Develop Reference

How to decode/parse response data sent by the socket.io HTTP long-polling protocoll

I will give you some information first!
I am currently trying to decode the server data socket.io sends as response to the client (when using Http long-polling) as I am trying to intercept the communication. I don't have access to the client-side socket instance.
Though I would like to be able to have the same JSON data the client-socket instance would end up with!
The content type of the socket.io responses is: 'application/octet-stream'
Calling Response.body() on the Response object returns the following Buffer:
<Buffer 00 01 02 08 ff 34 32 5b 22 75 70 64 61 74 65 55 73 65 72 73 52 6f 6f 6d 22 2c 7b 22 72 6f 6f 6d 22 3a 22 48 65 69 6c 69 67 74 75 6d 22 2c 22 75 73 65 ... 83 more bytes>
Calling Response.text() on the Response object returns the following string:
☺☻�42["updateUsersRoom",{"room":"Heiligtum","userid":13132,"imgthumb":"thumb_ffkqOEBwQXbf_pngfindcomrealisticspiderwebpngpng.png"}]
Now you might think that Response.text() looks okay-ish, however it is very 'inconsistent'. There are these random "broken" characters like '☺☻�42' every here and there and sometimes it even sends mutliple messages per response.
What I've tried is using the decode methods of both socket.io-parser and engine.io- parser, trying to feed it the data Request.body() returned. However it always returns:
{ type: 'error', data: 'parser error' }
I tried digging through the engine.io source code as well, trying to find out how they handle responses but I simply can't get it to work. This might require some deeper knowledge about socket.io, but I hope somebody can help me!
Thank you in advance.

What solution should I use to generate a list of all possible alphabetic combinaisons?

I want to generate a list of all the possible combinations of the following characters with a minimum length of 3 characters and a maximum length of 12 characters.
abcdefghijklmnopqrstuvwxyz1234567890_
I though of using PHP to do so this but this operation requires too much memory. What would be the best tool to achieve this?

It would be better if you set a limit on each run; For example all possibilities with 5 characters in one run, and all with 7 in another. And write a code to send the output after each run to a text file so you have all the possibilities and
That would take less memory.
example with numbers in python:
# 1 2 3 4 5 6 7 8 9 0
listx=[1,2,3,4,5,6,7,8,9,0]
#one letter
for i in listx:
print(i)
#two letters
for i in listx:
for j in listx:
print(f"{i}{j}")
and it goes on and on...
output=>
1
2
3
4
5
6
7
8
9
0
11
12
13
14
15
16
17
18
19
10
21
22
23
24
25
26
27
28
29
20
31
32
33
34
35
36
37
38
39
30
41
42
43
44
45
46
47
48
49
40
51
52
53
54
55
56
57
58
59
50
61
62
63
64
65
66
67
68
69
60
71
72
73
74
75
76
77
78
79
70
81
82
83
84
85
86
87
88
89
80
91
92
93
94
95
96
97
98
99
90
01
02
03
04
05
06
07
08
09
00

In python, there is a function itertools.product which returns the combinations you want for a fixed number of characters. You can call it repeatedly to get each number of characters between 3 and 12.
def get_combinations(charset, begin, end):
result = []
for i in range(begin, end+1):
result.extend(''.join(p) for p in itertools.product(charset, repeat=i))
return result
print(get_combinations('abcdefghijklmnopqrstuvwxyz0123456789_', 3, 5))
# ['aaa', 'aab', 'aac', 'aad', 'aae', 'aaf', 'aag', 'aah', 'aai', 'aaj', 'aak', 'aal', 'aam', 'aan', 'aao', 'aap', 'aaq', 'aar', 'aas', 'aat', 'aau', 'aav', 'aaw', 'aax', 'aay', 'aaz', 'aa0', 'aa1', 'aa2', 'aa3', 'aa4', 'aa5', 'aa6', 'aa7', 'aa8', 'aa9', 'aa_', 'aba', 'abb', 'abc', 'abd', 'abe', 'abf', 'abg', 'abh', 'abi', 'abj', 'abk', 'abl', 'abm', 'abn', 'abo', 'abp', 'abq', 'abr', 'abs', 'abt', 'abu', 'abv', 'abw', 'abx', 'aby', 'abz', 'ab0', 'ab1', 'ab2', 'ab3', 'ab4', 'ab5', 'ab6', 'ab7', 'ab8', 'ab9', 'ab_', 'aca', 'acb', 'acc', 'acd', 'ace', 'acf', 'acg', 'ach', 'aci', 'acj', 'ack', 'acl', 'acm', 'acn', 'aco', 'acp', 'acq', 'acr', 'acs', 'act', 'acu', 'acv', 'acw', 'acx', 'acy', 'acz', 'ac0', 'ac1', 'ac2', 'ac3', 'ac4', 'ac5', 'ac6', 'ac7', 'ac8', 'ac9', 'ac_', 'ada', 'adb', 'adc', 'add', 'ade', 'adf', 'adg', 'adh', 'adi', 'adj', 'adk', 'adl', 'adm', 'adn', 'ado', 'adp', 'adq', 'adr', 'ads', 'adt', 'adu', 'adv', 'adw', 'adx', 'ady', 'adz', 'ad0', 'ad1', 'ad2', 'ad3', 'ad4', 'ad5', 'ad6', 'ad7', 'ad8', 'ad9', 'ad_', 'aea', 'aeb', 'aec', 'aed', 'aee', 'aef', 'aeg', ..., '__o0', '__o1', '__o2', '__o3', '__o4', '__o5', '__o6', '__o7', '__o8', '__o9', '__o_', '__pa', '__pb', '__pc', '__pd', '__pe', '__pf', '__pg', '__ph', '__pi', '__pj', '__pk', '__pl', '__pm', '__pn', '__po', '__pp', '__pq', '__pr', '__ps', '__pt', '__pu', '__pv', '__pw', '__px', '__py', '__pz', '__p0', '__p1', '__p2', '__p3', '__p4', '__p5', '__p6', '__p7', '__p8', '__p9', '__p_', '__qa', '__qb', '__qc', '__qd', '__qe', '__qf', '__qg', '__qh', '__qi', '__qj', '__qk', '__ql', '__qm', '__qn', '__qo', '__qp', '__qq', '__qr', '__qs', '__qt', '__qu', '__qv', '__qw', '__qx', '__qy', '__qz', '__q0', '__q1', '__q2', '__q3', '__q4', '__q5', '__q6', '__q7', '__q8', '__q9', '__q_', '__ra', '__rb', '__rc', '__rd', '__re', '__rf', '__rg', '__rh', '__ri', '__rj', '__rk', '__rl', '__rm', '__rn', '__ro', '__rp', '__rq', '__rr', '__rs', '__rt', '__ru', '__rv', '__rw', '__rx', '__ry', '__rz', '__r0', '__r1', '__r2', '__r3', '__r4', '__r5', '__r6', '__r7', '__r8', '__r9', '__r_', '__sa', '__sb', '__sc', '__sd', '__se', '__sf', '__sg', '__sh', '__si', '__sj', '__sk', '__sl', '__sm', '__sn', '__so', '__sp', '__sq', '__sr', '__ss', '__st', '__su', '__sv', '__sw', '__sx', '__sy', '__sz', '__s0', '__s1', '__s2', '__s3', '__s4', '__s5', '__s6', '__s7', '__s8', '__s9', '__s_', '__ta', '__tb', '__tc', '__td', '__te', '__tf', '__tg', '__th', '__ti', '__tj', '__tk', '__tl', '__tm', '__tn', '__to', '__tp', '__tq', '__tr', '__ts', '__tt', '__tu', '__tv', '__tw', '__tx', '__ty', '__tz', '__t0', '__t1', '__t2', '__t3', '__t4', '__t5', '__t6', '__t7', '__t8', '__t9', '__t_', '__ua', '__ub', '__uc', '__ud', '__ue', '__uf', '__ug', '__uh', '__ui', '__uj', '__uk', '__ul', '__um', '__un', '__uo', '__up', '__uq', '__ur', '__us', '__ut', '__uu', '__uv', '__uw', '__ux', '__uy', '__uz', '__u0', '__u1', '__u2', '__u3', '__u4', '__u5', '__u6', '__u7', '__u8', '__u9', '__u_', '__va', '__vb', '__vc', '__vd', '__ve', '__vf', '__vg', '__vh', '__vi', '__vj', '__vk', '__vl', '__vm', '__vn', '__vo', '__vp', '__vq', '__vr', '__vs', '__vt', '__vu', '__vv', '__vw', '__vx', '__vy', '__vz', '__v0', '__v1', '__v2', '__v3', '__v4', '__v5', '__v6', '__v7', '__v8', '__v9', '__v_', '__wa', '__wb', '__wc', '__wd', '__we', '__wf', '__wg', '__wh', '__wi', '__wj', '__wk', '__wl', '__wm', '__wn', '__wo', '__wp', '__wq', '__wr', '__ws', '__wt', '__wu', '__wv', '__ww', '__wx', '__wy', '__wz', '__w0', '__w1', '__w2', '__w3', '__w4', '__w5', '__w6', '__w7', '__w8', '__w9', '__w_', '__xa', '__xb', '__xc', '__xd', '__xe', '__xf', '__xg', '__xh', '__xi', '__xj', '__xk', '__xl', '__xm', '__xn', '__xo', '__xp', '__xq', '__xr', '__xs', '__xt', '__xu', '__xv', '__xw', '__xx', '__xy', '__xz', '__x0', '__x1', '__x2', '__x3', '__x4', '__x5', '__x6', '__x7', '__x8', '__x9', '__x_', '__ya', '__yb', '__yc', '__yd', '__ye', '__yf', '__yg', '__yh', '__yi', '__yj', '__yk', '__yl', '__ym', '__yn', '__yo', '__yp', '__yq', '__yr', '__ys', '__yt', '__yu', '__yv', '__yw', '__yx', '__yy', '__yz', '__y0', '__y1', '__y2', '__y3', '__y4', '__y5', '__y6', '__y7', '__y8', '__y9', '__y_', '__za', '__zb', '__zc', '__zd', '__ze', '__zf', '__zg', '__zh', '__zi', '__zj', '__zk', '__zl', '__zm', '__zn', '__zo', '__zp', '__zq', '__zr', '__zs', '__zt', '__zu', '__zv', '__zw', '__zx', '__zy', '__zz', '__z0', '__z1', '__z2', '__z3', '__z4', '__z5', '__z6', '__z7', '__z8', '__z9', '__z_', '__0a', '__0b', '__0c', '__0d', '__0e', '__0f', '__0g', '__0h', '__0i', '__0j', '__0k', '__0l', '__0m', '__0n', '__0o', '__0p', '__0q', '__0r', '__0s', '__0t', '__0u', '__0v', '__0w', '__0x', '__0y', '__0z', '__00', '__01', '__02', '__03', '__04', '__05', '__06', '__07', '__08', '__09', '__0_', '__1a', '__1b', '__1c', '__1d', '__1e', '__1f', '__1g', '__1h', '__1i', '__1j', '__1k', '__1l', '__1m', '__1n', '__1o', '__1p', '__1q', '__1r', '__1s', '__1t', '__1u', '__1v', '__1w', '__1x', '__1y', '__1z', '__10', '__11', '__12', '__13', '__14', '__15', '__16', '__17', '__18', '__19', '__1_', '__2a', '__2b', '__2c', '__2d', '__2e', '__2f', '__2g', '__2h', '__2i', '__2j', '__2k', '__2l', '__2m', '__2n', '__2o', '__2p', '__2q', '__2r', '__2s', '__2t', '__2u', '__2v', '__2w', '__2x', '__2y', '__2z', '__20', '__21', '__22', '__23', '__24', '__25', '__26', '__27', '__28', '__29', '__2_', '__3a', '__3b', '__3c', '__3d', '__3e', '__3f', '__3g', '__3h', '__3i', '__3j', '__3k', '__3l', '__3m', '__3n', '__3o', '__3p', '__3q', '__3r', '__3s', '__3t', '__3u', '__3v', '__3w', '__3x', '__3y', '__3z', '__30', '__31', '__32', '__33', '__34', '__35', '__36', '__37', '__38', '__39', '__3_', '__4a', '__4b', '__4c', '__4d', '__4e', '__4f', '__4g', '__4h', '__4i', '__4j', '__4k', '__4l', '__4m', '__4n', '__4o', '__4p', '__4q', '__4r', '__4s', '__4t', '__4u', '__4v', '__4w', '__4x', '__4y', '__4z', '__40', '__41', '__42', '__43', '__44', '__45', '__46', '__47', '__48', '__49', '__4_', '__5a', '__5b', '__5c', '__5d', '__5e', '__5f', '__5g', '__5h', '__5i', '__5j', '__5k', '__5l', '__5m', '__5n', '__5o', '__5p', '__5q', '__5r', '__5s', '__5t', '__5u', '__5v', '__5w', '__5x', '__5y', '__5z', '__50', '__51', '__52', '__53', '__54', '__55', '__56', '__57', '__58', '__59', '__5_', '__6a', '__6b', '__6c', '__6d', '__6e', '__6f', '__6g', '__6h', '__6i', '__6j', '__6k', '__6l', '__6m', '__6n', '__6o', '__6p', '__6q', '__6r', '__6s', '__6t', '__6u', '__6v', '__6w', '__6x', '__6y', '__6z', '__60', '__61', '__62', '__63', '__64', '__65', '__66', '__67', '__68', '__69', '__6_', '__7a', '__7b', '__7c', '__7d', '__7e', '__7f', '__7g', '__7h', '__7i', '__7j', '__7k', '__7l', '__7m', '__7n', '__7o', '__7p', '__7q', '__7r', '__7s', '__7t', '__7u', '__7v', '__7w', '__7x', '__7y', '__7z', '__70', '__71', '__72', '__73', '__74', '__75', '__76', '__77', '__78', '__79', '__7_', '__8a', '__8b', '__8c', '__8d', '__8e', '__8f', '__8g', '__8h', '__8i', '__8j', '__8k', '__8l', '__8m', '__8n', '__8o', '__8p', '__8q', '__8r', '__8s', '__8t', '__8u', '__8v', '__8w', '__8x', '__8y', '__8z', '__80', '__81', '__82', '__83', '__84', '__85', '__86', '__87', '__88', '__89', '__8_', '__9a', '__9b', '__9c', '__9d', '__9e', '__9f', '__9g', '__9h', '__9i', '__9j', '__9k', '__9l', '__9m', '__9n', '__9o', '__9p', '__9q', '__9r', '__9s', '__9t', '__9u', '__9v', '__9w', '__9x', '__9y', '__9z', '__90', '__91', '__92', '__93', '__94', '__95', '__96', '__97', '__98', '__99', '__9_', '___a', '___b', '___c', '___d', '___e', '___f', '___g', '___h', '___i', '___j', '___k', '___l', '___m', '___n', '___o', '___p', '___q', '___r', '___s', '___t', '___u', '___v', '___w', '___x', '___y', '___z', '___0', '___1', '___2', '___3', '___4', '___5', '___6', '___7', '___8', '___9', '____']
Note how I called the function with parameters 3 and 5 instead of 3 and 12. With parameters 3 and 5, the number of combinations is already 71268771. Over 71 millions. With parameters 3 and 12, the number of combinations would be 6765811783780034854. That's 6.8 * 10**18. This is nearly one thousand million times the number of humans on Earth.

Why am I getting an unexpected `0xcc` byte when loading nearby code bytes? Is it because of segment register %es?

I got some inconsistent result of instruction.
I don't know why this happens, so I suspect %es register is doing something weird, but I'm not sure.
Look at below code snippet.
08048400 <main>:
8048400: bf 10 84 04 08 mov $HERE,%edi
8048405: 26 8b 07 mov %es:(%edi),%eax # <----- Result 1
8048408: bf 00 84 04 08 mov $main,%edi
804840d: 26 8b 07 mov %es:(%edi),%eax # <----- Result 2
08048410 <HERE>:
8048410: 11 11 adc %edx,(%ecx)
8048412: 11 11 adc %edx,(%ecx)
Result 1:
%eax : 0x11111111
Seeing this result, I guessed that mov %es:(%edi),%eax to be something like mov (%edi),%eax.
Because 0x11111111 is stored at HERE.
Result 2:
%eax : 0x048410cc
However, the result of Result 2 was quite different.
I assumed %eax to be 0x048410bf, because this value is stored at main.
But the result was different as you can see.
Question:
Why this inconsistency of the result happens?
By the way, value of %es was always 0x7b during execution of both instruction.

es is a red herring. The difference you see is 1 byte at main, cc vs. bf. That is because you used a software breakpoint at main and your debugger inserted an int3 instruction which has machine code cc temporarily overwriting your actual code.
Do not set a breakpoint where you intend to read from, or use a hardware breakpoint instead which does not modify code.

getting extra bytes 82 00 in pc/sc response

I am trying to read data from sony felica card using pc/sc transparent session and transceive data object.
The response I am getting is for a read without encryption command is
c0 03 00 90 00 92 01 00 96 02 00 00 97 82 00 + Data
But according to the protocol, the response should be
c0 03 00 90 00 92 01 00 96 02 00 00 97 + Data
I am unable to figure out the last 82 00 appended in the response from the card.
Now when I try to authenticate with the card I get
c0 03 01 6F 01 90 00
which is a error in pc/sc. I want to resolve these extra bytes 82 00 which I believe will solve the issue with all the commands which require authentication and encryption.

The response data is BER-TLV encoded (see PC/SC 2.02, Part 3).
In BER-TLV encoding there are several possibilities to encode tag 0x97 with two octets of data 0xD0D1, e.g.:
97|02|D0D1 -- short form (see parsed)
97|8102|D0D1 -- long form with one octet with length (see parsed)
97|820002|D0D1 -- long form with two octets with length (see parsed)
97|83000002|D0D1 -- long form with three octets with length (see parsed)
...
Your reader is using two octets for sending the length of ICC Response data object (which is perfectly valid).
You should parse the response properly...Good luck!
PS: The above means, that the Data part of your truncated responses still contains one extra byte with the response length (i.e. Len|Data)

snmptrap unsigned type not working as expected

I am using snmpV3 adapter and passing V2 traps to it by using commands as below. It looks like the range for type u (i.e. unsigned) is upto (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e. 4294967295).
snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483647
Above command generates following log:
trace: ..\..\snmplib\snmp_api.c, 5293:
dumph_recv: Value
dumpx_recv: 42 04 7F FF FF FF
dumpv_recv: UInteger: 2147483647 (0x7FFFFFFF)
Where as for:
snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483648
Above command generates following log:
enter code heretrace: ..\..\snmplib\snmp_api.c, 5293:
dumph_recv: Value
dumpx_recv: 42 05 00 80 00 00 00
dumpv_recv: UInteger: -2147483648 (0x80000000)
Refer to:
http://www.net-snmp.org/docs/man/snmptrap.html
I am using net-snmp v5.5.
Is this the correct behavior or am I missing something?

I have discovered various problems with net-snmp over the years. This is apparently one more. The standards are quite clear. RFC 2578 defines Unsigned32 as follows:
-- an unsigned 32-bit quantity
-- indistinguishable from Gauge32 Unsigned32 ::=
[APPLICATION 2]
IMPLICIT INTEGER (0..4294967295)
As noted, this is identical to Gauge32, which is identical to Gauge in SNMPv1 (RFC 1155):
Gauge ::=
[APPLICATION 2]
IMPLICIT INTEGER (0..4294967295)
The encoding is correct; all integers within SNMP are encoded as signed, meaning a value above 2^31-1 must be encoded in 5 bytes. Thus the proper translation of the encoding is:
42 Type: Gauge32 or Unsigned32
05 Length: 5 bytes
00 80 00 00 00 Value: 2^31
net-snmp is incorrectly decoding the value.