def public_key(self, key):
if isinstance(key, bytes):
self._crypto = Crypto.from_bytes(key)
else:
self._crypto = Crypto(key)
self._public_key = self._crypto.foreign_pubkey
def public_key(self, key: Union[EllipticCurvePublicKey, bytes]) -> None:
if isinstance(key, bytes):
self._crypto = Crypto.from_bytes(key)
else:
self._crypto = Crypto(key)
self._public_key = self._crypto.foreign_pubkey
def public_key():
public_key = unhexlify(
b'041815d5382df79bd792a8d8342fbc717eacef6a258f779279e5463573e06b'
b'f84c6a88fac904870bf3a26f856e65f483195c4323eef47a048f23a031da6bd0929d'
)
c = Crypto.from_bytes(public_key)
return c.foreign_pubkey
def console(console_address, console_name, uuid_dummy, console_liveid,
console_flags, public_key_bytes):
c = Crypto.from_bytes(public_key_bytes)
console = Console(console_address, console_name, uuid_dummy,
console_liveid, console_flags, c.foreign_pubkey)
console.add_manager(StumpManager)
console.add_manager(MediaManager)
console.add_manager(TextManager)
console.add_manager(InputManager)
return console
def console():
pkey = unhexlify(
b'041815d5382df79bd792a8d8342fbc717eacef6a258f779279e5463573e06b'
b'f84c6a88fac904870bf3a26f856e65f483195c4323eef47a048f23a031da6bd0929d'
)
c = Crypto.from_bytes(pkey)
return Console('10.0.0.23', 'XboxOne',
uuid.UUID('de305d54-75b4-431b-adb2-eb6b9e546014'),
'FFFFFFFFFFF', enum.PrimaryDeviceFlag.AllowConsoleUsers,
c.foreign_pubkey)
def packets():
secret = unhexlify(
'82bba514e6d19521114940bd65121af234c53654a8e67add7710b3725db44f77'
'30ed8e3da7015a09fe0f08e9bef3853c0506327eb77c9951769d923d863a2f5e')
sg_crypto = Crypto.from_shared_secret(secret)
# Who cares about RAM anyway?
data = {}
data_path = os.path.join(os.path.dirname(__file__), 'data', 'packets')
for f in os.listdir(data_path):
with open(os.path.join(data_path, f), 'rb') as fh:
data[f] = packer.unpack(fh.read(), sg_crypto)
return data
def test_from_bytes(public_key_bytes, public_key):
from xbox.sg.crypto import Crypto
c1 = Crypto.from_bytes(public_key_bytes)
c2 = Crypto.from_bytes(public_key_bytes, PublicKeyType.EC_DH_P256)
# invalid public key type passed
with pytest.raises(ValueError):
Crypto.from_bytes(public_key_bytes, PublicKeyType.EC_DH_P521)
# invalid keylength
with pytest.raises(ValueError):
Crypto.from_bytes(public_key_bytes[5:])
# invalid parameter
with pytest.raises(ValueError):
Crypto.from_bytes(123)
assert c1.foreign_pubkey.public_numbers() == public_key.public_numbers()
assert c2.foreign_pubkey.public_numbers() == public_key.public_numbers()
def test_from_shared_secret(shared_secret_bytes):
from xbox.sg.crypto import Crypto
c = Crypto.from_shared_secret(shared_secret_bytes)
# invalid length
with pytest.raises(ValueError):
c.from_shared_secret(shared_secret_bytes[1:])
# invalid parameter
with pytest.raises(ValueError):
c.from_shared_secret(123)
assert c._encrypt_key == unhexlify(b'82bba514e6d19521114940bd65121af2')
assert c._iv_key == unhexlify(b'34c53654a8e67add7710b3725db44f77')
assert c._hash_key == unhexlify(
b'30ed8e3da7015a09fe0f08e9bef3853c0506327eb77c9951769d923d863a2f5e')
def test_from_bytes():
from xbox.sg.crypto import Crypto
public_key = unhexlify(
'041db1e7943878b28c773228ebdcfb05b985be4a386a55f50066231360785f61b'
'60038caf182d712d86c8a28a0e7e2733a0391b1169ef2905e4e21555b432b262d')
c1 = Crypto.from_bytes(public_key)
c2 = Crypto.from_bytes(public_key, PublicKeyType.EC_DH_P256)
# invalid public key type passed
with pytest.raises(ValueError):
Crypto.from_bytes(public_key, PublicKeyType.EC_DH_P521)
# invalid keylength
with pytest.raises(ValueError):
Crypto.from_bytes(public_key[5:])
# invalid parameter
with pytest.raises(ValueError):
Crypto.from_bytes(123)
assert c1.foreign_pubkey.public_numbers().encode_point() == public_key
assert c2.foreign_pubkey.public_numbers().encode_point() == public_key
def main():
parser = argparse.ArgumentParser(
description='Parse PCAP files and show SG sessions')
parser.add_argument('file', help='Path to PCAP')
parser.add_argument('secret', help='Expanded secret for this session.')
args = parser.parse_args()
secret = args.secret
if os.path.exists(secret):
# Assume a file containing the secret
with open(secret, 'rb') as fh:
secret = fh.read()
if all(chr(c) in string.hexdigits for c in secret):
secret = unhexlify(secret)
else:
secret = unhexlify(secret)
crypto = Crypto.from_shared_secret(secret)
parse(args.file, crypto)
def _fragment_connect_request(crypto_instance: crypto.Crypto,
client_uuid: uuid.UUID,
pubkey_type: PublicKeyType,
pubkey: bytes,
userhash: str,
auth_token: str,
request_num: int = 0) -> List:
"""
Internal method to fragment ConnectRequest.
Args:
crypto_instance: Instance of :class:`Crypto`
client_uuid: Client UUID
pubkey_type Public Key Type
pubkey: Public Key
userhash: Xbox Live Account userhash
auth_token: Xbox Live Account authentication token (XSTS)
request_num: Request Number
Returns:
list: List of ConnectRequest fragments
"""
messages = []
# Calculate packet length (without authentication data)
dummy_msg = factory.connect(client_uuid, pubkey_type, pubkey, b'\x00' * 16,
u'', u'', 0, 0, 0)
dummy_payload_len = packer.payload_length(dummy_msg)
# Do fragmenting
total_auth_len = len(userhash + auth_token)
max_size = 1024 - dummy_payload_len
fragments = total_auth_len // max_size
overlap = total_auth_len % max_size
if overlap > 0:
fragments += 1
group_start = request_num
group_end = group_start + fragments
if fragments <= 1:
raise FragmentError('Authentication data too small to fragment')
auth_position = 0
for fragment_num in range(fragments):
available = max_size
current_hash = u''
if fragment_num == 0:
current_hash = userhash
available -= len(current_hash)
current_auth = auth_token[auth_position:auth_position + available]
auth_position += len(current_auth)
iv = crypto_instance.generate_iv()
messages.append(
factory.connect(client_uuid, pubkey_type, pubkey, iv, current_hash,
current_auth, request_num + fragment_num,
group_start, group_end))
return messages
def public_key(public_key_bytes):
c = Crypto.from_bytes(public_key_bytes)
return c.foreign_pubkey
def crypto(shared_secret_bytes):
return Crypto.from_shared_secret(shared_secret_bytes)
def crypto():
secret = unhexlify(
'82bba514e6d19521114940bd65121af234c53654a8e67add7710b3725db44f77'
'30ed8e3da7015a09fe0f08e9bef3853c0506327eb77c9951769d923d863a2f5e')
return Crypto.from_shared_secret(secret)
def main():
parser = argparse.ArgumentParser(
description='Re-Encrypt raw smartglass packets from a given filepath')
parser.add_argument('src_path', type=str, help='Path to sourcefiles')
parser.add_argument('src_secret',
type=str,
help='Source shared secret in hex-format')
parser.add_argument('dst_path', type=str, help='Path to destination')
parser.add_argument('dst_secret',
type=str,
help='Target shared secret in hex-format')
args = parser.parse_args()
src_secret = unhexlify(args.src_secret)
dst_secret = unhexlify(args.dst_secret)
src_path = args.src_path
dst_path = args.dst_path
if len(src_secret) != 64:
print('Source key of invalid length supplied!')
sys.exit(1)
elif len(dst_secret) != 64:
print('Destination key of invalid length supplied!')
sys.exit(1)
source_crypto = Crypto.from_shared_secret(src_secret)
dest_crypto = Crypto.from_shared_secret(dst_secret)
source_path = os.path.dirname(src_path)
dest_path = os.path.dirname(dst_path)
for f in os.listdir(source_path):
src_filepath = os.path.join(source_path, f)
with open(src_filepath, 'rb') as sfh:
encrypted = sfh.read()
if Int16ub.parse(encrypted[:2]) != PacketType.Message.value:
print('Invalid magic, %s not a smartglass message, ignoring' %
src_filepath)
continue
# Slice the encrypted data manually
header = encrypted[:26]
payload = encrypted[26:-32]
hash = encrypted[-32:]
if not source_crypto.verify(encrypted[:-32], hash):
print('Hash mismatch, ignoring')
continue
# Decrypt with source shared secret
iv = source_crypto.generate_iv(header[:16])
decrypted_payload = source_crypto.decrypt(iv, payload)
# Encrypt with destination parameters
new_iv = dest_crypto.generate_iv(header[:16])
recrypted = dest_crypto.encrypt(new_iv, decrypted_payload)
new_hash = dest_crypto.hash(header + recrypted)
new_packet = header + recrypted + new_hash
with open(os.path.join(dest_path, f), 'wb') as dfh:
dfh.write(new_packet)