std::string PbeMd5AndDesEncryptor::decrypt(const std::string& encryptedtext, const std::string& password,
const std::string salt, long iterations) {
std::string data = Base64Util::decode(encryptedtext);
PbeMd5AndDesKey key = generateKey(password, salt, iterations);
int decryptedReturnedLength = static_cast<int>(data.length());
unsigned char decryptedReturned[decryptedReturnedLength];
DES_ncbc_encrypt(reinterpret_cast<const unsigned char*>(data.data()), decryptedReturned,
decryptedReturnedLength, &key.schedule, &key.ivec, DES_DECRYPT);
std::string decrypted(reinterpret_cast<char *>(decryptedReturned), decryptedReturnedLength);
int padValue = static_cast<int>(decrypted[decryptedReturnedLength - 1]);
return decrypted.substr(0, decryptedReturnedLength - padValue);
}
QByteArray Core::decryptData(const QByteArray& data, const Tox_Pass_Key& encryptionKey)
{
if (data.size() < TOX_PASS_ENCRYPTION_EXTRA_LENGTH)
{
qWarning() << "Not enough data:" << data.size();
return QByteArray();
}
int decryptedSize = data.size() - TOX_PASS_ENCRYPTION_EXTRA_LENGTH;
QByteArray decrypted(decryptedSize, 0x00);
if (!tox_pass_key_decrypt(&encryptionKey, reinterpret_cast<const uint8_t*>(data.data()), data.size(),
(uint8_t*) decrypted.data(), nullptr))
{
qWarning() << "Decryption failed";
return QByteArray();
}
return decrypted;
}
void AuthSession::HandleClientAuthentication(WorldPacket& packet)
{
quint32 bufferSize;
packet >> bufferSize;
QByteArray buffer;
buffer.resize(bufferSize);
packet.ReadRawBytes(buffer.data(), buffer.size());
WorldPacket decrypted(0, sCryptographyMgr->Decrypt(buffer));
quint64 salt;
decrypted >> salt;
m_username = decrypted.ReadString();
QString password = decrypted.ReadString();
QSqlQuery result = sAuthDatabase->Query(SELECT_ACCOUNT_BY_USERNAME, QVariantList() << m_username);
if (!result.first())
{
SendLoginErrorResult(LOGIN_RESULT_ERROR_INVALID_LOGIN);
return;
}
QString hashPassword = result.value("hash_password").toString();
if (Utils::HashPassword(m_username, password) != hashPassword)
{
SendLoginErrorResult(LOGIN_RESULT_ERROR_INVALID_LOGIN);
return;
}
m_accountId = result.value("account_id").toUInt();
WorldPacket data(SMSG_CLIENT_AUTH_RESULT);
data << quint8(LOGIN_RESULT_SUCCESS);
data << quint8(0); // m_activateSteamLinkHint (bool)
data << quint8(1); // hasAccountInformations
data << int(COMMUNITY_FR); // Community
data << quint8(0); // hasAdminInformations?
SendPacket(data);
}
void LanDeviceLink::dataReceived()
{
if (mSocketLineReader->bytesAvailable() == 0) return;
QByteArray package = mSocketLineReader->readLine();
//kDebug(kdeconnect_kded()) << "LanDeviceLink dataReceived" << package;
NetworkPackage unserialized(QString::null);
NetworkPackage::unserialize(package, &unserialized);
if (unserialized.isEncrypted()) {
//mPrivateKey should always be set when device link is added to device, no null-checking done here
NetworkPackage decrypted(QString::null);
unserialized.decrypt(mPrivateKey, &decrypted);
if (decrypted.hasPayloadTransferInfo()) {
kDebug(kdeconnect_kded()) << "HasPayloadTransferInfo";
DownloadJob* job = new DownloadJob(mSocketLineReader->peerAddress(), decrypted.payloadTransferInfo());
job->start();
decrypted.setPayload(job->getPayload(), decrypted.payloadSize());
}
Q_EMIT receivedPackage(decrypted);
} else {
if (unserialized.hasPayloadTransferInfo()) {
qWarning() << "Ignoring unencrypted payload";
}
Q_EMIT receivedPackage(unserialized);
}
if (mSocketLineReader->bytesAvailable() > 0) {
QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection);
}
}
void TestAES256CBC(const std::string &hexkey, const std::string &hexiv, bool pad, const std::string &hexin, const std::string &hexout)
{
std::vector<unsigned char> key = ParseHex(hexkey);
std::vector<unsigned char> iv = ParseHex(hexiv);
std::vector<unsigned char> in = ParseHex(hexin);
std::vector<unsigned char> correctout = ParseHex(hexout);
std::vector<unsigned char> realout(in.size() + AES_BLOCKSIZE);
// Encrypt the plaintext and verify that it equals the cipher
AES256CBCEncrypt enc(&key[0], &iv[0], pad);
int size = enc.Encrypt(&in[0], in.size(), &realout[0]);
realout.resize(size);
BOOST_CHECK(realout.size() == correctout.size());
BOOST_CHECK_MESSAGE(realout == correctout, HexStr(realout) + std::string(" != ") + hexout);
// Decrypt the cipher and verify that it equals the plaintext
std::vector<unsigned char> decrypted(correctout.size());
AES256CBCDecrypt dec(&key[0], &iv[0], pad);
size = dec.Decrypt(&correctout[0], correctout.size(), &decrypted[0]);
decrypted.resize(size);
BOOST_CHECK(decrypted.size() == in.size());
BOOST_CHECK_MESSAGE(decrypted == in, HexStr(decrypted) + std::string(" != ") + hexin);
// Encrypt and re-decrypt substrings of the plaintext and verify that they equal each-other
for(std::vector<unsigned char>::iterator i(in.begin()); i != in.end(); ++i)
{
std::vector<unsigned char> sub(i, in.end());
std::vector<unsigned char> subout(sub.size() + AES_BLOCKSIZE);
int size = enc.Encrypt(&sub[0], sub.size(), &subout[0]);
if (size != 0)
{
subout.resize(size);
std::vector<unsigned char> subdecrypted(subout.size());
size = dec.Decrypt(&subout[0], subout.size(), &subdecrypted[0]);
subdecrypted.resize(size);
BOOST_CHECK(decrypted.size() == in.size());
BOOST_CHECK_MESSAGE(subdecrypted == sub, HexStr(subdecrypted) + std::string(" != ") + HexStr(sub));
}
}
}
IPCCommandResult WFSI::IOCtl(const IOCtlRequest& request)
{
s32 return_error_code = IPC_SUCCESS;
switch (request.request)
{
case IOCTL_WFSI_IMPORT_TITLE_INIT:
{
u32 tmd_addr = Memory::Read_U32(request.buffer_in);
u32 tmd_size = Memory::Read_U32(request.buffer_in + 4);
m_patch_type = static_cast<PatchType>(Memory::Read_U32(request.buffer_in + 32));
m_continue_install = Memory::Read_U32(request.buffer_in + 36);
INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: patch type %d, continue install: %s",
m_patch_type, m_continue_install ? "true" : "false");
if (m_patch_type == PatchType::PATCH_TYPE_2)
{
const std::string content_dir =
StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(),
m_current_group_id_str.c_str(), m_current_title_id_str.c_str());
File::Rename(WFS::NativePath(content_dir + "/default.dol"),
WFS::NativePath(content_dir + "/_default.dol"));
}
if (!IOS::ES::IsValidTMDSize(tmd_size))
{
ERROR_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: TMD size too large (%d)", tmd_size);
return_error_code = IPC_EINVAL;
break;
}
std::vector<u8> tmd_bytes;
tmd_bytes.resize(tmd_size);
Memory::CopyFromEmu(tmd_bytes.data(), tmd_addr, tmd_size);
m_tmd.SetBytes(std::move(tmd_bytes));
IOS::ES::TicketReader ticket = m_ios.GetES()->FindSignedTicket(m_tmd.GetTitleId());
if (!ticket.IsValid())
{
return_error_code = -11028;
break;
}
memcpy(m_aes_key, ticket.GetTitleKey(m_ios.GetIOSC()).data(), sizeof(m_aes_key));
mbedtls_aes_setkey_dec(&m_aes_ctx, m_aes_key, 128);
SetImportTitleIdAndGroupId(m_tmd.GetTitleId(), m_tmd.GetGroupId());
if (m_patch_type == PatchType::PATCH_TYPE_1)
CancelPatchImport(m_continue_install);
else if (m_patch_type == PatchType::NOT_A_PATCH)
CancelTitleImport(m_continue_install);
break;
}
case IOCTL_WFSI_PREPARE_PROFILE:
m_base_extract_path = StringFromFormat("/vol/%s/tmp/", m_device_name.c_str());
// Fall through intended.
case IOCTL_WFSI_PREPARE_CONTENT:
{
const char* ioctl_name = request.request == IOCTL_WFSI_PREPARE_PROFILE ?
"IOCTL_WFSI_PREPARE_PROFILE" :
"IOCTL_WFSI_PREPARE_CONTENT";
// Initializes the IV from the index of the content in the TMD contents.
u32 content_id = Memory::Read_U32(request.buffer_in + 8);
IOS::ES::Content content_info;
if (!m_tmd.FindContentById(content_id, &content_info))
{
WARN_LOG(IOS_WFS, "%s: Content id %08x not found", ioctl_name, content_id);
return_error_code = -10003;
break;
}
memset(m_aes_iv, 0, sizeof(m_aes_iv));
m_aes_iv[0] = content_info.index >> 8;
m_aes_iv[1] = content_info.index & 0xFF;
INFO_LOG(IOS_WFS, "%s: Content id %08x found at index %d", ioctl_name, content_id,
content_info.index);
m_arc_unpacker.Reset();
break;
}
case IOCTL_WFSI_IMPORT_PROFILE:
case IOCTL_WFSI_IMPORT_CONTENT:
{
const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE ?
"IOCTL_WFSI_IMPORT_PROFILE" :
"IOCTL_WFSI_IMPORT_CONTENT";
u32 content_id = Memory::Read_U32(request.buffer_in + 0xC);
u32 input_ptr = Memory::Read_U32(request.buffer_in + 0x10);
u32 input_size = Memory::Read_U32(request.buffer_in + 0x14);
INFO_LOG(IOS_WFS, "%s: %08x bytes of data at %08x from content id %d", ioctl_name, input_size,
input_ptr, content_id);
std::vector<u8> decrypted(input_size);
mbedtls_aes_crypt_cbc(&m_aes_ctx, MBEDTLS_AES_DECRYPT, input_size, m_aes_iv,
Memory::GetPointer(input_ptr), decrypted.data());
m_arc_unpacker.AddBytes(decrypted);
break;
}
case IOCTL_WFSI_IMPORT_CONTENT_END:
case IOCTL_WFSI_IMPORT_PROFILE_END:
{
const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE_END ?
"IOCTL_WFSI_IMPORT_PROFILE_END" :
"IOCTL_WFSI_IMPORT_CONTENT_END";
INFO_LOG(IOS_WFS, "%s", ioctl_name);
auto callback = [this](const std::string& filename, const std::vector<u8>& bytes) {
INFO_LOG(IOS_WFS, "Extract: %s (%zd bytes)", filename.c_str(), bytes.size());
std::string path = WFS::NativePath(m_base_extract_path + "/" + filename);
File::CreateFullPath(path);
File::IOFile f(path, "wb");
if (!f)
{
ERROR_LOG(IOS_WFS, "Could not extract %s to %s", filename.c_str(), path.c_str());
return;
}
f.WriteBytes(bytes.data(), bytes.size());
};
m_arc_unpacker.Extract(callback);
// Technically not needed, but let's not keep large buffers in RAM for no
// reason if we can avoid it.
m_arc_unpacker.Reset();
break;
}
case IOCTL_WFSI_FINALIZE_TITLE_INSTALL:
{
std::string tmd_path;
if (m_patch_type == NOT_A_PATCH)
{
std::string title_install_dir = StringFromFormat("/vol/%s/_install/%s", m_device_name.c_str(),
m_import_title_id_str.c_str());
std::string title_final_dir =
StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(),
m_import_group_id_str.c_str(), m_import_title_id_str.c_str());
File::Rename(WFS::NativePath(title_install_dir), WFS::NativePath(title_final_dir));
tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd",
m_device_name.c_str(), m_import_group_id_str.c_str(),
m_import_title_id_str.c_str(), m_import_title_id);
}
else
{
std::string patch_dir =
StringFromFormat("/vol/%s/title/%s/%s/_patch", m_device_name.c_str(),
m_current_group_id_str.c_str(), m_current_title_id_str.c_str());
File::DeleteDirRecursively(WFS::NativePath(patch_dir));
tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd",
m_device_name.c_str(), m_current_group_id_str.c_str(),
m_current_title_id_str.c_str(), m_import_title_id);
}
File::IOFile tmd_file(WFS::NativePath(tmd_path), "wb");
tmd_file.WriteBytes(m_tmd.GetBytes().data(), m_tmd.GetBytes().size());
break;
}
case IOCTL_WFSI_FINALIZE_PATCH_INSTALL:
{
INFO_LOG(IOS_WFS, "IOCTL_WFSI_FINALIZE_PATCH_INSTALL");
if (m_patch_type != NOT_A_PATCH)
{
std::string current_title_dir =
StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(),
m_current_group_id_str.c_str(), m_current_title_id_str.c_str());
std::string patch_dir = current_title_dir + "/_patch";
File::CopyDir(WFS::NativePath(patch_dir), WFS::NativePath(current_title_dir), true);
}
break;
}
case IOCTL_WFSI_DELETE_TITLE:
// Bytes 0-4: ??
// Bytes 4-8: game id
// Bytes 1c-1e: title id?
WARN_LOG(IOS_WFS, "IOCTL_WFSI_DELETE_TITLE: unimplemented");
break;
case IOCTL_WFSI_GET_VERSION:
INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_VERSION");
Memory::Write_U32(0x20, request.buffer_out);
break;
case IOCTL_WFSI_IMPORT_TITLE_CANCEL:
{
INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_CANCEL");
bool continue_install = Memory::Read_U32(request.buffer_in) != 0;
if (m_patch_type == PatchType::NOT_A_PATCH)
return_error_code = CancelTitleImport(continue_install);
else if (m_patch_type == PatchType::PATCH_TYPE_1 || m_patch_type == PatchType::PATCH_TYPE_2)
return_error_code = CancelPatchImport(continue_install);
else
return_error_code = WFS_EINVAL;
m_tmd = {};
break;
}
case IOCTL_WFSI_INIT:
{
INFO_LOG(IOS_WFS, "IOCTL_WFSI_INIT");
u64 tid;
if (GetIOS()->GetES()->GetTitleId(&tid) < 0)
{
ERROR_LOG(IOS_WFS, "IOCTL_WFSI_INIT: Could not get title id.");
return_error_code = IPC_EINVAL;
break;
}
IOS::ES::TMDReader tmd = GetIOS()->GetES()->FindInstalledTMD(tid);
SetCurrentTitleIdAndGroupId(tmd.GetTitleId(), tmd.GetGroupId());
break;
}
case IOCTL_WFSI_SET_DEVICE_NAME:
INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_DEVICE_NAME");
m_device_name = Memory::GetString(request.buffer_in);
break;
case IOCTL_WFSI_APPLY_TITLE_PROFILE:
{
INFO_LOG(IOS_WFS, "IOCTL_WFSI_APPLY_TITLE_PROFILE");
if (m_patch_type == NOT_A_PATCH)
{
std::string install_directory = StringFromFormat("/vol/%s/_install", m_device_name.c_str());
if (!m_continue_install && File::IsDirectory(WFS::NativePath(install_directory)))
{
File::DeleteDirRecursively(WFS::NativePath(install_directory));
}
m_base_extract_path = StringFromFormat("%s/%s/content", install_directory.c_str(),
m_import_title_id_str.c_str());
File::CreateFullPath(WFS::NativePath(m_base_extract_path));
File::CreateDir(WFS::NativePath(m_base_extract_path));
for (auto dir : {"work", "meta", "save"})
{
std::string path = StringFromFormat("%s/%s/%s", install_directory.c_str(),
m_import_title_id_str.c_str(), dir);
File::CreateDir(WFS::NativePath(path));
}
std::string group_path = StringFromFormat("/vol/%s/title/%s", m_device_name.c_str(),
m_import_group_id_str.c_str());
File::CreateFullPath(WFS::NativePath(group_path));
File::CreateDir(WFS::NativePath(group_path));
}
else
{
m_base_extract_path =
StringFromFormat("/vol/%s/title/%s/%s/_patch/content", m_device_name.c_str(),
m_current_group_id_str.c_str(), m_current_title_id_str.c_str());
File::CreateFullPath(WFS::NativePath(m_base_extract_path));
File::CreateDir(WFS::NativePath(m_base_extract_path));
}
break;
}
case IOCTL_WFSI_GET_TMD:
{
u64 subtitle_id = Memory::Read_U64(request.buffer_in);
u32 address = Memory::Read_U32(request.buffer_in + 24);
INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD: subtitle ID %016" PRIx64, subtitle_id);
u32 tmd_size;
return_error_code =
GetTmd(m_current_group_id, m_current_title_id, subtitle_id, address, &tmd_size);
Memory::Write_U32(tmd_size, request.buffer_out);
break;
}
case IOCTL_WFSI_GET_TMD_ABSOLUTE:
{
u64 subtitle_id = Memory::Read_U64(request.buffer_in);
u32 address = Memory::Read_U32(request.buffer_in + 24);
u16 group_id = Memory::Read_U16(request.buffer_in + 36);
u32 title_id = Memory::Read_U32(request.buffer_in + 32);
INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD_ABSOLUTE: tid %08x, gid %04x, subtitle ID %016" PRIx64,
title_id, group_id, subtitle_id);
u32 tmd_size;
return_error_code = GetTmd(group_id, title_id, subtitle_id, address, &tmd_size);
Memory::Write_U32(tmd_size, request.buffer_out);
break;
}
case IOCTL_WFSI_SET_FST_BUFFER:
{
INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_FST_BUFFER: address %08x, size %08x", request.buffer_in,
request.buffer_in_size);
break;
}
case IOCTL_WFSI_NOOP:
break;
case IOCTL_WFSI_LOAD_DOL:
{
std::string path =
StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(),
m_current_group_id_str.c_str(), m_current_title_id_str.c_str());
u32 dol_addr = Memory::Read_U32(request.buffer_in + 0x18);
u32 max_dol_size = Memory::Read_U32(request.buffer_in + 0x14);
u16 dol_extension_id = Memory::Read_U16(request.buffer_in + 0x1e);
if (dol_extension_id == 0)
{
path += "/default.dol";
}
else
{
path += StringFromFormat("/extension%d.dol", dol_extension_id);
}
INFO_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: loading %s at address %08x (size %d)", path.c_str(),
dol_addr, max_dol_size);
File::IOFile fp(WFS::NativePath(path), "rb");
if (!fp)
{
WARN_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: no such file or directory: %s", path.c_str());
return_error_code = WFS_ENOENT;
break;
}
u32 real_dol_size = fp.GetSize();
if (dol_addr == 0)
{
// Write the expected size to the size parameter, in the input.
Memory::Write_U32(real_dol_size, request.buffer_in + 0x14);
}
else
{
fp.ReadBytes(Memory::GetPointer(dol_addr), max_dol_size);
}
Memory::Write_U32(real_dol_size, request.buffer_out);
break;
}
case IOCTL_WFSI_CHECK_HAS_SPACE:
WARN_LOG(IOS_WFS, "IOCTL_WFSI_CHECK_HAS_SPACE: returning true");
// TODO(wfs): implement this properly.
// 1 is returned if there is free space, 0 otherwise.
//
// WFSI builds a path depending on the import state
// /vol/VOLUME_ID/title/GROUP_ID/GAME_ID
// /vol/VOLUME_ID/_install/GAME_ID
// then removes everything after the last path separator ('/')
// it then calls WFSISrvGetFreeBlkNum (ioctl 0x5a, aliased to 0x5b) with that path.
// If the ioctl fails, WFSI returns 0.
// If the ioctl succeeds, WFSI returns 0 or 1 depending on the three u32s in the input buffer
// and the three u32s returned by WFSSRV (TODO: figure out what it does)
return_error_code = 1;
break;
default:
// TODO(wfs): Should be returning an error. However until we have
// everything properly stubbed it's easier to simulate the methods
// succeeding.
request.DumpUnknown(GetDeviceName(), LogTypes::IOS, LogTypes::LWARNING);
Memory::Memset(request.buffer_out, 0, request.buffer_out_size);
break;
}
return GetDefaultReply(return_error_code);
}
void WorldSession::HandleClientAuthentication(WorldPacket& packet)
{
quint32 bufferSize;
packet >> bufferSize;
QByteArray buffer;
buffer.resize(bufferSize);
packet.ReadRawBytes(buffer.data(), buffer.size());
WorldPacket decrypted(0, Cryptography::Instance()->Decrypt(buffer));
quint64 rsaVerification;
decrypted >> rsaVerification;
QString account = decrypted.ReadString();
QString password = decrypted.ReadString();
QSqlQuery result = Database::Auth()->Query(SELECT_ACCOUNT_BY_USERNAME, QVariantList() << account);
if (!result.first())
{
SendLoginErrorResult(LOGIN_RESULT_INVALID_LOGIN);
return;
}
QSqlRecord fields = result.record();
QString hashPassword = result.value(fields.indexOf("hash_password")).toString();
if (Utils::HashPassword(account, password) != hashPassword)
{
SendLoginErrorResult(LOGIN_RESULT_INVALID_LOGIN);
return;
}
m_accountInfos.id = result.value(fields.indexOf("account_id")).toULongLong();
m_accountInfos.username = result.value(fields.indexOf("username")).toString();
m_accountInfos.pseudo = result.value(fields.indexOf("pseudo")).toString();
m_accountInfos.gmLevel = (quint8)result.value(fields.indexOf("username")).toUInt();
m_accountInfos.subscriptionTime = result.value(fields.indexOf("subscription_time")).toUInt();
// Send opcode 2 (connection retry ticket, not implemented)
WorldPacket data2(SMSG_CONNECTION_RETRY_TICKET);
SendPacket(data2);
WorldPacket data(SMSG_CLIENT_AUTH_RESULT);
data << quint8(LOGIN_RESULT_SUCCESS);
data.StartBlock<quint16>();
{
data << quint8(1);
{
data << quint8(0);
data << quint32(6);
data << quint8(0);
data << quint64(result.value(fields.indexOf("account_id")).toULongLong());
data << quint32(1); // m_subscriptionLevel
data << quint32(0); // antiAddictionLevel
data << quint64(m_accountInfos.subscriptionTime);
// Admin rights ?
for (quint8 i = 0; i <= 75; ++i)
data << quint32(0);
data.WriteString(m_accountInfos.pseudo);
data << quint32(0); // m_accountCommunity ID, see Wl.java for IDs
data << quint16(0); // size of hdv, see bOE.java something with m_accountCommunity and check TS.java
}
}
data.EndBlock<quint16>();
SendPacket(data);
SendWorldSelectResult();
}
