1

I need to bruteforce some of the address space using python. At the moment this is my code:

offsets = [
"\x00","\x01","\x02","\x03","\x04","\x05","\x06","\x07","\x08","\x09","\x0a","\x0b","\x0c","\x0d","\x0e","\x0f"
,"\x10","\x11","\x12","\x13","\x14","\x15","\x16","\x17","\x18","\x19","\x1a","\x1b","\x1c","\x1d","\x1e","\x1f"
,"\x20","\x21","\x22","\x23","\x24","\x25","\x26","\x27","\x28","\x29","\x2a","\x2b","\x2c","\x2d","\x2e","\x2f"
,"\x30","\x31","\x32","\x33","\x34","\x35","\x36","\x37","\x38","\x39","\x3a","\x3b","\x3c","\x3d","\x3e","\x3f"
,"\x40","\x41","\x42","\x43","\x44","\x45","\x46","\x47","\x48","\x49","\x4a","\x4b","\x4c","\x4d","\x4e","\x4f"
,"\x50","\x51","\x52","\x53","\x54","\x55","\x56","\x57","\x58","\x59","\x5a","\x5b","\x5c","\x5d","\x5e","\x5f"
,"\x60","\x61","\x62","\x63","\x64","\x65","\x66","\x67","\x68","\x69","\x6a","\x6b","\x6c","\x6d","\x6e","\x6f"
,"\x70","\x71","\x72","\x73","\x74","\x75","\x76","\x77","\x78","\x79","\x7a","\x7b","\x7c","\x7d","\x7e","\x7f"
,"\x80","\x81","\x82","\x83","\x84","\x85","\x86","\x87","\x88","\x89","\x8a","\x8b","\x8c","\x8d","\x8e","\x8f"
,"\x90","\x91","\x92","\x93","\x94","\x95","\x96","\x97","\x98","\x99","\x9a","\x9b","\x9c","\x9d","\x9e","\x9f"
,"\xa0","\xa1","\xa2","\xa3","\xa4","\xa5","\xa6","\xa7","\xa8","\xa9","\xaa","\xab","\xac","\xad","\xae","\xaf"
,"\xb0","\xb1","\xb2","\xb3","\xb4","\xb5","\xb6","\xb7","\xb8","\xb9","\xba","\xbb","\xbc","\xbd","\xbe","\xbf"
,"\xc0","\xc1","\xc2","\xc3","\xc4","\xc5","\xc6","\xc7","\xc8","\xc9","\xca","\xcb","\xcc","\xcd","\xce","\xcf"
,"\xd0","\xd1","\xd2","\xd3","\xd4","\xd5","\xd6","\xd7","\xd8","\xd9","\xda","\xdb","\xdc","\xdd","\xde","\xdf"
,"\xe0","\xe1","\xe2","\xe3","\xe4","\xe5","\xe6","\xe7","\xe8","\xe9","\xea","\xeb","\xec","\xed","\xee","\xef"
,"\xf0","\xf1","\xf2","\xf3","\xf4","\xf5","\xf6","\xf7","\xf8","\xf9","\xfa","\xfb","\xfc","\xfd","\xfe","\xff"]


for i in xrange(110, 256):
    num = offsets[i]
    address = "\xee" + num + "\xff\xbf"
    print `address`

And the output last part of the output:

'\xee\xfa\xff\xbf'
'\xee\xfb\xff\xbf'
'\xee\xfc\xff\xbf'
'\xee\xfd\xff\xbf'
'\xee\xfe\xff\xbf'
'\xee\xff\xff\xbf'

My question is if it is possible to get rid of the "offsets" array, and do it in a much cleaner way?

Improve this question

4 Answers 4

Reset to default
1

Sure is, just iterate over the xrange and call chr() on the current item:

>>> for i in xrange(110, 256):
...     print "\xee" + chr(i) + "\xff\xbf"

Notice that it'll print the actual characters. If you just want to print the values, you can use the backticks, however a more pythonic approach is to use repr():

>>> for i in xrange(110, 256):
...    print(repr("\xee" + chr(i) + "\xff\xbf"))
...
    -- SNIP --
'\xee\xfa\xff\xbf'
'\xee\xfb\xff\xbf'
'\xee\xfc\xff\xbf'
'\xee\xfd\xff\xbf'
'\xee\xfe\xff\xbf'
'\xee\xff\xff\xbf'
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
for i in xrange(110, 256):
    address = "\xee" + "\\" + hex(i)[1:] + "\xff\xbf"
    print `address`
Improve this answer

Comments

1

You can generate the offsets array in a one-liner:

offsets = ["0x{:02x}".format(_) for _ in range(0x100)]
Improve this answer

Comments

1

You could just do the math, and let struct construct the 4-byte sequence.

base = b'\xee\x00\xff\xbf' #assuming little-endian for the math coming up

struct.unpack('I',base)
Out[89]: (3221160174,)

#showing they're the same, no magic involved
int('ee',16) + int('ff',16)*(16**4) + int('bf',16)*(16**6)
Out[90]: 3221160174

#equivalent to bitshifting, if you prefer
int('ee',16) + (int('ff',16) << 16) + (int('bf',16) << 24)
Out[91]: 3221160174

So that gives

start = 3221160174

[struct.pack('I', start + (x<<8)) for x in range(256)]
Out[93]: 
[b'\xee\x00\xff\xbf',
 b'\xee\x01\xff\xbf',
 b'\xee\x02\xff\xbf',
 b'\xee\x03\xff\xbf',
 b'\xee\x04\xff\xbf',
 b'\xee\x05\xff\xbf',
 b'\xee\x06\xff\xbf',
 #snip...
 b'\xee\xff\xff\xbf']
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.