std::string PbeMd5AndDesEncryptor::decrypt(const std::string& encryptedtext, const std::string& password, const std::string salt, long iterations) { std::string data = Base64Util::decode(encryptedtext); PbeMd5AndDesKey key = generateKey(password, salt, iterations); int decryptedReturnedLength = static_cast<int>(data.length()); unsigned char decryptedReturned[decryptedReturnedLength]; DES_ncbc_encrypt(reinterpret_cast<const unsigned char*>(data.data()), decryptedReturned, decryptedReturnedLength, &key.schedule, &key.ivec, DES_DECRYPT); std::string decrypted(reinterpret_cast<char *>(decryptedReturned), decryptedReturnedLength); int padValue = static_cast<int>(decrypted[decryptedReturnedLength - 1]); return decrypted.substr(0, decryptedReturnedLength - padValue); }
QByteArray Core::decryptData(const QByteArray& data, const Tox_Pass_Key& encryptionKey) { if (data.size() < TOX_PASS_ENCRYPTION_EXTRA_LENGTH) { qWarning() << "Not enough data:" << data.size(); return QByteArray(); } int decryptedSize = data.size() - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; QByteArray decrypted(decryptedSize, 0x00); if (!tox_pass_key_decrypt(&encryptionKey, reinterpret_cast<const uint8_t*>(data.data()), data.size(), (uint8_t*) decrypted.data(), nullptr)) { qWarning() << "Decryption failed"; return QByteArray(); } return decrypted; }
void AuthSession::HandleClientAuthentication(WorldPacket& packet) { quint32 bufferSize; packet >> bufferSize; QByteArray buffer; buffer.resize(bufferSize); packet.ReadRawBytes(buffer.data(), buffer.size()); WorldPacket decrypted(0, sCryptographyMgr->Decrypt(buffer)); quint64 salt; decrypted >> salt; m_username = decrypted.ReadString(); QString password = decrypted.ReadString(); QSqlQuery result = sAuthDatabase->Query(SELECT_ACCOUNT_BY_USERNAME, QVariantList() << m_username); if (!result.first()) { SendLoginErrorResult(LOGIN_RESULT_ERROR_INVALID_LOGIN); return; } QString hashPassword = result.value("hash_password").toString(); if (Utils::HashPassword(m_username, password) != hashPassword) { SendLoginErrorResult(LOGIN_RESULT_ERROR_INVALID_LOGIN); return; } m_accountId = result.value("account_id").toUInt(); WorldPacket data(SMSG_CLIENT_AUTH_RESULT); data << quint8(LOGIN_RESULT_SUCCESS); data << quint8(0); // m_activateSteamLinkHint (bool) data << quint8(1); // hasAccountInformations data << int(COMMUNITY_FR); // Community data << quint8(0); // hasAdminInformations? SendPacket(data); }
void LanDeviceLink::dataReceived() { if (mSocketLineReader->bytesAvailable() == 0) return; QByteArray package = mSocketLineReader->readLine(); //kDebug(kdeconnect_kded()) << "LanDeviceLink dataReceived" << package; NetworkPackage unserialized(QString::null); NetworkPackage::unserialize(package, &unserialized); if (unserialized.isEncrypted()) { //mPrivateKey should always be set when device link is added to device, no null-checking done here NetworkPackage decrypted(QString::null); unserialized.decrypt(mPrivateKey, &decrypted); if (decrypted.hasPayloadTransferInfo()) { kDebug(kdeconnect_kded()) << "HasPayloadTransferInfo"; DownloadJob* job = new DownloadJob(mSocketLineReader->peerAddress(), decrypted.payloadTransferInfo()); job->start(); decrypted.setPayload(job->getPayload(), decrypted.payloadSize()); } Q_EMIT receivedPackage(decrypted); } else { if (unserialized.hasPayloadTransferInfo()) { qWarning() << "Ignoring unencrypted payload"; } Q_EMIT receivedPackage(unserialized); } if (mSocketLineReader->bytesAvailable() > 0) { QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection); } }
void TestAES256CBC(const std::string &hexkey, const std::string &hexiv, bool pad, const std::string &hexin, const std::string &hexout) { std::vector<unsigned char> key = ParseHex(hexkey); std::vector<unsigned char> iv = ParseHex(hexiv); std::vector<unsigned char> in = ParseHex(hexin); std::vector<unsigned char> correctout = ParseHex(hexout); std::vector<unsigned char> realout(in.size() + AES_BLOCKSIZE); // Encrypt the plaintext and verify that it equals the cipher AES256CBCEncrypt enc(&key[0], &iv[0], pad); int size = enc.Encrypt(&in[0], in.size(), &realout[0]); realout.resize(size); BOOST_CHECK(realout.size() == correctout.size()); BOOST_CHECK_MESSAGE(realout == correctout, HexStr(realout) + std::string(" != ") + hexout); // Decrypt the cipher and verify that it equals the plaintext std::vector<unsigned char> decrypted(correctout.size()); AES256CBCDecrypt dec(&key[0], &iv[0], pad); size = dec.Decrypt(&correctout[0], correctout.size(), &decrypted[0]); decrypted.resize(size); BOOST_CHECK(decrypted.size() == in.size()); BOOST_CHECK_MESSAGE(decrypted == in, HexStr(decrypted) + std::string(" != ") + hexin); // Encrypt and re-decrypt substrings of the plaintext and verify that they equal each-other for(std::vector<unsigned char>::iterator i(in.begin()); i != in.end(); ++i) { std::vector<unsigned char> sub(i, in.end()); std::vector<unsigned char> subout(sub.size() + AES_BLOCKSIZE); int size = enc.Encrypt(&sub[0], sub.size(), &subout[0]); if (size != 0) { subout.resize(size); std::vector<unsigned char> subdecrypted(subout.size()); size = dec.Decrypt(&subout[0], subout.size(), &subdecrypted[0]); subdecrypted.resize(size); BOOST_CHECK(decrypted.size() == in.size()); BOOST_CHECK_MESSAGE(subdecrypted == sub, HexStr(subdecrypted) + std::string(" != ") + HexStr(sub)); } } }
IPCCommandResult WFSI::IOCtl(const IOCtlRequest& request) { s32 return_error_code = IPC_SUCCESS; switch (request.request) { case IOCTL_WFSI_IMPORT_TITLE_INIT: { u32 tmd_addr = Memory::Read_U32(request.buffer_in); u32 tmd_size = Memory::Read_U32(request.buffer_in + 4); m_patch_type = static_cast<PatchType>(Memory::Read_U32(request.buffer_in + 32)); m_continue_install = Memory::Read_U32(request.buffer_in + 36); INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: patch type %d, continue install: %s", m_patch_type, m_continue_install ? "true" : "false"); if (m_patch_type == PatchType::PATCH_TYPE_2) { const std::string content_dir = StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::Rename(WFS::NativePath(content_dir + "/default.dol"), WFS::NativePath(content_dir + "/_default.dol")); } if (!IOS::ES::IsValidTMDSize(tmd_size)) { ERROR_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: TMD size too large (%d)", tmd_size); return_error_code = IPC_EINVAL; break; } std::vector<u8> tmd_bytes; tmd_bytes.resize(tmd_size); Memory::CopyFromEmu(tmd_bytes.data(), tmd_addr, tmd_size); m_tmd.SetBytes(std::move(tmd_bytes)); IOS::ES::TicketReader ticket = m_ios.GetES()->FindSignedTicket(m_tmd.GetTitleId()); if (!ticket.IsValid()) { return_error_code = -11028; break; } memcpy(m_aes_key, ticket.GetTitleKey(m_ios.GetIOSC()).data(), sizeof(m_aes_key)); mbedtls_aes_setkey_dec(&m_aes_ctx, m_aes_key, 128); SetImportTitleIdAndGroupId(m_tmd.GetTitleId(), m_tmd.GetGroupId()); if (m_patch_type == PatchType::PATCH_TYPE_1) CancelPatchImport(m_continue_install); else if (m_patch_type == PatchType::NOT_A_PATCH) CancelTitleImport(m_continue_install); break; } case IOCTL_WFSI_PREPARE_PROFILE: m_base_extract_path = StringFromFormat("/vol/%s/tmp/", m_device_name.c_str()); // Fall through intended. case IOCTL_WFSI_PREPARE_CONTENT: { const char* ioctl_name = request.request == IOCTL_WFSI_PREPARE_PROFILE ? "IOCTL_WFSI_PREPARE_PROFILE" : "IOCTL_WFSI_PREPARE_CONTENT"; // Initializes the IV from the index of the content in the TMD contents. u32 content_id = Memory::Read_U32(request.buffer_in + 8); IOS::ES::Content content_info; if (!m_tmd.FindContentById(content_id, &content_info)) { WARN_LOG(IOS_WFS, "%s: Content id %08x not found", ioctl_name, content_id); return_error_code = -10003; break; } memset(m_aes_iv, 0, sizeof(m_aes_iv)); m_aes_iv[0] = content_info.index >> 8; m_aes_iv[1] = content_info.index & 0xFF; INFO_LOG(IOS_WFS, "%s: Content id %08x found at index %d", ioctl_name, content_id, content_info.index); m_arc_unpacker.Reset(); break; } case IOCTL_WFSI_IMPORT_PROFILE: case IOCTL_WFSI_IMPORT_CONTENT: { const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE ? "IOCTL_WFSI_IMPORT_PROFILE" : "IOCTL_WFSI_IMPORT_CONTENT"; u32 content_id = Memory::Read_U32(request.buffer_in + 0xC); u32 input_ptr = Memory::Read_U32(request.buffer_in + 0x10); u32 input_size = Memory::Read_U32(request.buffer_in + 0x14); INFO_LOG(IOS_WFS, "%s: %08x bytes of data at %08x from content id %d", ioctl_name, input_size, input_ptr, content_id); std::vector<u8> decrypted(input_size); mbedtls_aes_crypt_cbc(&m_aes_ctx, MBEDTLS_AES_DECRYPT, input_size, m_aes_iv, Memory::GetPointer(input_ptr), decrypted.data()); m_arc_unpacker.AddBytes(decrypted); break; } case IOCTL_WFSI_IMPORT_CONTENT_END: case IOCTL_WFSI_IMPORT_PROFILE_END: { const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE_END ? "IOCTL_WFSI_IMPORT_PROFILE_END" : "IOCTL_WFSI_IMPORT_CONTENT_END"; INFO_LOG(IOS_WFS, "%s", ioctl_name); auto callback = [this](const std::string& filename, const std::vector<u8>& bytes) { INFO_LOG(IOS_WFS, "Extract: %s (%zd bytes)", filename.c_str(), bytes.size()); std::string path = WFS::NativePath(m_base_extract_path + "/" + filename); File::CreateFullPath(path); File::IOFile f(path, "wb"); if (!f) { ERROR_LOG(IOS_WFS, "Could not extract %s to %s", filename.c_str(), path.c_str()); return; } f.WriteBytes(bytes.data(), bytes.size()); }; m_arc_unpacker.Extract(callback); // Technically not needed, but let's not keep large buffers in RAM for no // reason if we can avoid it. m_arc_unpacker.Reset(); break; } case IOCTL_WFSI_FINALIZE_TITLE_INSTALL: { std::string tmd_path; if (m_patch_type == NOT_A_PATCH) { std::string title_install_dir = StringFromFormat("/vol/%s/_install/%s", m_device_name.c_str(), m_import_title_id_str.c_str()); std::string title_final_dir = StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(), m_import_group_id_str.c_str(), m_import_title_id_str.c_str()); File::Rename(WFS::NativePath(title_install_dir), WFS::NativePath(title_final_dir)); tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd", m_device_name.c_str(), m_import_group_id_str.c_str(), m_import_title_id_str.c_str(), m_import_title_id); } else { std::string patch_dir = StringFromFormat("/vol/%s/title/%s/%s/_patch", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::DeleteDirRecursively(WFS::NativePath(patch_dir)); tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str(), m_import_title_id); } File::IOFile tmd_file(WFS::NativePath(tmd_path), "wb"); tmd_file.WriteBytes(m_tmd.GetBytes().data(), m_tmd.GetBytes().size()); break; } case IOCTL_WFSI_FINALIZE_PATCH_INSTALL: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_FINALIZE_PATCH_INSTALL"); if (m_patch_type != NOT_A_PATCH) { std::string current_title_dir = StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); std::string patch_dir = current_title_dir + "/_patch"; File::CopyDir(WFS::NativePath(patch_dir), WFS::NativePath(current_title_dir), true); } break; } case IOCTL_WFSI_DELETE_TITLE: // Bytes 0-4: ?? // Bytes 4-8: game id // Bytes 1c-1e: title id? WARN_LOG(IOS_WFS, "IOCTL_WFSI_DELETE_TITLE: unimplemented"); break; case IOCTL_WFSI_GET_VERSION: INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_VERSION"); Memory::Write_U32(0x20, request.buffer_out); break; case IOCTL_WFSI_IMPORT_TITLE_CANCEL: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_CANCEL"); bool continue_install = Memory::Read_U32(request.buffer_in) != 0; if (m_patch_type == PatchType::NOT_A_PATCH) return_error_code = CancelTitleImport(continue_install); else if (m_patch_type == PatchType::PATCH_TYPE_1 || m_patch_type == PatchType::PATCH_TYPE_2) return_error_code = CancelPatchImport(continue_install); else return_error_code = WFS_EINVAL; m_tmd = {}; break; } case IOCTL_WFSI_INIT: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_INIT"); u64 tid; if (GetIOS()->GetES()->GetTitleId(&tid) < 0) { ERROR_LOG(IOS_WFS, "IOCTL_WFSI_INIT: Could not get title id."); return_error_code = IPC_EINVAL; break; } IOS::ES::TMDReader tmd = GetIOS()->GetES()->FindInstalledTMD(tid); SetCurrentTitleIdAndGroupId(tmd.GetTitleId(), tmd.GetGroupId()); break; } case IOCTL_WFSI_SET_DEVICE_NAME: INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_DEVICE_NAME"); m_device_name = Memory::GetString(request.buffer_in); break; case IOCTL_WFSI_APPLY_TITLE_PROFILE: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_APPLY_TITLE_PROFILE"); if (m_patch_type == NOT_A_PATCH) { std::string install_directory = StringFromFormat("/vol/%s/_install", m_device_name.c_str()); if (!m_continue_install && File::IsDirectory(WFS::NativePath(install_directory))) { File::DeleteDirRecursively(WFS::NativePath(install_directory)); } m_base_extract_path = StringFromFormat("%s/%s/content", install_directory.c_str(), m_import_title_id_str.c_str()); File::CreateFullPath(WFS::NativePath(m_base_extract_path)); File::CreateDir(WFS::NativePath(m_base_extract_path)); for (auto dir : {"work", "meta", "save"}) { std::string path = StringFromFormat("%s/%s/%s", install_directory.c_str(), m_import_title_id_str.c_str(), dir); File::CreateDir(WFS::NativePath(path)); } std::string group_path = StringFromFormat("/vol/%s/title/%s", m_device_name.c_str(), m_import_group_id_str.c_str()); File::CreateFullPath(WFS::NativePath(group_path)); File::CreateDir(WFS::NativePath(group_path)); } else { m_base_extract_path = StringFromFormat("/vol/%s/title/%s/%s/_patch/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::CreateFullPath(WFS::NativePath(m_base_extract_path)); File::CreateDir(WFS::NativePath(m_base_extract_path)); } break; } case IOCTL_WFSI_GET_TMD: { u64 subtitle_id = Memory::Read_U64(request.buffer_in); u32 address = Memory::Read_U32(request.buffer_in + 24); INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD: subtitle ID %016" PRIx64, subtitle_id); u32 tmd_size; return_error_code = GetTmd(m_current_group_id, m_current_title_id, subtitle_id, address, &tmd_size); Memory::Write_U32(tmd_size, request.buffer_out); break; } case IOCTL_WFSI_GET_TMD_ABSOLUTE: { u64 subtitle_id = Memory::Read_U64(request.buffer_in); u32 address = Memory::Read_U32(request.buffer_in + 24); u16 group_id = Memory::Read_U16(request.buffer_in + 36); u32 title_id = Memory::Read_U32(request.buffer_in + 32); INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD_ABSOLUTE: tid %08x, gid %04x, subtitle ID %016" PRIx64, title_id, group_id, subtitle_id); u32 tmd_size; return_error_code = GetTmd(group_id, title_id, subtitle_id, address, &tmd_size); Memory::Write_U32(tmd_size, request.buffer_out); break; } case IOCTL_WFSI_SET_FST_BUFFER: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_FST_BUFFER: address %08x, size %08x", request.buffer_in, request.buffer_in_size); break; } case IOCTL_WFSI_NOOP: break; case IOCTL_WFSI_LOAD_DOL: { std::string path = StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); u32 dol_addr = Memory::Read_U32(request.buffer_in + 0x18); u32 max_dol_size = Memory::Read_U32(request.buffer_in + 0x14); u16 dol_extension_id = Memory::Read_U16(request.buffer_in + 0x1e); if (dol_extension_id == 0) { path += "/default.dol"; } else { path += StringFromFormat("/extension%d.dol", dol_extension_id); } INFO_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: loading %s at address %08x (size %d)", path.c_str(), dol_addr, max_dol_size); File::IOFile fp(WFS::NativePath(path), "rb"); if (!fp) { WARN_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: no such file or directory: %s", path.c_str()); return_error_code = WFS_ENOENT; break; } u32 real_dol_size = fp.GetSize(); if (dol_addr == 0) { // Write the expected size to the size parameter, in the input. Memory::Write_U32(real_dol_size, request.buffer_in + 0x14); } else { fp.ReadBytes(Memory::GetPointer(dol_addr), max_dol_size); } Memory::Write_U32(real_dol_size, request.buffer_out); break; } case IOCTL_WFSI_CHECK_HAS_SPACE: WARN_LOG(IOS_WFS, "IOCTL_WFSI_CHECK_HAS_SPACE: returning true"); // TODO(wfs): implement this properly. // 1 is returned if there is free space, 0 otherwise. // // WFSI builds a path depending on the import state // /vol/VOLUME_ID/title/GROUP_ID/GAME_ID // /vol/VOLUME_ID/_install/GAME_ID // then removes everything after the last path separator ('/') // it then calls WFSISrvGetFreeBlkNum (ioctl 0x5a, aliased to 0x5b) with that path. // If the ioctl fails, WFSI returns 0. // If the ioctl succeeds, WFSI returns 0 or 1 depending on the three u32s in the input buffer // and the three u32s returned by WFSSRV (TODO: figure out what it does) return_error_code = 1; break; default: // TODO(wfs): Should be returning an error. However until we have // everything properly stubbed it's easier to simulate the methods // succeeding. request.DumpUnknown(GetDeviceName(), LogTypes::IOS, LogTypes::LWARNING); Memory::Memset(request.buffer_out, 0, request.buffer_out_size); break; } return GetDefaultReply(return_error_code); }
void WorldSession::HandleClientAuthentication(WorldPacket& packet) { quint32 bufferSize; packet >> bufferSize; QByteArray buffer; buffer.resize(bufferSize); packet.ReadRawBytes(buffer.data(), buffer.size()); WorldPacket decrypted(0, Cryptography::Instance()->Decrypt(buffer)); quint64 rsaVerification; decrypted >> rsaVerification; QString account = decrypted.ReadString(); QString password = decrypted.ReadString(); QSqlQuery result = Database::Auth()->Query(SELECT_ACCOUNT_BY_USERNAME, QVariantList() << account); if (!result.first()) { SendLoginErrorResult(LOGIN_RESULT_INVALID_LOGIN); return; } QSqlRecord fields = result.record(); QString hashPassword = result.value(fields.indexOf("hash_password")).toString(); if (Utils::HashPassword(account, password) != hashPassword) { SendLoginErrorResult(LOGIN_RESULT_INVALID_LOGIN); return; } m_accountInfos.id = result.value(fields.indexOf("account_id")).toULongLong(); m_accountInfos.username = result.value(fields.indexOf("username")).toString(); m_accountInfos.pseudo = result.value(fields.indexOf("pseudo")).toString(); m_accountInfos.gmLevel = (quint8)result.value(fields.indexOf("username")).toUInt(); m_accountInfos.subscriptionTime = result.value(fields.indexOf("subscription_time")).toUInt(); // Send opcode 2 (connection retry ticket, not implemented) WorldPacket data2(SMSG_CONNECTION_RETRY_TICKET); SendPacket(data2); WorldPacket data(SMSG_CLIENT_AUTH_RESULT); data << quint8(LOGIN_RESULT_SUCCESS); data.StartBlock<quint16>(); { data << quint8(1); { data << quint8(0); data << quint32(6); data << quint8(0); data << quint64(result.value(fields.indexOf("account_id")).toULongLong()); data << quint32(1); // m_subscriptionLevel data << quint32(0); // antiAddictionLevel data << quint64(m_accountInfos.subscriptionTime); // Admin rights ? for (quint8 i = 0; i <= 75; ++i) data << quint32(0); data.WriteString(m_accountInfos.pseudo); data << quint32(0); // m_accountCommunity ID, see Wl.java for IDs data << quint16(0); // size of hdv, see bOE.java something with m_accountCommunity and check TS.java } } data.EndBlock<quint16>(); SendPacket(data); SendWorldSelectResult(); }