def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I('ADMINISTRATOR')
self.srp.set_P('ADMINISTRATOR')
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
r = ST_AUTH_LOGON_PROOF_C.build(Container(
opcode = 1,
SRP_A = convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1 = convertool.intToStr(self.srp.get_M1()),
CRC = chr(0) * 20,
unk = 0
))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I(self.env['username'])
self.srp.set_P(self.env['userpass'])
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute('UPDATE accounts SET client_K = ? WHERE username = ?', [convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
r = ST_AUTH_LOGON_PROOF_C.build(Container(
opcode = 1,
SRP_A = convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1 = convertool.intToStr(self.srp.get_M1()),
CRC = chr(0) * 20, # don't know how to calculate it
unk = 0
))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I(self.env['username'])
self.srp.set_P(self.env['userpass'])
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute(
'UPDATE accounts SET client_K = ? WHERE username = ?',
[convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
r = ST_AUTH_LOGON_PROOF_C.build(
Container(
opcode=1,
SRP_A=convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1=convertool.intToStr(self.srp.get_M1()),
CRC=chr(0) * 20, # don't know how to calculate it
unk=0))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I('ADMINISTRATOR')
self.srp.set_P('ADMINISTRATOR')
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
r = ST_AUTH_LOGON_PROOF_C.build(
Container(opcode=1,
SRP_A=convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1=convertool.intToStr(self.srp.get_M1()),
CRC=chr(0) * 20,
unk=0))
self.writebuffer.append(r)
def calculate_M1(self):
if not self.SRP_N:
raise ValueNotSetException('SRP_N')
if not self.SRP_g:
raise ValueNotSetException('SRP_g')
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
if not self.SRP_K:
raise ValueNotSetException('SRP_K')
SRP_nhash = hashlib.sha1(convertool.intToStr(
self.SRP_N)[::-1]).digest() # Calculates hashes of previous values
SRP_ghash = hashlib.sha1(chr(self.SRP_g)).digest()
SRP_userhash = hashlib.sha1(self.SRP_I).digest()
SRP_nghash = ""
for i in range(20): # Xor n and g
SRP_nghash += chr(ord(SRP_nhash[i]) ^ ord(SRP_ghash[i]))
self.SRP_M1 =convertool.strToInt(hashlib.sha1(SRP_nghash + SRP_userhash + convertool.intToStr(self.SRP_s)[::-1] \
+ convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_B)[::-1] \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(Container(
opcode = 01,
error = 0,
SRP_M2 = convertool.intToStr(self.srp.get_M2()),
unk1 = 0x00800000,
unk2 = 0,
unk3 = 0
))
def calculate_M1(self):
if not self.SRP_N:
raise ValueNotSetException('SRP_N')
if not self.SRP_g:
raise ValueNotSetException('SRP_g')
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
if not self.SRP_K:
raise ValueNotSetException('SRP_K')
SRP_nhash = hashlib.sha1(convertool.intToStr(self.SRP_N)[::-1]).digest() # Calculates hashes of previous values
SRP_ghash = hashlib.sha1(chr(self.SRP_g)).digest()
SRP_userhash = hashlib.sha1(self.SRP_I).digest()
SRP_nghash = ""
for i in range(20): # Xor n and g
SRP_nghash += chr(ord(SRP_nhash[i]) ^ ord(SRP_ghash[i]))
self.SRP_M1 =convertool.strToInt(hashlib.sha1(SRP_nghash + SRP_userhash + convertool.intToStr(self.SRP_s)[::-1] \
+ convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_B)[::-1] \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
def calculate_u(self):
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
print('hash', hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1]+convertool.intToStr(self.SRP_B)[::-1]).hexdigest())
self.SRP_u = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1]+convertool.intToStr(self.SRP_B)[::-1]).digest()[::-1])
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute('UPDATE accounts SET server_K = ? WHERE username = ?', [convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(Container(
opcode = 01,
error = 0,
SRP_M2 = convertool.intToStr(self.srp.get_M2()),
unk1 = 0x00800000,
unk2 = 0,
unk3 = 0
))
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute(
'UPDATE accounts SET server_K = ? WHERE username = ?',
[convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(
Container(opcode=01,
error=0,
SRP_M2=convertool.intToStr(self.srp.get_M2()),
unk1=0x00800000,
unk2=0,
unk3=0))
def calculate_x(self):
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_P:
raise ValueNotSetException('SRP_P')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
SRP_authstr = '%s:%s' % (self.SRP_I, self.SRP_P) # Concatenate USER:PASS
SRP_userhash = hashlib.sha1(SRP_authstr.upper()).digest() # Get the SHA hash
print "%s" % ((convertool.intToStr(self.SRP_s)[::-1]+SRP_userhash).encode('hex'))
self.SRP_x = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_s)[::-1]+SRP_userhash).digest()[::-1]) # Get SHA of salted user hash
def calculate_M2(self):
self.SRP_M2 = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
print
print(((convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1])).encode('hex'))
print
print(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).hexdigest())
def calculate_M2(self):
self.SRP_M2 = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
print
print(((convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1])).encode('hex'))
print
print(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).hexdigest())
def calculate_u(self):
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
print(
'hash',
hashlib.sha1(
convertool.intToStr(self.SRP_A)[::-1] +
convertool.intToStr(self.SRP_B)[::-1]).hexdigest())
self.SRP_u = convertool.strToInt(
hashlib.sha1(
convertool.intToStr(self.SRP_A)[::-1] +
convertool.intToStr(self.SRP_B)[::-1]).digest()[::-1])
def calculate_x(self):
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_P:
raise ValueNotSetException('SRP_P')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
SRP_authstr = '%s:%s' % (self.SRP_I, self.SRP_P
) # Concatenate USER:PASS
SRP_userhash = hashlib.sha1(
SRP_authstr.upper()).digest() # Get the SHA hash
print "%s" % ((convertool.intToStr(self.SRP_s)[::-1] +
SRP_userhash).encode('hex'))
self.SRP_x = convertool.strToInt(
hashlib.sha1(convertool.intToStr(self.SRP_s)[::-1] +
SRP_userhash).digest()
[::-1]) # Get SHA of salted user hash
def calculate_K(self):
if not self.SRP_S:
raise ValueNotSetException('SRP_S')
SRP_S1 = ""
SRP_S2 = ""
tmp_S = convertool.intToStr(self.SRP_S)[::-1] # SRP_S is reversed
for i in range(32): # Split the S value in S1 and S2, interleaving each char
if i % 2 == 0:
SRP_S1 += tmp_S[i]
else:
SRP_S2 += tmp_S[i]
SRP_S1hash = hashlib.sha1(SRP_S1).digest() # Calculate SHA hash
SRP_S2hash = hashlib.sha1(SRP_S2).digest()
SRP_SKhash = ""
for i in range(20):
SRP_SKhash += SRP_S1hash[i] + SRP_S2hash[i] # Join S1hash and S2hash in one string, interleaving each char
self.SRP_K = convertool.strToInt(SRP_SKhash[::-1])
def calculate_K(self):
if not self.SRP_S:
raise ValueNotSetException('SRP_S')
SRP_S1 = ""
SRP_S2 = ""
tmp_S = convertool.intToStr(self.SRP_S)[::-1] # SRP_S is reversed
for i in range(
32): # Split the S value in S1 and S2, interleaving each char
if i % 2 == 0:
SRP_S1 += tmp_S[i]
else:
SRP_S2 += tmp_S[i]
SRP_S1hash = hashlib.sha1(SRP_S1).digest() # Calculate SHA hash
SRP_S2hash = hashlib.sha1(SRP_S2).digest()
SRP_SKhash = ""
for i in range(20):
SRP_SKhash += SRP_S1hash[i] + SRP_S2hash[
i] # Join S1hash and S2hash in one string, interleaving each char
self.SRP_K = convertool.strToInt(SRP_SKhash[::-1])
import SRP6
import convertool
srp = SRP6.SRP6()
srp.set_I('EOWAMIR')
srp.set_P('N3YL9RL5WOW')
srp.set_g(7)
srp.set_N(
convertool.strToInt(
'\xb7\x9b>*\x87\x82<\xab\x8f^\xbf\xbf\x8e\xb1\x01\x08SP\x06)\x8b[\xad\xbd[S\xe1\x89^dK\x89'[::
-1]
))
srp.set_s(
convertool.strToInt(
'5\xc6\xbbUe..\x18\xf2\x82LH6\xb8\x83\xaa\x00\x8b\xc39$\xe7\xcfD\xee&._\x92H#\xf2'[::
-1]
))
srp.set_B(
convertool.strToInt(
"""\xa5z\x12>Q,\x0f\xf4"\xf2x\x85\x19.\x1a\x10Nf-\xf3K8c\xd2\xa7\xf2\xf8E\xce\x18uZ"""[::
-1]
))
srp.set_a(3092303949206411601731613007819148364058541661)
srp.calculate_x()
print('x', srp.get_x())
srp.calculate_A()
print('A', srp.get_A())
print('B', srp.get_B())
srp.calculate_v()
import SRP6
import convertool
srp = SRP6.SRP6()
srp.set_I('EOWAMIR')
srp.set_P('N3YL9RL5WOW')
srp.set_g(7)
srp.set_N(convertool.strToInt('\xb7\x9b>*\x87\x82<\xab\x8f^\xbf\xbf\x8e\xb1\x01\x08SP\x06)\x8b[\xad\xbd[S\xe1\x89^dK\x89'[::-1]))
srp.set_s(convertool.strToInt('5\xc6\xbbUe..\x18\xf2\x82LH6\xb8\x83\xaa\x00\x8b\xc39$\xe7\xcfD\xee&._\x92H#\xf2'[::-1]))
srp.set_B(convertool.strToInt("""\xa5z\x12>Q,\x0f\xf4"\xf2x\x85\x19.\x1a\x10Nf-\xf3K8c\xd2\xa7\xf2\xf8E\xce\x18uZ"""[::-1]))
srp.set_a(3092303949206411601731613007819148364058541661)
srp.calculate_x()
print('x', srp.get_x())
srp.calculate_A()
print('A', srp.get_A())
print('B', srp.get_B())
srp.calculate_v()
print('v', srp.get_v())
srp.calculate_u()
print('u', srp.get_u())
srp.calculate_S_client()
print('S', srp.get_S())
srp.calculate_K()
print('K', srp.get_K())
srp.calculate_M1()
print('M1', srp.get_M1())
srp.calculate_M2()
