def aes_encrypt_with_iv(key, iv, data):
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc)
e = aes.feed(data) + aes.feed() # empty aes.feed() appends pkcs padding
return e
def aes_decrypt_with_iv(key, iv, data):
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Decrypter(aes_cbc)
s = aes.feed(data) + aes.feed() # empty aes.feed() strips pkcs padding
return s
def aes_encrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc)
e = aes.feed(data) + aes.feed() # empty aes.feed() appends pkcs padding
assert isinstance(e, bytes)
return e
def aes_decrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Decrypter(aes_cbc)
s = aes.feed(data) + aes.feed() # empty aes.feed() strips pkcs padding
assert isinstance(s, bytes)
return s
def get_access_attrs(content, url, check=True):
values = {}
attrs = {}
mw_pid = re.compile(r"partner_id:\s*(\w*),").findall(content)[0]
p_domain_id = re.compile(r"domain_id:\s*(\w*),").findall(content)[0]
_mw_adb = False
video_token = re.compile(r"video_token:\s*\S?\'([0-9a-f]*)\S?\'").findall(
content)[0]
ref = re.compile('ref: \'(.+?)\'').findall(content)[0]
js_path = re.compile(r'script src=\"(.*)\"').findall(content)[0]
headers = {
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
}
if "://" in js_path:
request = urllib2.Request(js_path, "", headers)
else:
request = urllib2.Request("http://" + url.split('/')[2] + js_path, "",
headers)
request.get_method = lambda: 'GET'
js_page = urllib2.urlopen(request).read()
t = EncryptedData()
t.a = mw_pid
t.b = p_domain_id
t.c = _mw_adb
#t.d = window_value
t.e = video_token
t.f = USER_AGENT
json_string = t.to_json()
e_value = addon.getSetting('value1')
n_value = addon.getSetting('value2')
encrypted = ''
try:
encrypt_mode = pyaes.AESModeOfOperationCBC(binascii.a2b_hex(e_value),
binascii.a2b_hex(n_value))
encrypter = pyaes.Encrypter(encrypt_mode)
encrypted += encrypter.feed(json_string)
encrypted += encrypter.feed()
except:
pass
host = re.compile(r"host: \'(.+?)\'").findall(content)[0]
attrs['purl'] = "http://" + host + "/vs"
values["q"] = base64.standard_b64encode(encrypted)
values["ref"] = ref
#check
if (check == True) and vurl:
response = ''
try:
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
opener.addheaders = [("User-Agent", USER_AGENT)]
request = urllib2.Request(attrs["purl"], urllib.urlencode(values),
{})
connection = opener.open(request)
response = connection.read()
except:
values, attrs = reload_values2(content, url)
if response and (not ("mp4" in response)):
values, attrs = reload_values2(content, url)
xbmc.log("param=" + repr(values) + " " + repr(attrs))
return values, attrs
def decrypt_pyaes(self, payload):
aes = pyaes.AESModeOfOperationCBC(self.key, iv=bytes(self.iv))
return b"".join([aes.decrypt(bytes(payload[i:i + 16])) for i in range(0, len(payload), 16)])
# Encrypt the 1KB text file stored in the variable plaintext with the given key produced in first step:
#create a initial vector iv of 16bytes ,ALso remember CBC takes in one block size
iv = os.urandom(16)
#read the text file
with open('1kb.txt','rb') as f :
plaintext = f.read()
statinfo = os.stat('1kb.txt')
f_Size= statinfo.st_size
#perform the AES-256-CTR-Encryption using the text, key and iv. Also the text file must be 16bytes
ency_start = time.time()
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv))
ciphertext = []
for line in open('1kb.txt'):
ciphertext += encrypter.feed(line)
#Make a final call to flush any remaining bytes and add padding
ciphertext +=encrypter.feed()
ency_stop = time.time()
#to check total time for encryption
encr_time = (ency_stop - ency_start)*1000000
#write the cipher text into a file
file = open('cipher.txt','w')
file.write(str(ciphertext))
def prepare(self, document, overrideID=None):
# get ready to do encryption
if DEBUG:
print('StandardEncryption.prepare(...) - revision %d' %
self.revision)
if self.prepared:
raise ValueError("encryption already prepared!")
# get the unescaped string value of the document id (first array element).
# we allow one to be passed in instead to permit reproducible tests
# of our algorithm, but in real life overrideID will always be None
if overrideID:
internalID = overrideID
else:
externalID = document.ID() # initialize it...
internalID = document.signature.digest()
#AR debugging
if CLOBBERID:
internalID = "xxxxxxxxxxxxxxxx"
if DEBUG:
print('userPassword = %r' % self.userPassword)
print('ownerPassword = %r' % self.ownerPassword)
print('internalID = %r' % internalID)
self.P = int(self.permissionBits() - 2**31)
if CLOBBERPERMISSIONS: self.P = -44 # AR hack
if DEBUG:
print("self.P = %s" % repr(self.P))
if self.revision == 5:
# Init vectro for AES cipher (should be 16 bytes null array)
iv = b'\x00' * 16
# Random User salts
uvs = os_urandom(8)
uks = os_urandom(8)
# the main encryption key
self.key = asBytes(os_urandom(32))
if DEBUG:
print("uvs (hex) = %s" % hexText(uvs))
print("uks (hex) = %s" % hexText(uks))
print("self.key (hex) = %s" % hexText(self.key))
# Calculate the sha-256 hash of the User password (U)
md = sha256(asBytes(self.userPassword[:127]) + uvs)
self.U = md.digest() + uvs + uks
if DEBUG:
print("self.U (hex) = %s" % hexText(self.U))
# Calculate the User encryption key (UE)
md = sha256(asBytes(self.userPassword[:127]) + uks)
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(md.digest(), iv=iv))
self.UE = encrypter.feed(self.key)
self.UE += encrypter.feed()
if DEBUG:
print("self.UE (hex) = %s" % hexText(self.UE))
# Random Owner salts
ovs = os_urandom(8)
oks = os_urandom(8)
# Calculate the hash of the Owner password (U)
md = sha256(asBytes(self.ownerPassword[:127]) + ovs + self.U)
self.O = md.digest() + ovs + oks
if DEBUG:
print("self.O (hex) = %s" % hexText(self.O))
# Calculate the User encryption key (OE)
md = sha256(asBytes(self.ownerPassword[:127]) + oks + self.U)
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(md.digest(), iv=iv))
self.OE = encrypter.feed(self.key)
self.OE += encrypter.feed()
if DEBUG:
print("self.OE (hex) = %s" % hexText(self.OE))
# Compute permissions array
permsarr = [
self.P
& 0xFF, # store the permission value in the first 32-bits
self.P >> 8 & 0xFF,
self.P >> 16 & 0xFF,
self.P >> 24 & 0xFF,
0xFF,
0xFF,
0xFF,
0xFF,
ord(
'T'
), # 'T' if EncryptMetaData is True (default), 'F' otherwise
ord('a'), # a, d, b are magic values
ord('d'),
ord('b'),
0x01, # trailing zeros will be ignored
0x01,
0x01,
0x01
]
# the permission array should be enrypted in the Perms field
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.key, iv=iv))
self.Perms = encrypter.feed(bytes3(permsarr))
self.Perms += encrypter.feed()
if DEBUG:
print("self.Perms (hex) = %s" % hexText(self.Perms))
elif self.revision in (2, 3):
self.O = computeO(self.userPassword, self.ownerPassword,
self.revision)
if DEBUG:
print("self.O (as hex) = %s" % hexText(self.O))
#print "\nself.O", self.O, repr(self.O)
self.key = encryptionkey(self.userPassword,
self.O,
self.P,
internalID,
revision=self.revision)
if DEBUG:
print("self.key (hex) = %s" % hexText(self.key))
self.U = computeU(self.key,
revision=self.revision,
documentId=internalID)
if DEBUG:
print("self.U (as hex) = %s" % hexText(self.U))
self.objnum = self.version = None
self.prepared = 1
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
conn, addr = s.accept()
print('[+] Connected by ', addr)
g = 17959
p = 6
b = 673
A = int(s.recv(100).decode())
B = (g ** b) % p
s.send(str(B).encode())
AESkey = (A ** b) % p
hashed = hashlib.sha256(AESkey).digest()
aes = pyaes.AESModeOfOperationCBC(hashed)
else:
print("[+] Server Running ")
print("[+] Waiting For Connection...")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
conn, addr = s.accept()
print('[+] Connected by ', addr)
def verify_and_display(recv_dict):
def aes_encrypt(key, data, iv):
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv=iv))
enc_data = encrypter.feed(data)
enc_data += encrypter.feed()
return enc_data
def login(self, username=None, password=None):
# Modified from:
# https://github.com/retrospect-addon/plugin.video.retrospect/blob/master/channels/channel.se/sbs/chn_sbs.py
# Local import to not slow down any other stuff
import binascii
try:
# If running on Leia
import pyaes
except:
# If running on Pre-Leia
from resources.lib import pyaes
import random
now = int(time.time())
b64_now = binascii.b2a_base64(str(now).encode()).decode().strip()
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 " \
"(KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
window_id = "{}|{}".format(
binascii.hexlify(os.urandom(16)).decode(),
binascii.hexlify(os.urandom(16)).decode())
fe = [
"DNT:unknown", "L:en-US", "D:24", "PR:1", "S:1920,975",
"AS:1920,935", "TO:-120", "SS:true", "LS:true", "IDB:true",
"B:false", "ODB:true", "CPUC:unknown", "PK:Win32", "CFP:990181251",
"FR:false", "FOS:false", "FB:false", "JSF:Arial",
"P:Chrome PDF Plugin", "T:0,false,false", "H:4", "SWF:false"
]
fs_murmur_hash = '48bf49e1796939175b0406859d00baec'
data = [
{
"key": "api_type",
"value": "js"
},
{
"key": "p",
"value": 1
}, # constant
{
"key": "f",
"value": self.device_id
}, # browser instance ID
{
"key": "n",
"value": b64_now
}, # base64 encoding of time.now()
{
"key": "wh",
"value": window_id
}, # WindowHandle ID
{
"key": "fe",
"value": fe
}, # browser properties
{
"key": "ife_hash",
"value": fs_murmur_hash
}, # hash of browser properties
{
"key": "cs",
"value": 1
}, # canvas supported 0/1
{
"key": "jsbd",
"value": "{\"HL\":41,\"NCE\":true,\"DMTO\":1,\"DOTO\":1}"
}
]
data_value = json.dumps(data)
stamp = now - (now % (60 * 60 * 6))
key_password = "******".format(user_agent, stamp)
salt_bytes = os.urandom(8)
key_iv = self.__evp_kdf(key_password.encode(),
salt_bytes,
key_size=8,
iv_size=4,
iterations=1,
hash_algorithm="md5")
key = key_iv["key"]
iv = key_iv["iv"]
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv))
encrypted = encrypter.feed(data_value)
# Again, make a final call to flush any remaining bytes and strip padding
encrypted += encrypter.feed()
salt_hex = binascii.hexlify(salt_bytes)
iv_hex = binascii.hexlify(iv)
encrypted_b64 = binascii.b2a_base64(encrypted)
bda = {
"ct": encrypted_b64.decode(),
"iv": iv_hex.decode(),
"s": salt_hex.decode()
}
bda_str = json.dumps(bda)
bda_base64 = binascii.b2a_base64(bda_str.encode())
req_dict = {
"bda": bda_base64.decode(),
"public_key": "FE296399-FDEA-2EA2-8CD5-50F6E3157ECA",
"site": "https://client-api.arkoselabs.com",
"userbrowser": user_agent,
"simulate_rate_limit": "0",
"simulated": "0",
"rnd": "{}".format(random.random())
}
req_data = ""
for k, v in req_dict.items():
req_data = "{}{}={}&".format(req_data, k, self.url_encode(v))
req_data = req_data.rstrip("&")
arkose_headers = {"user-agent": user_agent}
arkose_data = self.make_request(
'https://client-api.arkoselabs.com/fc/gt2/public_key/FE296399-FDEA-2EA2-8CD5-50F6E3157ECA',
'get',
params=req_data,
headers=arkose_headers)
arkose_json = json.loads(arkose_data)
arkose_token = arkose_json.get("token")
if "rid=" not in arkose_token:
self.log("Error logging in. Invalid Arkose token.")
self.log(arkose_token)
raise self.DplayError('Error logging in. Invalid Arkose token.')
self.log("Succesfully required a login token from Arkose.")
# Get new token
self.get_token()
discoveryplus_username = username
discoveryplus_password = password
creds = {
"credentials": {
"username": discoveryplus_username,
"password": discoveryplus_password
}
}
headers = {
"x-disco-arkose-token":
arkose_token,
"x-disco-arkose-sitekey":
"FE296399-FDEA-2EA2-8CD5-50F6E3157ECA",
"Origin":
"https://www.{site_url}".format(site_url=self.site_url),
"x-disco-client":
"WEB:10.16.0:AUTH_DPLAY_V1:4.0.1-rc2-gi1",
# is not specified a captcha is required
# "Sec-Fetch-Site": "same-site",
# "Sec-Fetch-Mode": "cors",
# "Sec-Fetch-Dest": "empty",
"Referer":
"https://www.{site_url}/myaccount/login".format(
site_url=self.site_url),
"User-Agent":
user_agent
}
login_url = '{api_url}/login'.format(api_url=self.api_url)
return self.make_request(login_url,
'post',
payload=json.dumps(creds),
headers=headers)
def update_aes_pyaes(self, key):
self.aes = pyaes.AESModeOfOperationCBC(key, iv=bytes(self.iv))
def encrypt_pyaes(self, payload):
print 'Creating AES instance with provided key {}, iv {}'.format( key, iv)
print("Encrypting payload")
aes = pyaes.AESModeOfOperationCBC(self.key, iv = bytes(self.iv))
return "".join([aes.encrypt(bytes(payload[i:i+16])) for i in range(0, len(payload), 16)])