def aes_encryption(user_name, token):
"""
加密生成信息
:param user_name:
:return:
"""
user_info = """%s:%s""" % (user_name, token)
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(SECRET_KEY.encode(), SECRET_IV.encode()))
_passwd = encrypter.feed(user_info) + encrypter.feed()
return base64.b64encode(_passwd)
def aes_encrypt_with_iv(key, iv, data):
assert_bytes(key, iv, data)
data = append_PKCS7_padding(data)
if AES:
e = AES.new(key, AES.MODE_CBC, iv).encrypt(data)
else:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc, padding=pyaes.PADDING_NONE)
e = aes.feed(data) + aes.feed() # empty aes.feed() flushes buffer
return e
def toCypher(masterkey, password, UserKey):
cyphertext = []
for c in password:
cyphertext.append(ord(c) * UserKey)
iv = os.urandom(16)
key = makeKey(masterkey, iv)
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv))
securePW = encrypter.feed(",".join(map(str, cyphertext)).encode('utf8'))
securePW += encrypter.feed()
return securePW, iv
def encryptResponse(self, request, decrypted, response):
randomSalt = bytearray(os.urandom(16))
result = hashlib.sha256(randomSalt).digest()
SaltC = bytearray(request['message']['salt'])
DSaltC = bytearray(decrypted['salt'])
randomStuff = bytearray(16)
for i in range(0, 16):
randomStuff[i] = (SaltC[i] ^ DSaltC[i] ^ randomSalt[i]) & 0xff
# XorSalts
XorSalts = bytearray(16)
for i in range(0, 16):
XorSalts[i] = (SaltC[i] ^ DSaltC[i]) & 0xff
message = self.DecryptedResponse.Message()
message['response'] = response
message['keys'] = bytes(randomStuff)
message['hash'] = result
message['xorSalts'] = bytes(XorSalts)
message['hwid'] = self.config['hwid']
# SaltS
SaltS = bytearray(os.urandom(16))
d = pyaes.AESModeOfOperationCBC(self.key, SaltS,
v6=True).decrypt(SaltS)
# DSaltS
DSaltS = bytearray(d)
# HMacMsg
HMacMsg = bytearray(16)
for i in range(0, 16):
HMacMsg[i] = (SaltS[i] ^ DSaltS[i]) & 0xff
HMacMsg.extend(bytes(message))
# HMacKey
requestTime = decrypted['request']['requestTime']
HMacKey = self.getMACKey(requestTime)
HMac = hmac.new(HMacKey, bytes(HMacMsg), hashlib.sha256)
digest = HMac.digest()
responsedata = self.DecryptedResponse()
responsedata['message'] = message
responsedata['hmac'] = digest[16:]
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.key, SaltS, v6=True))
crypted = encrypter.feed(responsedata) + encrypter.feed()
return bytes(SaltS), bytes(bytearray(crypted))
def encrypt(data: str, key: str, pad_length: int = None) -> str:
"""
Encrypt the given data using the given key. Tag the result so that it is clear that this is an encrypted file.
"""
data_as_bytes = encode_and_pad(data, pad_length)
iv = os.urandom(16)
encrypter = pyaes.Encrypter(aes_mode_of_operation(key, iv))
ciphertext = encrypter.feed(data_as_bytes) + encrypter.feed()
return dump_ct(iv, ciphertext, hash_key(key))
def __encryptData(self, data):
ciphertext = b''
# We can encrypt one line at a time, regardles of length
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.key_manager.master_key_key,
self.key_manager.master_key_iv))
ciphertext += encrypter.feed(data)
# Make a final call to flush any remaining bytes and add padding
ciphertext += encrypter.feed()
return ciphertext
def encrypt_bytes(self, plaintext, client):
# use a random initialisation vector
iv = os.urandom(16)
cbc = pyaes.AESModeOfOperationCBC(client.key, iv=iv)
encrypter = pyaes.Encrypter(cbc)
ciphertext = encrypter.feed(plaintext)
ciphertext += encrypter.feed()
# prepend the initialisation vector
return iv + ciphertext
def aes_encrypt_with_iv(key, iv, data):
if AES:
padlen = 16 - (len(data) % 16)
if padlen == 0:
padlen = 16
data += chr(padlen) * padlen
e = AES.new(key, AES.MODE_CBC, iv).encrypt(data)
return e
else:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc)
e = aes.feed(data) + aes.feed() # empty aes.feed() appends pkcs padding
return e
def encodePDF(key, objectNumber, generationNumber, string, revision=None):
"Encodes a string or stream"
revision = checkRevision(revision)
#print 'encodePDF (%s, %d, %d, %s)' % (hexText(key), objectNumber, generationNumber, string)
# extend 3 bytes of the object Number, low byte first
if revision in (2, 3):
newkey = key
n = objectNumber
for i in range(3):
newkey += int2Byte(n & 0xff)
n = n >> 8
# extend 2 bytes of the generationNumber
n = generationNumber
for i in range(2):
newkey += int2Byte(n & 0xff)
n = n >> 8
md5output = md5(newkey).digest()
if revision == 2:
key = md5output[:10]
elif revision == 3:
key = md5output #all 16 bytes
from reportlab.lib.arciv import ArcIV
encrypted = ArcIV(key).encode(string)
#print 'encrypted=', hexText(encrypted)
elif revision == 5:
iv = os_urandom(16)
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv=iv))
# pkcs7 style padding so that the size of the encrypted block is multiple of 16
string_len = len(string)
padding = ""
padding_len = (16 -
(string_len % 16)) if string_len > 16 else (16 -
string_len)
if padding_len > 0:
padding = chr(padding_len) * padding_len
if isinstance(string, str):
string = (string + padding).encode("utf-8")
else:
string += asBytes(padding)
encrypted = iv + encrypter.feed(string)
encrypted += encrypter.feed()
if DEBUG:
print('encodePDF(%s,%s,%s,%s,%s)==>%s' % tuple([
hexText(str(x)) for x in (key, objectNumber, generationNumber,
string, revision, encrypted)
]))
return encrypted
def encryptResponse(self, request, decrypted, response):
randomSalt = bytearray(os.urandom(16))
result = hashlib.sha256(bytes(randomSalt)).digest()
SaltC = bytearray(request['message']['salt'])
XorSalts = bytearray(pyaes.AES(self.key, v6=self.v6).decrypt(SaltC))
randomStuff = bytearray(16)
for i in range(0, 16):
randomStuff[i] = (XorSalts[i] ^ randomSalt[i]) & 0xff
message = self.DecryptedResponse.Message()
message['response'] = response
message['keys'] = bytes(randomStuff)
message['hash'] = result
message['xorSalts'] = bytes(XorSalts)
message['hwid'] = self.config['hwid']
# SaltS
SaltS = bytearray(os.urandom(16))
d = pyaes.AESModeOfOperationCBC(self.key, SaltS,
v6=True).decrypt(SaltS)
# DSaltS
DSaltS = bytearray(d)
# HMacMsg
HMacMsg = bytearray(16)
for i in range(0, 16):
HMacMsg[i] = (SaltS[i] ^ DSaltS[i]) & 0xff
HMacMsg.extend(message.__bytes__())
# HMacKey
requestTime = decrypted['requestTime']
HMacKey = self.getMACKey(requestTime)
if hasattr(hashlib.sha256(), 'digest_size'):
HMac = hmac.new(HMacKey, bytes(HMacMsg), hashlib.sha256)
else: # micropython defaultly use uhashlib, which has no digest_size
HMac = hmac.new(HMacKey, bytes(HMacMsg), hashlib._sha256.sha256)
digest = HMac.digest()
responsedata = self.DecryptedResponse()
responsedata['message'] = message
responsedata['hmac'] = digest[16:]
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.key, SaltS, v6=True))
crypted = encrypter.feed(responsedata.__bytes__()) + encrypter.feed()
return bytes(SaltS), bytes(bytearray(crypted))
def aes_encrypt_with_iv(key, iv, data):
#mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
#key = map(ord, key)
#iv = map(ord, iv)
#data = aes.append_PKCS7_padding(data)
#keysize = len(key)
#assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
#moo = aes.AESModeOfOperation()
#(mode, length, ciph) = moo.encrypt(data, mode, key, keysize, iv)
#return ''.join(map(chr, ciph))
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc)
e = aes.feed(data) + aes.feed() # empty aes.feed() appends pkcs padding
return e
def aes_encrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
assert_bytes(key, iv, data)
data = append_PKCS7_padding(data)
if HAS_CRYPTODOME:
e = CD_AES.new(key, CD_AES.MODE_CBC, iv).encrypt(data)
elif HAS_CRYPTOGRAPHY:
cipher = CG_Cipher(CG_algorithms.AES(key), CG_modes.CBC(iv), backend=CG_default_backend())
encryptor = cipher.encryptor()
e = encryptor.update(data) + encryptor.finalize()
else:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc, padding=pyaes.PADDING_NONE)
e = aes.feed(data) + aes.feed() # empty aes.feed() flushes buffer
return e
def get_access_attrs(content, url):
values = {}
attrs = {}
mw_pid = re.compile(r"partner_id:\s*(\w*),").findall(content)[0]
p_domain_id = re.compile(r"domain_id:\s*(\w*),").findall(content)[0]
_mw_adb = False
video_token = re.compile(r"video_token:\s*\S?\'([0-9a-f]*)\S?\'").findall(
content)[0]
js_path = re.compile(r'script src=\"(.*)\"').findall(content)[0]
headers = {
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
}
request = urllib2.Request("http://" + url.split('/')[2] + js_path, "",
headers)
request.get_method = lambda: 'GET'
js_page = urllib2.urlopen(request).read()
e_value = "19f15a0031b8548acfa8da1f2cdf7f73179ac13f3c4938c8bad5a1c93dd8fe06"
n_value = "79e4add175162a762071a11fe45d249f"
t = EncryptedData()
t.a = mw_pid
t.b = p_domain_id
t.c = _mw_adb
#t.d = window_value
t.e = video_token
t.f = USER_AGENT
json_string = t.to_json()
encrypt_mode = pyaes.AESModeOfOperationCBC(binascii.a2b_hex(e_value),
binascii.a2b_hex(n_value))
encrypter = pyaes.Encrypter(encrypt_mode)
encrypted = ''
encrypted += encrypter.feed(json_string)
encrypted += encrypter.feed()
attrs['purl'] = "http://" + url.split('/')[2] + "/vs"
values["q"] = base64.standard_b64encode(encrypted)
xbmc.log("param=" + repr(values) + " " + repr(attrs))
return values, attrs
def request_info(self):
try:
self.infopackage_all = self.infopackage_pre + str(
self.m_counter) + self.infopackage_end
Domoticz.Debug('Infopackage= ' + self.infopackage_all)
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.m_key, self.m_iv))
encrypted = encrypter.feed(self.infopackage_all)
encrypted += encrypter.feed()
Domoticz.Debug('Encrypted=' + str(encrypted))
# Add package header
self.packagelength = len(encrypted) + 32
Domoticz.Debug('Package Length = ' + str(self.packagelength))
self.header = self.magicnumber
self.header += struct.pack('>h', self.packagelength)
self.header += self.unknown1
self.header += self.deviceid #Device ID
self.header += self.stamp
self.headertemp = self.header
self.headertemp += self.token
self.headertemp += encrypted
self.header += self.md5(self.headertemp)
self.header += encrypted
Domoticz.Debug('Header= ' + str(self.header))
self.s.sendto(self.header, (self.host, self.port))
# receive data from client (data, addr)
d = self.s.recvfrom(1024)
reply = d[0]
addr = d[1]
decrypter = pyaes.Decrypter(
pyaes.AESModeOfOperationCBC(self.m_key, self.m_iv))
decrypted = decrypter.feed(reply[32:])
# Again, make a final call to flush any remaining bytes and strip padding
decrypted += decrypter.feed()
Domoticz.Debug('Response= ' + str(decrypted))
except socket.error as msg:
Domoticz.Debug('Error Code : ' + str(msg[0]) + ' Message ' +
msg[1])
return decrypted.decode('utf-8')
def encrypt_msg(self, msg):
"""Encrypt message.
:param msg: the original message.
:type msg: bytes
:returns: the encrypted message.
:rtype: bytes
"""
aes = pyaes.AESModeOfOperationCBC(pad_msg16(self.aes_cbc_key)[:32],
iv=pad_msg16(self.aes_cbc_iv)[:16])
encrypter = pyaes.Encrypter(aes)
cipher = encrypter.feed(msg)
cipher += encrypter.feed()
return cipher
def get_encrypted_data(data, aesKeyFile):
with open(aesKeyFile, 'r') as file:
key = file.read().replace('\n', '')
iv = "InitializationVe"
ciphertext = ''
# We can encrypt one line at a time, regardles of length
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv))
ciphertext += encrypter.feed(data)
# Make a final call to flush any remaining bytes and add padding
ciphertext += encrypter.feed()
return ciphertext
def encrypt_py(plain_text, key):
if plain_text:
try:
scraper_key = hashlib.sha256(key).digest()
IV = '\0' * 16
decrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(scraper_key, IV))
cipher_text = decrypter.feed(plain_text)
cipher_text += decrypter.feed()
except Exception as e:
log_utils.log_warning('Exception during Py Encrypt: %s' % (e))
cipher_text = ''
else:
cipher_text = ''
return cipher_text
def generateRequest(self, requestBase):
salt = os.urandom(16)
message = self.RequestV5.Message()
message['salt'] = salt
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(self.key, salt, v6=self.v6))
message['encrypted'] = encrypter.feed(requestBase) + encrypter.feed()
request = self.RequestV5()
request['versionMinor'] = requestBase['versionMinor']
request['versionMajor'] = requestBase['versionMajor']
request['message'] = message
if self.config['debug']:
print("Request V%d Data: %s" % (self.ver, request.dump()))
print("Request V%d: %s" % (self.ver, binascii.b2a_hex(bytes(request))))
return request
def _hex_password(self, password, device_id):
nickname = self._format_id(settings.get('device_name'))
log.debug('Device nickname: {}'.format(nickname))
payload = {
'deviceId': device_id,
'nickName': nickname,
'format': 'json',
'appID': 'GO2',
'accountType': 'foxtel',
'plt': PLT_DEVICE,
}
secret = self._session.post(
'/auth.class.api.php/prelogin/{site_id}'.format(
site_id=VOD_SITEID),
data=payload).json()['secret']
log.debug('Pass Secret: {}{}'.format(secret[:5],
'x' * len(secret[5:])))
try:
#python3
iv = bytes.fromhex(AES_IV)
except AttributeError:
#python2
iv = str(bytearray.fromhex(AES_IV))
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(secret.encode('utf8'), iv))
ciphertext = encrypter.feed(password)
ciphertext += encrypter.feed()
try:
#python3
hex_password = ciphertext.hex()
except AttributeError:
#python2
hex_password = ciphertext.encode('hex')
log.debug('Hex password: {}{}'.format(hex_password[:5],
'x' * len(hex_password[5:])))
return hex_password
def approve_tx(self, btn):
letter = self.listener.postbox.pop()
keyhash = letter[0]
challenge = letter[1]
#compute response to challenge and send back...
reply = challenge + ":"
if (btn.text == APPROVE_TX):
secret_2FA = bytes.fromhex(
self.myfactors.datastore.get(keyhash)['secret_2FA'])
mac = hmac.new(secret_2FA, bytes.fromhex(challenge), sha1)
reply += mac.hexdigest()
self.display = "Action approved!"
self.label_logs += "Action approved" + "\n" + LOG_SEP
Logger.info("Satochip: APPROVED action with hash: " + challenge +
" on " + str(datetime.now()))
else:
reply += "00" * 20
self.display = "Tx rejected!"
self.label_logs += "Tx rejected" + "\n" + LOG_SEP
Logger.info("Satochip: REJECTED tx with hash: " + challenge +
" on " + str(datetime.now()))
Logger.debug("Satochip: Challenge-response: " + reply)
replyhash = self.myfactors.datastore.get(keyhash)['idreply_2FA']
# pad & encrypt reply
key_2FA = bytes.fromhex(
self.myfactors.datastore.get(keyhash)['key_2FA'])
iv = urandom(16)
Logger.debug("Satochip: IV hex: " + iv.hex())
plaintext = reply.encode("utf-8")
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key_2FA, iv))
ciphertext = encrypter.feed(plaintext)
ciphertext += encrypter.feed()
ciphertext = iv + ciphertext
reply_encrypt = base64.b64encode(ciphertext).decode('ascii')
Logger.debug("Satochip: Reply_encrypt: " + reply_encrypt)
# send reply to server
Logger.debug("Satochip: Sent response to: " + replyhash)
server.put(replyhash, reply_encrypt)
self.listener.clear(keyhash)
self.btn_disabled = True
def encryptResponse(self, request, decrypted, response): randomSalt = bytearray(os.urandom(16)) result = hashlib.sha256(bytes(randomSalt)).digest() iv = bytearray(request['message']['salt']) XorSalts = pyaes.AES(self.key, v6=self.v6).decrypt(iv) randomStuff = bytearray(16) for i in range(0,16): randomStuff[i] = (bytearray(XorSalts)[i] ^ randomSalt[i]) & 0xff responsedata = self.DecryptedResponse() responsedata['response'] = response responsedata['keys'] = bytes(randomStuff) responsedata['hash'] = result encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(self.key, iv, v6=self.v6)) crypted = encrypter.feed(responsedata.__bytes__()) + encrypter.feed() return bytes(iv), crypted
def encrypt(message, pubkey, pad_to_length=None):
"""
pad_to_length must be a multiple of 16, and equal to or larger than
len(message)+4. Default is to choose the smallest possible value.
If the `pubkey` is not a valid point, raises EncryptionFailed.
"""
try:
pubpoint = ser_to_point(pubkey)
except:
raise EncryptionFailed
nonce_sec = ecdsa.util.randrange(order)
nonce_pub = point_to_ser(nonce_sec * G, comp=True)
key = hashlib.sha256(point_to_ser(nonce_sec * pubpoint,
comp=True)).digest()
plaintext = len(message).to_bytes(4, 'big') + message
if pad_to_length is None:
plaintext += b'\0' * (-len(plaintext) % 16)
else:
if pad_to_length % 16 != 0:
raise ValueError(f'{pad_to_length} not multiple of 16')
need = pad_to_length - len(plaintext)
if need < 0:
raise ValueError(f'{pad_to_length} < {len(plaintext)}')
plaintext += b'\0' * need
iv = b'\0' * 16
if AES:
ciphertext = AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext)
else:
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc, padding=pyaes.PADDING_NONE)
ciphertext = aes.feed(
plaintext) + aes.feed() # empty aes.feed() flushes buffer
mac = hmacdigest(key, ciphertext, 'sha256')[:16]
return nonce_pub + ciphertext + mac
def encrypt(self, data):
encrypter = pyaes.Encrypter(self.mode, pyaes.PADDING_NONE)
return encrypter.feed(data) + encrypter.feed()
def aes_encrypt(key, data, iv):
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv=iv))
enc_data = encrypter.feed(data)
enc_data += encrypter.feed()
return enc_data
def aes_encrypt_with_iv(key, iv, data):
aes_cbc = pyaes.AESModeOfOperationCBC(key, iv=iv)
aes = pyaes.Encrypter(aes_cbc)
e = aes.feed(data) + aes.feed() # empty aes.feed() appends pkcs padding
return e
def login(self, username=None, password=None):
# Modified from:
# https://github.com/retrospect-addon/plugin.video.retrospect/blob/master/channels/channel.se/sbs/chn_sbs.py
# Local import to not slow down any other stuff
import binascii
try:
# If running on Leia
import pyaes
except:
# If running on Pre-Leia
from resources.lib import pyaes
import random
now = int(time.time())
b64_now = binascii.b2a_base64(str(now).encode()).decode().strip()
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 " \
"(KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
window_id = "{}|{}".format(
binascii.hexlify(os.urandom(16)).decode(),
binascii.hexlify(os.urandom(16)).decode())
fe = [
"DNT:unknown", "L:en-US", "D:24", "PR:1", "S:1920,975",
"AS:1920,935", "TO:-120", "SS:true", "LS:true", "IDB:true",
"B:false", "ODB:true", "CPUC:unknown", "PK:Win32", "CFP:990181251",
"FR:false", "FOS:false", "FB:false", "JSF:Arial",
"P:Chrome PDF Plugin", "T:0,false,false", "H:4", "SWF:false"
]
fs_murmur_hash = '48bf49e1796939175b0406859d00baec'
data = [
{
"key": "api_type",
"value": "js"
},
{
"key": "p",
"value": 1
}, # constant
{
"key": "f",
"value": self.device_id
}, # browser instance ID
{
"key": "n",
"value": b64_now
}, # base64 encoding of time.now()
{
"key": "wh",
"value": window_id
}, # WindowHandle ID
{
"key": "fe",
"value": fe
}, # browser properties
{
"key": "ife_hash",
"value": fs_murmur_hash
}, # hash of browser properties
{
"key": "cs",
"value": 1
}, # canvas supported 0/1
{
"key": "jsbd",
"value": "{\"HL\":41,\"NCE\":true,\"DMTO\":1,\"DOTO\":1}"
}
]
data_value = json.dumps(data)
stamp = now - (now % (60 * 60 * 6))
key_password = "******".format(user_agent, stamp)
salt_bytes = os.urandom(8)
key_iv = self.__evp_kdf(key_password.encode(),
salt_bytes,
key_size=8,
iv_size=4,
iterations=1,
hash_algorithm="md5")
key = key_iv["key"]
iv = key_iv["iv"]
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(key, iv))
encrypted = encrypter.feed(data_value)
# Again, make a final call to flush any remaining bytes and strip padding
encrypted += encrypter.feed()
salt_hex = binascii.hexlify(salt_bytes)
iv_hex = binascii.hexlify(iv)
encrypted_b64 = binascii.b2a_base64(encrypted)
bda = {
"ct": encrypted_b64.decode(),
"iv": iv_hex.decode(),
"s": salt_hex.decode()
}
bda_str = json.dumps(bda)
bda_base64 = binascii.b2a_base64(bda_str.encode())
req_dict = {
"bda": bda_base64.decode(),
"public_key": "FE296399-FDEA-2EA2-8CD5-50F6E3157ECA",
"site": "https://client-api.arkoselabs.com",
"userbrowser": user_agent,
"simulate_rate_limit": "0",
"simulated": "0",
"rnd": "{}".format(random.random())
}
req_data = ""
for k, v in req_dict.items():
req_data = "{}{}={}&".format(req_data, k, self.url_encode(v))
req_data = req_data.rstrip("&")
arkose_headers = {"user-agent": user_agent}
arkose_data = self.make_request(
'https://client-api.arkoselabs.com/fc/gt2/public_key/FE296399-FDEA-2EA2-8CD5-50F6E3157ECA',
'get',
params=req_data,
headers=arkose_headers)
arkose_json = json.loads(arkose_data)
arkose_token = arkose_json.get("token")
if "rid=" not in arkose_token:
self.log("Error logging in. Invalid Arkose token.")
self.log(arkose_token)
raise self.DplayError('Error logging in. Invalid Arkose token.')
self.log("Succesfully required a login token from Arkose.")
# Get new token
self.get_token()
discoveryplus_username = username
discoveryplus_password = password
creds = {
"credentials": {
"username": discoveryplus_username,
"password": discoveryplus_password
}
}
headers = {
"x-disco-arkose-token":
arkose_token,
"x-disco-arkose-sitekey":
"FE296399-FDEA-2EA2-8CD5-50F6E3157ECA",
"Origin":
"https://www.{site_url}".format(site_url=self.site_url),
"x-disco-client":
"WEB:10.16.0:AUTH_DPLAY_V1:4.0.1-rc2-gi1",
# is not specified a captcha is required
# "Sec-Fetch-Site": "same-site",
# "Sec-Fetch-Mode": "cors",
# "Sec-Fetch-Dest": "empty",
"Referer":
"https://www.{site_url}/myaccount/login".format(
site_url=self.site_url),
"User-Agent":
user_agent
}
login_url = '{api_url}/login'.format(api_url=self.api_url)
return self.make_request(login_url,
'post',
payload=json.dumps(creds),
headers=headers)
def prepare(self, document, overrideID=None):
# get ready to do encryption
if DEBUG:
print('StandardEncryption.prepare(...) - revision %d' %
self.revision)
if self.prepared:
raise ValueError("encryption already prepared!")
# get the unescaped string value of the document id (first array element).
# we allow one to be passed in instead to permit reproducible tests
# of our algorithm, but in real life overrideID will always be None
if overrideID:
internalID = overrideID
else:
externalID = document.ID() # initialize it...
internalID = document.signature.digest()
#AR debugging
if CLOBBERID:
internalID = "xxxxxxxxxxxxxxxx"
if DEBUG:
print('userPassword = %r' % self.userPassword)
print('ownerPassword = %r' % self.ownerPassword)
print('internalID = %r' % internalID)
self.P = int(self.permissionBits() - 2**31)
if CLOBBERPERMISSIONS: self.P = -44 # AR hack
if DEBUG:
print("self.P = %s" % repr(self.P))
if self.revision == 5:
# Init vectro for AES cipher (should be 16 bytes null array)
iv = b'\x00' * 16
# Random User salts
uvs = os_urandom(8)
uks = os_urandom(8)
# the main encryption key
self.key = asBytes(os_urandom(32))
if DEBUG:
print("uvs (hex) = %s" % hexText(uvs))
print("uks (hex) = %s" % hexText(uks))
print("self.key (hex) = %s" % hexText(self.key))
# Calculate the sha-256 hash of the User password (U)
md = sha256(asBytes(self.userPassword[:127]) + uvs)
self.U = md.digest() + uvs + uks
if DEBUG:
print("self.U (hex) = %s" % hexText(self.U))
# Calculate the User encryption key (UE)
md = sha256(asBytes(self.userPassword[:127]) + uks)
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(md.digest(), iv=iv))
self.UE = encrypter.feed(self.key)
self.UE += encrypter.feed()
if DEBUG:
print("self.UE (hex) = %s" % hexText(self.UE))
# Random Owner salts
ovs = os_urandom(8)
oks = os_urandom(8)
# Calculate the hash of the Owner password (U)
md = sha256(asBytes(self.ownerPassword[:127]) + ovs + self.U)
self.O = md.digest() + ovs + oks
if DEBUG:
print("self.O (hex) = %s" % hexText(self.O))
# Calculate the User encryption key (OE)
md = sha256(asBytes(self.ownerPassword[:127]) + oks + self.U)
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(md.digest(), iv=iv))
self.OE = encrypter.feed(self.key)
self.OE += encrypter.feed()
if DEBUG:
print("self.OE (hex) = %s" % hexText(self.OE))
# Compute permissions array
permsarr = [
self.P
& 0xFF, # store the permission value in the first 32-bits
self.P >> 8 & 0xFF,
self.P >> 16 & 0xFF,
self.P >> 24 & 0xFF,
0xFF,
0xFF,
0xFF,
0xFF,
ord(
'T'
), # 'T' if EncryptMetaData is True (default), 'F' otherwise
ord('a'), # a, d, b are magic values
ord('d'),
ord('b'),
0x01, # trailing zeros will be ignored
0x01,
0x01,
0x01
]
# the permission array should be enrypted in the Perms field
encrypter = pyaes.Encrypter(
pyaes.AESModeOfOperationCBC(self.key, iv=iv))
self.Perms = encrypter.feed(bytes3(permsarr))
self.Perms += encrypter.feed()
if DEBUG:
print("self.Perms (hex) = %s" % hexText(self.Perms))
elif self.revision in (2, 3):
self.O = computeO(self.userPassword, self.ownerPassword,
self.revision)
if DEBUG:
print("self.O (as hex) = %s" % hexText(self.O))
#print "\nself.O", self.O, repr(self.O)
self.key = encryptionkey(self.userPassword,
self.O,
self.P,
internalID,
revision=self.revision)
if DEBUG:
print("self.key (hex) = %s" % hexText(self.key))
self.U = computeU(self.key,
revision=self.revision,
documentId=internalID)
if DEBUG:
print("self.U (as hex) = %s" % hexText(self.U))
self.objnum = self.version = None
self.prepared = 1
def send_packet(self, command, payload):
self.count = (self.count + 1) & 0xffff
packet = bytearray(0x38)
packet[0x00] = 0x5a
packet[0x01] = 0xa5
packet[0x02] = 0xaa
packet[0x03] = 0x55
packet[0x04] = 0x5a
packet[0x05] = 0xa5
packet[0x06] = 0xaa
packet[0x07] = 0x55
packet[0x24] = 0x2a
packet[0x25] = 0x27
packet[0x26] = command
packet[0x28] = self.count & 0xff
packet[0x29] = self.count >> 8
packet[0x2a] = self.mac[0]
packet[0x2b] = self.mac[1]
packet[0x2c] = self.mac[2]
packet[0x2d] = self.mac[3]
packet[0x2e] = self.mac[4]
packet[0x2f] = self.mac[5]
packet[0x30] = self.id[0]
packet[0x31] = self.id[1]
packet[0x32] = self.id[2]
packet[0x33] = self.id[3]
checksum = 0xbeaf
for i in range(len(payload)):
checksum += payload[i]
checksum = checksum & 0xffff
# aes = AES.new(bytes(self.key), AES.MODE_CBC, bytes(self.iv))
# payload = aes.encrypt(bytes(payload))
aes = pyaes.AESModeOfOperationCBC(bytes(self.key), iv=bytes(self.iv))
encrypter = pyaes.Encrypter(aes)
length = len(payload)
payload = encrypter.feed(bytes(payload))
payload += encrypter.feed()
payload = payload[:length]
#
#
packet[0x34] = checksum & 0xff
packet[0x35] = checksum >> 8
for i in range(len(payload)):
packet.append(payload[i])
checksum = 0xbeaf
for i in range(len(packet)):
checksum += packet[i]
checksum = checksum & 0xffff
packet[0x20] = checksum & 0xff
packet[0x21] = checksum >> 8
starttime = time.time()
with self.lock:
while True:
try:
self.cs.sendto(packet, self.host)
self.cs.settimeout(1)
response = self.cs.recvfrom(1024)
break
except socket.timeout:
if (time.time() - starttime) < self.timeout:
pass
raise
return bytearray(response[0])
# For some modes of operation we need a random initialization vector
# of 16 bytes
iv = os.urandom(16)
#plaintext = "Text may be any length you wish, no padding is required"
plaintext = input("Enter message to be encrypted: ")
print()
for mode in pyaes.AESModesOfOperation.values():
for key in keys:
aes = mode(keys[key], iv) if mode == pyaes.AESModeOfOperationCFB else mode(keys[key])
tracemalloc.start()
encrypter = pyaes.Encrypter(aes)
ciphertext = encrypter.feed(plaintext)
ciphertext += encrypter.feed()
current, peak = tracemalloc.get_traced_memory()
tracemalloc.stop()
# show the encrypted data
print (key, mode.name[-5:])
print ("Encrypted message CPU: {}% ".format(psutil.cpu_percent(interval=1)))
print ("Encryption memory: {:10f}MB used\tPeaked at: {:10f}MB".format(current / 2**20, peak / 2**20))
# DECRYPTION
# CRT mode decryption requires a new instance be created
aes = mode(keys[key], iv) if mode == pyaes.AESModeOfOperationCFB else mode(keys[key])
# decrypted data is always binary, need to decode to plaintext
def get_access_attrs(content, url, check=True):
values = {}
attrs = {}
mw_pid = re.compile(r"partner_id:\s*(\w*),").findall(content)[0]
p_domain_id = re.compile(r"domain_id:\s*(\w*),").findall(content)[0]
_mw_adb = False
video_token = re.compile(r"video_token:\s*\S?\'([0-9a-f]*)\S?\'").findall(
content)[0]
ref = re.compile('ref: \'(.+?)\'').findall(content)[0]
js_path = re.compile(r'script src=\"(.*)\"').findall(content)[0]
headers = {
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36",
}
request = urllib2.Request("http://" + url.split('/')[2] + js_path, "",
headers)
request.get_method = lambda: 'GET'
js_page = urllib2.urlopen(request).read()
t = EncryptedData()
t.a = mw_pid
t.b = p_domain_id
t.c = _mw_adb
#t.d = window_value
t.e = video_token
t.f = USER_AGENT
json_string = t.to_json()
e_value = addon.getSetting('value1')
n_value = addon.getSetting('value2')
encrypt_mode = pyaes.AESModeOfOperationCBC(binascii.a2b_hex(e_value),
binascii.a2b_hex(n_value))
encrypter = pyaes.Encrypter(encrypt_mode)
encrypted = ''
encrypted += encrypter.feed(json_string)
encrypted += encrypter.feed()
attrs['purl'] = "http://" + url.split('/')[2] + "/vs"
values["q"] = base64.standard_b64encode(encrypted)
values["ref"] = ref
#check
if (check == True) and vurl:
try:
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
opener.addheaders = [("User-Agent", USER_AGENT)]
request = urllib2.Request(attrs["purl"], urllib.urlencode(values),
{})
connection = opener.open(request)
response = connection.read()
except:
values, attrs = reload_values(content, url)
xbmc.log("param=" + repr(values) + " " + repr(attrs))
return values, attrs
