Die Dokumente unter dem Menüpunkt "Meine Dokumente" werden von der filetransfer.exe (https://www.stine.uni-hamburg.de/scripts/filetransfer.exe) ausgeliefert.
Aufbau der verschleierten URL[Bearbeiten]
/scripts/filetransfer.exe?[lange hexzeichenkette]
Aufbau der Klartext-URL[Bearbeiten]
mode=download&installdir=./&session=[Session-ID 15N]&fnsrc=f[15N (bei mir alle 15N, evt. auch mehr/weniger)].cache&fndest=[Auslieferungsdateiname]&subdir=temp
Beispiel einer gültigen URL:
mode=download&installdir=./&session=333095970339915&fnsrc=f332804257938329.cache&fndest=OnlineBeitragsbescheid.pdf&subdir=temp
Aufbau der Hexzeichenkette[Bearbeiten]
Es wird ein einfaches Substitutionsverfahren verwendet. Jedes Zeichen wird durch einen vierstelligen Hexcode ersetzt. Eventuell ist hier noch ein Muster drin, momentan ist jedoch keines bekannt.
Die Liste ist nun zum größten Teil vollständig. Es fehlt noch das Leerzeichen sowie eher ungebräuchlichere ASCII-Codes, insbesondere Steuerzeichen.
Zahlen
Code |
Zeichen
|
8977 |
0
|
2018 |
1
|
a8b1 |
2
|
3dc2 |
3
|
3b98 |
4
|
4423 |
5
|
6950 |
6
|
9ee7 |
7
|
7678 |
8
|
ac3b |
9
|
Großbuchstaben
Code |
Zeichen
|
478b |
A
|
76fd |
B
|
4886 |
C
|
92d1 |
D
|
3ace |
E
|
3322 |
F
|
4b34 |
G
|
b7f7 |
H
|
a4bf |
I
|
a59e |
J
|
2331 |
K
|
b90e |
L
|
6296 |
M
|
45e4 |
N
|
81e8 |
O
|
9eb8 |
P
|
0d21 |
Q
|
5a84 |
R
|
9396 |
S
|
642a |
T
|
0682 |
U
|
7df7 |
V
|
0a17 |
W
|
a14e |
X
|
284a |
Y
|
a2ec |
Z
|
Kleinbuchstaben
Code |
Zeichen
|
781f |
a
|
a007 |
b
|
7abe |
c
|
b84f |
d
|
b91d |
e
|
2104 |
f
|
94f2 |
g
|
6e19 |
h
|
644d |
i
|
a852 |
j
|
2cba |
k
|
2906 |
l
|
8606 |
m
|
46df |
n
|
2d78 |
o
|
15c8 |
p
|
8be3 |
q
|
7b4f |
r
|
27c2 |
s
|
04c6 |
t
|
98cb |
u
|
6141 |
v
|
06db |
w
|
594e |
x
|
5977 |
y
|
9d29 |
z
|
Sonderzeichen
Code |
Zeichen
|
432b |
!
|
7c0c |
#
|
62da |
$
|
112f |
%
|
0e27 |
&
|
0409 |
'
|
2692 |
(
|
6b27 |
)
|
5721 |
*
|
56fd |
+
|
789b |
,
|
aeb7 |
-
|
6e93 |
.
|
a837 |
/
|
54e5 |
;
|
76b1 |
<
|
3dd0 |
=
|
7b44 |
>
|
923d |
@
|
493f |
[
|
6a15 |
]
|
8991 |
^
|
6873 |
_
|
51ed |
`
|
45ea |
{
|
1d54 |
|
|
2545 |
}
|
4092 |
~
|
Umlaute
Code |
Zeichen
|
3240 |
Ä
|
28b7 |
Ö
|
3ada |
Ü
|
8c24 |
ä
|
16da |
ö
|
4a5b |
ü
|
Python-Modul zum verschleiern/entschleiern[Bearbeiten]
# -*- coding: utf-8 -*-
"""
STiNE filetransfer.exe decoder/encoder
Copyright (c) 2008 Henning Pridöhl
MIT License - http://www.opensource.org/licenses/mit-license.php
This module is for decoding and encoding of the filetransfer.exe parameter
of STiNE. It consists of three functions:
1) string encoded_parameter encode_transfer(string query_string)
2) string decoded_query_string decode_transfer(string encoded_parameter)
3) string encoded_parameter build_transfer(
session, fnsrc, fndest, installdir='./', subdir='temp')
Please note that the code table doesn't contain the complete ASCII!
Feel free to add missing codes.
== Usage ==
Encoding:
>>> encode_transfer('mode=download&installdir=./&session=333090280767182&fnsrc=f333043751172556.cache&fndest=OnlineKontrollausdruck.pdf&subdir=temp')
'86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8'
Decoding:
>>> decode_transfer('86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8')
'mode=download&installdir=./&session=333090280767182&fnsrc=f333043751172556.cache&fndest=OnlineKontrollausdruck.pdf&subdir=temp'
Decoding with unknown codes results in '?' (f00b is unknown)
>>> decode_transfer('f00b781f7b4f')
'?ar'
Building the transfer easily
>>> build_transfer(333090280767182, 'f333043751172556.cache', 'OnlineKontrollausdruck.pdf')
'86062d78b84fb91d3dd0b84f2d7806db46df29062d78781fb84f0e27644d46df27c204c6781f29062906b84f644d7b4f3dd06e93a8370e2727c2b91d27c227c2644d2d7846df3dd03dc23dc23dc28977ac3b8977a8b1767889779ee769509ee720187678a8b10e27210446df27c27b4f7abe3dd021043dc23dc23dc289773b983dc29ee74423201820189ee7a8b14423442369506e937abe781f7abe6e19b91d0e27210446dfb84fb91d27c204c63dd081e846df2906644d46dfb91d23312d7846df04c67b4f2d7829062906781f98cb27c2b84f7b4f98cb7abe2cba6e9315c8b84f21040e2727c298cba007b84f644d7b4f3dd004c6b91d860615c8'
Debug decoding (e.g. for adding new codes to the code table)
Just join the result with "\n" and display it :)
>>> decode_transfer('21042d782d78a007781f7b4f', True)
('2104 2d78 2d78 a007 781f 7b4f', 'f o o b a r ')
"""
code_table = """
8977 0
2018 1
a8b1 2
3dc2 3
3b98 4
4423 5
6950 6
9ee7 7
7678 8
ac3b 9
478b A
76fd B
4886 C
92d1 D
3ace E
3322 F
4b34 G
b7f7 H
a4bf I
a59e J
2331 K
b90e L
6296 M
45e4 N
81e8 O
9eb8 P
0d21 Q
5a84 R
9396 S
642a T
0682 U
7df7 V
0a17 W
a14e X
284a Y
a2ec Z
781f a
a007 b
7abe c
b84f d
b91d e
2104 f
94f2 g
6e19 h
644d i
a852 j
2cba k
2906 l
8606 m
46df n
2d78 o
15c8 p
8be3 q
7b4f r
27c2 s
04c6 t
98cb u
6141 v
06db w
594e x
5977 y
9d29 z
432b !
7c0c #
62da $
112f %
0e27 &
0409 '
2692 (
6b27 )
5721 *
56fd +
789b ,
aeb7 -
6e93 .
a837 /
54e5 ;
76b1 <
3dd0 =
7b44 >
923d @
493f [
6a15 ]
8991 ^
6873 _
51ed `
45ea {
1d54 |
2545 }
4092 ~
3240 Ä
28b7 Ö
3ada Ü
8c24 ä
16da ö
4a5b ü
""".strip()
decode_dict = {}
encode_dict = {}
for line in code_table.split('\n'):
code, char = line.split()
decode_dict[code] = char
encode_dict[char] = code
del code_table
def encode_transfer(plain):
"""Encodes a transfer name
>>> encode_transfer('foobar')
'21042d782d78a007781f7b4f'
"""
return ''.join([encode_dict.get(x, '????') for x in plain])
def decode_transfer(encoded, debug=False):
"""Decodes a transfer name
>>> decode_transfer('21042d782d78a007781f7b4f')
'foobar'
"""
encoded = encoded.replace('https://www.stine.uni-hamburg.de/scripts/', '') \
.replace('filetransfer.exe?', '')
try:
if len(encoded) % 4 != 0:
raise
if not debug:
return ''.join([decode_dict.get(encoded[i*4:(i+1)*4], '?')
for i in xrange(len(encoded)/4)])
else:
return (
' '.join([encoded[i*4:(i+1)*4]
for i in xrange(len(encoded)/4)]),
' '.join(['%s ' % decode_dict.get(encoded[i*4:(i+1)*4], '?')
for i in xrange(len(encoded)/4)])
)
except:
raise ValueError('encoded string is malformed!')
def build_transfer(session, fnsrc, fndest, installdir='./', subdir='temp'):
"""Builds an transfer name by given url parameters
>>> import hashlib; hashlib.sha1(
... build_transfer(333090280767182, 'f00.cache', 'foo.pdf')
... ).hexdigest()
'c6fa3a7e5cdf544f2d01978d084ea0e4aca6beb3'
"""
return encode_transfer(
'mode=download&installdir=%s&session=%s&fnsrc=%s&fndest=%s&subdir=%s'
% (installdir, session, fnsrc, fndest, subdir)
)
if __name__ == '__main__':
import doctest
doctest.testmod()