dwpa icon indicating copy to clipboard operation
dwpa copied to clipboard

Published 20 hours ago verified publisher icon RealEnder

Update get_work.php

Open FFAMax opened this issue 1 year ago • 0 comments

Have to verify on prod data!

Verification:

function get_essid_original($net) {
    if ($net['keyver'] == 100) {
        $apmkid = explode('*', $net['struct'], 4);
        return hex2bin($apmkid[3]);
    } else {
        $essid_len = ord(substr($net['struct'], 0x09, 1));
        if (version_compare(PHP_VERSION, '5.5.0') >= 0) {
            $essid = unpack('Z32', substr($net['struct'], 0x0a, 32));
        } else {
            $essid = unpack('a32', substr($net['struct'], 0x0a, 32));
        }
        return substr($essid[1], 0, $essid_len);
    }
}

// Fixed
function get_essid($net) {
    $essid_len = ord(substr($net['struct'], 0x09, 1));
    $essid_bin = substr($net['struct'], 0x0a, 32);
    $essid = substr($essid_bin, 0, strpos($essid_bin, "\0"));
    if ($essid === false) { // if no null byte
        $essid = substr($essid_bin, 0, $essid_len);
    }
    return $essid;
}


// Define test data
$test_data_with_null = array('keyver' => 1, 'struct' => "\x0A" . str_repeat("\0", 8) . "\x0A" . "Hello\0World\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
$test_data_without_null = array('keyver' => 1, 'struct' => "\x0A" . str_repeat("\0", 8) . "\x0A" . "HelloWorld\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");

echo "PHP version: " . PHP_VERSION . "\n";

echo "Original function with NULL: " . bin2hex(get_essid_original($test_data_with_null)) . "\n";
echo "Original function without NULL: " . bin2hex(get_essid_original($test_data_without_null)) . "\n";
echo "Updated function with NULL: " . bin2hex(get_essid($test_data_with_null)) . "\n";
echo "Updated function without NULL: " . bin2hex(get_essid($test_data_without_null)) . "\n";

Result:

PHP version: 5.4.45
Original function with NULL: 48656c6c6f00576f726c
Original function without NULL: 48656c6c6f576f726c64
Updated function with NULL: 48656c6c6f
Updated function without NULL: 48656c6c6f576f726c64

PHP version: 5.5.0
Original function with NULL: 48656c6c6f
Original function without NULL: 48656c6c6f576f726c64
Updated function with NULL: 48656c6c6f
Updated function without NULL: 48656c6c6f576f726c64

PHP version: 8.2.6
Original function with NULL: 48656c6c6f
Original function without NULL: 48656c6c6f576f726c64
Updated function with NULL: 48656c6c6f
Updated function without NULL: 48656c6c6f576f726c64

FFAMax avatar May 25 '23 03:05 FFAMax