def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I('ADMINISTRATOR')
self.srp.set_P('ADMINISTRATOR')
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
r = ST_AUTH_LOGON_PROOF_C.build(
Container(opcode=1,
SRP_A=convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1=convertool.intToStr(self.srp.get_M1()),
CRC=chr(0) * 20,
unk=0))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_C.parse(pkt)
#print(data)
# Init SRP Object
self.srp.set_I(data.I)
self.srp.set_P('ADMINISTRATOR')
self.srp.generate_b()
self.srp.generate_s()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_B()
# Create the response packet
r = ST_AUTH_LOGON_CHALLENGE_S.build(Container(
opcode = 0,
unk = 0,
error = 0,
SRP_B = convertool.intToStr(self.srp.get_B())[::-1],
SRP_g = chr(self.srp.get_g()),
SRP_N = convertool.intToStr(self.srp.get_N())[::-1],
SRP_s = convertool.intToStr(self.srp.get_s())[::-1],
CRC_salt = '430d7525f492e4e03bc66b8d1130cfac'.decode('hex'),
security_flag = 0
))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I(self.env['username'])
self.srp.set_P(self.env['userpass'])
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute('UPDATE accounts SET client_K = ? WHERE username = ?', [convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
r = ST_AUTH_LOGON_PROOF_C.build(Container(
opcode = 1,
SRP_A = convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1 = convertool.intToStr(self.srp.get_M1()),
CRC = chr(0) * 20, # don't know how to calculate it
unk = 0
))
self.writebuffer.append(r)
def calculate_u(self):
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
print('hash', hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1]+convertool.intToStr(self.SRP_B)[::-1]).hexdigest())
self.SRP_u = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1]+convertool.intToStr(self.SRP_B)[::-1]).digest()[::-1])
def calculate_M1(self):
if not self.SRP_N:
raise ValueNotSetException('SRP_N')
if not self.SRP_g:
raise ValueNotSetException('SRP_g')
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
if not self.SRP_K:
raise ValueNotSetException('SRP_K')
SRP_nhash = hashlib.sha1(convertool.intToStr(
self.SRP_N)[::-1]).digest() # Calculates hashes of previous values
SRP_ghash = hashlib.sha1(chr(self.SRP_g)).digest()
SRP_userhash = hashlib.sha1(self.SRP_I).digest()
SRP_nghash = ""
for i in range(20): # Xor n and g
SRP_nghash += chr(ord(SRP_nhash[i]) ^ ord(SRP_ghash[i]))
self.SRP_M1 =convertool.strToInt(hashlib.sha1(SRP_nghash + SRP_userhash + convertool.intToStr(self.SRP_s)[::-1] \
+ convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_B)[::-1] \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
def calculate_M1(self):
if not self.SRP_N:
raise ValueNotSetException('SRP_N')
if not self.SRP_g:
raise ValueNotSetException('SRP_g')
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
if not self.SRP_K:
raise ValueNotSetException('SRP_K')
SRP_nhash = hashlib.sha1(convertool.intToStr(self.SRP_N)[::-1]).digest() # Calculates hashes of previous values
SRP_ghash = hashlib.sha1(chr(self.SRP_g)).digest()
SRP_userhash = hashlib.sha1(self.SRP_I).digest()
SRP_nghash = ""
for i in range(20): # Xor n and g
SRP_nghash += chr(ord(SRP_nhash[i]) ^ ord(SRP_ghash[i]))
self.SRP_M1 =convertool.strToInt(hashlib.sha1(SRP_nghash + SRP_userhash + convertool.intToStr(self.SRP_s)[::-1] \
+ convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_B)[::-1] \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I(self.env['username'])
self.srp.set_P(self.env['userpass'])
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute(
'UPDATE accounts SET client_K = ? WHERE username = ?',
[convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
r = ST_AUTH_LOGON_PROOF_C.build(
Container(
opcode=1,
SRP_A=convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1=convertool.intToStr(self.srp.get_M1()),
CRC=chr(0) * 20, # don't know how to calculate it
unk=0))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_S.parse(pkt)
#print(data)
self.srp.set_I('ADMINISTRATOR')
self.srp.set_P('ADMINISTRATOR')
self.srp.set_B(convertool.strToInt(data.SRP_B[::-1]))
self.srp.set_g(convertool.strToInt(data.SRP_g[::-1]))
self.srp.set_N(convertool.strToInt(data.SRP_N[::-1]))
self.srp.set_s(convertool.strToInt(data.SRP_s[::-1]))
self.srp.generate_a()
self.srp.calculate_A()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_u()
self.srp.calculate_S_client()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
r = ST_AUTH_LOGON_PROOF_C.build(Container(
opcode = 1,
SRP_A = convertool.intToStr(self.srp.get_A())[::-1],
SRP_M1 = convertool.intToStr(self.srp.get_M1()),
CRC = chr(0) * 20,
unk = 0
))
self.writebuffer.append(r)
def calculate_x(self):
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_P:
raise ValueNotSetException('SRP_P')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
SRP_authstr = '%s:%s' % (self.SRP_I, self.SRP_P) # Concatenate USER:PASS
SRP_userhash = hashlib.sha1(SRP_authstr.upper()).digest() # Get the SHA hash
print "%s" % ((convertool.intToStr(self.SRP_s)[::-1]+SRP_userhash).encode('hex'))
self.SRP_x = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_s)[::-1]+SRP_userhash).digest()[::-1]) # Get SHA of salted user hash
def calculate_u(self):
if not self.SRP_A:
raise ValueNotSetException('SRP_A')
if not self.SRP_B:
raise ValueNotSetException('SRP_B')
print(
'hash',
hashlib.sha1(
convertool.intToStr(self.SRP_A)[::-1] +
convertool.intToStr(self.SRP_B)[::-1]).hexdigest())
self.SRP_u = convertool.strToInt(
hashlib.sha1(
convertool.intToStr(self.SRP_A)[::-1] +
convertool.intToStr(self.SRP_B)[::-1]).digest()[::-1])
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute(
'UPDATE accounts SET server_K = ? WHERE username = ?',
[convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(
Container(opcode=01,
error=0,
SRP_M2=convertool.intToStr(self.srp.get_M2()),
unk1=0x00800000,
unk2=0,
unk3=0))
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(Container(
opcode = 01,
error = 0,
SRP_M2 = convertool.intToStr(self.srp.get_M2()),
unk1 = 0x00800000,
unk2 = 0,
unk3 = 0
))
def handleAuthLogonProof(self, pkt):
data = ST_AUTH_LOGON_PROOF_C.parse(pkt)
#print(data)
self.srp.set_A(convertool.strToInt(data.SRP_A[::-1]))
self.srp.calculate_u()
self.srp.calculate_S_server()
self.srp.calculate_K()
self.srp.calculate_M1()
self.srp.calculate_M2()
# Store the sessionkey in the DB
cursor = db.cursor()
cursor.execute('UPDATE accounts SET server_K = ? WHERE username = ?', [convertool.intToHex(self.srp.get_K(), 80), self.env['username']])
db.commit()
# Check for authentification correctness
if data.SRP_M1.encode('hex') == '%x' % self.srp.get_M1():
print('M1 Matches !')
else:
print('Something goes wrong during authentification :(')
# Create the response packet
r = ST_AUTH_LOGON_PROOF_S.build(Container(
opcode = 01,
error = 0,
SRP_M2 = convertool.intToStr(self.srp.get_M2()),
unk1 = 0x00800000,
unk2 = 0,
unk3 = 0
))
def calculate_M2(self):
self.SRP_M2 = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
print
print(((convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1])).encode('hex'))
print
print(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).hexdigest())
def calculate_M2(self):
self.SRP_M2 = convertool.strToInt(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).digest())
print
print(((convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1])).encode('hex'))
print
print(hashlib.sha1(convertool.intToStr(self.SRP_A)[::-1] \
+ convertool.intToStr(self.SRP_M1) \
+ convertool.intToStr(self.SRP_K)[::-1]).hexdigest())
def calculate_x(self):
if not self.SRP_I:
raise ValueNotSetException('SRP_I')
if not self.SRP_P:
raise ValueNotSetException('SRP_P')
if not self.SRP_s:
raise ValueNotSetException('SRP_s')
SRP_authstr = '%s:%s' % (self.SRP_I, self.SRP_P
) # Concatenate USER:PASS
SRP_userhash = hashlib.sha1(
SRP_authstr.upper()).digest() # Get the SHA hash
print "%s" % ((convertool.intToStr(self.SRP_s)[::-1] +
SRP_userhash).encode('hex'))
self.SRP_x = convertool.strToInt(
hashlib.sha1(convertool.intToStr(self.SRP_s)[::-1] +
SRP_userhash).digest()
[::-1]) # Get SHA of salted user hash
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_C.parse(pkt)
#print(data)
# Get database cursor
cursor = db.cursor()
# Set the username in the env
self.env['username'] = data.I
self.env['userpass'] = cursor.execute(
'SELECT password FROM accounts WHERE username = ?',
[data.I]).fetchone()[0] # not safe should do some checking
# Do client part authentification
self.env['client'].initAuthentification()
# Init SRP Object
self.srp.set_I(data.I)
self.srp.set_P(self.env['userpass'])
self.srp.generate_b()
self.srp.generate_s()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_B()
# Create the response packet
r = ST_AUTH_LOGON_CHALLENGE_S.build(
Container(
opcode=0,
unk=0,
error=0,
SRP_B=convertool.intToStr(self.srp.get_B())[::-1],
SRP_g=chr(self.srp.get_g()),
SRP_N=convertool.intToStr(self.srp.get_N())[::-1],
SRP_s=convertool.intToStr(self.srp.get_s())[::-1],
CRC_salt='430d7525f492e4e03bc66b8d1130cfac'.decode('hex'),
security_flag=0))
self.writebuffer.append(r)
def handleAuthLogonChallenge(self, pkt):
data = ST_AUTH_LOGON_CHALLENGE_C.parse(pkt)
#print(data)
# Get database cursor
cursor = db.cursor()
# Set the username in the env
self.env['username'] = data.I
self.env['userpass'] = cursor.execute('SELECT password FROM accounts WHERE username = ?', [data.I]).fetchone()[0] # not safe should do some checking
# Do client part authentification
self.env['client'].initAuthentification()
# Init SRP Object
self.srp.set_I(data.I)
self.srp.set_P(self.env['userpass'])
self.srp.generate_b()
self.srp.generate_s()
self.srp.calculate_x()
self.srp.calculate_v()
self.srp.calculate_B()
# Create the response packet
r = ST_AUTH_LOGON_CHALLENGE_S.build(Container(
opcode = 0,
unk = 0,
error = 0,
SRP_B = convertool.intToStr(self.srp.get_B())[::-1],
SRP_g = chr(self.srp.get_g()),
SRP_N = convertool.intToStr(self.srp.get_N())[::-1],
SRP_s = convertool.intToStr(self.srp.get_s())[::-1],
CRC_salt = '430d7525f492e4e03bc66b8d1130cfac'.decode('hex'),
security_flag = 0
))
self.writebuffer.append(r)
def calculate_K(self):
if not self.SRP_S:
raise ValueNotSetException('SRP_S')
SRP_S1 = ""
SRP_S2 = ""
tmp_S = convertool.intToStr(self.SRP_S)[::-1] # SRP_S is reversed
for i in range(32): # Split the S value in S1 and S2, interleaving each char
if i % 2 == 0:
SRP_S1 += tmp_S[i]
else:
SRP_S2 += tmp_S[i]
SRP_S1hash = hashlib.sha1(SRP_S1).digest() # Calculate SHA hash
SRP_S2hash = hashlib.sha1(SRP_S2).digest()
SRP_SKhash = ""
for i in range(20):
SRP_SKhash += SRP_S1hash[i] + SRP_S2hash[i] # Join S1hash and S2hash in one string, interleaving each char
self.SRP_K = convertool.strToInt(SRP_SKhash[::-1])
def calculate_K(self):
if not self.SRP_S:
raise ValueNotSetException('SRP_S')
SRP_S1 = ""
SRP_S2 = ""
tmp_S = convertool.intToStr(self.SRP_S)[::-1] # SRP_S is reversed
for i in range(
32): # Split the S value in S1 and S2, interleaving each char
if i % 2 == 0:
SRP_S1 += tmp_S[i]
else:
SRP_S2 += tmp_S[i]
SRP_S1hash = hashlib.sha1(SRP_S1).digest() # Calculate SHA hash
SRP_S2hash = hashlib.sha1(SRP_S2).digest()
SRP_SKhash = ""
for i in range(20):
SRP_SKhash += SRP_S1hash[i] + SRP_S2hash[
i] # Join S1hash and S2hash in one string, interleaving each char
self.SRP_K = convertool.strToInt(SRP_SKhash[::-1])
