ich committe mit mienen besten

1 files changed, 46 insertions, 1 deletions

diff --git a/README.md b/README.md
index 3a6074f..5a2eae4 100644
--- a/README.md
+++ b/README.md
@@ -199,4 +199,49 @@ This makes full integration with modern systems (for triggering Bodet audio via
 
 ## Please Help me !!!
 
-If you have firmware dumps, better knowladge of UDP and reverse engeneering checksums or just generally more insights, feel free to contribute 
+If you have firmware dumps, better knowladge of UDP and reverse engeneering checksums or just generally more insights, feel free to contribute
+
+## Bruteforcing Tool (`hexen.py`)
+
+The `executables/hexen.py` script provides a utility to send raw hex payloads and includes a bruteforce mode for the last byte of a given hex prefix. This is particularly useful for trying to find working checksums or other variable last bytes.
+
+### How it Works:
+
+1.  **Initiating Bruteforce:**
+    *   Run the script: `python hexen.py`
+    *   To start a bruteforce, type: `brute <hex_prefix>`
+        *   Example: `brute 4d454c0021010004ff300180000000000000000000000000010202010f010001`
+        *   The script will then iterate through all possible last bytes (0x00 to 0xFF) appending them to this prefix.
+
+2.  **Configuration Prompts:**
+    *   **Mode Selection:**
+        *   `(1) Manual`: Sends one packet at a time and asks for feedback.
+        *   `(2) Auto Ascending`: Sends all packets from `<prefix>00` to `<prefix>ff` automatically.
+        *   `(3) Auto Descending`: Sends all packets from `<prefix>ff` down to `<prefix>00` automatically.
+    *   **Delay:**
+        *   Prompts for the time (in seconds, e.g., `0.5`, `1`) to wait between sending each packet.
+
+3.  **Interactive Controls (During Bruteforce):**
+    *   **Manual Mode (`1`):**
+        *   After each packet is sent, you'll be prompted: `Did it work? (y/n/auto/stop/r=retry last 3/c=cancel):`
+            *   `y`: Confirms the current hex string worked. The bruteforce for this prefix stops, and the successful string is saved to the `MAGIC` file.
+            *   `n`: Continues to the next hex value.
+            *   `auto`: Switches to auto-ascending mode for the remainder of the current prefix.
+            *   `stop` or `c`: Aborts the current bruteforce operation.
+            *   `r`: Resends the last up to 3 packets (including the current one).
+    *   **Auto Modes (`2` or `3`) (Windows Only - requires `msvcrt`):**
+        *   An initial message will inform you: `During auto mode: press 'c' to cancel, 'r' to retry last 3, 'p' to pause/resume.`
+            *   `c`: Cancels the current bruteforce operation.
+            *   `r`: Pauses sending, resends the last up to 3 packets, then resumes.
+            *   `p`: Toggles pause/resume for the auto-sending process.
+
+4.  **Saving Results to `MAGIC` File:**
+    *   The `MAGIC` file path is defined at the top of `hexen.py` (default: `/Users/crt/Documents/bodeting/research/bad-bruteforcing/attempt-1.txt`).
+    *   **Successful Bruteforce:** If you confirm a packet worked (with 'y' in manual mode), the complete successful `full_hex_string` is automatically appended to this file.
+    *   **Cancelled/Completed (No Success):** If the bruteforce is cancelled or finishes all iterations without a 'y' confirmation, you'll be prompted:
+        `Kein Zauber hat gewirkt oder du hast abgebrochen. Gib den Suffix für '<hex_prefix>' ein, um ihn ins Buch zu kritzeln (oder Enter zum Überspringen):`
+        *   If you enter a suffix (e.g., `fa`), the script will save `hex_prefix + entered_suffix` to the `MAGIC` file.
+        *   If you press Enter, nothing is saved for that attempt.
+    *   The script checks if the directory for the `MAGIC` file exists and if the file is writable, providing error messages if issues are encountered.
+
+This tool aims to simplify the process of testing variations of known packet structures, especially when only the checksum isnt known
\ No newline at end of file