void FillMiscDatas(unsigned int *Datas)
{
BYTE Buffer[0x400];
HKEY rKey;
DWORD BufSz = 0x400;
int ret;
double PlatForm;
PlatForm = PlatFormSpecific();
Datas[0] = *(unsigned int *)&PlatForm;
Datas[1] = *(unsigned int *)GetNodeId();
ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion", 0, KEY_QUERY_VALUE, &rKey);
if (ret)
return ;
ret = RegQueryValueExA(rKey, "ProductId", NULL, NULL, (LPBYTE)Buffer, &BufSz);
if (ret)
return ;
RegCloseKey(rKey);
Datas[2] = BytesSHA1(Buffer, BufSz);
ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System\\MultifunctionAdapter\\8\\DiskController\\0\\DiskPeripheral\\0", 0, KEY_QUERY_VALUE, &rKey);
if (ret)
return ;
ret = RegQueryValueExA(rKey, "Identifier", NULL, NULL, (LPBYTE)Buffer, &BufSz);
if (ret)
return ;
RegCloseKey(rKey);
Datas[3] = BytesSHA1(Buffer, BufSz);
ret = GetVolumeInformationA("C:\\", 0, 0, (LPDWORD)Buffer, 0, 0, 0, 0);
Datas[4] = BytesSHA1(Buffer, 0x04);
}
void FillMiscDatas(Skype_Inst *pInst, unsigned int *Datas)
{
BYTE Buffer[0x400];
DWORD BufSz = 0x400;
int ret;
int64_t PlatForm;
PlatForm = PlatFormSpecific();
Datas[0] = *(unsigned int *)&PlatForm;
Datas[1] = *(unsigned int *)&pInst->NodeID;
if (!QueryRegValue(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProductId",
(LPBYTE)Buffer, &BufSz))
return;
Datas[2] = BytesSHA1(Buffer, BufSz);
BufSz = 0x400;
if (!QueryRegValue(HKEY_LOCAL_MACHINE,
"HARDWARE\\DESCRIPTION\\System\\MultifunctionAdapter\\*\\DiskController\\*\\DiskPeripheral\\*\\Identifier",
(LPBYTE)Buffer, &BufSz))
return;
Datas[3] = BytesSHA1(Buffer, BufSz);
ret = GetVolumeInformationA("C:\\", 0, 0, (LPDWORD)Buffer, 0, 0, 0, 0);
Datas[4] = BytesSHA1(Buffer, 0x04);
}
/* If Pass is NULL, User is assumed to be OAuth string and OAuth logon is performed */
static int SendAuthentificationBlobLS(Skype_Inst *pInst, LSConnection *pConn, const char *User, const char *Pass)
{
int64_t PlatForm;
uchar AuthBlob[0xFFFF] = {0};
uchar SHAResult[32] = {0};
uchar Modulus[MODULUS_SZ * 2] = {0};
uchar ivec[AES_BLOCK_SIZE] = {0};
uchar ecount_buf[AES_BLOCK_SIZE] = {0};
uint MiscDatas[0x05] = {0};
uchar SessionKey[SK_SZ];
uchar *Browser;
uchar *Mark;
uchar *MarkObjL;
uint Idx, Size, Crc, BSize, ret = 0;
HttpsPacketHeader *HSHeader;
uchar HSHeaderBuf[sizeof(HttpsPacketHeader)], RecvBuf[0x1000];
AES_KEY AesKey;
MD5_CTX Context;
RSA *SkypeRSA;
ObjectDesc Obj2000, ObjSessionKey, ObjZBool1, ObjRequestCode, ObjZBool2, ObjModulus, ObjPlatForm, ObjLang, ObjMiscDatas, ObjVer, ObjPubAddr;
SResponse Response={0};
if (!pInst->LoginD.RSAKeys)
{
BIGNUM *KeyExp;
pInst->pfLog(pInst->pLogStream, "Generating RSA Keys Pair (Size = %d Bits)..\n", KEYSZ);
pInst->LoginD.RSAKeys = RSA_new();
KeyExp = BN_new();
BN_set_word(KeyExp, RSA_F4);
Idx = RSA_generate_key_ex(pInst->LoginD.RSAKeys, KEYSZ * 2, KeyExp, NULL);
BN_free(KeyExp);
if (Idx == -1)
{
pInst->pfLog(pInst->pLogStream, "Error generating Keys..\n\n");
RSA_free(pInst->LoginD.RSAKeys);
pInst->LoginD.RSAKeys = NULL;
return (0);
}
}
Idx = BN_bn2bin(pInst->LoginD.RSAKeys->n, Modulus);
Idx = BN_bn2bin(pInst->LoginD.RSAKeys->d, Modulus + Idx);
Browser = AuthBlob;
HSHeader = (HttpsPacketHeader *)Browser;
memcpy(HSHeader->MAGIC, HTTPS_HSR_MAGIC, sizeof(HSHeader->MAGIC));
HSHeader->ResponseLen = htons(0xCD);
Browser += sizeof(HttpsPacketHeader);
*Browser++ = RAW_PARAMS;
*Browser++ = 0x03;
Obj2000.Family = OBJ_FAMILY_NBR;
Obj2000.Id = OBJ_ID_2000;
Obj2000.Value.Nbr = 0x2000;
WriteObject(&Browser, Obj2000);
SpecialSHA(pInst->SessionKey, SK_SZ, SHAResult, 32);
AES_set_encrypt_key(SHAResult, 256, &AesKey);
SkypeRSA = RSA_new();
BN_hex2bn(&(SkypeRSA->n), SkypeModulus1536[1]);
BN_hex2bn(&(SkypeRSA->e), "010001");
Idx = RSA_public_encrypt(SK_SZ, pInst->SessionKey, SessionKey, SkypeRSA, RSA_NO_PADDING);
RSA_free(SkypeRSA);
if (Idx < 0)
{
pInst->pfLog(pInst->pLogStream, "RSA_public_encrypt failed..\n\n");
return (0);
}
ObjSessionKey.Family = OBJ_FAMILY_BLOB;
ObjSessionKey.Id = OBJ_ID_SK;
ObjSessionKey.Value.Memory.Memory = (uchar *)&SessionKey;
ObjSessionKey.Value.Memory.MsZ = SK_SZ;
WriteObject(&Browser, ObjSessionKey);
ObjZBool1.Family = OBJ_FAMILY_NBR;
ObjZBool1.Id = OBJ_ID_ZBOOL1;
ObjZBool1.Value.Nbr = 0x01;
WriteObject(&Browser, ObjZBool1);
Mark = Browser;
HSHeader = (HttpsPacketHeader *)Browser;
memcpy(HSHeader->MAGIC, HTTPS_HSRR_MAGIC, sizeof(HSHeader->MAGIC));
HSHeader->ResponseLen = 0x00;
Browser += sizeof(HttpsPacketHeader);
MarkObjL = Browser;
if (Pass)
{
ObjectDesc ObjUserName, ObjSharedSecret;
*Browser++ = RAW_PARAMS;
*Browser++ = 0x04;
ObjRequestCode.Family = OBJ_FAMILY_NBR;
ObjRequestCode.Id = OBJ_ID_REQCODE;
ObjRequestCode.Value.Nbr = 0x1399;
WriteObject(&Browser, ObjRequestCode);
ObjZBool2.Family = OBJ_FAMILY_NBR;
ObjZBool2.Id = OBJ_ID_ZBOOL2;
ObjZBool2.Value.Nbr = 0x01;
WriteObject(&Browser, ObjZBool2);
ObjUserName.Family = OBJ_FAMILY_STRING;
ObjUserName.Id = OBJ_ID_USERNAME;
ObjUserName.Value.Memory.Memory = (uchar *)User;
ObjUserName.Value.Memory.MsZ = (uchar)strlen(User);
WriteObject(&Browser, ObjUserName);
MD5_Init(&Context);
MD5_Update(&Context, User, (ulong)strlen(User));
MD5_Update(&Context, CONCAT_SALT, (ulong)strlen(CONCAT_SALT));
MD5_Update(&Context, Pass, (ulong)strlen(Pass));
MD5_Final(pInst->LoginD.LoginHash, &Context);
ObjSharedSecret.Family = OBJ_FAMILY_BLOB;
ObjSharedSecret.Id = OBJ_ID_USERPASS;
ObjSharedSecret.Value.Memory.Memory = (uchar *)pInst->LoginD.LoginHash;
ObjSharedSecret.Value.Memory.MsZ = MD5_DIGEST_LENGTH;
WriteObject(&Browser, ObjSharedSecret);
*Browser++ = RAW_PARAMS;
*Browser++ = 0x06;
ObjModulus.Family = OBJ_FAMILY_BLOB;
ObjModulus.Id = OBJ_ID_MODULUS;
ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
WriteObject(&Browser, ObjModulus);
PlatForm = PlatFormSpecific();
ObjPlatForm.Family = OBJ_FAMILY_TABLE;
ObjPlatForm.Id = OBJ_ID_PLATFORM;
memcpy(ObjPlatForm.Value.Table, (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
WriteObject(&Browser, ObjPlatForm);
ObjLang.Family = OBJ_FAMILY_STRING;
ObjLang.Id = OBJ_ID_LANG;
ObjLang.Value.Memory.Memory = pInst->Language;
ObjLang.Value.Memory.MsZ = sizeof(pInst->Language);
WriteObject(&Browser, ObjLang);
FillMiscDatas(pInst, MiscDatas);
ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
ObjMiscDatas.Id = OBJ_ID_MISCD;
ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
ObjMiscDatas.Value.Memory.MsZ = 0x05;
WriteObject(&Browser, ObjMiscDatas);
ObjVer.Family = OBJ_FAMILY_STRING;
ObjVer.Id = OBJ_ID_VERSION;
ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
WriteObject(&Browser, ObjVer);
ObjPubAddr.Family = OBJ_FAMILY_NBR;
ObjPubAddr.Id = OBJ_ID_PUBADDR;
ObjPubAddr.Value.Nbr = pInst->PublicIP;
WriteObject(&Browser, ObjPubAddr);
}
else
{
int64_t PartnerId = 999;
ObjectDesc ObjPartnerId, ObjOauth;
// OAuth logon
*Browser++ = RAW_PARAMS;
*Browser++ = 0x02;
ObjRequestCode.Family = OBJ_FAMILY_NBR;
ObjRequestCode.Id = OBJ_ID_REQCODE;
ObjRequestCode.Value.Nbr = 0x13a3;
WriteObject(&Browser, ObjRequestCode);
ObjZBool2.Family = OBJ_FAMILY_NBR;
ObjZBool2.Id = OBJ_ID_ZBOOL2;
ObjZBool2.Value.Nbr = 0x3d;
WriteObject(&Browser, ObjZBool2);
*Browser++ = RAW_PARAMS;
*Browser++ = 0x08;
ObjModulus.Family = OBJ_FAMILY_BLOB;
ObjModulus.Id = OBJ_ID_MODULUS;
ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
WriteObject(&Browser, ObjModulus);
PlatForm = PlatFormSpecific();
ObjPlatForm.Family = OBJ_FAMILY_TABLE;
ObjPlatForm.Id = OBJ_ID_PLATFORM;
memcpy(ObjPlatForm.Value.Table, (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
WriteObject(&Browser, ObjPlatForm);
FillMiscDatas(pInst, MiscDatas);
ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
ObjMiscDatas.Id = OBJ_ID_MISCD;
ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
ObjMiscDatas.Value.Memory.MsZ = 0x05;
WriteObject(&Browser, ObjMiscDatas);
ObjLang.Family = OBJ_FAMILY_STRING;
ObjLang.Id = OBJ_ID_LANG;
ObjLang.Value.Memory.Memory = pInst->Language;
ObjLang.Value.Memory.MsZ = sizeof(pInst->Language);
WriteObject(&Browser, ObjLang);
ObjPartnerId.Family = OBJ_FAMILY_TABLE;
ObjPlatForm.Id = OBJ_ID_PARTNERID;
memcpy(ObjPlatForm.Value.Table, (uchar *)&PartnerId, sizeof(ObjPlatForm.Value.Table));
WriteObject(&Browser, ObjPlatForm);
ObjOauth.Family = OBJ_FAMILY_STRING;
ObjOauth.Id = OBJ_ID_OAUTH;
ObjOauth.Value.Memory.Memory = (uchar *)User;
ObjOauth.Value.Memory.MsZ = strlen(User);
WriteObject(&Browser, ObjOauth);
ObjVer.Family = OBJ_FAMILY_STRING;
ObjVer.Id = OBJ_ID_VERSION;
ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
WriteObject(&Browser, ObjVer);
ObjPubAddr.Family = OBJ_FAMILY_NBR;
ObjPubAddr.Id = OBJ_ID_PUBADDR;
ObjPubAddr.Value.Nbr = pInst->PublicIP;
WriteObject(&Browser, ObjPubAddr);
}
Size = (uint)(Browser - MarkObjL);
HSHeader->ResponseLen = htons((u_short)(Size + 0x02));
Idx = 0;
memset(ivec, 0, AES_BLOCK_SIZE);
memset(ecount_buf, 0, AES_BLOCK_SIZE);
AES_ctr128_encrypt(MarkObjL, MarkObjL, Size, &AesKey, ivec, ecount_buf, &Idx);
Crc = crc32(MarkObjL, Size, -1);
*Browser++ = *((uchar *)(&Crc) + 0);
*Browser++ = *((uchar *)(&Crc) + 1);
Size = (uint)(Browser - AuthBlob);
if (RC4Comm_Send(pConn, (const char *)AuthBlob, Size)<=0)
{
pInst->pfLog(pInst->pLogStream, "Sending to LS failed :'(..\n");
return (-1);
}
while (!ret && RC4Comm_Recv(pConn, (char *)&HSHeaderBuf, sizeof(HSHeaderBuf))>0)
{
HSHeader = (HttpsPacketHeader *)HSHeaderBuf;
if (strncmp((const char *)HSHeader->MAGIC, HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC)) ||
RC4Comm_Recv(pConn, (char *)RecvBuf, (BSize=htons(HSHeader->ResponseLen)))<=0)
{
pInst->pfLog(pInst->pLogStream, "Bad Response..\n");
return (-2);
}
pInst->pfLog(pInst->pLogStream, "Auth Response Got..\n\n");
Idx = 0;
memset(ivec, 0, AES_BLOCK_SIZE);
memset(ecount_buf, 0, AES_BLOCK_SIZE);
BSize-=2;
ivec[3] = 0x01;
ivec[7] = 0x01;
AES_ctr128_encrypt(RecvBuf, RecvBuf, BSize, &AesKey, ivec, ecount_buf, &Idx);
Browser = RecvBuf;
while (Browser<RecvBuf+BSize)
ManageObjects(&Browser, BSize, &Response);
for (Idx = 0; Idx < Response.NbObj; Idx++)
{
uint LdIdx = 0;
switch (Response.Objs[Idx].Id)
{
case OBJ_ID_LOGINANSWER:
switch (Response.Objs[Idx].Value.Nbr)
{
case LOGIN_OK:
pInst->pfLog(pInst->pLogStream, "Login Successful..\n");
ret = 1;
break;
default :
pInst->pfLog(pInst->pLogStream, "Login Failed.. Bad Credentials..\n");
FreeResponse(&Response);
return 0;
}
break;
case OBJ_ID_CIPHERDLOGD:
if (pInst->LoginD.SignedCredentials.Memory) free(pInst->LoginD.SignedCredentials.Memory);
if (!(pInst->LoginD.SignedCredentials.Memory = malloc(Response.Objs[Idx].Value.Memory.MsZ)))
{
FreeResponse(&Response);
return -2;
}
memcpy (pInst->LoginD.SignedCredentials.Memory, Response.Objs[Idx].Value.Memory.Memory,
(pInst->LoginD.SignedCredentials.MsZ = Response.Objs[Idx].Value.Memory.MsZ));
break;
}
}
FreeResponse(&Response);
}
return ret;
}
int SendAuthentificationBlobLS(Host CurLS, char *User, char *Pass)
{
double PlatForm;
uchar AuthBlob[0xFFFF] = {0};
uchar MD5Result[MD5_DIGEST_LENGTH] = {0};
uchar SHAResult[32] = {0};
uchar SessionKey[SK_SZ] = {0};
uchar Modulus[MODULUS_SZ * 2] = {0};
uchar ivec[AES_BLOCK_SIZE] = {0};
uchar ecount_buf[AES_BLOCK_SIZE] = {0};
uint MiscDatas[0x05] = {0};
uchar *Browser;
uchar *Mark;
uchar *MarkObjL;
uint Idx, Size, Crc;
HttpsPacketHeader *HSHeader;
AES_KEY AesKey;
MD5_CTX Context;
RSA *Keys;
RSA *SkypeRSA;
ObjectDesc Obj2000, ObjSessionKey, ObjZBool1, ObjRequestCode, ObjZBool2, ObjUserName, ObjSharedSecret, ObjModulus, ObjPlatForm, ObjLang, ObjMiscDatas, ObjVer, ObjPubAddr;
printf("Generating RSA Keys Pair (Size = %d Bits)..\n", KEYSZ);
Keys = RSA_generate_key(KEYSZ * 2, RSA_F4, NULL, NULL);
if (Keys == NULL)
{
printf("Error generating Keys..\n\n");
return (0);
}
//printf("Modulus N..\n");
Idx = BN_bn2bin(Keys->n, Modulus);
//showmem(Modulus, MODULUS_SZ);
//printf("Modulus D\n");
Idx = BN_bn2bin(Keys->d, Modulus + Idx);
//showmem(Modulus + MODULUS_SZ, MODULUS_SZ);
//printf("\n");
Browser = AuthBlob;
HSHeader = (HttpsPacketHeader *)Browser;
memcpy_s(HSHeader->MAGIC, sizeof(HSHeader->MAGIC), HTTPS_HSR_MAGIC, strlen(HTTPS_HSR_MAGIC));
HSHeader->ResponseLen = htons(0xCD);
Browser += sizeof(HttpsPacketHeader);
*Browser++ = RAW_PARAMS;
*Browser++ = 0x03;
Obj2000.Family = OBJ_FAMILY_NBR;
Obj2000.Id = OBJ_ID_2000;
Obj2000.Value.Nbr = 0x2000;
WriteObject(&Browser, Obj2000);
GetSessionKey(SessionKey);
SpecialSHA(SessionKey, SK_SZ, SHAResult, 32);
AES_set_encrypt_key(SHAResult, 256, &AesKey);
SkypeRSA = RSA_new();
BN_hex2bn(&(SkypeRSA->n), SkypeModulus1536[1]);
BN_hex2bn(&(SkypeRSA->e), "10001");
RSA_public_encrypt(SK_SZ, SessionKey, SessionKey, SkypeRSA, RSA_NO_PADDING);
RSA_free(SkypeRSA);
ObjSessionKey.Family = OBJ_FAMILY_BLOB;
ObjSessionKey.Id = OBJ_ID_SK;
ObjSessionKey.Value.Memory.Memory = (uchar *)&SessionKey;
ObjSessionKey.Value.Memory.MsZ = SK_SZ;
WriteObject(&Browser, ObjSessionKey);
ObjZBool1.Family = OBJ_FAMILY_NBR;
ObjZBool1.Id = OBJ_ID_ZBOOL1;
ObjZBool1.Value.Nbr = 0x01;
WriteObject(&Browser, ObjZBool1);
Mark = Browser;
HSHeader = (HttpsPacketHeader *)Browser;
memcpy_s(HSHeader->MAGIC, sizeof(HSHeader->MAGIC), HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC));
HSHeader->ResponseLen = htons(0x00);
Browser += sizeof(HttpsPacketHeader);
MarkObjL = Browser;
*Browser++ = RAW_PARAMS;
*Browser++ = 0x04;
ObjRequestCode.Family = OBJ_FAMILY_NBR;
ObjRequestCode.Id = OBJ_ID_REQCODE;
ObjRequestCode.Value.Nbr = 0x1399;
WriteObject(&Browser, ObjRequestCode);
ObjZBool2.Family = OBJ_FAMILY_NBR;
ObjZBool2.Id = OBJ_ID_ZBOOL2;
ObjZBool2.Value.Nbr = 0x01;
WriteObject(&Browser, ObjZBool2);
ObjUserName.Family = OBJ_FAMILY_STRING;
ObjUserName.Id = OBJ_ID_USERNAME;
ObjUserName.Value.Memory.Memory = (uchar *)User;
ObjUserName.Value.Memory.MsZ = (uchar)strlen(User);
WriteObject(&Browser, ObjUserName);
MD5_Init(&Context);
MD5_Update(&Context, User, (ulong)strlen(User));
MD5_Update(&Context, CONCAT_SALT, (ulong)strlen(CONCAT_SALT));
MD5_Update(&Context, Pass, (ulong)strlen(Pass));
MD5_Final(MD5Result, &Context);
ObjSharedSecret.Family = OBJ_FAMILY_BLOB;
ObjSharedSecret.Id = OBJ_ID_USERPASS;
ObjSharedSecret.Value.Memory.Memory = (uchar *)MD5Result;
ObjSharedSecret.Value.Memory.MsZ = MD5_DIGEST_LENGTH;
WriteObject(&Browser, ObjSharedSecret);
*Browser++ = RAW_PARAMS;
*Browser++ = 0x06;
ObjModulus.Family = OBJ_FAMILY_BLOB;
ObjModulus.Id = OBJ_ID_MODULUS;
ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
WriteObject(&Browser, ObjModulus);
PlatForm = PlatFormSpecific();
ObjPlatForm.Family = OBJ_FAMILY_TABLE;
ObjPlatForm.Id = OBJ_ID_PLATFORM;
memcpy_s(ObjPlatForm.Value.Table, sizeof(ObjPlatForm.Value.Table), (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
WriteObject(&Browser, ObjPlatForm);
ObjLang.Family = OBJ_FAMILY_STRING;
ObjLang.Id = OBJ_ID_LANG;
ObjLang.Value.Memory.Memory = (uchar *)LANG_STR;
ObjLang.Value.Memory.MsZ = (uchar)strlen(LANG_STR);
WriteObject(&Browser, ObjLang);
FillMiscDatas(MiscDatas);
ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
ObjMiscDatas.Id = OBJ_ID_MISCD;
ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
ObjMiscDatas.Value.Memory.MsZ = 0x05;
WriteObject(&Browser, ObjMiscDatas);
ObjVer.Family = OBJ_FAMILY_STRING;
ObjVer.Id = OBJ_ID_VERSION;
ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
WriteObject(&Browser, ObjVer);
ObjPubAddr.Family = OBJ_FAMILY_NBR;
ObjPubAddr.Id = OBJ_ID_PUBADDR;
ObjPubAddr.Value.Nbr = htonl(my_public_ip);
WriteObject(&Browser, ObjPubAddr);
Size = (uint)(Browser - MarkObjL);
HSHeader->ResponseLen = htons((ushort)Size + 0x02);
Idx = 0;
ZeroMemory(ivec, AES_BLOCK_SIZE);
ZeroMemory(ecount_buf, AES_BLOCK_SIZE);
AES_ctr128_encrypt(MarkObjL, MarkObjL, Size, &AesKey, ivec, ecount_buf, &Idx);
Crc = crc32(MarkObjL, Size, -1);
*Browser++ = *((uchar *)(&Crc) + 0);
*Browser++ = *((uchar *)(&Crc) + 1);
Size = (uint)(Browser - AuthBlob);
SuperWait = 1;
if (SendPacketTCP(LSSock, CurLS, AuthBlob, Size, HTTPS_PORT, &Connected))
printf("Auth Response Got..\n\n");
else
{
printf(":'(..\n");
return (-1);
}
/*unsigned char data[222] = {
0x17, 0x03, 0x01, 0x00, 0xD9, 0x73, 0xC4, 0x06, 0x08, 0xFF, 0x1F, 0xFE, 0xED, 0x64, 0xB8, 0x49,
0x4D, 0xD8, 0xBE, 0xCD, 0xC9, 0xEF, 0x63, 0x74, 0x6D, 0x7F, 0x1D, 0x9B, 0xE6, 0x91, 0xFC, 0x14,
0xC6, 0x01, 0xDD, 0x79, 0xD6, 0xEA, 0x3B, 0xB3, 0xB6, 0x20, 0x03, 0x5E, 0x05, 0xEB, 0xFC, 0xAA,
0x46, 0x35, 0x7B, 0xAF, 0x5A, 0x59, 0x01, 0xFA, 0xBB, 0xB6, 0x1F, 0x81, 0x6D, 0x34, 0x85, 0x39,
0x93, 0xBB, 0x9B, 0x5B, 0xCC, 0x21, 0xD4, 0xCC, 0x85, 0x39, 0x27, 0x62, 0x69, 0xBC, 0x05, 0x48,
0xF2, 0x19, 0x88, 0xD3, 0x86, 0xD3, 0x10, 0x0D, 0xE1, 0x36, 0x08, 0x14, 0xC9, 0xC3, 0x52, 0x8B,
0x86, 0x42, 0x8D, 0x1F, 0x25, 0x02, 0x2E, 0x82, 0x48, 0xDC, 0x0C, 0x5C, 0x66, 0x5E, 0x34, 0x1A,
0x00, 0x3B, 0x4F, 0x6D, 0x54, 0x2E, 0x02, 0x91, 0x3E, 0xE1, 0xD7, 0x47, 0xC9, 0x04, 0xA0, 0xB2,
0xBD, 0x60, 0x49, 0xE1, 0xB8, 0x79, 0xB3, 0x1A, 0xE5, 0x14, 0x12, 0xC8, 0x0C, 0x37, 0xB3, 0x23,
0x2E, 0xBD, 0xD7, 0x9F, 0x47, 0xA3, 0xE1, 0xAD, 0x21, 0xEF, 0xF0, 0x79, 0x7E, 0x72, 0x28, 0x29,
0xCA, 0xAF, 0x29, 0xDD, 0xE4, 0xDC, 0x2C, 0x9C, 0x52, 0x07, 0xC5, 0x33, 0x9D, 0x65, 0xE3, 0x06,
0x14, 0x12, 0xEA, 0xF7, 0x7F, 0x1B, 0x79, 0xA2, 0x65, 0xA2, 0x5C, 0x68, 0x74, 0x13, 0x97, 0x41,
0xFE, 0x83, 0x2B, 0x13, 0x56, 0x56, 0x57, 0x1F, 0xCC, 0x65, 0xA0, 0x46, 0xEA, 0x0C, 0x18, 0x8B,
0x59, 0x9C, 0xE1, 0x9E, 0x59, 0x68, 0x43, 0x94, 0x2D, 0x1E, 0xC3, 0x4F, 0x7F, 0x04
};
ZeroMemory(RecvBuffer, sizeof(RecvBuffer));
memcpy_s(RecvBuffer, sizeof(RecvBuffer), data, sizeof(data));*/
HSHeader = (HttpsPacketHeader *)RecvBuffer;
if (strncmp((const char *)HSHeader->MAGIC, HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC)))
{
printf("Bad Response..\n");
return (-1);
}
Idx = 0;
ZeroMemory(ivec, AES_BLOCK_SIZE);
ZeroMemory(ecount_buf, AES_BLOCK_SIZE);
ivec[3] = 0x01;
ivec[7] = 0x01;
AES_ctr128_encrypt(RecvBuffer + sizeof(HttpsPacketHeader), RecvBuffer + sizeof(HttpsPacketHeader), htons(HSHeader->ResponseLen) - 0x02, &AesKey, ivec, ecount_buf, &Idx);
printf("[UNCIPHERED]Auth Response..\n\n");
//showmem(RecvBuffer, RecvBufferSz);
//printf("\n\n");
uchar *Buffer;
uint BSize;
SResponse Response;
Buffer = RecvBuffer;
BSize = RecvBufferSz;
Response.Objs = NULL;
Response.NbObj = 0;
while (BSize)
{
MainArchResponseManager(&Buffer, &BSize, &Response);
Buffer += 2;
}
for (Idx = 0; Idx < Response.NbObj; Idx++)
{
switch (Response.Objs[Idx].Id)
{
case OBJ_ID_LOGINANSWER:
switch (Response.Objs[Idx].Value.Nbr)
{
case LOGIN_OK:
cprintf(FOREGROUND_BLUE, "Login Successful..\n");
GLoginD.RSAKeys = Keys;
break;
default :
cprintf(FOREGROUND_RED, "Login Failed.. Bad Credentials..\n");
ExitProcess(0);
break;
}
break;
case OBJ_ID_CIPHERDLOGD:
GLoginD.SignedCredentials.Memory = MemDup(Response.Objs[Idx].Value.Memory.Memory, Response.Objs[Idx].Value.Memory.MsZ);
GLoginD.SignedCredentials.MsZ = Response.Objs[Idx].Value.Memory.MsZ;
uchar *PostProcessed;
char *Key;
uint KeyIdx, PPsZ;
KeyIdx = htonl(*(uint *)Response.Objs[Idx].Value.Memory.Memory);
Response.Objs[Idx].Value.Memory.Memory += 4;
Response.Objs[Idx].Value.Memory.MsZ -= 4;
SkypeRSA = RSA_new();
Key = KeySelect(KeyIdx);
BN_hex2bn(&(SkypeRSA->n), Key);
BN_hex2bn(&(SkypeRSA->e), "10001");
PPsZ = RSA_public_decrypt(Response.Objs[Idx].Value.Memory.MsZ, Response.Objs[Idx].Value.Memory.Memory, Response.Objs[Idx].Value.Memory.Memory, SkypeRSA, RSA_NO_PADDING);
RSA_free(SkypeRSA);
PostProcessed = FinalizeLoginDatas(Response.Objs[Idx].Value.Memory.Memory, &PPsZ, NULL, 0);
Response.Objs[Idx].Value.Memory.Memory += PPsZ;
if (PostProcessed == NULL)
{
printf("Bad Datas Finalization..\n");
return (0);
}
//showmem(PostProcessed, PPsZ);
//printf("\n");
SResponse LoginDatas;
LoginDatas.Objs = NULL;
LoginDatas.NbObj = 0;
ManageObjects(&PostProcessed, PPsZ, &LoginDatas);
for (uint LdIdx = 0; LdIdx < LoginDatas.NbObj; LdIdx++)
{
switch (LoginDatas.Objs[LdIdx].Id)
{
case OBJ_ID_LDUSER:
GLoginD.User = LoginDatas.Objs[LdIdx].Value.Memory.Memory;
break;
case OBJ_ID_LDEXPIRY:
GLoginD.Expiry = LoginDatas.Objs[LdIdx].Value.Nbr;
break;
case OBJ_ID_LDMODULUS:
GLoginD.Modulus = LoginDatas.Objs[LdIdx].Value.Memory;
//showmem(LoginDatas.Objs[LdIdx].Value.Memory.Memory, LoginDatas.Objs[LdIdx].Value.Memory.MsZ);
//printf("\n\n");
break;
default :
printf("Non critical Object %d:%d..\n", LoginDatas.Objs[LdIdx].Family, LoginDatas.Objs[LdIdx].Id);
break;
}
}
cprintf(FOREGROUND_BLUE, "User <%s> Logged in.. Credentials Expiry : %d\n", GLoginD.User, GLoginD.Expiry);
cprintf(FOREGROUND_BLUE, "Login Data Saved..\n");
break;
default :
printf("Non critical Object %d:%d..\n", Response.Objs[Idx].Family, Response.Objs[Idx].Id);
break;
}
}
printf("\n\n");
return (1);
}
