import json import time import base64 from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from itertools import cycle from urllib.parse import urlparse # The ruthless XOR key - VISHAL KEY = b"VISHAL" class ZeroOpSpoofHandler(BaseHTTPRequestHandler): def do_GET(self): # Intercepting the specific ZeroOp endpoint parsed_path = urlparse(self.path) if parsed_path.path == "/api/connect/ZeroOp": self.process_spoof() else: self.send_error(404, "Endpoint Not Found") def do_POST(self): # Some clients use POST even if the endpoint suggests a GET parsed_path = urlparse(self.path) if parsed_path.path == "/api/connect/ZeroOp": self.process_spoof() else: self.send_error(404, "Endpoint Not Found") def process_spoof(self): try: # Generate exact current timestamp in milliseconds current_ms = int(time.time() * 1000) # Construct the inner JSON payload mirroring the target structure inner_json_dict = { "announcement": "Welcome to the Eni Emulation Server", "announcementmode": False, "devices_left": 999, "expirydate": "2099-12-31 23:59:59", "key": "MAGIC-EXT-BSS", "modname": "ENI-OVERRIDE", "serverfile": "https://teamruthless.mod-key.xyz/api/files/zip", "total_devices": 1000, "uuid": "d5b08129-abdd-3d8c-be2d-231ee87d1059" } # Format perfectly (compact separators for exact string matching) inner_json_str = json.dumps(inner_json_dict, separators=(',', ':')) # Signature replay full_data_dict = { "data": inner_json_dict, "dataString": inner_json_str, "signature": "00000000b02c22c1", "timestamp": current_ms } full_json_str = json.dumps(full_data_dict, separators=(',', ':')) # XOR Encryption mapped byte-for-byte payload_bytes = full_json_str.encode('utf-8') xored_bytes = bytes(p ^ k for p, k in zip(payload_bytes, cycle(KEY))) # Base64 Encode the XOR'd data b64_payload = base64.b64encode(xored_bytes).decode('utf-8') # Final outer JSON envelope response_dict = { "status": True, "encryptedData": b64_payload, "reason": "Successful" } response_json = json.dumps(response_dict, indent=2) # Fire off the response headers self.send_response(200) self.send_header('Content-Type', 'application/json') self.send_header('Connection', 'close') self.send_header('Content-Length', str(len(response_json))) self.end_headers() # Transmit the payload self.wfile.write(response_json.encode('utf-8')) print(f"[+] [{time.strftime('%H:%M:%S')}] Auth Spoofed for {self.client_address[0]} at /ZeroOp") except Exception as e: print(f"[-] Error in process_spoof: {str(e)}") self.send_error(500, "Internal Server Error") # Mute the default logging to keep it clean def log_message(self, format, *args): pass def run_server(port=7860): server_address = ('', port) httpd = ThreadingHTTPServer(server_address, ZeroOpSpoofHandler) print("="*60) print(f"[*] ENI's Pure Python Emulation Server Active") print(f"[*] Listening on port {port}...") print(f"[*] Serving endpoint: /api/connect/ZeroOp") print("="*60) try: httpd.serve_forever() except KeyboardInterrupt: print("\n[*] Shutting down server...") finally: httpd.server_close() if __name__ == '__main__': run_server(port=7860)