STiNE-filetransfer.exe
Zur Navigation springen
Zur Suche springen
Die Dokumente unter dem Menüpunkt "Meine Dokumente" werden von der filetransfer.exe (https://www.stine.uni-hamburg.de/scripts/filetransfer.exe) ausgeliefert.
Aufbau der verschleierten URL[Bearbeiten]
/scripts/filetransfer.exe?[lange hexzeichenkette]
Aufbau der Klartext-URL[Bearbeiten]
mode=download&installdir=./&session=[Session-ID 15N]&fnsrc=f[15N (bei mir alle 15N, evt. auch mehr/weniger)].cache&fndest=[Auslieferungsdateiname]&subdir=temp
Beispiel einer gültigen URL:
mode=download&installdir=./&session=333095970339915&fnsrc=f332804257938329.cache&fndest=OnlineBeitragsbescheid.pdf&subdir=temp
Aufbau der Hexzeichenkette[Bearbeiten]
Es wird ein einfaches Substitutionsverfahren verwendet. Jedes Zeichen wird durch einen vierstelligen Hexcode ersetzt. Eventuell ist hier noch ein Muster drin, momentan ist jedoch keines bekannt.
Ersetzungstabelle[Bearbeiten]
Die Liste ist nun zum größten Teil vollständig. Es fehlt noch das Leerzeichen sowie eher ungebräuchlichere ASCII-Codes, insbesondere Steuerzeichen.
| Code | Zeichen |
|---|---|
| 8977 | 0 |
| 2018 | 1 |
| a8b1 | 2 |
| 3dc2 | 3 |
| 3b98 | 4 |
| 4423 | 5 |
| 6950 | 6 |
| 9ee7 | 7 |
| 7678 | 8 |
| ac3b | 9 |
| Code | Zeichen |
|---|---|
| 478b | A |
| 76fd | B |
| 4886 | C |
| 92d1 | D |
| 3ace | E |
| 3322 | F |
| 4b34 | G |
| b7f7 | H |
| a4bf | I |
| a59e | J |
| 2331 | K |
| b90e | L |
| 6296 | M |
| 45e4 | N |
| 81e8 | O |
| 9eb8 | P |
| 0d21 | Q |
| 5a84 | R |
| 9396 | S |
| 642a | T |
| 0682 | U |
| 7df7 | V |
| 0a17 | W |
| a14e | X |
| 284a | Y |
| a2ec | Z |
| Code | Zeichen |
|---|---|
| 781f | a |
| a007 | b |
| 7abe | c |
| b84f | d |
| b91d | e |
| 2104 | f |
| 94f2 | g |
| 6e19 | h |
| 644d | i |
| a852 | j |
| 2cba | k |
| 2906 | l |
| 8606 | m |
| 46df | n |
| 2d78 | o |
| 15c8 | p |
| 8be3 | q |
| 7b4f | r |
| 27c2 | s |
| 04c6 | t |
| 98cb | u |
| 6141 | v |
| 06db | w |
| 594e | x |
| 5977 | y |
| 9d29 | z |
| Code | Zeichen |
|---|---|
| 432b | ! |
| 7c0c | # |
| 62da | $ |
| 112f | % |
| 0e27 | & |
| 0409 | ' |
| 2692 | ( |
| 6b27 | ) |
| 5721 | * |
| 56fd | + |
| 789b | , |
| aeb7 | - |
| 6e93 | . |
| a837 | / |
| 54e5 | ; |
| 76b1 | < |
| 3dd0 | = |
| 7b44 | > |
| 923d | @ |
| 493f | [ |
| 6a15 | ] |
| 8991 | ^ |
| 6873 | _ |
| 51ed | ` |
| 45ea | { |
| 1d54 | | |
| 2545 | } |
| 4092 | ~ |
| Code | Zeichen |
|---|---|
| 3240 | Ä |
| 28b7 | Ö |
| 3ada | Ü |
| 8c24 | ä |
| 16da | ö |
| 4a5b | ü |
Python-Modul zum verschleiern/entschleiern[Bearbeiten]
# -*- coding: utf-8 -*-
"""
STiNE filetransfer.exe decoder/encoder
Copyright (c) 2008 Henning Pridöhl
MIT License - http://www.opensource.org/licenses/mit-license.php
This module is for decoding and encoding of the filetransfer.exe parameter
of STiNE. It consists of three functions:
1) string encoded_parameter encode_transfer(string query_string)
2) string decoded_query_string decode_transfer(string encoded_parameter)
3) string encoded_parameter build_transfer(
session, fnsrc, fndest, installdir='./', subdir='temp')
Please note that the code table doesn't contain the complete ASCII!
Feel free to add missing codes.
== Usage ==
Encoding:
>>> encode_transfer('mode=download&installdir=./&session=333090280767182&fnsrc=f333043751172556.cache&fndest=OnlineKontrollausdruck.pdf&subdir=temp')
'86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8'
Decoding:
>>> decode_transfer('86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8')
'mode=download&installdir=./&session=333090280767182&fnsrc=f333043751172556.cache&fndest=OnlineKontrollausdruck.pdf&subdir=temp'
Decoding with unknown codes results in '?' (f00b is unknown)
>>> decode_transfer('f00b781f7b4f')
'?ar'
Building the transfer easily
>>> build_transfer(333090280767182, 'f333043751172556.cache', 'OnlineKontrollausdruck.pdf')
'86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8'
Debug decoding (e.g. for adding new codes to the code table)
Just join the result with "\n" and display it :)
>>> decode_transfer('21042d782d78a007781f7b4f', True)
('2104 2d78 2d78 a007 781f 7b4f', 'f o o b a r ')
"""
code_table = """
8977 0
2018 1
a8b1 2
3dc2 3
3b98 4
4423 5
6950 6
9ee7 7
7678 8
ac3b 9
478b A
76fd B
4886 C
92d1 D
3ace E
3322 F
4b34 G
b7f7 H
a4bf I
a59e J
2331 K
b90e L
6296 M
45e4 N
81e8 O
9eb8 P
0d21 Q
5a84 R
9396 S
642a T
0682 U
7df7 V
0a17 W
a14e X
284a Y
a2ec Z
781f a
a007 b
7abe c
b84f d
b91d e
2104 f
94f2 g
6e19 h
644d i
a852 j
2cba k
2906 l
8606 m
46df n
2d78 o
15c8 p
8be3 q
7b4f r
27c2 s
04c6 t
98cb u
6141 v
06db w
594e x
5977 y
9d29 z
432b !
7c0c #
62da $
112f %
0e27 &
0409 '
2692 (
6b27 )
5721 *
56fd +
789b ,
aeb7 -
6e93 .
a837 /
54e5 ;
76b1 <
3dd0 =
7b44 >
923d @
493f [
6a15 ]
8991 ^
6873 _
51ed `
45ea {
1d54 |
2545 }
4092 ~
3240 Ä
28b7 Ö
3ada Ü
8c24 ä
16da ö
4a5b ü
""".strip()
decode_dict = {}
encode_dict = {}
for line in code_table.split('\n'):
code, char = line.split()
decode_dict[code] = char
encode_dict[char] = code
del code_table
def encode_transfer(plain):
"""Encodes a transfer name
>>> encode_transfer('foobar')
'21042d782d78a007781f7b4f'
"""
return ''.join([encode_dict.get(x, '????') for x in plain])
def decode_transfer(encoded, debug=False):
"""Decodes a transfer name
>>> decode_transfer('21042d782d78a007781f7b4f')
'foobar'
"""
encoded = encoded.replace('https://www.stine.uni-hamburg.de/scripts/', '') \
.replace('filetransfer.exe?', '')
try:
if len(encoded) % 4 != 0:
raise
if not debug:
return ''.join([decode_dict.get(encoded[i*4:(i+1)*4], '?')
for i in xrange(len(encoded)/4)])
else:
return (
' '.join([encoded[i*4:(i+1)*4]
for i in xrange(len(encoded)/4)]),
' '.join(['%s ' % decode_dict.get(encoded[i*4:(i+1)*4], '?')
for i in xrange(len(encoded)/4)])
)
except:
raise ValueError('encoded string is malformed!')
def build_transfer(session, fnsrc, fndest, installdir='./', subdir='temp'):
"""Builds an transfer name by given url parameters
>>> import hashlib; hashlib.sha1(
... build_transfer(333090280767182, 'f00.cache', 'foo.pdf')
... ).hexdigest()
'c6fa3a7e5cdf544f2d01978d084ea0e4aca6beb3'
"""
return encode_transfer(
'mode=download&installdir=%s&session=%s&fnsrc=%s&fndest=%s&subdir=%s'
% (installdir, session, fnsrc, fndest, subdir)
)
if __name__ == '__main__':
import doctest
doctest.testmod()