JustAnotherArchivist
/
cloudflare-circumvent
1
0
Forkuj 0
Kod Zgłoszenia 1 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
A Python module to crack Cloudflare's JavaScript challenge (aka "I'm Under Attack" mode)
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
3 Commity
1 Gałąź
76 KiB
 
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
cloudflare-circumvent/parse.py

294 wiersze
9.2 KiB
Czysty Bezpośredni odnośnik Wina Historia 

  1. import enum

  2. import functools

  3. import operator

  4. import re

  5. 

  6. 

  7. class ParsingError(Exception):

  8. 	pass

  9. 

  10. 

  11. class EvaluationError(Exception):

  12. 	pass

  13. 

  14. 

  15. class StrEnum(enum.Enum):

  16. 	def __repr__(self):

  17. 		return str(self)

  18. 

  19. 

  20. class Type(StrEnum):

  21. 	group = 1

  22. 	brackets = 2

  23. 

  24. 

  25. class Modifier(StrEnum):

  26. 	negate = 1

  27. 	plus = 2

  28. 

  29. 

  30. class JSBool:

  31. 	def __init__(self, value):

  32. 		self.value = bool(value)

  33. 

  34. 	def __add__(self, other):

  35. 		if isinstance(other, (JSBool, JSInt)): # bool + bool/int -> int (addition)

  36. 			return JSInt(self) + JSInt(other)

  37. 		elif isinstance(other, JSString): # bool + string -> string (concatenation)

  38. 			return JSString(self) + other

  39. 		else:

  40. 			return NotImplemented

  41. 

  42. 	def __sub__(self, other):

  43. 		if isinstance(other, (JSBool, JSInt, JSString)): # bool - bool/int/string -> int (subtraction)

  44. 			return JSInt(self) - JSInt(other)

  45. 		else:

  46. 			return NotImplemented

  47. 

  48. 	def __mul__(self, other):

  49. 		if isinstance(other, (JSBool, JSInt, JSString)): # bool * bool/int/string -> int (multiplication)

  50. 			return JSInt(self) * JSInt(other)

  51. 		else:

  52. 			return NotImplemented

  53. 

  54. 	def __eq__(self, other):

  55. 		return isinstance(other, JSBool) and self.value == other.value

  56. 

  57. 	def __bool__(self):

  58. 		return self.value

  59. 

  60. 	def __int__(self):

  61. 		return int(self.value)

  62. 

  63. 	def __str__(self):

  64. 		return str(self.value).lower() # 'True' in Python is 'true' in JS

  65. 

  66. 	def __repr__(self):

  67. 		return 'JSBool({!r})'.format(self.value)

  68. 

  69. 

  70. class JSInt:

  71. 	def __init__(self, value):

  72. 		self.value = int(value)

  73. 

  74. 	def __add__(self, other):

  75. 		if isinstance(other, JSInt): # int + int -> int (addition)

  76. 			return JSInt(self.value + other.value)

  77. 		elif isinstance(other, JSBool): # int + bool -> int (addition)

  78. 			return self + JSInt(other)

  79. 		elif isinstance(other, JSString): # int + string -> string (concatenation)

  80. 			return JSString(self) + other

  81. 		else:

  82. 			return NotImplemented

  83. 

  84. 	def __sub__(self, other):

  85. 		if isinstance(other, JSInt): # int - int -> int (subtraction)

  86. 			return JSInt(self.value - other.value)

  87. 		elif isinstance(other, (JSBool, JSString)): # int - bool/string -> int (subtraction)

  88. 			return self - JSInt(other)

  89. 		else:

  90. 			return NotImplemented

  91. 

  92. 	def __mul__(self, other):

  93. 		if isinstance(other, JSInt): # int * int -> int (multiplication)

  94. 			return JSInt(self.value * other.value)

  95. 		elif isinstance(other, (JSBool, JSString)): # int * bool/string -> int (multiplication)

  96. 			return self * JSInt(other)

  97. 		else:

  98. 			return NotImplemented

  99. 

  100. 	def __eq__(self, other):

  101. 		return isinstance(other, JSInt) and self.value == other.value

  102. 

  103. 	def __bool__(self):

  104. 		return self.value != 0 # Any value other than zero is considered 'true'

  105. 

  106. 	def __int__(self):

  107. 		return self.value

  108. 

  109. 	def __str__(self):

  110. 		return str(self.value)

  111. 

  112. 	def __repr__(self):

  113. 		return 'JSInt({!r})'.format(self.value)

  114. 

  115. 

  116. class JSString:

  117. 	def __init__(self, value):

  118. 		self.value = str(value)

  119. 

  120. 	def __add__(self, other):

  121. 		if isinstance(other, JSString): # string + string -> string (concatenation)

  122. 			return JSString(self.value + other.value)

  123. 		elif isinstance(other, (JSInt, JSBool)): # string + int/bool -> string (concatenation)

  124. 			return self + JSString(other)

  125. 		else:

  126. 			return NotImplemented

  127. 

  128. 	def __sub__(self, other):

  129. 		if isinstance(other, (JSBool, JSInt, JSString)): # string - bool/int/string -> int (subtraction)

  130. 			return JSInt(self) - JSInt(other)

  131. 		else:

  132. 			return NotImplemented

  133. 

  134. 	def __mul__(self, other):

  135. 		if isinstance(other, (JSBool, JSInt, JSString)): # string * bool/int/string -> int (multiplication)

  136. 			return JSInt(self) * JSInt(other)

  137. 		else:

  138. 			return NotImplemented

  139. 

  140. 	def __eq__(self, other):

  141. 		return isinstance(other, JSString) and self.value == other.value

  142. 

  143. 	def __bool__(self):

  144. 		return self.value != '' # Any non-empty string is considered 'true'

  145. 

  146. 	def __int__(self):

  147. 		if self.value == '':

  148. 			return 0

  149. 		return int(self.value)

  150. 

  151. 	def __str__(self):

  152. 		return self.value

  153. 

  154. 	def __repr__(self):

  155. 		return 'JSString({!r})'.format(self.value)

  156. 

  157. 

  158. _itemModifierToResultMapping = {

  159. 	(): JSString(''),

  160. 	(Modifier.plus,): JSInt(0),

  161. 	(Modifier.negate,): JSBool(False),

  162. 	#(Modifier.plus, Modifier.plus): syntax error

  163. 	(Modifier.plus, Modifier.negate): JSInt(0),

  164. 	(Modifier.negate, Modifier.plus): JSBool(True),

  165. 	(Modifier.negate, Modifier.negate): JSBool(True),

  166. 	#(Modifier.plus, Modifier.plus, Modifier.plus): syntax error

  167. 	#(Modifier.plus, Modifier.plus, Modifier.negate): syntax error

  168. 	(Modifier.plus, Modifier.negate, Modifier.plus): JSInt(1),

  169. 	(Modifier.plus, Modifier.negate, Modifier.negate): JSInt(1),

  170. 	#(Modifier.negate, Modifier.plus, Modifier.plus): syntax error

  171. 	(Modifier.negate, Modifier.plus, Modifier.negate): JSBool(True),

  172. 	(Modifier.negate, Modifier.negate, Modifier.plus): JSBool(False),

  173. 	(Modifier.negate, Modifier.negate, Modifier.negate): JSBool(False),

  174. }

  175. 

  176. 

  177. class Item:

  178. 	def __init__(self, type, modifiers, values = None):

  179. 		if type not in (Type.group, Type.brackets):

  180. 			raise ValueError('type must be Type.group or Type.brackets')

  181. 		iter(modifiers) # Test whether modifiers is an iterable, and let the potential TypeError bubble up

  182. 		if not all(x in (Modifier.negate, Modifier.plus) for x in modifiers):

  183. 			raise ValueError('modifiers must be an iterable that can only contain Modifier.negate or Modifier.plus')

  184. 		if values is not None and type != Type.group:

  185. 			raise ValueError('values can only be specified for group items')

  186. 		if type == Type.group and values is None:

  187. 			raise ValueError('values are required for group items')

  188. 		self.type = type

  189. 		self.modifiers = modifiers

  190. 		self.values = values

  191. 

  192. 	def evaluate(self, evaluateFunction = None):

  193. 		if self.type == Type.group:

  194. 			if evaluateFunction is None or not callable(evaluateFunction):

  195. 				raise ValueError('must specify a callable evaluateFunction when evaluating a group item')

  196. 			return evaluateFunction(self.values, self.modifiers)

  197. 		else:

  198. 			try:

  199. 				return _itemModifierToResultMapping[tuple(self.modifiers)]

  200. 			except KeyError:

  201. 				raise EvaluationError('Unrecognised modifier pattern {!r}'.format(self.modifiers))

  202. 

  203. 	def __eq__(self, other):

  204. 		return isinstance(other, Item) and self.type == other.type and self.modifiers == other.modifiers and self.values == other.values

  205. 

  206. 	def __repr__(self):

  207. 		return 'Item({!r}, {!r}{})'.format(self.type, self.modifiers, ', values = {!r}'.format(self.values) if self.values is not None else '')

  208. 

  209. 

  210. def parse(s):

  211. 	'''

  212. 	Parse expression s into a tree of Items.

  213. 

  214. 	Argument: s (string), the expression to evaluate

  215. 

  216. 	Returns: tree (list of Items)

  217. 	'''

  218. 

  219. 	itemStack = {0: []}

  220. 	modifierStack = {0: []}

  221. 	currentItemStack = itemStack[0]

  222. 	currentModifierStack = modifierStack[0]

  223. 	stackLevel = 0

  224. 	finishedItem = False

  225. 	pos = 0

  226. 	length = len(s)

  227. 	while pos < length:

  228. 		char = s[pos]

  229. 		if char == '+':

  230. 			if pos == 0 or not finishedItem:

  231. 				finishedItem = False

  232. 				currentModifierStack.append(Modifier.plus)

  233. 			# else: addition, nothing to do

  234. 		elif char == '!':

  235. 			finishedItem = False

  236. 			currentModifierStack.append(Modifier.negate)

  237. 		elif char == '(':

  238. 			finishedItem = False

  239. 			stackLevel += 1

  240. 			currentItemStack = itemStack[stackLevel] = []

  241. 			currentModifierStack = modifierStack[stackLevel] = []

  242. 		elif char == ')':

  243. 			if stackLevel == 0:

  244. 				raise ParsingError('Encountered ) without matching (')

  245. 			stackLevel -= 1

  246. 			currentItemStack = itemStack[stackLevel]

  247. 			currentItemStack.append(Item(type = Type.group, modifiers = modifierStack[stackLevel], values = itemStack[stackLevel + 1]))

  248. 			currentModifierStack = modifierStack[stackLevel] = []

  249. 			finishedItem = True

  250. 		elif char == '[':

  251. 			if s[pos + 1] != ']':

  252. 				raise ParsingError('Invalid byte found at position {}; expected ] but got {}'.format(pos + 1, s[pos + 1]))

  253. 			# End of modifier sequence

  254. 			currentItemStack.append(Item(type = Type.brackets, modifiers = currentModifierStack))

  255. 			currentModifierStack = []

  256. 			pos += 1 # Skip over closing bracket

  257. 			finishedItem = True

  258. 		pos += 1

  259. 	return itemStack[0]

  260. 

  261. 

  262. def evaluate(tree, modifiers = None):

  263. 	t = map(lambda x: x.evaluate(evaluate), tree)

  264. 	if len(tree) > 1:

  265. 		result = functools.reduce(operator.add, t) # Concatenation or addition, but this is all handled in the JS* classes

  266. 	else:

  267. 		result = next(t)

  268. 	if modifiers == [Modifier.plus]:

  269. 		return JSInt(result)

  270. 	return result

  271. 

  272. 

  273. def crack(url, html):

  274. 	m = re.search(r'setTimeout\(function\(\)\{\s+var\s+s,t,o,p,b,r,e,a,k,i,n,g,f,\s*(?P<parent>[a-zA-Z]+)=\{"(?P<child>[a-zA-Z]+)":(?P<initialExpression>[^}]+)\};' +

  275. 	  r'\s*t\s*=\s*document\.createElement\(\'div\'\);' +

  276. 	  r'\s*t\.innerHTML="<a href=\'/\'>x</a>";' +

  277. 	  r'\s*t\s*=\s*t\.firstChild\.href;\s*r\s*=\s*t\.match\(/https\?:\\/\\//\)\[0\];' +

  278. 	  r'\s*t\s*=\s*t\.substr\(r\.length\);\s*t\s*=\s*t\.substr\(0,t\.length-1\);' +

  279. 	  r'\s*a\s*=\s*document\.getElementById\(\'jschl-answer\'\);' +

  280. 	  r'\s*f\s*=\s*document\.getElementById\(\'challenge-form\'\);' +

  281. 	  r'\s*;((?P=parent)\.(?P=child)\s*[*+-]=\s*[^;]+\s*;\s*)+a\.value\s*=\s*parseInt\((?P=parent)\.(?P=child),\s*10\)\s*\+\s*t\.length;\s*\';\s*121\'' +

  282. 	  r'\s*f\.action\s*\+=\s*location\.hash;' +

  283. 	  r'\s*f\.submit\(\);' +

  284. 	  r'\s*\},\s*4000\);', html)

  285. 	if not m:

  286. 		return None

  287. 	d = m.groupdict()

  288. 	operators = {'*': operator.mul, '+': operator.add, '-': operator.sub}

  289. 	result = evaluate(parse(d['initialExpression']))

  290. 	for m in re.finditer(d['parent'] + r'\.' + d['child'] + r'\s*(?P<operator>[*+-])=\s*(?P<expression>[^;]+)', html):

  291. 		result = operators[m.group('operator')](result, evaluate(parse(m.group('expression'))))

  292. 	domain = re.search(r'^https?://([^/]+)/', url).group(1)

  293. 	return result + JSInt(len(domain))