0

I have a string, rsastring that represents some binary data. It contains the following:

b'N(\xc8.\xd3\x1eG\xaa\xe1\xbc\xd5\x95p\x03\\\x043\x8f\x03\xad\xc6\xc5\xd9z\x19.\xf0\x9c\x07R\xaf12\xb9;\xb1w\xc1Q\x8fd\x85\x92\x8e<eZ\xf1\xa2Y\x9c\x82.\x9ay\xe8j\xa6\x1d9\x8d\xb3\xc0\xd4x>$\xc5x\xa74\x94\xbf\t\x87f\xca\xb5\t\xeb\xeb\xb5\xff\xde{TC\x05\t\x88\xbcP\x0cN\xd0\xc8\xfd\xe2\xa4\xc1f]\xec\xb9y\x0f,\xfe\xcfk\xd9\xd0\xa2\xc3p\x15\xd8w\xa0\x98\xc0A\xe6\xcfeq\x8e\xf2b\x915y.\xdc\xfa\x1b\x92\xe2.C\xb7\xef\xccxT\xd6!\xf7\xc79U\xe4\xd8\x12\x9b\xda\xfcv\x19k\xef\x9dHD\xa1\xea\x92\x14\xc4h\x06\x0b\x12!\x06\xff=\xde\xf3\xaa\x83#\x01\x96)8\xc9Q\xbb\xcfX\x14\xdfc\x98n.I\x0ef\xb8<\xb0\x99(\x8c2\xff\x97Uw\xe6\xc8\xab\xa3H\xbf\x10\xf4\xa3h/\xa3$\xe2kOgR\xeb\xc6\xf4\x94\xa0\x1c\xbf\xe4\x96dX\xbd\xa8\x0e\x801\xa7\xc8\xa6\t\xe2\xb3\x07\xe2\x80\xf3\xc3\xb7k\xce\xbcu\x1e\xac\xbc\x99\xce\x89e;\x0cB{.\xc1\xa2Ki\x8c\x19\x94\x16\xe3RV\xc7*t\xac\xe9}\xce\xb7_\xd2\xd5pg\x8a}\xa6\x00\x81\xe4&\xce\xe5SK2\x1d\xc1\x8efu\xa0:QqqbR\x84\xff\xd5\xca\\L\xd7\x02\xa3\x1fy\xff\xfdm\xf6@\xa5\xea\xdee\x04\x1e5m\x8eq\x1cy\x04\t\xdf\x94\xff\x1a\x99Y\xad!u\xf2.\xac<\x12\xb7\x83V\x13?\x91\xd8\xd1c@BP\x90"\xf5&\xa6\xbd\x10F\x1d\x85\xdb\x94u\xd2\xfc\x85\x01|\xe5\xc4\xe5U\xe6d\xad$\x94WH\xdf\xed\x9d\xa1J\xe2\xd9\xa78z\x19\x91$\x04\xabi\xc9\x17x\xa48(y\x12C\xbe}\xbb2s,\x88\xe8\xaa\xea\xd3z,\x93\xaf\xe5\xdbf\xaatk\xdeV3,R4(\t\xc3Y\xf7\x12\x82\xaa\x07\x0f\xfc\xc7\xcfk\xe6\x0ec^OO|\xf2\xe1[.\x93S]\xa8d\x12\xf1\xab\x80\x9c?\xd6s\xbe\xf2~\x98\x1f\xc7E6\x97\nTyl\xf7LP'

Basically, it is ciphertext from an RSA encryptor, and I am now about to decrypt it. However, the encryptor wants binary data, and the above blob actually reads as a string:

print("TYPE: " + str(type(rsastring)))
TYPE: <class 'str'>

rsastring was produced by str(somebinarydatafromrsaencryptor) to begin with, so I would've thought that various forms of encode(), decode('utf-8') etc would do the trick, but they only seem to further escape the control characters in the string.

How do I go about converting rsastring to actual binary data so that I can pass it off to my encryptor? What am I missing?

EDIT: Addressing the "XY Problem" with this question

The above case stems from the following thought process:

  1. Generate some binary data for sending over a socket: theBinData = someFunctionThatProducesRsaCiphertext()
  2. Prefix binary data with a tag so that it is recognized on the server side: outBuffer = "TAGNAME " + str(theBinData)
  3. It is later shoved through the socket: socket.send(str.encode(outBuffer))
  4. Upon reception on the server side, the tag is stripped off by the client handler, and it is sent off to a function that is supposed to decrypt the cipher text. However, I need to somehow turn the rsastring blob into actual binary. I believe I may be going about sending this rsa encrypted string the wrong way.

As per the comment of @metatoaster, here's print(repr(rsastring))

TYPE: <class 'str'>
'b\'\\x14\\xad\\xdd\\xedEmP<\\x8c\\xbe\\xfc\\x1a:cE\\xbb\\xcaa\\xee-S\\x17\\x85\\xefV\\x9c\\xc2e\\x15\\xeeJ\\x88\\xc3x"\\x1a\\xe2\\xca\\xa8\\x0e\\xcf\\x87T\\x07\\x95\\x06\\x1b8g\\xce\\xd8F\\x89\\x82\\\'mi\\xc9\\xfb\\xed\\xb9\\xd5\\xbd\\x89dY\\xa4\\xbb\\xed\\xa88~t-\\xcd\\xf9\\xd5\\x8a\\xdd\\xf7R|\\x82-\\x04n\\xb4p\\xc9\\x8eE3\\xc0\\xaf\\r\\x0c\\xf4\\xef\\xa031\\xc5P\\x89~\\x1f\\x98\\x06R\\x8e7\\x9d\\xc1\\xa7&\\xcfG\\xf2 \\x8f%x\\xdbM\\x0f\\x93X\\x0ekm\\xe7\\xcfJ\\x04(\\xb6\\x89.\\x93\\xb3\\xf7\\xfe\\xec\\x02\\xa2\\xfdg\\x06\\xf1z\\xcf`\\xab\\xea\\xf34\\xea\\x02#E\\x94\\xf21t\\x05y\\xb9\\x0b\\xc3\\x1b\\xf6V\\x00\\x9d5a~\\x05R\\xeez<\\xefN\\x9a#\\xa8\\xc6\\xebq\\x02\\xfc\\xea\\x98\\x98\\xb0a\\xdf\\xa1N+\\x15\\x1a\\xe9Z\\xd8\\xaf\\xc0\\x7f5\\xe3\\x08\\xf9\\n\\xee{Y\\x04uZ\\x16S\\xcfM\\x08T\\x95L"\\xed\\x1d9Y\\n\\x85\\xa6\\xe5|\\x8d{$b\\xf9J\\xc5#f\\x04\\xea\\xeb#p\\x96P\\xb9_\\\\\\xa6J\\xcc\\xd6\\x1f\\xfcP\\x84h:\\x08d\\x9e\\xf4F-CA\\xb6\\x81:Ym\\xb5\\xb7}\\xeex\\xfb\\xa47\\xc5\\xe90\\xa7{\\x13\\xee\\x11:\\xaf)Y\\xa1\\x01\\xa7\\x80A]\\xf2\\x83\\xd9\\x9c\\xca\\xe7;\\x91e\\xf7\\xe9\\x10\\xbe!\\xd7\\x1e\\xd7a#\\\'\\xaf`\\x81\\xe3Q\\xc5y\\xc2\\xb3\\x807\\xc6\\xd3\\xd8B\\x93\\xd9\\x026\\xc9\\x8ePY\\xacej\\xbc?\\xa1Y\\x057I:\\x94\\xd6\\xa9\\xe5Y.\\xee\\xe1\\xbft{\\xdey:!\\x9d\\xe1IJ\\x0c\\x1dr\\xb2\\x99\\x11pNa\\x003\\xf2Z2\\xf7\\xcbF\\xd6\\x9b\\xd6\\x1a\\x92\\x82D\\x8b|2\\xc6\\x9d\\xf3\\xf0\\xdal3ドル\\xd5\\x8d\\x96\\xbaz\\x94t\\xa4\\xab-\\x1a\\xf4\\x11GS\\x85o\\xe2GN\\xd6\\xa0\\xf5\\x9d\\x0b\\x95\\x15\\x0e\\x03\\xc0\\x83M\\xe6\\xd8N\\xa9\\xc6\\xa3:k\\xe5\\xf6\\xb8\\xe7\\xf7\\x00\\xabH|IN\\xbf0(\\x14i\\xbb\\xe3\\xfe\\xb9\\xca\\xeb\\xae|\\xb3\\xde\\xc5\\xc5\\xaf\\x11O\\xe0l\\xf9$\\xfa5{\\xea\\x9aCI\\xd0r{\\xb5P\\x95\\x0b\\xaa\\xe5\\xd1\\xb8\\xf3\\x05\\xf5\\x8b\\x97\''
asked Jul 27, 2020 at 11:57
12
  • 1
    You initially had a "b'N...'" and now the edit you have it as b'N...', so is it it actually a str or you had bytes that somehow got casted into a str? It would be useful if you also give the output of print(repr(rsastring)). Commented Jul 27, 2020 at 12:00
  • 1
    Have you tried ast.literal_eval()? Commented Jul 27, 2020 at 12:00
  • 2
    rsastring was produced by str(somebinarydatafromrsaencryptor) - this is the wrong thing to do; if you want to decode bytes to str, call the bytes instance's decode method. Commented Jul 27, 2020 at 12:02
  • 1
    You will need to use ast.literal_eval as suggested to recover the output produced by bytes.__repr__() that was implicitly called by str(theBinData), e.g. ast.literal_eval('b\'\\x14\\xad\\xdd\\xedEmP...\'', and you should see that the original bytes object is reproduced. Commented Jul 27, 2020 at 12:46
  • 1
    Though note that it would be better to fix step 2 as @metatoaster indicates: stringifying theBinData is why the entire thing breaks, you could just use a "binary" tag name and shove that through the socket, it would avoid back and forths, wouldn't corrupt your data, and would gain you some network traffic. Commented Jul 27, 2020 at 13:20

1 Answer 1

3

You can use binary_data = ast.literal_eval(rsastring). This will assign the binary data to a variable called binary_data.

Don't call exec or eval on your data! The data might not be safe, and passing unsafe data to exec or eval is not safe. Only ast.literal_eval is safe.

answered Jul 27, 2020 at 12:54
Sign up to request clarification or add additional context in comments.

5 Comments

Please don't do this. The context already given was that this data was sent over a socket - this strongly implies that the source of rsastring is untrusted and usage of exec will directly result in remote execution of untrusted code (a massive security vulnerability). As discussed in the comments, ast.literal_eval is the safe alternative that will not evaluate arbitrary code.
There is a difference between eval and ast.literal_eval - eval is still not safe.
Oh yes... if I imported os then eval('os.system("some stuff")') can work!
The import is not needed; try eval('__import__("os").system') in the interactive console.
It's alright, but we agree this is insecure, and too many people copy code blindly from SO :) Suggested reading for the safety aspect: nedbatchelder.com/blog/201206/eval_really_is_dangerous.html and stackoverflow.com/questions/1832940/…

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.