#!/usr/bin/env python3 """ Test different data formats to understand what the API expects """ import requests API = 'http://154.57.164.76:32127/api' # Data we extracted from the MOSI stream around "axel_outrun": # 0292640464020a820860081608cd0833085e0831084d084f0886083408cd081f # Breaking this down: # 02 92 64 04 64 02 0a 82 08 60 08 16 08 cd 08 33 # 08 5e 08 31 08 4d 08 4f 08 86 08 34 08 cd 08 1f # That's 32 bytes total. Let me try different splits: uid = '04f6555b' username = '6178656c5f6f757472756e' print("[*] Testing different auth_code formats...\n") # Test 1: First 16 bytes = sector 22, next 16 = sector 34 test_cases = [ { 'name': 'Test 1: 16+16 split', 'auth': '0292640464020a820860081608cd0833', 'access': '085e0831084d084f0886083408cd081f' }, { 'name': 'Test 2: 10 bytes sector + 6 bytes keys', 'auth': '0292640464020a820860' + '081608cd0833', # 10 + 6 'access': '085e0831084d084f0886083408cd081f' }, { 'name': 'Test 3: Different 10+6 split', 'auth': '02926404640208' + '60081608cd0833', # Different split 'access': '085e0831084d084f0886083408cd081f' }, { 'name': 'Test 4: Sector 22 with appended keys from sector 34', 'auth': '0292640464020a820860081608cd0833' + '085e0831084d4f', # 16 + first 6 of s34 'access': '085e0831084d084f0886083408cd081f' }, { 'name': 'Test 5: JUST the extracted 32 bytes as one auth', 'auth': '0292640464020a820860081608cd0833085e0831084d084f0886083408cd081f', 'access': '085e0831084d084f0886083408cd081f' }, { 'name': 'Test 6: Maybe 8 byte sector + last 6 as keys', 'auth': '0292640464020a82' + '0860081608cd0833', # 8 + rest as keys? 'access': '085e0831084d084f0886083408cd081f' }, ] for test in test_cases: data = { 'uid': uid, 'username': username, 'authorization_code': test['auth'], 'access_level': test['access'] } try: r = requests.post(API, data=data, timeout=3) result = r.json() status = result.get('door_status', 'Unknown') flag = result.get('flag', '') if len(flag) > 5: print(f"\n{'='*70}") print(f"SUCCESS! {test['name']}") print(f"FLAG: {flag}") print(f"{'='*70}") print(f"\nAuth code: {test['auth']}") print(f"Length: {len(test['auth'])} chars = {len(test['auth'])//2} bytes") exit(0) else: print(f"{test['name']}: {status}") print(f" Auth length: {len(test['auth'])//2} bytes") except Exception as e: print(f"{test['name']}: Error - {e}") print("\n[*] None worked. Let me try extracting the keys differently...") print() # Maybe the keys ARE in the data but need to be interpreted differently # Looking at: 08 60 08 16 08 cd 08 33 # Remove the repeating 0x08: 60 16 cd 33 # That's 4 bytes, not 6... # Or: 08 16 08 cd 08 33 as 3 values: 0816, 08cd, 0833 print("[*] Trying different key extraction from visible bytes...") # The pattern 08 XX 08 YY 08 ZZ appears multiple times # Let's extract: 16, cd, 33, 5e, 31, 4d, 4f, 86, 34, cd, 1f filtered = '1608cd08335e314d4f8634cd1f' print(f"Filtered pattern: {filtered}") # Try this as keys test_auth = '0292640464020a82' + filtered[:12] # First 6 bytes as keys data = { 'uid': uid, 'username': username, 'authorization_code': test_auth, 'access_level': '085e0831084d084f0886083408cd081f' } try: r = requests.post(API, data=data, timeout=3) result = r.json() print(f"\nFiltered test: {result}") except: pass