def test_box_decode(): pub = PublicKey( b"ec2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798", encoder=HexEncoder, ) priv = PrivateKey( b"5c2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798", encoder=HexEncoder, ) b1 = Box(priv, pub) b2 = Box.decode(b1._shared_key) assert b1._shared_key == b2._shared_key
def test_box_decode(): pub = PublicKey( b"ec2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798", encoder=HexEncoder, ) priv = PrivateKey( b"5c2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798", encoder=HexEncoder, ) b1 = Box(priv, pub) b2 = Box.decode(b1._shared_key) assert b1._shared_key == b2._shared_key
def decrypt(self, packetID, payload): if packetID == 20100: self.sessionKey = payload[4:] self.sk = PrivateKey.generate() self.pk = self.sk.public_key return payload elif packetID == 20103 and not self.sessionKey: packetReader = Reader(payload) if packetReader.ReadVint() == 7: print( '[*] Look like masterHash is outdated ! Let the proxy update it' ) fingerprint = packetReader.ReadString() if fingerprint: with open('config.json', 'r') as f: config = json.load(f) fingerprint = json.loads(fingerprint) config['MasterHash'] = fingerprint['sha'] with open('config.json', 'w') as f: f.write(json.dumps(config, indent=4)) f.close() print('[*] MasterHash has been updated, re-run the proxy') else: print('[*] Got errorcode 7 without fingerprint') else: print( '[*] PreAuth packet is outdated, please get the latest one on GaLaXy1036 Github !' ) os._exit(1) return payload elif packetID == 22280 or (packetID == 20103 and self.sessionKey): nonce = Nonce(self.encryptNonce, self.pk, self.serverKey) decrypted = self.decryptPacket(payload, nonce) self.sharedKey = Box.decode( decrypted[24:56]) # Overwrite the previous sharedKey self.decryptNonce = Nonce(decrypted[:24]) return decrypted[56:] else: return self.decryptPacket(payload)
def decrypt(self, packetID, payload): if packetID == 20100: self.sessionKey = payload[4:] self.sk = PrivateKey.generate() self.pk = self.sk.public_key return payload elif packetID == 20103 and not self.sessionKey: return payload elif packetID == 22280 or (packetID == 20103 and self.sessionKey): nonce = Nonce(self.encryptNonce, self.pk, self.serverKey) decrypted = self.decryptPacket(payload, nonce) self.sharedKey = Box.decode(decrypted[24:56]) # Overwrite the previous sharedKey self.decryptNonce = Nonce(decrypted[:24]) return decrypted[56:] else: return self.decryptPacket(payload)
def k(self, k): self._k = Box.decode(k)
def handle_event(self, event): for key in event: if key in {"type", "from"}: continue elif key == "messageid": event[key] = int(event[key], 16) elif type(event[key]) is bool: continue elif type(event[key]) in {str, unicode}: event[key] = event[key].decode("hex") if event["type"] == "socket": self.tee = Tee(os.path.join(self.BASE_DIR, "session-{}.log".format(event["threadid"]))) self.log("session started") elif event["type"] == "keypair": self.sk = PrivateKey(event["sk"]) self.dump({"sk": self.sk}, function="PrivateKey") elif event["type"] == "send" or event["type"] == "recv": if event["messageid"] == 10100: event.update({"message": event["buffer"]}) self.dump(event) elif event["messageid"] == 20100: event.update({"message": event["buffer"]}) self.dump(event) else: if self.serverkey: if self.sk: if event["messageid"] == 10101: self.pk = PublicKey(event["buffer"][:32]) self.dump({"pk": bytes(self.pk)}, function="PublicKey") event["buffer"] = event["buffer"][32:] if self.pk: if event["messageid"] == 10101 or self.snonce: if event["messageid"] in {10101, 20104} or self.rnonce: if event["messageid"] in {10101, 20104} or self.k: if event["messageid"] in {10101, 20104}: k = Box(self.sk, self.serverkey) self.dump({"s": k}, function="Box") b2 = blake2b(digest_size=24) if event["messageid"] == 20104: b2.update(bytes(self.snonce)) b2.update(bytes(self.pk)) b2.update(bytes(self.serverkey)) nonce = b2.digest() if event["messageid"] == 10101: self.dump( {"pk": self.pk, "serverkey": self.serverkey, "nonce": nonce}, function="blake2b", ) elif event["messageid"] == 20104: self.dump( { "snonce": self.snonce, "pk": self.pk, "serverkey": self.serverkey, "nonce": nonce, }, function="blake2b", ) else: k = self.k if event["type"] == "send": self.snonce = self.increment_nonce(self.snonce) nonce = self.snonce elif event["type"] == "recv": self.rnonce = self.increment_nonce(self.rnonce) nonce = self.rnonce ciphertext = event["buffer"] event.update({"k": k, "nonce": nonce, "ciphertext": event["buffer"]}) try: message = k.decrypt(ciphertext, nonce) except: self.dump(event, error=True) self.log( "Warning: failed to decrypt {}".format(event["messageid"]), error=True ) if event["messageid"] in {10101, 20104}: raise else: if event["messageid"] == 10101: self.snonce = message[24:48] self.dump({"snonce": self.snonce}, function="slice") message = message[48:] elif event["messageid"] == 20104: self.rnonce = message[:24] self.k = Box.decode(message[24:56]) self.dump({"rnonce": self.rnonce, "k": self.k}, function="slice") message = message[56:] event.update({"message": message}) self.dump(event) else: raise Exception("Missing shared key ({}).".format(event["messageid"])) else: raise Exception("Missing server nonce ({}).".format(event["messageid"])) else: raise Exception("Missing client nonce ({}).".format(event["messageid"])) else: raise Exception("Missing public key ({}).".format(event["messageid"])) else: raise Exception("Missing secret key ({}).".format(event["messageid"])) else: raise Exception("Missing server key ({}).".format(event["messageid"])) elif event["type"] == "closing": self.log("session closed") elif event["type"] == "close": self.tee.flush() self.tee.close() else: raise Exception("Invalid event type ({}).".format(event["type"]))
def decryptPacket(self, packet): # Get message id and payload data = Data(packet) data.unpack() msgid = data._msgid length = data._length payload = data._payload # Handle message ids if msgid == 20100: # Packet 20100 contains a 24-byte string # and is not encrypted # Extract session key (bk) and return values self._bk = payload[-24:] return msgid, length, payload elif msgid == 20103 or msgid == 20104: # Login Failed / OK packet # Generate nonce self._nonce = Nonce(self._hk, self._pk, bytes(self._snonce._nonce)) # Generate shared key / cryptobox self._s = CryptoBox(self._sk, self._hk) # Decrypt payload ciphertext = payload plaintext = self._s.decrypt(ciphertext, bytes(self._nonce._nonce)) # Extract rnonce and k self._rnonce = Nonce(nonce=plaintext[:24]) self._k = Box.decode(plaintext[24:56]) # Return message id and plaintext return msgid, length, plaintext[56:] else: # Increment rnonce by 2 self._rnonce.increment() # Decrypt plaintext print msgid ciphertext = payload plaintext = self._k.decrypt(ciphertext, bytes(self._snonce._nonce)) # Return plaintext return msgid, length, plaintext
def handle_event(self, event): for key in event: if key in {"type", "from"}: continue elif key == "messageid": event[key] = int(event[key], 16) elif type(event[key]) is bool: continue elif type(event[key]) in {str, unicode}: event[key] = event[key].decode("hex") if event["type"] == "socket": self.tee = Tee( os.path.join(self.BASE_DIR, "session-{}.log".format(event["threadid"]))) self.log("session started") elif event["type"] == "keypair": self.sk = PrivateKey(event["sk"]) self.dump({"sk": self.sk}, function="PrivateKey") elif event["type"] == "send" or event["type"] == "recv": if event["messageid"] == 10100: event.update({"message": event["buffer"]}) self.dump(event) elif event["messageid"] == 20100: event.update({"message": event["buffer"]}) self.dump(event) else: if self.serverkey: if self.sk: if event["messageid"] == 10101: self.pk = PublicKey(event["buffer"][:32]) self.dump({"pk": bytes(self.pk)}, function="PublicKey") event["buffer"] = event["buffer"][32:] if self.pk: if event["messageid"] == 10101 or self.snonce: if event["messageid"] in {10101, 20104 } or self.rnonce: if event["messageid"] in {10101, 20104 } or self.k: if event["messageid"] in { 10101, 20104 }: k = Box(self.sk, self.serverkey) self.dump({"s": k}, function="Box") b2 = blake2b(digest_size=24) if event["messageid"] == 20104: b2.update(bytes(self.snonce)) b2.update(bytes(self.pk)) b2.update(bytes(self.serverkey)) nonce = b2.digest() if event["messageid"] == 10101: self.dump( { "pk": self.pk, "serverkey": self.serverkey, "nonce": nonce }, function="blake2b") elif event["messageid"] == 20104: self.dump( { "snonce": self.snonce, "pk": self.pk, "serverkey": self.serverkey, "nonce": nonce }, function="blake2b") else: k = self.k if event["type"] == "send": self.snonce = self.increment_nonce( self.snonce) nonce = self.snonce elif event["type"] == "recv": self.rnonce = self.increment_nonce( self.rnonce) nonce = self.rnonce ciphertext = event["buffer"] event.update({ "k": k, "nonce": nonce, "ciphertext": event["buffer"] }) try: message = k.decrypt( ciphertext, nonce) except: self.dump(event, error=True) self.log( "Warning: failed to decrypt {}" .format(event["messageid"]), error=True) if event["messageid"] in { 10101, 20104 }: raise else: if event["messageid"] == 10101: self.snonce = message[24:48] self.dump( {"snonce": self.snonce}, function="slice") message = message[48:] elif event["messageid"] == 20104: self.rnonce = message[:24] self.k = Box.decode( message[24:56]) self.dump( { "rnonce": self.rnonce, "k": self.k }, function="slice") message = message[56:] event.update({"message": message}) self.dump(event) else: raise Exception( "Missing shared key ({}).".format( event["messageid"])) else: raise Exception( "Missing server nonce ({}).".format( event["messageid"])) else: raise Exception( "Missing client nonce ({}).".format( event["messageid"])) else: raise Exception("Missing public key ({}).".format( event["messageid"])) else: raise Exception("Missing secret key ({}).".format( event["messageid"])) else: raise Exception("Missing server key ({}).".format( event["messageid"])) elif event["type"] == "closing": self.log("session closed") elif event["type"] == "close": self.tee.flush() self.tee.close() else: raise Exception("Invalid event type ({}).".format(event["type"]))
def k(self, k): self._k = Box.decode(k)