Skip to content
This repository has been archived by the owner on May 27, 2023. It is now read-only.

Commit

Permalink
Initial commit of exported sources
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-p-b
v-p-b committed Apr 13, 2015
0 parents commit d6ab356
Show file tree
Hide file tree
Showing 49 changed files with 4,203 additions and 0 deletions.
60 changes: 60 additions & 0 deletions MessageTester.java
@@ -0,0 +1,60 @@
import java.io.*;
import oracle.forms.engine.FormsMessage;
import oracle.forms.engine.Message;

class MessageTester{

// Borrowed from https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}
private static void printMessage(Message m){
for (int i=0;i<m.size();i++){
System.out.println("Property "+i+": "+m.getPropertyAt(i)+" Type: "+m.getPropertyTypeAt(i));
System.out.println("--- Value: "+m.getValueAt(i).toString());
System.out.flush();
}
}

public static void main(String argv[]){
String bodyHex=argv[0];
String[] as=new String[256];
System.out.println(bodyHex);
byte[] body=hexStringToByteArray(bodyHex);
System.out.println("Body: "+body.length+" byte(s)");
if (body.length==0) return;
try{
Message m;
ByteArrayInputStream bis=new ByteArrayInputStream(body);
DataInputStream dis=new DataInputStream(bis);
while((m=Message.readDetails(dis,as))!=null){
printMessage(m);
System.out.println("Message OK");

dis.mark(16);
System.out.print("Read finished at:");
for (int i=0;i<8;i++){
System.out.print(String.format("%02x", dis.readByte()));
}
dis.reset();
System.out.println("");
System.out.flush();

}
}catch(IOException e){
System.out.println("Message IOException");
e.printStackTrace(System.out);
}catch(IllegalArgumentException iae){
System.out.println("Message IllegalArgumentException");
iae.printStackTrace(System.out);
}
System.out.println("---");

}
}
66 changes: 66 additions & 0 deletions OracleFormsBruteForce.java
@@ -0,0 +1,66 @@
import java.io.*;
import oracle.forms.engine.FormsMessage;
import oracle.forms.engine.Message;
import oracle.forms.net.EncryptedInputStream;

class OracleFormsBruteForce{

// Borrowed from https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}

public static String byteArrayToHex(byte[] a) {
StringBuilder sb = new StringBuilder(a.length * 2);
for(byte b: a)
sb.append(String.format("%02x", b & 0xff));
return sb.toString();
}

private static void printMessage(Message m){
for (int i=0;i<m.size();i++){
System.out.println("Property "+i+": "+m.getPropertyAt(i)+" Type: "+m.getPropertyTypeAt(i));
System.out.println("--- Value: "+m.getValueAt(i).toString());
System.out.flush();
}
}

public static void main(String argv[]){
String bodyHex=argv[0];
System.out.println(bodyHex);
byte[] body=hexStringToByteArray(bodyHex);
System.out.println("Body: "+body.length+" byte(s)");
if (body.length==0) return;
byte[] rc4Key=new byte[5];
byte[] res=new byte[body.length];
for(long l=0;l<0xffffffffL;l++){
rc4Key[0]=(byte)((l & 0xff000000) >> 24);
rc4Key[1]=(byte)((l & 0xff0000) >> 16);
rc4Key[2]=-82;
rc4Key[3]=(byte)((l & 0xff00) >> 8);
rc4Key[4]=(byte)(l & 0xff);
if (l % 10000 == 0)
System.out.println("Trying: "+byteArrayToHex(rc4Key));
EncryptedInputStream eis=new EncryptedInputStream(new ByteArrayInputStream(body));
eis.setEncryptKey(rc4Key);
try{
eis.read(res,0,body.length);
if (res[0]==0x10 && res[1]==0x00 && res[res.length-1]==0x01 && res[res.length-2]==-16){
System.out.println("KEY FOUND: "+byteArrayToHex(rc4Key));
System.out.println(byteArrayToHex(res));
return;
}
}catch(IOException ioe){
System.out.println("IOException");
return;
}

}
}
}
147 changes: 147 additions & 0 deletions OracleFormsSyncingBruteForce.java
@@ -0,0 +1,147 @@
import java.io.*;
import oracle.forms.engine.FormsMessage;
import oracle.forms.engine.Message;
import oracle.forms.net.EncryptedInputStream;
import java.util.Arrays;

/* http://stackoverflow.com/a/21341389 */
class KPM {
/**
* Search the data byte array for the first occurrence of the byte array pattern within given boundaries.
* @param data
* @param start First index in data
* @param stop Last index in data so that stop-start = length
* @param pattern What is being searched. '*' can be used as wildcard for "ANY character"
* @return
*/
public static int indexOf( byte[] data, int start, int stop, byte[] pattern) {
if( data == null || pattern == null) return -1;

int[] failure = computeFailure(pattern);

int j = 0;

for( int i = start; i < stop; i++) {
while (j > 0 && ( pattern[j] != '*' && pattern[j] != data[i])) {
j = failure[j - 1];
}
if (pattern[j] == '*' || pattern[j] == data[i]) {
j++;
}
if (j == pattern.length) {
return i - pattern.length + 1;
}
}
return -1;
}

/**
* Computes the failure function using a boot-strapping process,
* where the pattern is matched against itself.
*/
private static int[] computeFailure(byte[] pattern) {
int[] failure = new int[pattern.length];

int j = 0;
for (int i = 1; i < pattern.length; i++) {
while (j>0 && pattern[j] != pattern[i]) {
j = failure[j - 1];
}
if (pattern[j] == pattern[i]) {
j++;
}
failure[i] = j;
}

return failure;
}
}


class OracleFormsSyncingBruteForce{


// Borrowed from https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}

public static String byteArrayToHex(byte[] a) {
StringBuilder sb = new StringBuilder(a.length * 2);
for(byte b: a)
sb.append(String.format("%02x", b & 0xff));
return sb.toString();
}

private static void printMessage(Message m){
for (int i=0;i<m.size();i++){
System.out.println("Property "+i+": "+m.getPropertyAt(i)+" Type: "+m.getPropertyTypeAt(i));
System.out.println("--- Value: "+m.getValueAt(i).toString());
System.out.flush();
}
}

public static void main(String argv[]){
String bodyHex=argv[0];
int searchLength=Integer.parseInt(argv[1]);
System.out.println(bodyHex);

byte[] keyStreamDummy=new byte[searchLength];
byte[] keyStream=new byte[searchLength];
Arrays.fill(keyStreamDummy,(byte)0);

byte[] body=hexStringToByteArray(bodyHex);
System.out.println("Body: "+body.length+" byte(s)");

byte[] header=new byte[3];
header[0]=(byte)(body[0]^((byte)0x10));
header[1]=body[1];
header[2]=(byte)(body[2]^((byte)0x06));


if (body.length==0) return;
byte[] rc4Key=new byte[5];

for(long l=0x30000000L;l<0xffffffffL;l++){
rc4Key[0]=(byte)((l & 0xff000000) >> 24);
rc4Key[1]=(byte)((l & 0xff0000) >> 16);
rc4Key[2]=-82;
rc4Key[3]=(byte)((l & 0xff00) >> 8);
rc4Key[4]=(byte)(l & 0xff);
/*if (l % 10000 == 0)
System.out.println("Trying: "+byteArrayToHex(rc4Key));*/
EncryptedInputStream eisKS=new EncryptedInputStream(new ByteArrayInputStream(keyStreamDummy));
eisKS.setEncryptKey(rc4Key);

try{
eisKS.read(keyStream,0,searchLength);
int index=KPM.indexOf(keyStream,0,keyStream.length,header);
if (index!=-1){
//System.out.println(String.format("Found candidate: %08x (%d)",l,index));
ByteArrayOutputStream baos=new ByteArrayOutputStream();
baos.write(new byte[index]);
baos.write(body);
EncryptedInputStream eis=new EncryptedInputStream(new ByteArrayInputStream(baos.toByteArray()));
eis.setEncryptKey(rc4Key);
byte[] res=new byte[body.length+index];
eis.read(res,0,body.length+index);
if (res[index]==0x10 && res[index+1]==0x00 && res[res.length-1]==0x01 && res[res.length-2]==-16){
System.out.println("KEY FOUND: "+byteArrayToHex(rc4Key));
System.out.println(byteArrayToHex(res));
return;
}
}
}catch(IOException ioe){
System.out.println("IOException");
return;
}

}
}
}
7 changes: 7 additions & 0 deletions OracleFormsTester/.classpath
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
<classpathentry kind="lib" path="lib/frmall.jar" sourcepath="/home/b/projects/oracle_forms/frmall"/>
<classpathentry kind="output" path="bin"/>
</classpath>
12 changes: 12 additions & 0 deletions OracleFormsTester/.gitignore
@@ -0,0 +1,12 @@
*.class

# Mobile Tools for Java (J2ME)
.mtj.tmp/

# Package Files #
*.jar
*.war
*.ear

# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*
17 changes: 17 additions & 0 deletions OracleFormsTester/.project
@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>OracleFormsTester</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>
60 changes: 60 additions & 0 deletions OracleFormsTester/MessageTester.java
@@ -0,0 +1,60 @@
import java.io.*;
import oracle.forms.engine.FormsMessage;
import oracle.forms.engine.Message;

class MessageTester{

// Borrowed from https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}
private static void printMessage(Message m){
for (int i=0;i<m.size();i++){
System.out.println("Property "+i+": "+m.getPropertyAt(i)+" Type: "+m.getPropertyTypeAt(i));
System.out.println("--- Value: "+m.getValueAt(i).toString());
System.out.flush();
}
}

public static void main(String argv[]){
String bodyHex=argv[1];
String[] as=new String[256];
System.out.println(bodyHex);
byte[] body=hexStringToByteArray(bodyHex);
System.out.println("Body: "+body.length+" byte(s)");
if (body.length==0) return;
try{
Message m;
ByteArrayInputStream bis=new ByteArrayInputStream(body);
DataInputStream dis=new DataInputStream(bis);
while((m=Message.readDetails(dis,as))!=null){
printMessage(m);
System.out.println("Message OK");

dis.mark(16);
System.out.print("Read finished at:");
for (int i=0;i<8;i++){
System.out.print(String.format("%02x", dis.readByte()));
}
dis.reset();
System.out.println("");
System.out.flush();

}
}catch(IOException e){
System.out.println("Message IOException");
e.printStackTrace(System.out);
}catch(IllegalArgumentException iae){
System.out.println("Message IllegalArgumentException");
iae.printStackTrace(System.out);
}
System.out.println("---");

}
}

0 comments on commit d6ab356

Please sign in to comment.