Created
February 21, 2013 15:36
-
-
Save ldx/5005528 to your computer and use it in GitHub Desktop.
This one decodes a Dropbox encoded API key obtained here: https://dl-web.dropbox.com/spa/pjlfdak1tmznswp/api_keys.js/public/index.html It was written after studying dropbox-js/src/prod.coffee.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from base64 import b64encode, b64decode | |
| def decode_key(key): | |
| key, secret = key.split('|') | |
| key = b64decode(key) | |
| key = [ord(x) for x in key] | |
| secret = b64decode(secret) | |
| s = range(256) | |
| y = 0 | |
| for x in xrange(256): | |
| y = (y + s[len(key)] + key[x % len(key)]) % 256 | |
| s[x], s[y] = s[y], s[x] | |
| x = y = 0 | |
| result = [] | |
| for z in range(len(secret)): | |
| x = (x + 1) % 256 | |
| y = (y + s[x]) % 256 | |
| s[x], s[y] = s[y], s[x] | |
| k = s[(s[x] + s[y]) % 256] | |
| result.append(chr((k ^ ord(secret[z])) % 256)) | |
| key = ''.join([chr(a) for a in key]) | |
| return '|'.join([b64encode(key), b64encode(''.join(result))]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
thanks a lot. This gist helped me (I think).
Anyway, i don't understand the security benefit. Putting conceal keys in the app and decode they before using. Everybody who want to have the keys can this also.