Write exploit faster with up-to-date python 3
Project description
FirstBlood
I'm not writing production scripts, I just want to get the firstblood.
This is a python 3 library which will add some method to builtin objects, and provide some useful utilities.
It's still WIP and needs a lot of refactoring.
WARNING: THIS LIBRARY MAY CHANGE THE BEHAVIOR OF PYTHON, WHICH SHOULD NOT BE USED IN PRODUCTION ENVIRONMENT.
TOC
- Bytes, String and Hash
- Method Chaining
- Iterable
- Function
- Integer and Modulo
- Object
- JSON
- Type Conversion
- Unified I/O
Get Started
from firstblood.all import *
Get Started - Bytes, String and Hash
Python 3 has many great features, but it's not very suitable for CTF due to the seperation of str and bytes. The concept of bytes is really useful, you should follow it to handle encoding correctly in production. But it is annoying when you have a tight deadline (e.g. during the CTF).
Take base64 encoding for an example, here how it looks like in python 2:
str_var.encode('base64')
in python 3:
import binascii
binascii.b2a_base64(str_var.encode('utf8')).decode('utf8')
With this library, you can write:
str_var.b64e
# or
str_var.base64e
# or
str_var.enc('base64')
We also have a xor
method which is very useful for crypto tasks:
>>> 'abc'.xor('cde')
b'\x02\x06\x06'
>>> 'abc'.xor(32)
b'ABC'
To convert between bytes, str and int:
>>> 'abc'.bytes
b'abc'
>>> 'abc'.bytes.str
'abc'
>>> 'a'.ord # ord
97
>>> b'1337'.int10 # decimal
1337
>>> b'1337'.int16 # hex
4919
>>> b'\x39\x05'.int # little endian
1337
>>> b'\x05\x39'.Int # big endian
1337
>>> b'\x39\x05'.u16 # integer modulo ring
(1337 mod 2^16)
We also bind hashlib digest to str and bytes:
>>> 'abc'.sha1
b'\xa9\x99>6G\x06\x81j\xba>%qxP\xc2l\x9c\xd0\xd8\x9d'
>>> 'abc'.sha1.hexe
'a9993e364706816aba3e25717850c26c9cd0d89d'
>>> 'abc'.blake2s
b'P\x8c^\x8c2|\x14\xe2\xe1\xa7+\xa3N\xebE/7E\x8b \x9e\xd6:)M\x99\x9bL\x86gY\x82'
>>> 'abc'.blake2s.hexe
'508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982'
Get Started - Method Chaining
The nature of python is nesting function call:
len(listA)
# or
list(map(str, listA))
# or
enumerate(zip(listA, listB))
# or
b2a_base64(sha1(a2b_base64(str_var)).digest()).decode('utf8')
But I'm a big fan of method chaining like what we do in Javascript. With this library, we can write:
listA.len
# or
listA.map(str).list
# or
listA.zip(listB).enum
# or
str_var.b64d.sha1.b64e
The order of method is same as the order of execution. Much better, right :)
Get Started - Iterable and Function
We intergrate builtin functions and a powerful module, itertools, to iterables itself.
If we want to bruteforce length 3 pairs of a given set:
>>> range(2).product(3).take(5).list
[(0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0)]
>>> 'ab'.product(3).take(5).list
['aaa', 'aab', 'aba', 'abb', 'baa']
And some useful utilities for processing iterables:
>>> 'abcabc'.rev
'cbacba'
>>> 'abcabc'.sorted
'aabbcc'
>>> 'abcabc'.chunk(2).list
['ab', 'ca', 'bc']
>>> 'abcabc'.nchunks(2).list
['abc', 'abc']
>>> range(4).xor(32).list
[32, 33, 34, 35]
We also add some numpy-like functions:
>>> range(5, 10).sum
35
>>> range(5, 10).mean
7.0
>>> range(5, 10).min
5
>>> range(5, 10).argmin
0
>>> range(5, 10).max
9
>>> range(5, 10).argmax
4
>>> range(10).all
False
>>> range(10).any
True
>>>
Convert between different iterables is very easy:
>>> 'abcabc'.list # list
['a', 'b', 'c', 'a', 'b', 'c']
>>> 'abcabc'.uniq # set
{'a', 'b', 'c'}
>>> 'abcabc'.tuple # tuple
('a', 'b', 'c', 'a', 'b', 'c')
>>> 'abcabc'.counter # collections.Counter
Counter({'a': 2, 'b': 2, 'c': 2})
>>> 'abcabc'.list.joinby(', ')
'a, b, c, a, b, c'
>>> 'abcabc'.list.joinby(b', ')
b'a, b, c, a, b, c'
Get Started - Function
Similar to itertools, we have functools for functions,
we bind partial
method on it:
>>> (lambda x: x).partial(10)()
10
>>> (lambda x: x).bind(10)()
10
TODO
compose
Get Started - Integer and Modulo
We provide different ways to convert to hex and bin:
>>> (1337).hex
'0539'
>>> (1337).bin
'0000010100111001'
where hex
is aligned to two chars and bin
is aligned to 8 chars.
We have a special module for calculation modulo arithmetic:
>>> (13).u16
(13 mod 2^16)
>>> (13).u16 << 15
(32768 mod 2^16)
>>> (13).u16 << 16
(0 mod 2^16)
>>> (13).mod(100) * 10
(30 mod 100)
>>> (13).mod(100) / 3
(71 mod 100)
>>> (71).mod(100) * 3
(13 mod 100)
>>> 1 / (13).mod(100)
(77 mod 100)
>>> (13).mod(100).inv
(77 mod 100)
Some utilities:
>>> (30).align(8)
32
>>> (32).align(8)
32
>>> (30).bin
'00011110'
>>> (30).mask(4).bin
'00010000'
To convert between int, bytes and str:
>>> (97).chr
'a'
>>> (1952802156).str
'1952802156'
>>> (1952802156).bytes
b'leet'
>>> (1952802156).p32
b'leet'
>>> (1952802156).p64
b'leet\x00\x00\x00\x00'
Get Started - Object
We bind some builtin functions to Object:
>>> str.dir.take(5).list
['Int', '__add__', '__class__', '__contains__', '__delattr__']
>>> str.hasattr('__name__')
True
>>> str.getattr('__name__')
'str'
>>> str.setattr('__name__', 'error')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: cant set attributes of built-in/extension type 'str'
Get Started - JSON
Converting between data and JSON string can be done with attributes:
>>> 'abc'.json
'"abc"'
>>> (1337).json
'1337'
>>> {'a': 1}.json
'{"a": 1}'
>>> {'a': 1}.json.jsond
{'a': 1}
Get Started - Type conversion
TBD
Binding codecs module to attribute.
str_var.enc(encoding)
str_var.dec(encoding)
Get Started - Unified I/O
TBD
Inspired by the awesome interface of pwntools, we provide a unified interface for communicating between proceess, network, or even files.
r.line([size, keep=False]) # read a line up to size bytes. alias of r.readline([size])
r.line(data) # alias of r.writeline(data)
r.lines([hint, keep=False]) # read all lines up to hint bytes. alias of r.readlines([hint])
r.until('input: ', [keep=False, drop=True]) # alias of r.readuntil('input: ')
r.read([n]) # read up to n bytes
r.peek([n]) # peek up to n bytes
r.write(data) # write data
r.seek(n) # file only
Moreover, we make it chainable to provide a cleaner interface.
r.after('input: ').line(data).read(5)
r.before('0x').line()
We also provide shortcuts to files to avoid with open
block:
data = uio.read('/path/to/file') # r mode
data = uio.readbin('/path/to/file') # rb mode
data = uio.readline('/path/to/file') # r mode
data = uio.readbinline('/path/to/file') # rb mode
data = uio.readlines('/path/to/file') # r mode
data = uio.readbinlines('/path/to/file') # rb mode
data = uio.readuntil('/path/to/file', 'end') # r mode
data = uio.readbinuntil('/path/to/file', b'end') # r mode
data = uio.write('/path/to/file', data) # r mode
data = uio.writebin('/path/to/file', data) # r mode
data = uio.writeline('/path/to/file', data) # r mode
data = uio.writebinline('/path/to/file', data) # r mode
data = uio.writelines('/path/to/file', lines) # r mode
data = uio.writebinlines('/path/to/file', lines) # r mode
[Future] Maybe we can bind uio and pathlib to str attributes?
data = '/path/to/file'.read()
data = '/path/to/file'.readbin()
data = '/path/to/file'.readlines()
data = '/path/to/file'.write(data)
f = '/path/to/file'.open()
files = '/path/to/dir'.iterdir()
API
TBD
The project is still working in progress, we does'nt has any stable api now.
Current Limitation
Overriding operators of builtin type cannot be done in pure python, those types save C function pointers directly.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.