Fork: 0
0xRoM / DrawOnHisBadge
Transfer to URL with SHA Find file
Newer
Older
DrawOnHisBadge / index.php
root on 30 Jul 2019 6 KB added more images, script tidy, cron script added
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3.  
  4. $host = '52.43.252.153';  // websocket server
  5. $port = 9001;
  6. $local = "http://localhost";  // origin header
  7. $data = '{"CMD":"CLEAR"}';  // not actaully sent
  8.  
  9. echo ".-,--.                ,---.     ,-_/,.       ,-,---.       .       
  10. ' |   \ ,-. ,-. . , , |   | ,-. ' |_|/ . ,-.  '|___/ ,-. ,-| ,-. ,-.
  11. , |   / |   ,-| |/|/  |   | | |  /| |  | `-.  ,|   \ ,-| | | | | |-'
  12. `-^--'  '   `-^ ' '   `---' ' '  `' `' ' `-' `-^---' `-^ `-' `-| `-'
  13.                                                               ,|    
  14.                                                               `'\n";
  15. $head = "GET / HTTP/1.1"."\r\n".
  16.         "Upgrade: WebSocket"."\r\n".
  17.         "Connection: Upgrade"."\r\n".
  18.         "Origin: $local"."\r\n".
  19.         "Host: $host"."\r\n".
  20.         "Sec-WebSocket-Version: 13"."\r\n".
  21.         "Sec-WebSocket-Key: asdasdaas76da7sd6asd6as7d"."\r\n".
  22.         "Content-Length: ".strlen($data)."\r\n"."\r\n";
  23.  
  24. if ($argc < 2 ){
  25.     exit("Usage: php index.php <image>\n");
  26. }else{
  27.     $filename = $argv[1];
  28.     echo "[+] Img: $filename\n";
  29.     if ($filename == null || !isset($filename)) {
  30.         echo "[!] Please choose an image\n";
  31.         exit(0);
  32.     }else{
  33.         $imgStats = list($width, $height, $type, $attr) = getimagesize($filename);
  34.         echo "[?] checking dimensions\n";
  35.         if($imgStats[0] <> 64 || $imgStats[1] <> 32)
  36.             die("[-] Image must be 64px Wide and 32px high");
  37.  
  38.         $im = imagecreatefrompng($filename);
  39.         //connect 
  40.         $sock = fsockopen($host, $port, $errno, $errstr, 2);
  41.         fwrite($sock, $head ) or die('error:'.$errno.':'.$errstr);
  42.         $headers = fread($sock, 2000);
  43.  
  44.         echo "[!] sending...\n";
  45.         $count = 0; // 2048 pixels total
  46.         //time to get the colors
  47.         for($x = 0; $x <= $imgStats[0]-1; $x++){
  48.             $arrX = array();
  49.             $arrY = array();
  50.             $arrC = array();
  51.             //calculate percentage
  52.             $count++;
  53.             $percent = round(($count / 64) * 100, 2);
  54.             echo "[+] complete: $percent%         \r"; // extra spaces are important sytalisticly
  55.  
  56.             for($y = 0; $y <= $imgStats[1]-1; $y++){
  57.                 $rgb = imagecolorat($im, $x, $y);
  58.                 $newcol = color565($im, $rgb);
  59.                 array_push($arrX, $x);
  60.                 array_push($arrY, $y);
  61.                 array_push($arrC, $newcol);
  62.             }
  63.  
  64.             //create data then send
  65.             $data = '{"CMD":"DRAW","DATA":[';
  66.             for($i = 0; $i <= 32-1; $i++){
  67.                 $data .= '['.$arrX[$i].','.$arrY[$i].',"'.$arrC[$i].'"],';  // data to be sent
  68.             }
  69.             $data = rtrim($data,',');
  70.             $data .= ']}';
  71.             //echo $data."\n"; // DEBUG
  72.             fwrite($sock, hybi10Encode($data)) or die('error:'.$errno.':'.$errstr);
  73.             $wsdata = fread($sock, 2000);
  74.         }
  75.  
  76.         //close connection
  77.         fclose($sock);
  78.         echo "\n[+] done\n";
  79.     }
  80. }
  81.  
  82. function color565($im, $color){
  83.     $color_tran = imagecolorsforindex($im, $color);
  84.       $red = $color_tran['red'];
  85.       $green = $color_tran['green'];
  86.       $blue = $color_tran['blue'];
  87.       /*bit Shifting*/
  88.       $b = ($blue >> 3) & 0x1f;
  89.       $g = (($green >> 2) & 0x3f) << 5;
  90.       $r = (($red >> 3) & 0x1f) << 11;
  91.       return "0x". strtoupper(dechex($r | $g | $b));
  92. }
  93.  
  94. /***
  95.  * functions below are for websocket interaction
  96.  */
  97.  
  98. // hibi10 decoding of data
  99. function hybi10Decode($data)
  100. {
  101.     $bytes = $data;
  102.     $dataLength = '';
  103.     $mask = '';
  104.     $coded_data = '';
  105.     $decodedData = '';
  106.     $secondByte = sprintf('%08b', ord($bytes[1]));
  107.     $masked = ($secondByte[0] == '1') ? true : false;
  108.     $dataLength = ($masked === true) ? ord($bytes[1]) & 127 : ord($bytes[1]);
  109.     if($masked === true)
  110.     {
  111.         if ($dataLength === 126) {
  112.            $mask = substr($bytes, 4, 4);
  113.            $coded_data = substr($bytes, 8);
  114.         }
  115.         elseif ($dataLength === 127) {
  116.             $mask = substr($bytes, 10, 4);
  117.             $coded_data = substr($bytes, 14);
  118.         }
  119.         else {
  120.             $mask = substr($bytes, 2, 4);       
  121.             $coded_data = substr($bytes, 6);        
  122.         }   
  123.         for ($i = 0; $i < strlen($coded_data); $i++) {       
  124.             $decodedData .= $coded_data[$i] ^ $mask[$i % 4];
  125.         }
  126.     }
  127.     else {
  128.         if ($dataLength === 126) {          
  129.            $decodedData = substr($bytes, 4);
  130.         }
  131.         elseif ($dataLength === 127) {           
  132.             $decodedData = substr($bytes, 10);
  133.         } 
  134.         else {               
  135.             $decodedData = substr($bytes, 2);       
  136.         }       
  137.     }   
  138.  
  139.     return $decodedData;
  140. }
  141. // hibi10 encoding of data
  142. function hybi10Encode($payload, $type = 'text', $masked = true) {
  143.     $frameHead = array();
  144.     $frame = '';
  145.     $payloadLength = strlen($payload);
  146.  
  147.     switch ($type) {
  148.         case 'text':
  149.             // first byte indicates FIN, Text-Frame (10000001):
  150.             $frameHead[0] = 129;
  151.             break;
  152.         case 'close':
  153.             // first byte indicates FIN, Close Frame(10001000):
  154.             $frameHead[0] = 136;
  155.             break;
  156.         case 'ping':
  157.             // first byte indicates FIN, Ping frame (10001001):
  158.             $frameHead[0] = 137;
  159.             break;
  160.         case 'pong':
  161.             // first byte indicates FIN, Pong frame (10001010):
  162.             $frameHead[0] = 138;
  163.             break;
  164.      }
  165.  
  166.     // set mask and payload length (using 1, 3 or 9 bytes)
  167.     if ($payloadLength > 65535) {
  168.         $payloadLengthBin = str_split(sprintf('%064b', $payloadLength), 8);
  169.         $frameHead[1] = ($masked === true) ? 255 : 127;
  170.         for ($i = 0; $i < 8; $i++) {
  171.             $frameHead[$i + 2] = bindec($payloadLengthBin[$i]);
  172.         }
  173.  
  174.         // most significant bit MUST be 0 (close connection if frame too big)
  175.         if ($frameHead[2] > 127) {
  176.             $this->close(1004);
  177.             return false;
  178.         }
  179.     } elseif ($payloadLength > 125) {
  180.         $payloadLengthBin = str_split(sprintf('%016b', $payloadLength), 8);
  181.         $frameHead[1] = ($masked === true) ? 254 : 126;
  182.         $frameHead[2] = bindec($payloadLengthBin[0]);
  183.         $frameHead[3] = bindec($payloadLengthBin[1]);
  184.     } else {
  185.         $frameHead[1] = ($masked === true) ? $payloadLength + 128 : $payloadLength;
  186.     }
  187.  
  188.     // convert frame-head to string:
  189.     foreach (array_keys($frameHead) as $i) {
  190.         $frameHead[$i] = chr($frameHead[$i]);
  191.     }
  192.     if ($masked === true) {
  193.         // generate a random mask:
  194.         $mask = array();
  195.         for ($i = 0; $i < 4; $i++) {
  196.             $mask[$i] = chr(rand(0, 255));
  197.         }
  198.         $frameHead = array_merge($frameHead, $mask);
  199.     }
  200.     $frame = implode('', $frameHead);
  201.     // append payload to frame:
  202.     for ($i = 0; $i < $payloadLength; $i++) {
  203.         $frame .= ($masked === true) ? $payload[$i] ^ $mask[$i % 4] : $payload[$i];
  204.     }
  205.  
  206.     return $frame;
  207. }
  208. ?>
Buy Me A Coffee