers, method="get"):
#decrypt it and write it into the file
seg_ts.write(cipher.decrypt(chunk))
#Counter increase for the next part number
num += 1
Step 04: Save the file and try it.
Step 05: python3 GetSegments.py
I hope it helps you and all others.
I could not sleep if the python script not done and works.
I hope I have not any wrong write typoos... ;-)