def test_box_decode():
pub = PublicKey(
b"ec2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
encoder=HexEncoder,
)
priv = PrivateKey(
b"5c2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
encoder=HexEncoder,
)
b1 = Box(priv, pub)
b2 = Box.decode(b1._shared_key)
assert b1._shared_key == b2._shared_key
def test_box_decode():
pub = PublicKey(
b"ec2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
encoder=HexEncoder,
)
priv = PrivateKey(
b"5c2bee2d5be613ca82e377c96a0bf2220d823ce980cdff6279473edc52862798",
encoder=HexEncoder,
)
b1 = Box(priv, pub)
b2 = Box.decode(b1._shared_key)
assert b1._shared_key == b2._shared_key
def decrypt(self, packetID, payload):
if packetID == 20100:
self.sessionKey = payload[4:]
self.sk = PrivateKey.generate()
self.pk = self.sk.public_key
return payload
elif packetID == 20103 and not self.sessionKey:
packetReader = Reader(payload)
if packetReader.ReadVint() == 7:
print(
'[*] Look like masterHash is outdated ! Let the proxy update it'
)
fingerprint = packetReader.ReadString()
if fingerprint:
with open('config.json', 'r') as f:
config = json.load(f)
fingerprint = json.loads(fingerprint)
config['MasterHash'] = fingerprint['sha']
with open('config.json', 'w') as f:
f.write(json.dumps(config, indent=4))
f.close()
print('[*] MasterHash has been updated, re-run the proxy')
else:
print('[*] Got errorcode 7 without fingerprint')
else:
print(
'[*] PreAuth packet is outdated, please get the latest one on GaLaXy1036 Github !'
)
os._exit(1)
return payload
elif packetID == 22280 or (packetID == 20103 and self.sessionKey):
nonce = Nonce(self.encryptNonce, self.pk, self.serverKey)
decrypted = self.decryptPacket(payload, nonce)
self.sharedKey = Box.decode(
decrypted[24:56]) # Overwrite the previous sharedKey
self.decryptNonce = Nonce(decrypted[:24])
return decrypted[56:]
else:
return self.decryptPacket(payload)
def decrypt(self, packetID, payload):
if packetID == 20100:
self.sessionKey = payload[4:]
self.sk = PrivateKey.generate()
self.pk = self.sk.public_key
return payload
elif packetID == 20103 and not self.sessionKey:
return payload
elif packetID == 22280 or (packetID == 20103 and self.sessionKey):
nonce = Nonce(self.encryptNonce, self.pk, self.serverKey)
decrypted = self.decryptPacket(payload, nonce)
self.sharedKey = Box.decode(decrypted[24:56]) # Overwrite the previous sharedKey
self.decryptNonce = Nonce(decrypted[:24])
return decrypted[56:]
else:
return self.decryptPacket(payload)
def k(self, k):
self._k = Box.decode(k)
def handle_event(self, event):
for key in event:
if key in {"type", "from"}:
continue
elif key == "messageid":
event[key] = int(event[key], 16)
elif type(event[key]) is bool:
continue
elif type(event[key]) in {str, unicode}:
event[key] = event[key].decode("hex")
if event["type"] == "socket":
self.tee = Tee(os.path.join(self.BASE_DIR, "session-{}.log".format(event["threadid"])))
self.log("session started")
elif event["type"] == "keypair":
self.sk = PrivateKey(event["sk"])
self.dump({"sk": self.sk}, function="PrivateKey")
elif event["type"] == "send" or event["type"] == "recv":
if event["messageid"] == 10100:
event.update({"message": event["buffer"]})
self.dump(event)
elif event["messageid"] == 20100:
event.update({"message": event["buffer"]})
self.dump(event)
else:
if self.serverkey:
if self.sk:
if event["messageid"] == 10101:
self.pk = PublicKey(event["buffer"][:32])
self.dump({"pk": bytes(self.pk)}, function="PublicKey")
event["buffer"] = event["buffer"][32:]
if self.pk:
if event["messageid"] == 10101 or self.snonce:
if event["messageid"] in {10101, 20104} or self.rnonce:
if event["messageid"] in {10101, 20104} or self.k:
if event["messageid"] in {10101, 20104}:
k = Box(self.sk, self.serverkey)
self.dump({"s": k}, function="Box")
b2 = blake2b(digest_size=24)
if event["messageid"] == 20104:
b2.update(bytes(self.snonce))
b2.update(bytes(self.pk))
b2.update(bytes(self.serverkey))
nonce = b2.digest()
if event["messageid"] == 10101:
self.dump(
{"pk": self.pk, "serverkey": self.serverkey, "nonce": nonce},
function="blake2b",
)
elif event["messageid"] == 20104:
self.dump(
{
"snonce": self.snonce,
"pk": self.pk,
"serverkey": self.serverkey,
"nonce": nonce,
},
function="blake2b",
)
else:
k = self.k
if event["type"] == "send":
self.snonce = self.increment_nonce(self.snonce)
nonce = self.snonce
elif event["type"] == "recv":
self.rnonce = self.increment_nonce(self.rnonce)
nonce = self.rnonce
ciphertext = event["buffer"]
event.update({"k": k, "nonce": nonce, "ciphertext": event["buffer"]})
try:
message = k.decrypt(ciphertext, nonce)
except:
self.dump(event, error=True)
self.log(
"Warning: failed to decrypt {}".format(event["messageid"]), error=True
)
if event["messageid"] in {10101, 20104}:
raise
else:
if event["messageid"] == 10101:
self.snonce = message[24:48]
self.dump({"snonce": self.snonce}, function="slice")
message = message[48:]
elif event["messageid"] == 20104:
self.rnonce = message[:24]
self.k = Box.decode(message[24:56])
self.dump({"rnonce": self.rnonce, "k": self.k}, function="slice")
message = message[56:]
event.update({"message": message})
self.dump(event)
else:
raise Exception("Missing shared key ({}).".format(event["messageid"]))
else:
raise Exception("Missing server nonce ({}).".format(event["messageid"]))
else:
raise Exception("Missing client nonce ({}).".format(event["messageid"]))
else:
raise Exception("Missing public key ({}).".format(event["messageid"]))
else:
raise Exception("Missing secret key ({}).".format(event["messageid"]))
else:
raise Exception("Missing server key ({}).".format(event["messageid"]))
elif event["type"] == "closing":
self.log("session closed")
elif event["type"] == "close":
self.tee.flush()
self.tee.close()
else:
raise Exception("Invalid event type ({}).".format(event["type"]))
def decryptPacket(self, packet): # Get message id and payload data = Data(packet) data.unpack() msgid = data._msgid length = data._length payload = data._payload # Handle message ids if msgid == 20100: # Packet 20100 contains a 24-byte string # and is not encrypted # Extract session key (bk) and return values self._bk = payload[-24:] return msgid, length, payload elif msgid == 20103 or msgid == 20104: # Login Failed / OK packet # Generate nonce self._nonce = Nonce(self._hk, self._pk, bytes(self._snonce._nonce)) # Generate shared key / cryptobox self._s = CryptoBox(self._sk, self._hk) # Decrypt payload ciphertext = payload plaintext = self._s.decrypt(ciphertext, bytes(self._nonce._nonce)) # Extract rnonce and k self._rnonce = Nonce(nonce=plaintext[:24]) self._k = Box.decode(plaintext[24:56]) # Return message id and plaintext return msgid, length, plaintext[56:] else: # Increment rnonce by 2 self._rnonce.increment() # Decrypt plaintext print msgid ciphertext = payload plaintext = self._k.decrypt(ciphertext, bytes(self._snonce._nonce)) # Return plaintext return msgid, length, plaintext
def handle_event(self, event):
for key in event:
if key in {"type", "from"}:
continue
elif key == "messageid":
event[key] = int(event[key], 16)
elif type(event[key]) is bool:
continue
elif type(event[key]) in {str, unicode}:
event[key] = event[key].decode("hex")
if event["type"] == "socket":
self.tee = Tee(
os.path.join(self.BASE_DIR,
"session-{}.log".format(event["threadid"])))
self.log("session started")
elif event["type"] == "keypair":
self.sk = PrivateKey(event["sk"])
self.dump({"sk": self.sk}, function="PrivateKey")
elif event["type"] == "send" or event["type"] == "recv":
if event["messageid"] == 10100:
event.update({"message": event["buffer"]})
self.dump(event)
elif event["messageid"] == 20100:
event.update({"message": event["buffer"]})
self.dump(event)
else:
if self.serverkey:
if self.sk:
if event["messageid"] == 10101:
self.pk = PublicKey(event["buffer"][:32])
self.dump({"pk": bytes(self.pk)},
function="PublicKey")
event["buffer"] = event["buffer"][32:]
if self.pk:
if event["messageid"] == 10101 or self.snonce:
if event["messageid"] in {10101, 20104
} or self.rnonce:
if event["messageid"] in {10101, 20104
} or self.k:
if event["messageid"] in {
10101, 20104
}:
k = Box(self.sk, self.serverkey)
self.dump({"s": k}, function="Box")
b2 = blake2b(digest_size=24)
if event["messageid"] == 20104:
b2.update(bytes(self.snonce))
b2.update(bytes(self.pk))
b2.update(bytes(self.serverkey))
nonce = b2.digest()
if event["messageid"] == 10101:
self.dump(
{
"pk": self.pk,
"serverkey":
self.serverkey,
"nonce": nonce
},
function="blake2b")
elif event["messageid"] == 20104:
self.dump(
{
"snonce": self.snonce,
"pk": self.pk,
"serverkey":
self.serverkey,
"nonce": nonce
},
function="blake2b")
else:
k = self.k
if event["type"] == "send":
self.snonce = self.increment_nonce(
self.snonce)
nonce = self.snonce
elif event["type"] == "recv":
self.rnonce = self.increment_nonce(
self.rnonce)
nonce = self.rnonce
ciphertext = event["buffer"]
event.update({
"k":
k,
"nonce":
nonce,
"ciphertext":
event["buffer"]
})
try:
message = k.decrypt(
ciphertext, nonce)
except:
self.dump(event, error=True)
self.log(
"Warning: failed to decrypt {}"
.format(event["messageid"]),
error=True)
if event["messageid"] in {
10101, 20104
}:
raise
else:
if event["messageid"] == 10101:
self.snonce = message[24:48]
self.dump(
{"snonce": self.snonce},
function="slice")
message = message[48:]
elif event["messageid"] == 20104:
self.rnonce = message[:24]
self.k = Box.decode(
message[24:56])
self.dump(
{
"rnonce": self.rnonce,
"k": self.k
},
function="slice")
message = message[56:]
event.update({"message": message})
self.dump(event)
else:
raise Exception(
"Missing shared key ({}).".format(
event["messageid"]))
else:
raise Exception(
"Missing server nonce ({}).".format(
event["messageid"]))
else:
raise Exception(
"Missing client nonce ({}).".format(
event["messageid"]))
else:
raise Exception("Missing public key ({}).".format(
event["messageid"]))
else:
raise Exception("Missing secret key ({}).".format(
event["messageid"]))
else:
raise Exception("Missing server key ({}).".format(
event["messageid"]))
elif event["type"] == "closing":
self.log("session closed")
elif event["type"] == "close":
self.tee.flush()
self.tee.close()
else:
raise Exception("Invalid event type ({}).".format(event["type"]))
def k(self, k):
self._k = Box.decode(k)
