Chào các bạn,
Hôm nay mình xin chia sẻ mã nguồn Encrypt Password Facebook Browser đã được mod lại từ mã gốc của bạn Nguyễn Hoàng Minh Hùng viết bằng NodeJS.
Sau khi tham khảo và nhờ sự trợ giúp của ChatGPT, mình đã chuyển đổi mã nguồn này sang Python để dễ sử dụng hơn trong các dự án khác nhau. Share lại cho bạn nào cần.
Mã này dùng để mã hóa mật khẩu Facebook, giúp việc request đăng nhập, đăng ký và các chức năng khác
PYTHON CODE:
import base64
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from nacl.public import SealedBox, PublicKey
import nacl.utils
import time
import requests
import re
PUBLIC_KEY_LENGTH = 64
I = 1
J = 1
K = 1
L = 48 # tweetnaclSealedBox.overheadLength
M = 2
N = 32
O = 16
P = J + K + M + N + L + O
def seal(buffer, public_key):
box = SealedBox(PublicKey(public_key))
return box.encrypt(buffer)
def r(a):
return bytes.fromhex(a)
def hash_password(a, c, d, e):
f = P + len(d)
if len(c) != PUBLIC_KEY_LENGTH:
raise ValueError('public key is not a valid hex string')
s = r(c)
if not s:
raise ValueError('public key is not a valid hex string')
t = bytearray(f)
u = 0
t[u] = I
u += J
t[u] = a
u += K
key = nacl.utils.random(N)
iv = bytes(12) # 12 bytes of zeroes
aes_gcm = AESGCM(key)
encrypted_data = aes_gcm.encrypt(iv, d, e)
sealed_key = seal(key, s)
t[u] = len(sealed_key) & 255
t[u + 1] = (len(sealed_key) >> 8) & 255
u += M
t[u:u+len(sealed_key)] = sealed_key
u += N + L
if len(sealed_key) != N + L:
raise ValueError('encrypted key is the wrong length')
tag = encrypted_data[-O:]
encrypted_data_without_tag = encrypted_data[:-O]
t[u:u+O] = tag
u += O
t[u:] = encrypted_data_without_tag
return bytes(t)
def hash_manager(public_key_data, timestamp, password):
h = password.encode('utf-8')
i = timestamp.encode('utf-8')
result = hash_password(int(public_key_data['keyId']), public_key_data['publicKey'], h, i)
return base64.b64encode(result).decode('utf-8')
def get_public_key():
headers = {
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'accept-language': 'vi-VN,vi;q=0.9',
'cache-control': 'max-age=0',
'dpr': '2',
'sec-ch-prefers-color-scheme': 'light',
'sec-ch-ua': '"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"',
'sec-ch-ua-full-version-list': '"Google Chrome";v="123.0.6312.122", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-model': '""',
'sec-ch-ua-platform': '"macOS"',
'sec-ch-ua-platform-version': '"14.3.1"',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'none',
'sec-fetch-user': '?1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36',
'viewport-width': '2072'
}
response = requests.get('https://www.facebook.com/', headers=headers)
public_key_pattern = r'"publicKey":\s*"([a-zA-Z0-9]+)"'
key_id_pattern = r'"keyId":\s*(\d+)'
public_key_match = re.search(public_key_pattern, response.text)
key_id_match = re.search(key_id_pattern, response.text)
if public_key_match and key_id_match:
return {
'publicKey': public_key_match.group(1),
'keyId': int(key_id_match.group(1))
}
else:
print("Không tìm thấy public key hoặc key ID.")
return None
def hash_password_main(password):
current_time = str(int(time.time()))
try:
public_key_data = get_public_key()
if public_key_data:
hashed_password = hash_manager(public_key_data, current_time, password)
return f"#PWD_BROWSER:5:{current_time}:{hashed_password}"
else:
print("Failed to retrieve public key data.")
return None
except Exception as error:
print("Error hashing password:", error)
return None
password_encrypt = hash_password_main("mk11kitu")
print(password_encrypt)
import base64
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from nacl.public import SealedBox, PublicKey
import nacl.utils
import time
import requests
import re
PUBLIC_KEY_LENGTH = 64
I = 1
J = 1
K = 1
L = 48 # tweetnaclSealedBox.overheadLength
M = 2
N = 32
O = 16
P = J + K + M + N + L + O
def seal(buffer, public_key):
box = SealedBox(PublicKey(public_key))
return box.encrypt(buffer)
def r(a):
return bytes.fromhex(a)
def hash_password(a, c, d, e):
f = P + len(d)
if len(c) != PUBLIC_KEY_LENGTH:
raise ValueError('public key is not a valid hex string')
s = r(c)
if not s:
raise ValueError('public key is not a valid hex string')
t = bytearray(f)
u = 0
t[u] = I
u += J
t[u] = a
u += K
key = nacl.utils.random(N)
iv = bytes(12) # 12 bytes of zeroes
aes_gcm = AESGCM(key)
encrypted_data = aes_gcm.encrypt(iv, d, e)
sealed_key = seal(key, s)
t[u] = len(sealed_key) & 255
t[u + 1] = (len(sealed_key) >> 8) & 255
u += M
t[u:u+len(sealed_key)] = sealed_key
u += N + L
if len(sealed_key) != N + L:
raise ValueError('encrypted key is the wrong length')
tag = encrypted_data[-O:]
encrypted_data_without_tag = encrypted_data[:-O]
t[u:u+O] = tag
u += O
t[u:] = encrypted_data_without_tag
return bytes(t)
def hash_manager(public_key_data, timestamp, password):
h = password.encode('utf-8')
i = timestamp.encode('utf-8')
result = hash_password(int(public_key_data['keyId']), public_key_data['publicKey'], h, i)
return base64.b64encode(result).decode('utf-8')
def get_public_key():
headers = {
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'accept-language': 'vi-VN,vi;q=0.9',
'cache-control': 'max-age=0',
'dpr': '2',
'sec-ch-prefers-color-scheme': 'light',
'sec-ch-ua': '"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"',
'sec-ch-ua-full-version-list': '"Google Chrome";v="123.0.6312.122", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-model': '""',
'sec-ch-ua-platform': '"macOS"',
'sec-ch-ua-platform-version': '"14.3.1"',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'none',
'sec-fetch-user': '?1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36',
'viewport-width': '2072'
}
response = requests.get('https://www.facebook.com/', headers=headers)
public_key_pattern = r'"publicKey":\s*"([a-zA-Z0-9]+)"'
key_id_pattern = r'"keyId":\s*(\d+)'
public_key_match = re.search(public_key_pattern, response.text)
key_id_match = re.search(key_id_pattern, response.text)
if public_key_match and key_id_match:
return {
'publicKey': public_key_match.group(1),
'keyId': int(key_id_match.group(1))
}
else:
print("Không tìm thấy public key hoặc key ID.")
return None
def hash_password_main(password):
current_time = str(int(time.time()))
try:
public_key_data = get_public_key()
if public_key_data:
hashed_password = hash_manager(public_key_data, current_time, password)
return f"#PWD_BROWSER:5:{current_time}:{hashed_password}"
else:
print("Failed to retrieve public key data.")
return None
except Exception as error:
print("Error hashing password:", error)
return None
password_encrypt = hash_password_main("mk11kitu")
print(password_encrypt)