def process_msg_udp(*msg): # should send client key to the server, so the server can be easier global clientlist, serverlist main_pw, client_sha1, number, tcp_port, remote_ip, version = msg[0], msg[ 1], msg[2], msg[3], msg[4], msg[5] salt = (''.join(choice(string.ascii_letters) for _ in range(16)))\ .encode('ASCII') if client_sha1 in clientlist: server = clientlist[client_sha1] else: server = choice(serverlist.keys()) clientlist[client_sha1] = server # Actually main_pw should be encrypted if you can main_pw_enc = serverlist[server].pub.encrypt(main_pw, None)[0] required_hex = "%X" % min((number), 255) unsigned_str = salt + str(number) + remote_ip + str(tcp_port) sign_hex = int2base(localpri.sign(unsigned_str.encode("UTF-8"), None)[0]) remote_port_hex = '%X' % tcp_port if len(required_hex) == 1: required_hex = '0' + required_hex remote_port_hex = '0' * (4 - len(remote_port_hex)) + remote_port_hex signature_for_auth = int2base( localpri.sign(main_pw.encode('UTF-8'), None)[0]) return '\r\n'.join( (salt, str(required_hex), str(remote_port_hex), str(client_sha1), str(sign_hex), main_pw_enc, str(remote_ip), signature_for_auth, version)), serverlist[server].addr
def process_msg_udp(*msg): # should send client key to the server, so the server can be easier global clientlist, serverlist main_pw, client_sha1, number, tcp_port, remote_ip, version = msg[ 0], msg[1], msg[2], msg[3], msg[4], msg[5] salt = (''.join(choice(string.ascii_letters) for _ in range(16)))\ .encode('ASCII') if client_sha1 in clientlist: server = clientlist[client_sha1] else: server = choice(serverlist.keys()) clientlist[client_sha1] = server # Actually main_pw should be encrypted if you can main_pw_enc = serverlist[server].pub.encrypt( main_pw, None)[0] required_hex = "%X" % min((number), 255) unsigned_str = salt + str(number) + remote_ip + str(tcp_port) sign_hex = int2base(localpri.sign(unsigned_str.encode("UTF-8"), None)[0]) remote_port_hex = '%X' % tcp_port if len(required_hex) == 1: required_hex = '0' + required_hex remote_port_hex = '0' * (4 - len(remote_port_hex)) + remote_port_hex signature_for_auth = int2base( localpri.sign(main_pw.encode('UTF-8'), None)[0]) return '\r\n'.join((salt, str(required_hex), str(remote_port_hex), str(client_sha1), str(sign_hex), main_pw_enc, str(remote_ip), signature_for_auth, version)), serverlist[server].addr
def generatereq(self): """ Generate strings for authentication. Message format: ( req_num_connection_number (HEX, 2 bytes) + used_remote_listening_port (HEX, 4 bytes) + sha1(cert_pub), pyotp.TOTP(pri_sha1 + ip_in_hex_form + salt), main_pw, # must send in encrypted form to avoid MITM ip_in_hex_form, salt, [cert1, cert2 (only when ptproxy is enabled)] ) """ msg = [""] number_in_hex = "%02X" % min((self.req_num), 255) msg[0] += number_in_hex msg[0] += "%04X" % self.remote_port msg[0] += self.clientpub_sha1 # print(self.clientpub_sha1) # print("======================") if self.ipv6 == "": myip = int2base(self.ip) else: myip = int2base( int( binascii.hexlify( socket.inet_pton(socket.AF_INET6, self.ipv6)), 16)) + "G" salt = binascii.hexlify(os.urandom(16)).decode("ASCII") h = hashlib.sha256() h.update((self.clientpri_sha1 + myip + salt + number_in_hex).encode('utf-8')) msg.append(TOTP(bytes(h.hexdigest(), "UTF-8")).now()) msg.append(binascii.hexlify(self.main_pw).decode("ASCII")) # print(self.main_pw) # print("======================") msg.append(myip) msg.append(salt) if 1 <= self.obfs_level <= 2: certs_byte = urlsafe_b64_short_encode(self.certs_send) msg.extend([certs_byte[:50], certs_byte[50:]]) elif self.obfs_level == 3: msg.append(''.join( [random.choice(ascii_letters) for _ in range(5)])) if Mode == "VPS": req_type = "00" elif Mode == "GAE": req_type = "01" msg.append(req_type + PROTO_VERSION) return '.'.join(msg)
def generatereq(self): """ Generate strings for authentication. Message format: ( req_num_connection_number (HEX, 2 bytes) + used_remote_listening_port (HEX, 4 bytes) + sha1(cert_pub), pyotp.TOTP(pri_sha1 + ip_in_hex_form + salt), main_pw, # must send in encrypted form to avoid MITM ip_in_hex_form, salt, [cert1, cert2 (only when ptproxy is enabled)] ) """ msg = [""] number_in_hex = "%02X" % min((self.req_num), 255) msg[0] += number_in_hex msg[0] += "%04X" % self.remote_port msg[0] += self.clientpub_sha1 # print(self.clientpub_sha1) # print("======================") if self.ipv6 == "": myip = int2base(self.ip) else: myip = int2base( int(binascii.hexlify(socket.inet_pton(socket.AF_INET6, self.ipv6)), 16)) + "G" salt = binascii.hexlify(os.urandom(16)).decode("ASCII") h = hashlib.sha256() h.update( (self.clientpri_sha1 + myip + salt + number_in_hex).encode('utf-8')) msg.append(TOTP(bytes(h.hexdigest(), "UTF-8")).now()) msg.append(binascii.hexlify(self.main_pw).decode("ASCII")) # print(self.main_pw) # print("======================") msg.append(myip) msg.append(salt) if 1 <= self.obfs_level <= 2: certs_byte = urlsafe_b64_short_encode(self.certs_send) msg.extend([certs_byte[:50], certs_byte[50:]]) elif self.obfs_level == 3: msg.append( ''.join([random.choice(ascii_letters) for _ in range(5)])) if Mode == "VPS": req_type = "00" elif Mode == "GAE": req_type = "01" msg.append(req_type + PROTO_VERSION) return '.'.join(msg)