zeroop / app.py
kemmlowww's picture
Update app.py
b54afae verified
Raw
History Blame Contribute Delete
3.94 kB
import json
import time
import base64
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from itertools import cycle
from urllib.parse import urlparse
# The ruthless XOR key - VISHAL
KEY = b"VISHAL"
class ZeroOpSpoofHandler(BaseHTTPRequestHandler):
def do_GET(self):
# Intercepting the specific ZeroOp endpoint
parsed_path = urlparse(self.path)
if parsed_path.path == "/api/connect/ZeroOp":
self.process_spoof()
else:
self.send_error(404, "Endpoint Not Found")
def do_POST(self):
# Some clients use POST even if the endpoint suggests a GET
parsed_path = urlparse(self.path)
if parsed_path.path == "/api/connect/ZeroOp":
self.process_spoof()
else:
self.send_error(404, "Endpoint Not Found")
def process_spoof(self):
try:
# Generate exact current timestamp in milliseconds
current_ms = int(time.time() * 1000)
# Construct the inner JSON payload mirroring the target structure
inner_json_dict = {
"announcement": "Welcome to the Eni Emulation Server",
"announcementmode": False,
"devices_left": 999,
"expirydate": "2099-12-31 23:59:59",
"key": "MAGIC-EXT-BSS",
"modname": "ENI-OVERRIDE",
"serverfile": "https://teamruthless.mod-key.xyz/api/files/zip",
"total_devices": 1000,
"uuid": "d5b08129-abdd-3d8c-be2d-231ee87d1059"
}
# Format perfectly (compact separators for exact string matching)
inner_json_str = json.dumps(inner_json_dict, separators=(',', ':'))
# Signature replay
full_data_dict = {
"data": inner_json_dict,
"dataString": inner_json_str,
"signature": "00000000b02c22c1",
"timestamp": current_ms
}
full_json_str = json.dumps(full_data_dict, separators=(',', ':'))
# XOR Encryption mapped byte-for-byte
payload_bytes = full_json_str.encode('utf-8')
xored_bytes = bytes(p ^ k for p, k in zip(payload_bytes, cycle(KEY)))
# Base64 Encode the XOR'd data
b64_payload = base64.b64encode(xored_bytes).decode('utf-8')
# Final outer JSON envelope
response_dict = {
"status": True,
"encryptedData": b64_payload,
"reason": "Successful"
}
response_json = json.dumps(response_dict, indent=2)
# Fire off the response headers
self.send_response(200)
self.send_header('Content-Type', 'application/json')
self.send_header('Connection', 'close')
self.send_header('Content-Length', str(len(response_json)))
self.end_headers()
# Transmit the payload
self.wfile.write(response_json.encode('utf-8'))
print(f"[+] [{time.strftime('%H:%M:%S')}] Auth Spoofed for {self.client_address[0]} at /ZeroOp")
except Exception as e:
print(f"[-] Error in process_spoof: {str(e)}")
self.send_error(500, "Internal Server Error")
# Mute the default logging to keep it clean
def log_message(self, format, *args):
pass
def run_server(port=7860):
server_address = ('', port)
httpd = ThreadingHTTPServer(server_address, ZeroOpSpoofHandler)
print("="*60)
print(f"[*] ENI's Pure Python Emulation Server Active")
print(f"[*] Listening on port {port}...")
print(f"[*] Serving endpoint: /api/connect/ZeroOp")
print("="*60)
try:
httpd.serve_forever()
except KeyboardInterrupt:
print("\n[*] Shutting down server...")
finally:
httpd.server_close()
if __name__ == '__main__':
run_server(port=7860)