int pack_export_symbols(yaml_emitter_t * emitter, yaml_event_t *event, vita_export_symbol **symbols, size_t symbol_n) { if(!yamlemitter_mapping_start(emitter, event)) return 0; for (int i = 0; i < symbol_n; ++i) { if(!yamlemitter_key_value(emitter, event, symbols[i]->name, hextostr(symbols[i]->nid))) return 0; } yaml_mapping_end_event_initialize(event); if (!yaml_emitter_emit(emitter, event)) return 0; return -1; }
/** * The first step to hash the password. We got two unsigned char arrays * as input, the first is generated in hash_password_v2(), the second is * some kind of unsigned char password, maybe generated by other functions, * we join the two arrays together, and make SHA1 on it, as we know, the * result of SHA1 is an unsigned char array, then we converted it into * a signed char array using hextostr(), and then return. * * NOTE: the function will finally be called by hash_password_v4() */ static gchar* hash_password_v1(const guchar *b0, gint b0len, const guchar *password, gint psdlen) { guchar tmp[20]; gchar *res; SHA_CTX ctx; guchar *dst = (guchar*)g_malloc0(b0len + psdlen + 1); memset(tmp, 0, sizeof(tmp)); memcpy(dst, b0, b0len); memcpy(dst + b0len, password, psdlen); SHA1_Init(&ctx); SHA1_Update(&ctx, dst, b0len + psdlen); SHA1_Final(tmp, &ctx); g_free(dst); res = hextostr(tmp , 20); return res; }
int send_login_auth() { if (challenge.empty()) return -1; U31_LOG_INFO("Send Login Auth." << std::endl); U31_LOG_DBG("username = "******", password = "******"Send Login Auth"); if (recv[0] != 0x04 && recv[0] != 0x05) // Success/Failure return -1; if (recv[0] == 0x05) // Failure { switch (recv[4]) { case 0x01: // Already online U31_LOG_ERR("This account has already been online at IP: " << (int)recv[5] << "." << (int)recv[6] << "." << (int)recv[7] << "." << (int)recv[8] << ", MAC: " << hextostr(&recv[9], 6, ':') << std::endl); break; case 0x03: // Username or password wrong! U31_LOG_ERR("Username or password wrong!" << std::endl); break; case 0x05: // No money U31_LOG_ERR("No money in your account!" << std::endl); break; case 0x0b: // Wrong MAC U31_LOG_ERR("Wrong MAC, should be " << hextostr(&recv[5], 6, ':') << std::endl); break; default: U31_LOG_ERR("Unkown failure: 0x" << std::hex << (int)recv[4] << std::endl); break; } return 1; // Don't retry when failure } U31_LOG_INFO("Gateway return: Success." << std::endl); // Success auth_info.insert(auth_info.end(), recv.begin() + 23, recv.begin() + 23 + 16); // 16 bytes from Success // Captured memcpy(&total_time, &recv[5], 4); memcpy(&total_flux, &recv[9], 4); memcpy(&balance, &recv[13], 4); #ifdef OPENWRT // network order on openwrt total_time = TO_LITTLE_ENDIAN(total_time); total_flux = TO_LITTLE_ENDIAN(total_flux); balance = TO_LITTLE_ENDIAN(balance); #endif U31_LOG_INFO("Login auth succeeded! User info: " << std::endl); U31_LOG_INFO("Used Time: " << total_time << " Minutes, Used Flux: " << (total_flux & 0x0FFFFFFFF) / 1024.0 << " MB, Balance: " << (balance & 0x0FFFFFFFF) / 100.0 << " RMB" << std::endl); return 0; }; U31_HANDLE_ERROR("Send Login Auth"); U31_AUTO_RETRY("Send Login Auth"); }
int main(int argc, char *argv[]) { int ret = 0, input = -1; wpa_printf(MSG_DEBUG, "%s", "Hello rild"); while(1){ dumpMenu(); scanf("%d", &input); printf("Input %d\n", input); switch (input) { case 0: { char *pSimResult1 = "8944F433373A7603DE84C000"; char *pSimResult2 = "ERROR,rild is not setup up"; char *pAkaSuccess = "DB083F7D8D419277AE1C1080BB43519D0175C139187861DC01A31A10AC98E8D86AF2D92CA0CAC30B5C50E88A08B5F110E377A2E77D"; char *pAkaFailure = "DC0E8944F438944F438944F438944F43"; u8 i = 0xcd, ia; char *a = "f4", ai[2]; u8 ii[2] = {0x44, 0xfb}, aaii[2]; char *aa = "ffee", iiaa[4]; wpa_printf(MSG_DEBUG, "FIXED TEST\n"); hextoa(&i, ai); wpa_printf(MSG_DEBUG, "%x -> %c%c", i, ai[0], ai[1]); atohex(a, &ia); wpa_printf(MSG_DEBUG, "%s -> %x", a, ia); hextostr(ii, sizeof(ii)/sizeof(ii[0]), iiaa); wpa_printf(MSG_DEBUG, "%x%x -- > %c%c%c%c", ii[0], ii[1], iiaa[0], iiaa[1], iiaa[2], iiaa[3]); strtohex(aa, strlen(aa), aaii); wpa_printf(MSG_DEBUG, "%s --> %x%x", aa, aaii[0], aaii[1]); uint8 *strParm = (uint8 *)pSimResult1, strLen = strlen(pSimResult1); uint8 sres[SIM_SRES_LEN], kc[SIM_KC_LEN]; uint8 res[50]; size_t res_len = 0; uint8 ck[50], ik[50], auts[50]; parseSimResult(strParm, strLen, sres, kc); strParm = (uint8 *)pSimResult2, strLen = strlen(pSimResult2); parseSimResult(strParm, strLen, sres, kc); parseAkaResult(pAkaSuccess, strlen(pAkaSuccess), res, &res_len, ck, ik, auts); parseAkaResult(pAkaFailure, strlen(pAkaFailure), res, &res_len, ck, ik, auts); } break; case 1: { int sock = -1; int i = 0; char *simInput = "EAP_SIM,0,5a01d5224f14222c5554102a10df5896"; int slotId = 0; uint8 sres[SIM_SRES_LEN], kc[SIM_KC_LEN]; uint8 rand[] = {0x5a, 0x01, 0xd5, 0x22, 0x4f, 0x14, 0x22, 0x2c, 0x55, 0x5, 0x4, 0x10, 0x2a, 0x10, 0xdf, 0x58, 0x96}; uint8 randLeon[3][16] = {{0x89, 0xab, 0xcb, 0xee, 0xf9, 0xab, 0xcd, 0xef, 0x89, 0xab, 0xcd, 0xef, 0x89, 0xab, 0xcd, 0xef}, {0x9a, 0xbc, 0xde, 0xf8, 0x9a, 0xbc, 0xde, 0xf8, 0x9a, 0xbc, 0xde, 0xf8, 0x9a, 0xbc, 0xde, 0xf8}, {0xab, 0xcd, 0xef, 0x89, 0xab, 0xcd, 0xef, 0x89, 0xab, 0xcd, 0xef, 0x89, 0xab, 0xcd, 0xef, 0x89}}; for(i = 0; i < 3; i++){ sock = connectToRild(&slotId); eapSimSetParam(sock, 0, randLeon[i]); eapSimQueryResult(sock, sres, kc); disconnectRild(sock); } } break; case 2: { int sock = -1; char *akaInput = "EAP_AKA,0, 8090a966d69c5dd3b5fb0ae975596961,d7ac9c65801a3412af8d47b4ce54ee1e"; int slotId = 0; uint8 rand[] = {0x80, 0x90, 0xa9, 0x66, 0xd6, 0x9c, 0x5d, 0xd3, 0xb5, 0xfb, 0x0a, 0xe9, 0x75, 0x59, 0x69, 0x61}; uint8 autn[] = {0xd7,0xac,0x9c,0x65,0x80,0x1a,0x34,0x12, 0xaf,0x8d,0x47,0xb4,0xce,0x54,0xee,0x1e}; uint8 res[100], ik[100], ck[100], auts[100]; size_t res_len; sock = connectToRild(&slotId); eapAkaSetParam(sock, 0, rand, autn); eapAkaQueryResult(sock, res, &res_len, ik, ck, auts); disconnectRild(sock); } break; default: printf("wrong input %d\n", input); break; } } return 0; }
static gchar* generate_response(const gchar *nouce, const gchar *userid, const gchar *password, const gchar *publickey, const gchar *aeskey_raw) { gchar *psdhex = hash_password_v4(userid, password); gchar modulus[257]; gchar exponent[7]; gint ret, flen; BIGNUM *bnn, *bne; guchar *out; guchar *nonce, *aeskey, *psd, *res; gint nonce_len, aeskey_len, psd_len; RSA *r = RSA_new(); memset(modulus, 0, sizeof(modulus)); memset(exponent, 0, sizeof(exponent)); memcpy(modulus, publickey, 256); memcpy(exponent, publickey + 256, 6); nonce = (guchar*)g_malloc0(strlen(nouce) + 1); memcpy(nonce, (guchar*)nouce, strlen(nouce)); nonce_len = strlen(nouce); psd = strtohex(psdhex, &psd_len); aeskey = strtohex(aeskey_raw, &aeskey_len); res = (guchar*)g_malloc0(nonce_len + aeskey_len + psd_len + 1); memcpy(res, nonce, nonce_len); memcpy(res + nonce_len, psd, psd_len); memcpy(res + nonce_len + psd_len, aeskey, aeskey_len); bnn = BN_new(); bne = BN_new(); BN_hex2bn(&bnn, modulus); BN_hex2bn(&bne, exponent); r->n = bnn; r->e = bne; r->d = NULL; RSA_print_fp(stdout, r, 5); flen = RSA_size(r); out = (guchar*)g_malloc0(flen); hybrid_debug_info("fetion", "start encrypting response"); ret = RSA_public_encrypt(nonce_len + aeskey_len + psd_len, res, out, r, RSA_PKCS1_PADDING); if (ret < 0) { hybrid_debug_info("fetion", "encrypt response failed!"); g_free(res); g_free(aeskey); g_free(psd); g_free(nonce); return NULL; } RSA_free(r); hybrid_debug_info("fetion", "encrypting reponse success"); g_free(res); g_free(aeskey); g_free(psd); g_free(nonce); return hextostr(out , ret); }
int main(int argc, char *argv[]) { if (argc != 5) { show_usage(); return EXIT_FAILURE; } const char *type = argv[1]; const char *elf_path = argv[2]; const char *export_path = argv[3]; const char *import_path = argv[4]; char buffer[100]; int is_kernel = 0; // check if kernel or user if (strcmp(type, "kernel") == 0 || strcmp(type, "k") == 0) { is_kernel = 1; } else if (strcmp(type, "user") == 0 || strcmp(type, "u") == 0) { is_kernel = 0; } else { fprintf(stderr, "error: invalid mod-type '%s'. see usage for more info\n", type); return EXIT_FAILURE; } // load our exports vita_export_t *exports = vita_exports_load(export_path, elf_path, 0); if (!exports) return EXIT_FAILURE; yaml_emitter_t emitter; yaml_event_t event; /* Create the Emitter object. */ yaml_emitter_initialize(&emitter); FILE *fp = fopen(import_path, "w"); if (!fp) { // TODO: handle this fprintf(stderr, "could not open '%s' for writing\n", import_path); return EXIT_FAILURE; } yaml_emitter_set_output_file(&emitter, fp); /* Create and emit the STREAM-START event. */ if(!yamlemitter_stream_start(&emitter, &event)) goto error; if(!yamlemitter_document_start(&emitter, &event)) goto error; if(!yamlemitter_mapping_start(&emitter, &event)) goto error; if(!yamlemitter_key(&emitter, &event,"modules")) goto error; if(!yamlemitter_mapping_start(&emitter, &event)) goto error; if(!yamlemitter_key(&emitter, &event,exports->name)) goto error; if(!yamlemitter_mapping_start(&emitter, &event)) goto error; if(!yamlemitter_key_value(&emitter, &event,"nid",hextostr(exports->nid))) goto error; if(!yamlemitter_key(&emitter, &event,"libraries")) goto error; if(!yamlemitter_mapping_start(&emitter, &event)) goto error; for (int i = 0; i < exports->module_n; ++i) { vita_library_export *lib = exports->modules[i]; int kernel_lib = is_kernel; if (lib->syscall) { if (is_kernel) { kernel_lib = 0; } else { fprintf(stderr, "error: got syscall flag for user module. did you mean to pass as kernel module?"); return EXIT_FAILURE; } } if(!yamlemitter_key(&emitter, &event, lib->name)) goto error; if(!yamlemitter_mapping_start(&emitter, &event)) goto error; if(!yamlemitter_key_value(&emitter, &event,"nid",hextostr(lib->nid))) goto error; if(!yamlemitter_key_value(&emitter, &event,"kernel",booltostr(kernel_lib))) goto error; if(lib->function_n){ if(!yamlemitter_key(&emitter, &event, "functions")) goto error; if(!pack_export_symbols(&emitter, &event, lib->functions, lib->function_n)) goto error; } if(lib->variable_n){ if(!yamlemitter_key(&emitter, &event, "variables")) goto error; if(!pack_export_symbols(&emitter, &event, lib->variables, lib->variable_n)) goto error; } yaml_mapping_end_event_initialize(&event); if (!yaml_emitter_emit(&emitter, &event)) goto error; } if(!yamlemitter_mapping_end(&emitter, &event)) goto error; if(!yamlemitter_mapping_end(&emitter, &event)) goto error; if(!yamlemitter_mapping_end(&emitter, &event)) goto error; if(!yamlemitter_mapping_end(&emitter, &event)) goto error; if(!yamlemitter_document_end(&emitter, &event)) goto error; if(!yamlemitter_stream_end(&emitter, &event)) goto error; /* On error. */ error: fclose(fp); /* Destroy the Emitter object. */ yaml_emitter_delete(&emitter); // TODO: free exports, free json return 0; }