Migration to python3

In the commit you can find many converts from string to binary

Author: RedRaysTeam

docs/protocols/SAPRouter.ipynb

@@ -129,7 +129,7 @@
    "outputs": [],
    "source": [
     "router_string = [SAPRouterRouteHop(hostname=\"8.8.8.8\", port=3299),\n",
-    "                 SAPRouterRouteHop(hostname=\"10.0.0.1\", port=3200, password=\"S3cr3t\")]\n",
+    "                 SAPRouterRouteHop(hostname=\"127.0.0.1\", port=3200, password=\"S3cr3t\")]\n",
     "router_string_lens = map(len, map(str, router_string))\n",
     "p = SAPRouter(type=SAPRouter.SAPROUTER_ROUTE,\n",
     "              route_entries=len(router_string),\n",

pysap/SAPCredv2.py

@@ -48,7 +48,7 @@
 log_cred = logging.getLogger("pysap.cred")
 
 
-cred_key_fmt = "240657rsga&/%srwthgrtawe45hhtrtrsr35467b2dx3456j67mv67f89656f75"
+cred_key_fmt = b"240657rsga&/%srwthgrtawe45hhtrtrsr35467b2dx3456j67mv67f89656f75"
 """Fixed key embedded in CommonCryptoLib for encrypted credentials"""
 
 
@@ -170,14 +170,19 @@ def lps_type_str(self):
     @property
     def cipher_format_version(self):
         cipher = self.cipher.val_readable
-        if len(cipher) >= 36 and ord(cipher[0]) in [0, 1]:
-            return ord(cipher[0])
+        if len(cipher) >= 36:
+            first_byte = cipher[0]
+            if isinstance(first_byte, int):
+                return first_byte if first_byte in [0, 1] else 0
+            elif isinstance(first_byte, str):
+                return ord(first_byte) if ord(first_byte) in [0, 1] else 0
         return 0
 
     @property
     def cipher_algorithm(self):
         if self.cipher_format_version == 1:
-            return ord(self.cipher.val_readable[1])
+            second_byte = self.cipher.val_readable[1]
+            return ord(second_byte) if isinstance(second_byte, str) else second_byte
         return 0
 
     def decrypt(self, username):
@@ -213,7 +218,7 @@ def decrypt_simple(self, username):
         # Construct the key using the key format and the username
         key = (cred_key_fmt % username)[:24]
         # Set empty IV
-        iv = "\x00" * 8
+        iv = b"\x00" * 8
 
         # Decrypt the cipher text with the derived key and IV
         decryptor = Cipher(algorithms.TripleDES(key), modes.CBC(iv), backend=default_backend()).decryptor()
@@ -225,12 +230,15 @@ def xor(self, string, start):
         """XOR a given string using a fixed key and a starting number."""
         key = 0x15a4e35
         x = start
-        y = ""
+        result = bytearray()
         for c in string:
             x *= key
             x += 1
-            y += chr(ord(c) ^ (x & 0xff))
-        return y
+            if isinstance(c, int):
+                result.append(c ^ (x & 0xff))
+            else:
+                result.append(ord(c) ^ (x & 0xff))
+        return bytes(result)
 
     def derive_key(self, key, blob, header, username):
         """Derive a key using SAP's algorithm. The key is derived using SHA256 and xor from an
@@ -240,10 +248,22 @@ def derive_key(self, key, blob, header, username):
         digest.update(key)
         digest.update(blob[0:4])
         digest.update(header.salt)
-        digest.update(self.xor(username, ord(header.salt[0])))
-        digest.update("" * 0x20)
+
+        # Handle both string and integer types for salt[0]
+        salt_value = header.salt[0]
+        if isinstance(salt_value, str):
+            salt_value = ord(salt_value)
+
+        digest.update(self.xor(username, salt_value))
+        digest.update(b"" * 0x20)
         hashed = digest.finalize()
-        derived_key = self.xor(hashed, ord(header.salt[1]))
+
+        # Handle both string and integer types for salt[1]
+        salt_value = header.salt[1]
+        if isinstance(salt_value, str):
+            salt_value = ord(salt_value)
+
+        derived_key = self.xor(hashed, salt_value)
 
         # Validate and select proper algorithm
         if header.algorithm == CIPHER_ALGORITHM_3DES:
@@ -340,7 +360,8 @@ def pse_file_path(self):
 
     @property
     def lps_type(self):
-        return ord(self.cipher.val_readable[1])
+        value = self.cipher.val_readable[1]
+        return value if isinstance(value, int) else ord(value)
 
     @property
     def lps_type_str(self):
@@ -352,7 +373,8 @@ def lps_type_str(self):
 
     @property
     def cipher_format_version(self):
-        return ord(self.cipher.val_readable[0])
+        value = self.cipher.val_readable[0]
+        return value if isinstance(value, int) else ord(value)
 
     @property
     def cipher_algorithm(self):
@@ -377,7 +399,11 @@ def decrypt(self, username=None):
         plain = cipher.decrypt()
 
         # Get the pin from the raw data
-        plain_size = ord(plain[0])
+        if isinstance(plain[0], int):
+            plain_size = plain[0]
+        else:
+            plain_size = ord(plain[0])
+
         pin = plain[plain_size + 1:]
 
         # Create a plain credential container

pysap/SAPLPS.py

@@ -34,7 +34,7 @@
 log_lps = logging.getLogger("pysap.lps")
 
 
-cred_key_lps_fallback = "\xe7\x6a\xd2\xce\x4b\xa7\xc7\x9e\xf9\x79\x5f\xa8\x2e\x6e\xaa\x1d\x76\x02\x2e\xcd\xd7\x74\x38\x51"
+cred_key_lps_fallback = b"\xe7\x6a\xd2\xce\x4b\xa7\xc7\x9e\xf9\x79\x5f\xa8\x2e\x6e\xaa\x1d\x76\x02\x2e\xcd\xd7\x74\x38\x51"
 """Fixed key embedded in CommonCryptoLib for encrypted credentials using LPS in fallback mode"""
 
 
@@ -110,7 +110,7 @@ def decrypt(self):
             raise SAPLPSDecryptionError("Invalid LPS decryption method")
 
         # Decrypt the cipher text with the encryption key
-        iv = "\x00" * 16
+        iv = b"\x00" * 16
         decryptor = Cipher(algorithms.AES(encryption_key), modes.CBC(iv)).decryptor()
         plain = decryptor.update(self.encrypted_data) + decryptor.finalize()
 
@@ -148,7 +148,7 @@ def decrypt_encryption_key_fallback(self):
         hmac.update(self.context)
         default_key = hmac.finalize()[:16]
 
-        iv = "\x00" * 16
+        iv = b"\x00" * 16
         decryptor = Cipher(algorithms.AES(default_key), modes.CBC(iv)).decryptor()
         encryption_key = decryptor.update(self.encrypted_key) + decryptor.finalize()
 

pysap/SAPNI.py

@@ -123,7 +123,7 @@ def recv(self):
         log_sapni.debug("Received 4 bytes NI header, to receive %d bytes data", nilength)
 
         # Receive the whole NI packet (length+payload)
-        nidata = ''
+        nidata = b''
         while len(nidata) < nilength + 4:
             nidata += self.ins.recv(nilength - len(nidata) + 4)
             if len(nidata) == 0:

pysap/SAPPSE.py

@@ -255,11 +255,12 @@ def decrypt(self, pin):
         """Decrypts a PSE file given a provided PIN. Calls the respective decryption function
         based on the PSE version.
         """
-
+        # Convert the pin to bytes
+        pin_bytes = pin.encode('utf-8') if isinstance(pin, str) else pin
         if self.version == 2:
-            return self.decrypt_non_lps(pin)
+            return self.decrypt_non_lps(pin_bytes)
         elif self.version == 256:
-            return self.decrypt_lps(pin)
+            return self.decrypt_lps(pin_bytes)
         else:
             raise ValueError("Unsupported or invalid PSE version")
 

pysap/SAPRouter.py

@@ -160,12 +160,17 @@ def from_string(cls, route_string):
         (/H/host/S/service/P/pass)*
 
         :param route_string: route string
-        :type route_string: C{string}
+        :type route_string: C{string} or C{bytes}
 
         :return: route hops in the route string
         :rtype: ``list`` of :class:`SAPRouterRouteHop`
         """
         result = []
+
+        # Convert bytes to string if necessary
+        if isinstance(route_string, bytes):
+            route_string = route_string.decode('utf-8')
+
         for route_hop in [x.groupdict() for x in cls.regex.finditer(route_string)]:
             result.append(cls(hostname=route_hop["hostname"],
                               port=route_hop["port"],
@@ -182,14 +187,15 @@ def from_hops(cls, route_hops):
         :return: route string
         :rtype: C{string}
         """
-        result = ""
-        for route_hop in route_hops:
-            result += "/H/{}".format(route_hop.hostname)
-            if route_hop.port:
-                result += "/S/{}".format(route_hop.port)
-            if route_hop.password:
-                result += "/W/{}".format(route_hop.password)
-        return result
+        route_string = ""
+        for hop in route_hops:
+            route_string += "/H/" + hop.hostname.decode('utf-8') if isinstance(hop.hostname, bytes) else hop.hostname
+            if hop.port:
+                route_string += "/S/" + hop.port.decode('utf-8') if isinstance(hop.port, bytes) else hop.port
+            if hop.password:
+                route_string += "/W/" + hop.password.decode('utf-8') if isinstance(hop.password,
+                                                                                   bytes) else hop.password
+        return route_string
 
 
 class SAPRouterInfoClient(PacketNoPadded):
@@ -269,7 +275,7 @@ class SAPRouterError(PacketNoPadded):
         StrNullField("XXX6", ""),
         StrNullField("XXX7", ""),
         StrNullField("XXX8", ""),
-        StrNullField("eyecatcher", "*ERR*"),
+        StrNullField("eyecatcher2", "*ERR*"),
     ]
 
     time_format = "%a %b %d %H:%M:%S %Y"
@@ -452,7 +458,7 @@ class SAPRouter(Packet):
         # Cancel Route fields
         ConditionalField(FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="H"), lambda pkt:router_is_admin(pkt) and pkt.adm_command in [6]),
         # Trace Connection fields
-        ConditionalField(FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="I"), lambda pkt:router_is_admin(pkt) and pkt.adm_command in [12, 13]),
+        ConditionalField(FieldLenField("adm_client_count2", None, count_of="adm_client_ids", fmt="I"), lambda pkt:router_is_admin(pkt) and pkt.adm_command in [12, 13]),
 
         # Cancel Route or Trace Connection fields
         ConditionalField(FieldListField("adm_client_ids", [0x00], IntField("", 0), count_from=lambda pkt:pkt.adm_client_count), lambda pkt:router_is_admin(pkt) and pkt.adm_command in [6, 12, 13]),