def process_msg_udp(*msg):
# should send client key to the server, so the server can be easier
global clientlist, serverlist
main_pw, client_sha1, number, tcp_port, remote_ip, version = msg[0], msg[
1], msg[2], msg[3], msg[4], msg[5]
salt = (''.join(choice(string.ascii_letters) for _ in range(16)))\
.encode('ASCII')
if client_sha1 in clientlist:
server = clientlist[client_sha1]
else:
server = choice(serverlist.keys())
clientlist[client_sha1] = server
# Actually main_pw should be encrypted if you can
main_pw_enc = serverlist[server].pub.encrypt(main_pw, None)[0]
required_hex = "%X" % min((number), 255)
unsigned_str = salt + str(number) + remote_ip + str(tcp_port)
sign_hex = int2base(localpri.sign(unsigned_str.encode("UTF-8"), None)[0])
remote_port_hex = '%X' % tcp_port
if len(required_hex) == 1:
required_hex = '0' + required_hex
remote_port_hex = '0' * (4 - len(remote_port_hex)) + remote_port_hex
signature_for_auth = int2base(
localpri.sign(main_pw.encode('UTF-8'), None)[0])
return '\r\n'.join(
(salt, str(required_hex), str(remote_port_hex), str(client_sha1),
str(sign_hex), main_pw_enc, str(remote_ip), signature_for_auth,
version)), serverlist[server].addr
def process_msg_udp(*msg):
# should send client key to the server, so the server can be easier
global clientlist, serverlist
main_pw, client_sha1, number, tcp_port, remote_ip, version = msg[
0], msg[1], msg[2], msg[3], msg[4], msg[5]
salt = (''.join(choice(string.ascii_letters) for _ in range(16)))\
.encode('ASCII')
if client_sha1 in clientlist:
server = clientlist[client_sha1]
else:
server = choice(serverlist.keys())
clientlist[client_sha1] = server
# Actually main_pw should be encrypted if you can
main_pw_enc = serverlist[server].pub.encrypt(
main_pw, None)[0]
required_hex = "%X" % min((number), 255)
unsigned_str = salt + str(number) + remote_ip + str(tcp_port)
sign_hex = int2base(localpri.sign(unsigned_str.encode("UTF-8"), None)[0])
remote_port_hex = '%X' % tcp_port
if len(required_hex) == 1:
required_hex = '0' + required_hex
remote_port_hex = '0' * (4 - len(remote_port_hex)) + remote_port_hex
signature_for_auth = int2base(
localpri.sign(main_pw.encode('UTF-8'), None)[0])
return '\r\n'.join((salt,
str(required_hex),
str(remote_port_hex),
str(client_sha1),
str(sign_hex),
main_pw_enc,
str(remote_ip),
signature_for_auth,
version)), serverlist[server].addr
def generatereq(self):
"""
Generate strings for authentication.
Message format:
(
req_num_connection_number (HEX, 2 bytes) +
used_remote_listening_port (HEX, 4 bytes) +
sha1(cert_pub),
pyotp.TOTP(pri_sha1 + ip_in_hex_form + salt),
main_pw, # must send in encrypted form to avoid MITM
ip_in_hex_form,
salt,
[cert1,
cert2 (only when ptproxy is enabled)]
)
"""
msg = [""]
number_in_hex = "%02X" % min((self.req_num), 255)
msg[0] += number_in_hex
msg[0] += "%04X" % self.remote_port
msg[0] += self.clientpub_sha1
# print(self.clientpub_sha1)
# print("======================")
if self.ipv6 == "":
myip = int2base(self.ip)
else:
myip = int2base(
int(
binascii.hexlify(
socket.inet_pton(socket.AF_INET6, self.ipv6)),
16)) + "G"
salt = binascii.hexlify(os.urandom(16)).decode("ASCII")
h = hashlib.sha256()
h.update((self.clientpri_sha1 + myip + salt +
number_in_hex).encode('utf-8'))
msg.append(TOTP(bytes(h.hexdigest(), "UTF-8")).now())
msg.append(binascii.hexlify(self.main_pw).decode("ASCII"))
# print(self.main_pw)
# print("======================")
msg.append(myip)
msg.append(salt)
if 1 <= self.obfs_level <= 2:
certs_byte = urlsafe_b64_short_encode(self.certs_send)
msg.extend([certs_byte[:50], certs_byte[50:]])
elif self.obfs_level == 3:
msg.append(''.join(
[random.choice(ascii_letters) for _ in range(5)]))
if Mode == "VPS":
req_type = "00"
elif Mode == "GAE":
req_type = "01"
msg.append(req_type + PROTO_VERSION)
return '.'.join(msg)
def generatereq(self):
"""
Generate strings for authentication.
Message format:
(
req_num_connection_number (HEX, 2 bytes) +
used_remote_listening_port (HEX, 4 bytes) +
sha1(cert_pub),
pyotp.TOTP(pri_sha1 + ip_in_hex_form + salt),
main_pw, # must send in encrypted form to avoid MITM
ip_in_hex_form,
salt,
[cert1,
cert2 (only when ptproxy is enabled)]
)
"""
msg = [""]
number_in_hex = "%02X" % min((self.req_num), 255)
msg[0] += number_in_hex
msg[0] += "%04X" % self.remote_port
msg[0] += self.clientpub_sha1
# print(self.clientpub_sha1)
# print("======================")
if self.ipv6 == "":
myip = int2base(self.ip)
else:
myip = int2base(
int(binascii.hexlify(socket.inet_pton(socket.AF_INET6, self.ipv6)), 16)) + "G"
salt = binascii.hexlify(os.urandom(16)).decode("ASCII")
h = hashlib.sha256()
h.update(
(self.clientpri_sha1 + myip + salt + number_in_hex).encode('utf-8'))
msg.append(TOTP(bytes(h.hexdigest(), "UTF-8")).now())
msg.append(binascii.hexlify(self.main_pw).decode("ASCII"))
# print(self.main_pw)
# print("======================")
msg.append(myip)
msg.append(salt)
if 1 <= self.obfs_level <= 2:
certs_byte = urlsafe_b64_short_encode(self.certs_send)
msg.extend([certs_byte[:50], certs_byte[50:]])
elif self.obfs_level == 3:
msg.append(
''.join([random.choice(ascii_letters) for _ in range(5)]))
if Mode == "VPS":
req_type = "00"
elif Mode == "GAE":
req_type = "01"
msg.append(req_type + PROTO_VERSION)
return '.'.join(msg)
