public static bool Impersonate(string user) { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call Impersonate"); Tlv tlv = new Tlv(); tlv.Pack(TlvType.IncognitoImpersonateToken, user); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_impersonate_token")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { return true; } return false; } System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded"); throw new InvalidOperationException("incognito extension is not loaded"); }
public static SysInfo Info() { Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_sysinfo")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] Info result returned"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { System.Diagnostics.Debug.Write("[PSH BINDING] Info succeeded"); return new SysInfo { Host = Tlv.GetValue<string>(responseTlv, TlvType.ComputerName, string.Empty), OperatingSystem = Tlv.GetValue<string>(responseTlv, TlvType.OsName, string.Empty), Architecture = Tlv.GetValue<string>(responseTlv, TlvType.Architecture, string.Empty), Language = Tlv.GetValue<string>(responseTlv, TlvType.LangSystem, string.Empty), Domain = Tlv.GetValue<string>(responseTlv, TlvType.Domain, string.Empty), LoggedOnUsers = Tlv.GetValue<int>(responseTlv, TlvType.LoggedOnUserCount) }; } System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount failed"); } else { System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount result was null"); } return null; }
public static bool AddUser(string server, string username, string password) { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call AddUser"); Tlv tlv = new Tlv(); tlv.Pack(TlvType.IncognitoServerName, server); tlv.Pack(TlvType.IncognitoUserName, username); tlv.Pack(TlvType.IncognitoPassword, password); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_add_user")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { return true; } return false; } System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded"); throw new InvalidOperationException("incognito extension is not loaded"); }
public static Tlv MakeTLV(int typeCode, byte[] data) { Tlv retval = new Tlv(); retval.TypeNumber = (ushort) typeCode; retval.Data = data; retval.DataSize = (ushort) ((data == null) ? 0 : data.Length); return retval; }
public static bool Add(TransportInstance transport, int sessionExpiry = 0) { Tlv tlv = new Tlv(); tlv.Pack(TlvType.TransUrl, transport.Url); if (sessionExpiry > 0) { tlv.Pack(TlvType.TransSessExp, sessionExpiry); } if (transport.CommTimeout > 0) { tlv.Pack(TlvType.TransCommTimeout, transport.CommTimeout); } if (transport.RetryTotal > 0) { tlv.Pack(TlvType.TransRetryTotal, transport.RetryTotal); } if (transport.RetryWait > 0) { tlv.Pack(TlvType.TransRetryWait, transport.RetryWait); } if (!string.IsNullOrEmpty(transport.UserAgent)) { tlv.Pack(TlvType.TransUa, transport.UserAgent); } if (!string.IsNullOrEmpty(transport.ProxyHost)) { tlv.Pack(TlvType.TransUa, transport.ProxyHost); } if (!string.IsNullOrEmpty(transport.ProxyUser)) { tlv.Pack(TlvType.TransUa, transport.ProxyUser); } if (!string.IsNullOrEmpty(transport.ProxyPass)) { tlv.Pack(TlvType.TransUa, transport.ProxyPass); } if (transport.CertHash != null && transport.CertHash.Length > 0) { tlv.Pack(TlvType.TransCertHash, transport.CertHash); } var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("core_transport_add")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] List result returned"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { return true; } } return false; }
public void ShouldParseValidHexArray() { var validHexArray = Enumerable .Range(0, _validAsciiHexString.Length) .Where(x => x % 2 == 0) .Select(x => Convert.ToByte(_validAsciiHexString.Substring(x, 2), 16)) .ToArray(); var tlvs = Tlv.ParseTlv(validHexArray); AssertTlv(tlvs); }
public void TestMultipleResource() { // Table 7.4.3.2-1 example. Taken from middle section Tlv[] result = _parser.Parse(Utilities.StringToByteArray("88070842000ED842011388")); Tlv expected = new Tlv(TlvType.MULTIPLE_RESOURCE, 0x07, new Tlv[] { new Tlv(TlvType.RESOURCE_INSTANCE, 0x00, null, Utilities.StringToByteArray("0ED8")), new Tlv(TlvType.RESOURCE_INSTANCE, 0x01, null, Utilities.StringToByteArray("1388")), }, null); Assert.Equal(expected, result[0]); }
public override byte[] GetMessageBytes() { //Check if optional parameter message_payload is present Tlv.Tlv tlv = Tlv.GetTlvByTag(Tag.message_payload); if (tlv == null) { return(null); } else { return(tlv.RawValue); } }
static void Main(string[] args) { //var x = MSF.Powershell.Runner.Get("Default"); //System.Console.Write(x.Execute("$x = $(whoami)")); //System.Console.Write(x.Execute("$x")); //MSF.Powershell.Runner.Remove("Default"); Tlv t = new Tlv(); t.Pack(TlvType.ElevateTechnique, 1); t.Pack(TlvType.ElevateServiceName, "abcd1234"); var x = t.ToRequest("priv_elevate_getsystem"); var y = 0; }
public override void SetMessageBytes(byte[] message) { if (message == null) { throw new ArgumentNullException("message"); } //Check if optional parameter message_payload is present Tlv.Tlv tlv = Tlv.GetTlvByTag(Tag.message_payload); if (tlv == null) { throw new InvalidOperationException("Tlv parameter 'message_payload' is not present"); } tlv.ParseValue(message); }
public void TestObjectInstance() { // Table 7.4.3.2-3 example. With object children length fixed (0x0D -> 0x0F) Tlv[] result = _parser.Parse(Utilities.StringToByteArray("08000FC10001C40100015180C10601C10755")); Tlv expected = new Tlv(TlvType.OBJECT_INSTANCE, 0x00, new Tlv[] { new Tlv(TlvType.RESOURCE_VALUE, 0x00, null, Utilities.StringToByteArray("01")), new Tlv(TlvType.RESOURCE_VALUE, 0x01, null, Utilities.StringToByteArray("00015180")), new Tlv(TlvType.RESOURCE_VALUE, 0x06, null, Utilities.StringToByteArray("01")), new Tlv(TlvType.RESOURCE_VALUE, 0x07, null, Utilities.StringToByteArray("55")), }, null); Assert.Equal(expected, result[0]); }
public static SessionDefinition List() { Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("core_transport_list")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] List result returned"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { System.Diagnostics.Debug.Write("[PSH BINDING] List succeeded"); var expirySeconds = Tlv.GetValue<int>(responseTlv, TlvType.TransSessExp); var session = new SessionDefinition(DateTime.Now.AddSeconds(expirySeconds)); foreach (var transportObj in responseTlv[TlvType.TransGroup]) { var transportDict = (Dictionary<TlvType, List<object>>)transportObj; var transport = new TransportInstance { Url = Tlv.GetValue<string>(transportDict, TlvType.TransUrl, string.Empty), CommTimeout = Tlv.GetValue<int>(transportDict, TlvType.TransCommTimeout), RetryTotal = Tlv.GetValue<int>(transportDict, TlvType.TransRetryTotal), RetryWait = Tlv.GetValue<int>(transportDict, TlvType.TransRetryWait), UserAgent = Tlv.GetValue<string>(transportDict, TlvType.TransUa, string.Empty), ProxyHost = Tlv.GetValue<string>(transportDict, TlvType.TransProxyHost, string.Empty), ProxyUser = Tlv.GetValue<string>(transportDict, TlvType.TransProxyUser, string.Empty), ProxyPass = Tlv.GetValue<string>(transportDict, TlvType.TransProxyPass, string.Empty), CertHash = Tlv.GetValue<byte[]>(transportDict, TlvType.TransCertHash) }; session.Transports.Add(transport); } return session; } System.Diagnostics.Debug.Write("[PSH BINDING] List failed"); } else { System.Diagnostics.Debug.Write("[PSH BINDING] List result was null"); } return null; }
public void TestObjectInstance2() { // Table 7.4.3.2-2 example. First object instance Tlv[] result = _parser.Parse(Utilities.StringToByteArray("08000EC10001C101008302417F07C1037F")); Tlv expected = new Tlv(TlvType.OBJECT_INSTANCE, 0x00, new Tlv[] { new Tlv(TlvType.RESOURCE_VALUE, 0x00, null, Utilities.StringToByteArray("01")), new Tlv(TlvType.RESOURCE_VALUE, 0x01, null, Utilities.StringToByteArray("00")), new Tlv(TlvType.MULTIPLE_RESOURCE, 0x02, new Tlv[] { new Tlv(TlvType.RESOURCE_INSTANCE, 0x7F, null, Utilities.StringToByteArray("07")) }, null), new Tlv(TlvType.RESOURCE_VALUE, 0x03, null, Utilities.StringToByteArray("7F")) }, null); Assert.Equal(expected, result[0]); }
public static bool Rev2Self() { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call Rev2Self"); Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_rev2self")); if (result != null) { var responseTlv = Tlv.FromResponse(result); return responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0; } return false; }
public static List<Credential> CredsAll() { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call CredsAll"); if (!User.IsSystem()) { throw new InvalidOperationException("Current session is not running as SYSTEM"); } Tlv tlv = new Tlv(); tlv.Pack(TlvType.KiwiPwdId, 0); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("kiwi_scrape_passwords")); var ids = new Dictionary<string, Credential>(); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, kiwi is probably loaded"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { foreach (var credObj in responseTlv[TlvType.KiwiPwdResult]) { var credDict = (Dictionary<TlvType, List<object>>)credObj; var credential = new Credential { Domain = Tlv.GetValue<string>(credDict, TlvType.KiwiPwdDomain, string.Empty), Username = Tlv.GetValue<string>(credDict, TlvType.KiwiPwdUserName, string.Empty), Password = Tlv.GetValue<string>(credDict, TlvType.KiwiPwdPassword, string.Empty) }; if (!ids.ContainsKey(credential.ToString())) { ids.Add(credential.ToString(), credential); } } return new List<Credential>(ids.Values); } } System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, kiwi is probably not loaded"); throw new InvalidOperationException("Kiwi extension is not loaded"); }
/// <summary> /// Tlv结构转为byte[] /// </summary> private byte[] _writeTlvToBt(Tlv tlv) { MemoryStream arr = new MemoryStream(); BinaryWriter binaryWriter = new BinaryWriter(arr); // arr.Seek(0, SeekOrigin.Begin); binaryWriter.Write(tlv.Type); byte[] len = BitConverter.GetBytes(tlv.Length); if (_tlvConn.Endian) { Array.Reverse(len); } binaryWriter.Write(len); byte[] val = tlv.Value; binaryWriter.Write(val); byte[] b = arr.ToArray(); return(b); }
public static bool StealToken(int pid) { System.Diagnostics.Debug.Write(string.Format("[PSH BINDING] Invoking binding call StealToken({0})", pid)); Tlv tlv = new Tlv(); tlv.Pack(TlvType.Pid, pid); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_steal_token")); if (result != null) { var responseTlv = Tlv.FromResponse(result); return responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0; } return false; }
public static List<ProcessInfo> ProcessList() { Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_process_get_processes")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] ProcessList result returned"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { System.Diagnostics.Debug.Write("[PSH BINDING] ProcessList succeeded"); var processes = new List<ProcessInfo>(); foreach (var processObj in responseTlv[TlvType.ProcessGroup]) { var processDict = (Dictionary<TlvType, List<object>>)processObj; var process = new ProcessInfo { Architecture = Tlv.GetValue<int>(processDict, TlvType.ProcessArch) == 1 ? "x86" : "x86_64", Name = Tlv.GetValue<string>(processDict, TlvType.ProcessName, string.Empty), Username = Tlv.GetValue<string>(processDict, TlvType.UserName, string.Empty), Pid = Tlv.GetValue<int>(processDict, TlvType.Pid), ParentPid = Tlv.GetValue<int>(processDict, TlvType.ParentPid), Path = Tlv.GetValue<string>(processDict, TlvType.ProcessPath, string.Empty), Session = Tlv.GetValue<int>(processDict, TlvType.ProcessSession) }; processes.Add(process); } return processes; } System.Diagnostics.Debug.Write("[PSH BINDING] ProcessList failed"); } else { System.Diagnostics.Debug.Write("[PSH BINDING] ProcessList result was null"); } return null; }
/// <summary> /// Read all records from BinaryReader /// </summary> /// <param name="br">BinaryReader object</param> /// <returns>Is sucess?</returns> public bool Read(BinaryReader br) { this.Type = br.ReadByte(); this.Ttl = br.ReadByte(); this.Sequence = br.ReadUInt16Reverse(); while (br.BaseStream.Length > br.BaseStream.Position) { var item = new Tlv(); bool ok = item.Read(br); if (!ok) { return(false); } this.Items.Add(item); } return(true); }
public static bool GetSystem() { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call GetSystem"); Tlv tlv = new Tlv(); tlv.Pack(TlvType.ElevateTechnique, 1); tlv.Pack(TlvType.ElevateServiceName, "abcd1234"); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("priv_elevate_getsystem")); if (result != null) { var responseTlv = Tlv.FromResponse(result); return responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0; } return false; }
public static List<Mount> ShowMount() { Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_fs_mount_show")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount result returned"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount succeeded"); var mounts = new List<Mount>(); foreach (var mountObj in responseTlv[TlvType.Mount]) { var mountDict = (Dictionary<TlvType, List<object>>)mountObj; var mount = new Mount { Name = Tlv.GetValue<string>(mountDict, TlvType.MountName, string.Empty), Type = Tlv.GetValue<MountType>(mountDict, TlvType.MountType, MountType.Unknown), SpaceUser = Tlv.GetValue<Int64>(mountDict, TlvType.MountSpaceUser), SpaceTotal = Tlv.GetValue<Int64>(mountDict, TlvType.MountSpaceTotal), SpaceFree = Tlv.GetValue<Int64>(mountDict, TlvType.MountSpaceFree), UncPath = Tlv.GetValue<string>(mountDict, TlvType.MountUncPath, string.Empty) }; mounts.Add(mount); } return mounts; } System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount failed"); } else { System.Diagnostics.Debug.Write("[PSH BINDING] ShowMount result was null"); } return null; }
public PairingReturn Post(Tlv parts) { var state = parts.GetTypeAsInt(Constants.State); var method = parts.GetTypeAsInt(Constants.Method); var responseTlv = new Tlv(); if (state == 1) { if (method == 3) // Add Pairing { _logger.LogDebug("* Add Pairing"); var identifier = parts.GetType(Constants.Identifier); var publickey = parts.GetType(Constants.PublicKey); var permissions = parts.GetType(Constants.Permissions); responseTlv.AddType(Constants.State, 2); } else if (method == 4) // Remove Pairing { _logger.LogDebug("* Remove Pairing"); responseTlv.AddType(Constants.State, 2); } else if (method == 5) // List Pairing { _logger.LogDebug("* List Pairings"); responseTlv.AddType(Constants.State, 2); } } else { responseTlv.AddType(Constants.State, 2); responseTlv.AddType(Constants.Error, ErrorCodes.Busy); } return(new PairingReturn { ContentType = "application/pairing+tlv8", TlvData = responseTlv }); }
private static byte[] FindValue(Tlv tlv, IEnumerator <string> tags) { if (tlv.HexTag == tags.Current) { if (!tags.MoveNext()) { return(tlv.Value); } foreach (Tlv child in tlv.Children) { var val = FindValue(child, tags); if (val != null) { return(val); } } } return(null); }
public static string GetUid() { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call GetUid"); Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_getuid")); if (result != null) { var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { return(Tlv.GetValue <string>(responseTlv, TlvType.UserName)); } } return(null); }
public static string GetUid() { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call GetUid"); Tlv tlv = new Tlv(); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_getuid")); if (result != null) { var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { return Tlv.GetValue<string>(responseTlv, TlvType.UserName); } } return null; }
private bool Handle_LoginDenied(Core core, OicqRequest request) { Console.WriteLine("[Error] Login denied."); var tlvs = request.oicqRequestBody.TakeAllBytes(out var _); var unpacker = new TlvUnpacker(tlvs, true); Tlv tlv146 = unpacker.TryGetTlv(0x146); if (tlv146 != null) { var errorTitle = ((T146Body)tlv146._tlvBody)._title; var errorMessage = ((T146Body)tlv146._tlvBody)._message; Console.WriteLine($"[Error] {errorTitle} {errorMessage}"); } core.PostSystemEvent(EventType.LoginFailed); return(false); }
private bool Handle_VerifySliderCaptcha(Core core, OicqRequest request) { Console.WriteLine("Do slider verification."); var tlvs = request.oicqRequestBody.TakeAllBytes(out var _); var unpacker = new TlvUnpacker(tlvs, true); Tlv tlv104 = unpacker.TryGetTlv(0x104); Tlv tlv192 = unpacker.TryGetTlv(0x192); if (tlv104 != null && tlv192 != null) { var sigSession = ((T104Body)tlv104._tlvBody)._sigSession; var sigCaptchaURL = ((T192Body)tlv192._tlvBody)._url; core.SigInfo.WtLoginSession = sigSession; core.PostUserEvent(EventType.WtLoginVerifySliderCaptcha, sigCaptchaURL, DeviceInfo.Browser.UserAgent); } return(false); }
static void Main(string[] args) { #region Dont even bother looking, just testing out how json works string json = @"{ 'Email': '*****@*****.**', 'Active': true, 'CreatedDate': '2013-01-20T00:00:00Z', 'Roles': [ 'User', 'Admin' ] }"; ClientExisting dataReciever = JsonConvert.DeserializeObject <ClientExisting>(json); // Console.WriteLine(dataReciever.EndpointClientName); ICollection <Tlv> tlvs = Tlv.ParseTlv("6F1A840E315041592E5359532E4444463031A5088801025F2D02656E"); Console.WriteLine(tlvs); #endregion }
protected override void ParseBody() { Decrypt(User.TXProtocol.BufDhShareKey); Result = Reader.ReadByte(); //返回错误 if (Result == (byte)ResultCode.DoMain || Result == (byte)ResultCode.其它错误 || Result == (byte)ResultCode.密码错误 || Result == (byte)ResultCode.帐号被回收 || Result == (byte)ResultCode.要求切换TCP || Result == (byte)ResultCode.过载保护 || Result == (byte)ResultCode.需要验证密保 || Result == (byte)ResultCode.需要验证码) { var tlvs = Tlv.ParseTlv(Reader.ReadBytes((int)(Reader.BaseStream.Length - 1))); //重置指针(因为tlv解包后指针已经移动到末尾) Reader.BaseStream.Position = 1; TlvExecutionProcessing(tlvs); if (tlvs.Any(c => c.Tag == 0x0100)) { var errorData = tlvs.FirstOrDefault(c => c.Tag == 0x0100); var errReader = new BinaryReader(new MemoryStream(errorData.Value)); var tlv = new TLV0100(); tlv.Parser_Tlv2(User, errReader, errorData.Length); ErrorMsg = tlv.ErrorMsg; } } else { BodyDecrypted = QQTea.Decrypt(BodyDecrypted, User.TXProtocol.BufTgtgtKey); Reader = new BinaryReader(new MemoryStream(BodyDecrypted)); Result = Reader.ReadByte(); var tlvs = Tlv.ParseTlv(Reader.ReadBytes((int)(Reader.BaseStream.Length - 1))); //重置指针(因为tlv解包后指针已经移动到末尾) Reader.BaseStream.Position = 1; TlvExecutionProcessing(tlvs); } }
internal Tlv HandlePairSetupM5Raw(ConnectionSession session, out KeyPair keyPair) { var hdkf = new HkdfSha512(); var accessory = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(session.ServerSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Info"), 32); keyPair = KeyGenerator.GenerateNewPair(); var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId); var material = accessory.Concat(serverUsername).Concat(keyPair.PublicKey).ToArray(); var signature = Chaos.NaCl.Ed25519.Sign(material, keyPair.PrivateKey); var encoder = new Tlv(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.PublicKey, keyPair.PublicKey); encoder.AddType(Constants.Signature, signature); return(encoder); }
public void ParseEmvHexTest() { var tlvs = Tlv.ParseTlv(_emvHexTlv); AssertTlv(tlvs); }
/// <summary> /// Send a message to the server. Should be in a try catch block /// </summary> /// <param name="tlv"></param> public void SendMessage(Tlv tlv) { System.Diagnostics.Debug.WriteLine($"Socket ---> [{(SocketMessageTypes) tlv.Type}]"); _socket?.Send(tlv.GetBytes()); }
public PairVerifyReturn Post(Tlv parts, HapSession session) { var state = parts.GetTypeAsInt(Constants.State); if (state == 1) { _logger.LogDebug("* Pair Verify Step 1/4"); _logger.LogDebug("* Verify Start Request"); var clientPublicKey = parts.GetType(Constants.PublicKey); byte[] privateKey = new byte[32]; Random random = new Random(); random.NextBytes(privateKey); var publicKey = Curve25519.GetPublicKey(privateKey); var sharedSecret = Curve25519.GetSharedSecret(privateKey, clientPublicKey); var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId); var material = publicKey.Concat(serverUsername).Concat(clientPublicKey).ToArray(); var accessoryLtsk = StringToByteArray(HapControllerServer.HapControllerLtsk); var proof = Chaos.NaCl.Ed25519.Sign(material, accessoryLtsk); var hdkf = new HkdfSha512(); var hkdfEncKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Verify-Encrypt-Info"), 32); var encoder = new Tlv(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.Signature, proof); var plaintext = TlvParser.Serialize(encoder); var zeros = new byte[] { 0, 0, 0, 0 }; var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PV-Msg02")); var encryptedOutput = AeadAlgorithm.ChaCha20Poly1305.Encrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], plaintext); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 2); responseTlv.AddType(Constants.EncryptedData, encryptedOutput); responseTlv.AddType(Constants.PublicKey, publicKey); // Store the details on the session. // session.ClientPublicKey = clientPublicKey; session.PrivateKey = privateKey; session.PublicKey = publicKey; session.SharedSecret = sharedSecret; session.HkdfPairEncKey = hkdfEncKey; var encSalt = Encoding.UTF8.GetBytes("Control-Salt"); var infoRead = Encoding.UTF8.GetBytes("Control-Read-Encryption-Key"); var infoWrite = Encoding.UTF8.GetBytes("Control-Write-Encryption-Key"); session.AccessoryToControllerKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), encSalt, infoRead, 32); session.ControllerToAccessoryKey = hdkf.DeriveBytes(SharedSecret.Import(sharedSecret), encSalt, infoWrite, 32); return(new PairVerifyReturn { TlvData = responseTlv, Ok = true, HapSession = session }); } if (state == 3) { _logger.LogDebug("* Pair Verify Step 3/4"); _logger.LogDebug("* Verify Finish Request"); var encryptedData = parts.GetType(Constants.EncryptedData); var zeros = new byte[] { 0, 0, 0, 0 }; var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PV-Msg03")); var decrypt = AeadAlgorithm.ChaCha20Poly1305.Decrypt(Key.Import(AeadAlgorithm.ChaCha20Poly1305, session.HkdfPairEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], encryptedData, out var output); if (!decrypt) { var errorTlv = new Tlv(); errorTlv.AddType(Constants.State, 4); errorTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairVerifyReturn { TlvData = errorTlv, Ok = false }); } var subData = TlvParser.Parse(output); var clientUserName = subData.GetType(Constants.Identifier); var signature = subData.GetType(Constants.Signature); var clientPublicKey = StringToByteArray(HapControllerServer.HapControllerLtpk); var material = session.ClientPublicKey.Concat(clientUserName).Concat(session.PublicKey).ToArray(); session.ClientUsername = Automatica.Core.Driver.Utility.Utils.ByteArrayToString(in clientUserName); if (!Chaos.NaCl.Ed25519.Verify(signature, material, clientPublicKey)) { var errorTlv = new Tlv(); errorTlv.AddType(Constants.State, 4); errorTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairVerifyReturn { TlvData = errorTlv, Ok = false }); } var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 4); session.IsVerified = true; session.SkipFirstEncryption = true; return(new PairVerifyReturn { Ok = true, TlvData = responseTlv }); } return(null); }
private static void WarmUpCard(Transaction transaction) { logger.Info("Warming up card"); // We perform initial, constant interactions in this phase // For now - hard-coded queries, ignore responses byte[] SEL_FILE = new byte[] { 0x00, 0xA4, 0x04, 0x00, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00 }; var selResponse = GetResponse(SEL_FILE, transaction, "Select Payment"); var tlvSelResponse = Tlv.ParseTlv(selResponse); var paymentApp = tlvSelResponse; var SelApp = transaction.InitApdu(true); SelApp.Instruction = InstructionCode.SelectFile; SelApp.P1 = 0x04; // read the first file (I think?) SelApp.Data = FindValue(tlvSelResponse.First(), new string[] { "6F", "A5", "BF0C", "61", "4F" }); var appResponse = transaction.SendCommand(SelApp, "Select App"); // Extract the PDOL var appTlv = Tlv.ParseTlv(appResponse.GetData()); var pdolData = FindValue(appTlv.First(), new string[] { "6F", "A5", "9F38" }); var pdolParsed = PDOL.ParsePDOL(pdolData); // Normally this would get sent back to the client to be filled by the terminal PDOL.FillWithDummyData(pdolParsed); var gpo = transaction.InitApdu(true); gpo.CLA = 0x80; gpo.Instruction = (InstructionCode)0xA8; gpo.Data = PDOL.GeneratePDOL(pdolParsed); var gpoResponse = transaction.SendCommand(gpo, "GPO"); var gpoTlv = Tlv.ParseTlv(gpoResponse.GetData()); var fileData = FindValue(gpoTlv.First(), new string[] { "77", "94" }); var fileList = ParseAddresses(fileData); byte[] cdol = null; foreach (var file in fileList) { for (byte recordNum = file.FromRecord; recordNum <= file.ToRecord; recordNum++) { var rr = transaction.InitApdu(false); BuildReadRecordApdu(rr, file, recordNum); var record = transaction.SendCommand(rr, "ReadRecord"); var rrtlv = Tlv.ParseTlv(record.GetData()); if (cdol == null) { cdol = FindValue(rrtlv.First(), new string[] { "70", "8C" }); } } } if (cdol != null) { var cdolParsed = PDOL.ParsePDOL(cdol); PDOL.FillWithDummyData(cdolParsed); var GenerateCrypto = transaction.InitApdu(true); GenerateCrypto.CLA = 0x80; GenerateCrypto.Instruction = (InstructionCode)0xAE; GenerateCrypto.P1 = 0x80; GenerateCrypto.Data = PDOL.GenerateCDOL(cdolParsed); var fuckinAye = transaction.SendCommand(GenerateCrypto, "GenerateCrypto"); var faBytes = fuckinAye.GetData(); } //if (commandApdu.SequenceEqual(SEL_FILE)) // return new byte[] { 0x6F, 0x2C, 0x84, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0xA5, 0x1A, 0xBF, 0x0C, 0x17, 0x61, 0x15, 0x4F, 0x07, 0xA0, 0x00, 0x00, 0x02, 0x77, 0x10, 0x10, 0x50, 0x07, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x61, 0x63, 0x87, 0x01, 0x01, 0x90, 0x00 }; //byte[] SEL_INTERAC = new byte[] { 0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x02, 0x77, 0x10, 0x10, 0x00 }; ////transaction.SendCommand(SEL_INTERAC, transaction, "Select Interac"); ////var tlvSelResponse = BerTlv.Tlv.ParseTlv(selResponse); //byte[] GET_ATC = new byte[] { 0x80, 0xCA, 0x9F, 0x36, 0x00 }; //var r1 = GetResponse(GET_ATC, transaction, "Get App Transaction Counter"); //byte[] GET_OATC = new byte[] { 0x80, 0xCA, 0x9F, 0x13, 0x00 }; //var r2 = GetResponse(GET_OATC, transaction, "Get App Transaction Counter (Online)"); //byte[] GET_PINC = new byte[] { 0x80, 0xCA, 0x9F, 0x17, 0x00 }; //var r3 = GetResponse(GET_PINC, transaction, "Get Pin Tries"); //byte[] GET_LOG = new byte[] { 0x80, 0xCA, 0x9F, 0x4F, 0x00 }; //var r4 = GetResponse(GET_LOG, transaction, "Get Log"); ////if (commandApdu.SequenceEqual(SEL_INTERAC)) //// return new byte[] { 0x6F, 0x31, 0x84, 0x07, 0xA0, 0x00, 0x00, 0x02, 0x77, 0x10, 0x10, 0xA5, 0x26, 0x50, 0x07, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x61, 0x63, 0x87, 0x01, 0x01, 0x5F, 0x2D, 0x04, 0x65, 0x6E, 0x66, 0x72, 0xBF, 0x0C, 0x10, 0x9F, 0x4D, 0x02, 0x0B, 0x0A, 0x5F, 0x56, 0x03, 0x43, 0x41, 0x4E, 0xDF, 0x62, 0x02, 0x80, 0x80, 0x90, 0x00 }; //var GPO = new byte[] { 0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00 }; //GetResponse(GPO, transaction, "Warmup"); //if (GPO.SequenceEqual(commandApdu)) // return new byte[] { 0x77, 0x0A, 0x82, 0x02, 0x18, 0x00, 0x94, 0x04, 0x08, 0x01, 0x02, 0x00, 0x90, 0x00 }; }
private void ProcessDirectoryQueryResponseUserDetails(Tlv t, ref FullUserInfo ui) { List <TlvBlock> tlvlist = null; ByteStream bstream = new ByteStream(t.Data); switch (t.TypeNumber) { case 0x96: // Home Address tlvlist = readTlvList(bstream, 1); break; case 0xa0: // Origin Address tlvlist = readTlvList(bstream, 1); break; case 0xc8: // Phone Numbers tlvlist = readTlvList(bstream, 5); break; case 0x8c: // Emails tlvlist = readTlvList(bstream, 4); break; case 0x118: // Work tlvlist = readTlvList(bstream, 1); break; case 0x10e: // Education tlvlist = readTlvList(bstream, 1); break; case 0x122: // Interests tlvlist = readTlvList(bstream, 4); break; } if (tlvlist != null) { ushort count = 0; foreach (TlvBlock block in tlvlist) { count++; switch (t.TypeNumber) { case 0x96: // Home Address ui.HomeAddress = block.ReadString(0x64, Encoding.UTF8); ui.HomeCity = block.ReadString(0x6e, Encoding.UTF8); ui.HomeState = block.ReadString(0x78, Encoding.UTF8); ui.HomeZip = block.ReadString(0x82, Encoding.UTF8); ui.HomeCountry = (CountryList)block.ReadUint(0x8c, 0); break; case 0xa0: // Origin Address ui.OriginCity = block.ReadString(0x6e, Encoding.UTF8); ui.OriginState = block.ReadString(0x78, Encoding.UTF8); ui.OriginCountry = (CountryList)block.ReadUint(0x8c, 0); break; case 0xc8: // Phone Numbers switch (count) { case 1: ui.HomePhone = block.ReadString(0x64, Encoding.ASCII); break; case 2: ui.HomeFax = block.ReadString(0x64, Encoding.ASCII); break; case 3: ui.MobilePhone = block.ReadString(0x64, Encoding.ASCII); break; case 4: ui.WorkPhone = block.ReadString(0x64, Encoding.ASCII); break; case 5: ui.WorkFax = block.ReadString(0x64, Encoding.ASCII); break; default: return; } break; case 0x8c: // Emails string email = block.ReadString(0x64, Encoding.ASCII); if (!string.IsNullOrEmpty(email)) { if (ui.EmailAddresses == null) { ui.EmailAddresses = new string[0]; } Array.Resize <string>(ref ui.EmailAddresses, ui.EmailAddresses.Length + 1); ui.EmailAddresses[ui.EmailAddresses.Length - 1] = email; } break; case 0x118: // Work ui.WorkPosition = block.ReadString(0x64, Encoding.UTF8); ui.WorkCompany = block.ReadString(0x6e, Encoding.UTF8); ui.WorkDepartment = block.ReadString(0x7d, Encoding.UTF8); ui.WorkWebsite = block.ReadString(0x78, Encoding.ASCII); ui.WorkIndustry = (IndustryList)block.ReadUshort(0x82, 0); ui.WorkAddress = block.ReadString(0xaa, Encoding.UTF8); ui.WorkCity = block.ReadString(0xb4, Encoding.UTF8); ui.WorkState = block.ReadString(0xbe, Encoding.UTF8); ui.WorkZip = block.ReadString(0xc8, Encoding.UTF8); ui.WorkCountry = (CountryList)block.ReadUint(0xd2, 0); break; case 0x10e: // Education ui.StudyLevel = (StudyLevelList)block.ReadUshort(0x64, 0); ui.StudyInstitute = block.ReadString(0x6e, Encoding.UTF8); ui.StudyDegree = block.ReadString(0x78, Encoding.UTF8); ui.StudyYear = block.ReadUshort(0x8c, 0); break; case 0x122: // Interests string info = block.ReadString(0x64, Encoding.UTF8); ushort cat = block.ReadUshort(0x6e, 0); if (!string.IsNullOrEmpty(info) || cat > 0) { if (ui.InterestInfos == null) { ui.InterestInfos = new FullUserInfo.InterestInfo[0]; } Array.Resize <FullUserInfo.InterestInfo>(ref ui.InterestInfos, ui.InterestInfos.Length + 1); ui.InterestInfos[ui.InterestInfos.Length - 1].Info = info; ui.InterestInfos[ui.InterestInfos.Length - 1].Category = (InterestList)cat; } break; } } } }
public static TokenSet ListTokens(TokenType type) { System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call ListTokens"); Tlv tlv = new Tlv(); tlv.Pack(TlvType.IncognitoListTokensTokenOrder, (int)type); var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_list_tokens")); if (result != null) { System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded"); var responseTlv = Tlv.FromResponse(result); if (responseTlv[TlvType.Result].Count > 0 && (int)responseTlv[TlvType.Result][0] == 0) { var impersonationTokens = Tlv.GetValue<string>(responseTlv, TlvType.IncognitoListTokensImpersonation, string.Empty); var delegationTokens = Tlv.GetValue<string>(responseTlv, TlvType.IncognitoListTokensDelegation, string.Empty); return new TokenSet(impersonationTokens, delegationTokens); } } System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded"); throw new InvalidOperationException("incognito extension is not loaded"); }
void TlvReaderEncodes(uint typeLength, uint sizeLength, byte[] expectedOutput, Tlv tlv) { var parser = new TlvParser(typeLength, sizeLength); using (var memStream = new MemoryStream()) { parser.Encode(memStream, tlv); var output = memStream.ToArray(); Assert.Equal(expectedOutput, output); } }
private bool Handle_VerifySmsCaptcha(Core core, OicqRequest request) { Console.WriteLine("Do sms verification."); var tlvs = request.oicqRequestBody.TakeAllBytes(out var _); var unpacker = new TlvUnpacker(tlvs, true); if (unpacker.Count == 8 || unpacker.Count == 9) { Tlv tlv104 = unpacker.TryGetTlv(0x104); Tlv tlv174 = unpacker.TryGetTlv(0x174); Tlv tlv204 = unpacker.TryGetTlv(0x204); Tlv tlv178 = unpacker.TryGetTlv(0x178); Tlv tlv179 = unpacker.TryGetTlv(0x179); Tlv tlv17d = unpacker.TryGetTlv(0x17d); Tlv tlv402 = unpacker.TryGetTlv(0x402); Tlv tlv403 = unpacker.TryGetTlv(0x403); Tlv tlv17e = unpacker.TryGetTlv(0x17e); if (tlv104 != null && tlv174 != null && tlv204 != null && tlv178 != null && tlv17d != null && tlv402 != null && tlv403 != null && tlv17e != null) { var sigSession = ((T104Body)tlv104._tlvBody)._sigSession; var sigMessage = ((T17eBody)tlv17e._tlvBody)._message; var smsPhone = ((T178Body)tlv178._tlvBody)._phone; var smsCountryCode = ((T178Body)tlv178._tlvBody)._countryCode; var smsToken = ((T174Body)tlv174._tlvBody)._smsToken; Console.WriteLine($"[Hint] {sigMessage}"); core.SigInfo.WtLoginSmsPhone = $"+{smsCountryCode} {smsPhone}"; core.SigInfo.WtLoginSmsToken = smsToken; core.SigInfo.WtLoginSession = sigSession; core.PostSystemEvent(EventType.WtLoginSendSms); return(true); } } else if (unpacker.Count == 2) { Tlv tlv104 = unpacker.TryGetTlv(0x104); Tlv tlv17b = unpacker.TryGetTlv(0x17b); if (tlv104 != null && tlv17b != null) { var sigSession = ((T104Body)tlv104._tlvBody)._sigSession; core.SigInfo.WtLoginSession = sigSession; core.PostUserEvent(EventType.WtLoginVerifySmsCaptcha, core.SigInfo.WtLoginSmsPhone); return(true); } } else { core.PostSystemEvent(EventType.LoginFailed); Console.WriteLine("[Error] Unknown data received."); } return(false); }
public PairSetupReturn Post(Tlv parts, ConnectionSession session) { var state = parts.GetTypeAsInt(Constants.State); if (session.Salt == null) { session.Salt = SrpGenerator.GenerateSalt(16); } _logger.LogDebug($"State is {state}"); if (state == 1) //srp sign up { var saltInt = SrpInteger.FromByteArray(session.Salt); var privateKey = SrpGenerator.DerivePrivateKey(saltInt.ToHex(), Username, _code); session.Verifier = SrpGenerator.DeriveVerifier(privateKey); session.ServerEphemeral = SrpGenerator.GenerateServerEphemeral(session.Verifier); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 2); responseTlv.AddType(Constants.PublicKey, StringToByteArray(session.ServerEphemeral.Public)); responseTlv.AddType(Constants.Salt, session.Salt); _logger.LogDebug($"return salt {saltInt.ToHex()}, pub {session.ServerEphemeral.Public} and state 2"); return(new PairSetupReturn { State = 1, TlvData = responseTlv, Ok = true }); } if (state == 3) //srp authenticate { _logger.LogDebug("Pair Setup Step 3/5"); _logger.LogDebug("SRP Verify Request"); var pubKey = parts.GetType(Constants.PublicKey); var proof = parts.GetType(Constants.Proof); var iOsPublicKey = SrpInteger.FromByteArray(pubKey); var iOsProof = SrpInteger.FromByteArray(proof); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 4); var ok = true; try { session.ServerSession = SrpGenerator.DeriveServerSession(session.ServerEphemeral.Secret, iOsPublicKey.ToHex(), SrpInteger.FromByteArray(session.Salt).ToHex(), Username, session.Verifier, iOsProof.ToHex()); _logger.LogInformation("Verification was successful. Generating Server Proof (M2)"); responseTlv.AddType(Constants.Proof, StringToByteArray(session.ServerSession.Proof)); _logger.LogDebug($"return proof {session.ServerSession.Proof}, secret {session.ServerEphemeral.Secret} and state 4"); } catch (Exception e) { ok = false; _logger.LogError(e, "Verification failed as iOS provided code was incorrect"); responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); } return(new PairSetupReturn { State = 3, Ok = ok, TlvData = responseTlv }); } if (state == 5) { return(HandlePairSetupM5(parts, session)); } return(null); }
protected void Th_handler(object rc) { Tlv tlv = (Tlv)rc; ReaderHandler(tlv); }
protected void _reader() { MemoryStream Bio = new MemoryStream(); BinaryWriter binaryWriter = new BinaryWriter(Bio); BinaryReader binaryReader = new BinaryReader(Bio); uint Biol = 0; byte[] readerIo = new byte[_tlvConn.ReadBufferSize]; Tlv tlv = new Tlv(); tlv.Type = 0; tlv.Length = 0; //EOF 标识 bool EOF = false; int Reader_index = 0; while (true) { if (tlv.Length == 0 && Biol >= 5) { Bio.Seek(Reader_index, SeekOrigin.Begin); Reader_index += 1; tlv.Type = binaryReader.ReadByte(); byte[] LenBt = new byte[4]; LenBt = binaryReader.ReadBytes(4); Reader_index += 4; if (_tlvConn.Endian) { Array.Reverse(LenBt); } tlv.Length = System.BitConverter.ToUInt32(LenBt, 0); Biol -= 5; } if (tlv.Length != 0 && Biol >= tlv.Length) { tlv.Value = new byte[(int)tlv.Length]; tlv.Value = binaryReader.ReadBytes((int)tlv.Length); Biol -= tlv.Length; Reader_index += (int)tlv.Length; // ReaderHandler(tlv,this); Thread _handler = new Thread(new ParameterizedThreadStart(Th_handler)); _handler.Start(tlv); tlv = new Tlv(); if (Biol <= 0 && EOF) { break; } continue; } int len = _tlvConn.Conn.Receive(readerIo, 0, readerIo.Length, SocketFlags.None); if (len > 0) { byte[] temp = new byte[len]; Array.Copy(readerIo, 0, temp, 0, len); binaryWriter.Write(temp); Biol += (uint)len; } else { EOF = true; } } }
public PairSetupReturn Post(Tlv parts) { var customParams = SrpParameters.Create3072 <SHA512>(); var state = parts.GetTypeAsInt(Constants.State); if (state == 1) //srp sign up { var rnd = new Random(); _salt = new byte[16]; rnd.NextBytes(_salt); _saltInt = SrpInteger.FromByteArray(_salt); var srp = new SrpClient(customParams); _privateKey = srp.DerivePrivateKey(_saltInt.ToHex(), Username, _code); _verifier = srp.DeriveVerifier(_privateKey); _server = new SrpServer(customParams); _serverEphemeral = _server.GenerateEphemeral(_verifier); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 2); responseTlv.AddType(Constants.PublicKey, StringToByteArray(_serverEphemeral.Public)); responseTlv.AddType(Constants.Salt, _salt); return(new PairSetupReturn { State = 1, TlvData = responseTlv, Ok = true }); } if (state == 3) //srp authenticate { _logger.LogDebug("Pair Setup Step 3/6"); _logger.LogDebug("SRP Verify Request"); var pubKey = parts.GetType(Constants.PublicKey); var proof = parts.GetType(Constants.Proof); var iOsPublicKey = SrpInteger.FromByteArray(pubKey); var iOsProof = SrpInteger.FromByteArray(proof); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 4); var ok = true; try { _serverSession = _server.DeriveSession(_serverEphemeral.Secret, iOsPublicKey.ToHex(), _saltInt.ToHex(), Username, _verifier, iOsProof.ToHex()); _logger.LogInformation("Verification was successful. Generating Server Proof (M2)"); responseTlv.AddType(Constants.Proof, StringToByteArray(_serverSession.Proof)); } catch (Exception) { ok = false; _logger.LogError("Verification failed as iOS provided code was incorrect"); responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); } return(new PairSetupReturn { State = 3, Ok = ok, TlvData = responseTlv }); } if (state == 5) { _logger.LogDebug("Pair Setup Step 5/6"); _logger.LogDebug("Exchange Response"); try { var iOsEncryptedData = parts.GetType(Constants.EncryptedData).AsSpan(); // A var zeros = new byte[] { 0, 0, 0, 0 }; var nonce = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg05")); var hdkf = new HkdfSha512(); var hkdfEncKey = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Encrypt-Info"), 32); var decrypt = AeadAlgorithm.ChaCha20Poly1305.Decrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce, new byte[0], iOsEncryptedData, out var output); var responseTlv = new Tlv(); responseTlv.AddType(Constants.State, 6); if (!decrypt) { responseTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = false }); } var subData = TlvParser.Parse(output); byte[] username = subData.GetType(Constants.Identifier); byte[] ltpk = subData.GetType(Constants.PublicKey); byte[] proof = subData.GetType(Constants.Signature); var okm = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Controller-Sign-Info"), 32); var completeData = okm.Concat(username).Concat(ltpk).ToArray(); if (!SignatureAlgorithm.Ed25519.Verify( PublicKey.Import(SignatureAlgorithm.Ed25519, ltpk, KeyBlobFormat.RawPublicKey), completeData, proof)) { var errorTlv = new Tlv(); errorTlv.AddType(Constants.Error, ErrorCodes.Authentication); return(new PairSetupReturn { State = 5, TlvData = errorTlv, Ok = false }); } var accessory = hdkf.DeriveBytes( SharedSecret.Import(SrpInteger.FromHex(_serverSession.Key).ToByteArray()), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Salt"), Encoding.UTF8.GetBytes("Pair-Setup-Accessory-Sign-Info"), 32); var seed = new byte[32]; RandomNumberGenerator.Create().GetBytes(seed); Chaos.NaCl.Ed25519.KeyPairFromSeed(out var accessoryLtpk, out var accessoryLtsk, seed); var serverUsername = Encoding.UTF8.GetBytes(HapControllerServer.HapControllerId); var material = accessory.Concat(serverUsername).Concat(accessoryLtpk).ToArray(); var signature = Chaos.NaCl.Ed25519.Sign(material, accessoryLtsk); var encoder = new Tlv(); encoder.AddType(Constants.Identifier, serverUsername); encoder.AddType(Constants.PublicKey, accessoryLtpk); encoder.AddType(Constants.Signature, signature); var plaintext = TlvParser.Serialise(encoder); var nonce6 = new Nonce(zeros, Encoding.UTF8.GetBytes("PS-Msg06")); var encryptedOutput = AeadAlgorithm.ChaCha20Poly1305.Encrypt( Key.Import(AeadAlgorithm.ChaCha20Poly1305, hkdfEncKey, KeyBlobFormat.RawSymmetricKey), nonce6, new byte[0], plaintext); responseTlv.AddType(Constants.EncryptedData, encryptedOutput); return(new PairSetupReturn { State = 5, TlvData = responseTlv, Ok = true, Ltsk = ByteArrayToString(accessoryLtsk), Ltpk = ByteArrayToString(ltpk) }); } catch (Exception e) { _logger.LogError(e, "Could not exchange request"); throw; } } return(null); }
private bool Handle_WtloginSuccess(Core core, OicqRequest request) { Console.WriteLine("Wtlogin success."); var tlvs = request.oicqRequestBody.TakeAllBytes(out var _); var unpacker = new TlvUnpacker(tlvs, true); if (unpacker.Count == 2) { Tlv tlv119 = unpacker.TryGetTlv(0x119); Tlv tlv161 = unpacker.TryGetTlv(0x161); if (tlv119 != null && tlv161 != null) { var decrtpted = tlv119._tlvBody.TakeDecryptedBytes(out var _, TeaCryptor.Instance, core.SigInfo.TgtgKey); var tlv119Unpacker = new TlvUnpacker(decrtpted, true); Tlv tlv16a = tlv119Unpacker.TryGetTlv(0x16a); // no pic sig Tlv tlv106 = tlv119Unpacker.TryGetTlv(0x106); Tlv tlv10c = tlv119Unpacker.TryGetTlv(0x10c); // gt key Tlv tlv10a = tlv119Unpacker.TryGetTlv(0x10a); // tgt Tlv tlv10d = tlv119Unpacker.TryGetTlv(0x10d); // tgt key Tlv tlv114 = tlv119Unpacker.TryGetTlv(0x114); // st Tlv tlv10e = tlv119Unpacker.TryGetTlv(0x10e); // st key Tlv tlv103 = tlv119Unpacker.TryGetTlv(0x103); // stwx_web Tlv tlv133 = tlv119Unpacker.TryGetTlv(0x133); Tlv tlv134 = tlv119Unpacker.TryGetTlv(0x134); // ticket key Tlv tlv528 = tlv119Unpacker.TryGetTlv(0x528); Tlv tlv322 = tlv119Unpacker.TryGetTlv(0x322); // device token Tlv tlv11d = tlv119Unpacker.TryGetTlv(0x11d); // st, st key Tlv tlv11f = tlv119Unpacker.TryGetTlv(0x11f); Tlv tlv138 = tlv119Unpacker.TryGetTlv(0x138); Tlv tlv11a = tlv119Unpacker.TryGetTlv(0x11a); // age, sex, nickname Tlv tlv522 = tlv119Unpacker.TryGetTlv(0x522); Tlv tlv537 = tlv119Unpacker.TryGetTlv(0x537); Tlv tlv550 = tlv119Unpacker.TryGetTlv(0x550); Tlv tlv203 = tlv119Unpacker.TryGetTlv(0x203); Tlv tlv120 = tlv119Unpacker.TryGetTlv(0x120); // skey Tlv tlv16d = tlv119Unpacker.TryGetTlv(0x16d); Tlv tlv512 = tlv119Unpacker.TryGetTlv(0x512); // Map<domain, p_skey> Tlv tlv305 = tlv119Unpacker.TryGetTlv(0x305); // d2key Tlv tlv143 = tlv119Unpacker.TryGetTlv(0x143); // d2 Tlv tlv118 = tlv119Unpacker.TryGetTlv(0x118); Tlv tlv163 = tlv119Unpacker.TryGetTlv(0x163); Tlv tlv130 = tlv119Unpacker.TryGetTlv(0x130); Tlv tlv403 = tlv119Unpacker.TryGetTlv(0x403); var noPicSig = ((T16aBody)tlv16a._tlvBody)._noPicSig; var tgtKey = ((T10dBody)tlv10d._tlvBody)._tgtKey; var tgtToken = ((T10aBody)tlv10a._tlvBody)._tgtToken; var d2Key = ((T305Body)tlv305._tlvBody)._d2Key; var d2Token = ((T143Body)tlv143._tlvBody)._d2Token; var wtSessionTicketSig = ((T133Body)tlv133._tlvBody)._wtSessionTicketSig; var wtSessionTicketKey = ((T134Body)tlv134._tlvBody)._wtSessionTicketKey; var gtKey = ((T10cBody)tlv10c._tlvBody)._gtKey; var stKey = ((T10eBody)tlv10e._tlvBody)._stKey; var userAge = ((T11aBody)tlv11a._tlvBody)._age; var userFace = ((T11aBody)tlv11a._tlvBody)._face; var userNickname = ((T11aBody)tlv11a._tlvBody)._nickName; core.SigInfo.TgtKey = tgtKey; core.SigInfo.TgtToken = tgtToken; core.SigInfo.D2Key = d2Key; core.SigInfo.D2Token = d2Token; core.SigInfo.WtSessionTicketSig = wtSessionTicketSig; core.SigInfo.WtSessionTicketKey = wtSessionTicketKey; core.SigInfo.GtKey = gtKey; core.SigInfo.StKey = stKey; core.SsoMan.SetD2Pair(d2Token, d2Key); core.SsoMan.SetTgtPair(tgtToken, tgtKey); core.SsoMan.DestroyServiceSequence(name); core.PostSystemEvent(EventType.WtLoginOK); Console.WriteLine($"gtKey => {Hex.Bytes2HexStr(gtKey)}"); Console.WriteLine($"stKey => {Hex.Bytes2HexStr(stKey)}"); Console.WriteLine($"tgtKey => {Hex.Bytes2HexStr(tgtKey)}"); Console.WriteLine($"tgtToken => {Hex.Bytes2HexStr(tgtToken)}"); Console.WriteLine($"d2Key => {Hex.Bytes2HexStr(d2Key)}"); Console.WriteLine($"d2Token => {Hex.Bytes2HexStr(d2Token)}"); return(true); } } return(false); }
void TlvReaderDecodes(uint typeLength, uint sizeLength, byte[] serializedTlv, Tlv expectedTlv) { var parser = new TlvParser(typeLength, sizeLength); using (var memStream = new MemoryStream(serializedTlv)) { var tlv = parser.Decode(memStream); Assert.Equal(expectedTlv, tlv); } }