We know now the major language has its serialization and de-serialization of data mode,
Such as php's serialize and unserialize functions
Python course, there are the official library provides a library of known pickle
String serialization Explanation
import pickle
x = "yuaneuro"
y = pickle.dumps(x) # 序列化
print(y)
An example of the above sequence of python pickle string
operation result:
b'\x80\x03X\x08\x00\x00\x00yuaneuroq\x00.'
Explanation:
Frontmost b '' represents a bytes object which is
the first character \ X80 is an opcode, is to identify the pickle protocol
\ X03 represents the pickle Third Edition version (version is implemented to python3 third edition)
\ X08 \ x00 \ x00 \ x00, 8 value representing the length of the string behind utf8 encoding is 8, i.e., the length of 8 yuaneuro
later access yuaneuro
then again a q \ x00, indexed by the parameters to
the final. mean the end
Tuple (tuple) serialization explanation
import pickle
x = ('bar','foo')
y = pickle.dumps(x) # 序列化
print(y)
An example of the above sequence of python pickle tuple
operation result:
b'\x80\x03X\x03\x00\x00\x00barq\x00X\x03\x00\x00\x00fooq\x01\x86q\x02.''
Explanation:
Serialized string as the front
at the end of the two strings plus \ x86 opcodes, means "with two elements of the stack (i.e., bar and fo'o) establishment of a tuple
q \ x02 identifying the element in the group's index memo
List (list) serialization explanation
import pickle
x = ['bar','foo']
y = pickle.dumps(x) # 序列化
print(y)
An example of the above sequence of python pickle list
operation result:
b'\x80\x03]q\x00(X\x03\x00\x00\x00barq\x01X\x03\x00\x00\x00fooq\x02e.'
Explanation:
In \ x03 is a rear ]
operator, meaning that create an empty list on the stack
q \ x00 is the list of the index memo
from (
the start to e
the foregoing operation of the contents of that used to construct the list
Dictionary (dict) serialization explanation
import pickle
x = {'name':'yuaneuro', 'age':'20'}
y = pickle.dumps(x) # 序列化
print(y)
An example of the above sequence of python pickle dictionaries
operation result:
b'\x80\x03}q\x00(X\x04\x00\x00\x00nameq\x01X\x08\x00\x00\x00yuaneuroq\x02X\x03\x00\x00\x00ageq\x03X\x02\x00\x00\x0020q\x04u.'
Explanation:
In \ x03 is a rear }
operator, meaning that create an empty dict on the stack
q \ x00 dict shows the memo area index
from }
the start to u
the front of the contents of that operation is used to build dict
Category (class) of serialization Explanation
import pickle
class Student(object):
name = 'yuaneuro'
age = '20'
y = pickle.dumps(Student())
print(y)
In the above example of a sequence of python pickle class
operation result:
b'\x80\x03c__main__\nStudent\nq\x00)\x81q\x01.'
Explanation:
c
Operator, for introduction between a module identifier and the module identifier \n
spaced apart
so introduced is meant herein main module Student
class
q \ x00 Student class index represents the memo
followed )
established on the stack a new tuple, the tuple is stored parameters when a need to provide new objects, since no parameters in the present embodiment, the tuple is null
\ X81 operator, the operator calls the cls.__new__
method to create an object, the method accept parameters preceding tuple
Introduction to these, I will introduce the next blog post 反序列化漏洞
and任意代码执行
python deserialization vulnerability to arbitrary code execution