diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 47 |
1 files changed, 46 insertions, 1 deletions
@@ -199,4 +199,49 @@ This makes full integration with modern systems (for triggering Bodet audio via ## Please Help me !!! -If you have firmware dumps, better knowladge of UDP and reverse engeneering checksums or just generally more insights, feel free to contribute +If you have firmware dumps, better knowladge of UDP and reverse engeneering checksums or just generally more insights, feel free to contribute + +## Bruteforcing Tool (`hexen.py`) + +The `executables/hexen.py` script provides a utility to send raw hex payloads and includes a bruteforce mode for the last byte of a given hex prefix. This is particularly useful for trying to find working checksums or other variable last bytes. + +### How it Works: + +1. **Initiating Bruteforce:** + * Run the script: `python hexen.py` + * To start a bruteforce, type: `brute <hex_prefix>` + * Example: `brute 4d454c0021010004ff300180000000000000000000000000010202010f010001` + * The script will then iterate through all possible last bytes (0x00 to 0xFF) appending them to this prefix. + +2. **Configuration Prompts:** + * **Mode Selection:** + * `(1) Manual`: Sends one packet at a time and asks for feedback. + * `(2) Auto Ascending`: Sends all packets from `<prefix>00` to `<prefix>ff` automatically. + * `(3) Auto Descending`: Sends all packets from `<prefix>ff` down to `<prefix>00` automatically. + * **Delay:** + * Prompts for the time (in seconds, e.g., `0.5`, `1`) to wait between sending each packet. + +3. **Interactive Controls (During Bruteforce):** + * **Manual Mode (`1`):** + * After each packet is sent, you'll be prompted: `Did it work? (y/n/auto/stop/r=retry last 3/c=cancel):` + * `y`: Confirms the current hex string worked. The bruteforce for this prefix stops, and the successful string is saved to the `MAGIC` file. + * `n`: Continues to the next hex value. + * `auto`: Switches to auto-ascending mode for the remainder of the current prefix. + * `stop` or `c`: Aborts the current bruteforce operation. + * `r`: Resends the last up to 3 packets (including the current one). + * **Auto Modes (`2` or `3`) (Windows Only - requires `msvcrt`):** + * An initial message will inform you: `During auto mode: press 'c' to cancel, 'r' to retry last 3, 'p' to pause/resume.` + * `c`: Cancels the current bruteforce operation. + * `r`: Pauses sending, resends the last up to 3 packets, then resumes. + * `p`: Toggles pause/resume for the auto-sending process. + +4. **Saving Results to `MAGIC` File:** + * The `MAGIC` file path is defined at the top of `hexen.py` (default: `/Users/crt/Documents/bodeting/research/bad-bruteforcing/attempt-1.txt`). + * **Successful Bruteforce:** If you confirm a packet worked (with 'y' in manual mode), the complete successful `full_hex_string` is automatically appended to this file. + * **Cancelled/Completed (No Success):** If the bruteforce is cancelled or finishes all iterations without a 'y' confirmation, you'll be prompted: + `Kein Zauber hat gewirkt oder du hast abgebrochen. Gib den Suffix für '<hex_prefix>' ein, um ihn ins Buch zu kritzeln (oder Enter zum Überspringen):` + * If you enter a suffix (e.g., `fa`), the script will save `hex_prefix + entered_suffix` to the `MAGIC` file. + * If you press Enter, nothing is saved for that attempt. + * The script checks if the directory for the `MAGIC` file exists and if the file is writable, providing error messages if issues are encountered. + +This tool aims to simplify the process of testing variations of known packet structures, especially when only the checksum isnt known
\ No newline at end of file |