Introduction to Information

SecurityPython

Python motivation• Python is to a Hacker what Matlab is to an

engineer• Lots of built-in modules• Lots of 3rd party modules• IDA-Python!• Very popular language, very well supported• Has implementation in every OS.• Human readible• Its free

Python Diff• In this quick overview of python:• We will note the major differences between

python and other familiar languages.• And talk of some useful tools

White spacesif you can read this: it must be python!

- Python hierarchy is defined by whitespaces- Indentation has to be the same (3 spaces != 1

tab) for every nest within the chain.

Hello, WorldExample #1:#!/usr/bin/pythonprint “Hello, World!”

Example #2:#!/usr/bin/python

def main():print “Hello, World!”

if __name__ == ‘__main__’:main()

Datatype behaviorDatatypes behave differently in python:A = 5A = 6Now A is a different variable!Therefore if use:A = A + 5Now A is a new variable containing the result!

Basic functions• Using the interpreter allows us to view two basic

things:dir(object) – shows us the structure of the objecthelp(object) – shows help created by the developer of the object

Strings• Many builtin string machnisms.• A = “”• len(“123”) == 3• A[0] = “a” – not possible, strings are immutable.• A.find(“asd”) returns the location of asd in A• A.split()/A.join() , eg.: “\n”.join(data.split(“\n”)[0:-

1])• A.lower()• replace() – returns a new string with data• Uses regular indexing.

Lists and Tuples• A = (1, 2, 3)• A is of fixed length and is immutable.• A = [ 1, 2, 3]• A is mutable, and the length can be changed by

using append:• A.append(4)• print A results in:• [1, 2, 3, 4]• A is not a new variable.

Spans• Spans makes things very comfortable:A = “asd”A[0:] == “asd”A[1:] == “sd”A[0:-1] == “as”A[0:1] == “a”A[0:-2] == “a”A[:2] == “as”A[1:2] == “s”• Works on tuples, and lists!!

dict()s>>> b = dict()>>> b["hello"] = "world">>> b{'hello': 'world'}>>> b.keys()[‘hello’]

• [Demo dicts]

Mutable vs Immutable• MutableA = [1,2,3,4]B = AA.append(5)print B[1,2,3,4,5]• ImmutableA = “foo”B = AA = A + “bar”print B“foo”

Format conversion• print “%d %s 0x%08X” % (0xdeadbeef, “ == “

0xdeadbeef)• 5 / 3 == 1• 5 / 3.0 == 1.666666…• int(5/3.0) == 1• str(1) == “1”• ord(“0”) == 0x30• chr(0x30) == “c”

File operations• Reading from a file:f = file(“c:\\filename”) # file(“/tmp/filename”) for linuxbuf = f.read() # buf now contains entire file.lines = buf.split(“\r\n”) # lines contains a list with all lines excluding the “\r\n”f.close()• Writing to a file:file(“filename”, “wb”).write(data) # using returning

# object to write the data# if reference is lost file is automatically closed.

Functions• Functions can return arbitrary objects such as:

o stringso Tuples! (very common)o int o Etc.

global_var = 6def funcname(arg1, arg2):

local_var = 5return (var1, var2)

• Updating global variables needs special handling:globvar = 0def set_globvar_to_one():

global globvar # Needed to modify globvar globvar = 1

if,elseif 1:

print “always here”else:

print “never here”• switch case alternative:if key = “x”:

exit()elif key = “z”:

suspend()else:

print “default”

for, while• for (i=1; i < 10; i++) alternative:for i in range(1,10): # help(range) for more options

print A[i]

while 1:cmd = get_next_cmd()if cmd == “stop”:

breakelif cmd == “dothis”:

dothis()continue

print “always here ?!?”

import,reload• import– a way to import libraries, eg.: import sys• Access to variables is now through the

namespace:o sys.argv[1]

• Alternatively:• from sys import * • Now we can access in our namespace:

o argv[1] # direct access.

• If library was modified after import we can use reload, eg.: reload(sys)

Useful functions• Complex binary operations:

o import structo struct.pack(“L”, 0xdeadbeef) – result contains DEADBEEF in little endian

(EFBEADDE) (0xdeadbeef is treated as unsigned long)o (port) = struct.unpack(“>H”) - read unsigned short from a string

represented as bigendian

• OS operations:o import oso os.rename(old_name, new_name)o os.system(“run command”)

3rd party modules• You can install many modules by using pypi• On UNIX installing modules is very easy:

o sudo pip install [modulename]

• Also available easy_install• Useful imports:• scapy (packet manipulation lib works with

libpcap), numpy/scipy, pylab, pylib, hashlib, socket, sqllite, gzip, zip, bz2, html, json, wave/audioop (audio operations), PIL (image processing), wave, pygame

• Google: [something I need] python

ipython• Extended interpreter capabilities• Acts almost like a shell• Adds history• Adds file completion by tab.• + Many more features.