This commit is contained in:
danogentili 2016-08-06 20:48:33 +02:00
parent 7143b75969
commit 1f499a4138
6 changed files with 24 additions and 24 deletions

40
TL.php
View File

@ -73,37 +73,36 @@ class TL
public function serialize_obj($type_, $kwargs)
{
$bytes_io = fopen('php://memory', 'rw+b');
$bytes_io = '';
if (isset($this->constructor_type[$type_])) {
$tl_constructor = $this->constructor_type[$type_];
} else {
throw new Exception(sprintf('Could not extract type: %s', $type_));
}
fwrite($bytes_io, $this->struct->pack('<i', $tl_constructor->id));
$bytes_io .= $this->struct->pack('<i', $tl_constructor->id);
foreach ($tl_constructor->params as $arg) {
$this->serialize_param($bytes_io, $arg['type'], $kwargs[$arg['name']]);
$bytes_io .= $this->serialize_param($arg['type'], $kwargs[$arg['name']]);
}
return fread_all($bytes_io);
return $bytes_io;
}
public function serialize_method($type_, $kwargs)
{
$bytes_io = fopen('php://memory', 'rw+b');
$bytes_io = '';
if (isset($this->method_name[$type_])) {
$tl_method = $this->method_name[$type_];
} else {
throw new Exception(sprintf('Could not extract type: %s', $type_));
}
fwrite($bytes_io, $this->struct->pack('<i', $tl_method->id));
$bytes_io .= $this->struct->pack('<i', $tl_method->id);
foreach ($tl_method->params as $arg) {
$this->serialize_param($bytes_io, $arg['type'], $kwargs[$arg['name']]);
$bytes_io .= $this->serialize_param($arg['type'], $kwargs[$arg['name']]);
}
return fread_all($bytes_io);
return $bytes_io;
}
public function serialize_param($bytes_io, $type_, $value)
public function serialize_param($type_, $value)
{
switch ($type_) {
case 'int':
@ -113,33 +112,34 @@ class TL
if (!(strlen(decbin($value)) <= 32)) {
throw new Exception('Given value is too long.');
}
fwrite($bytes_io, $this->struct->pack('<i', $value));
return $this->struct->pack('<i', $value);
break;
case 'long':
if (!is_numeric($value)) {
throw new Exception("serialize_param: given value isn't numeric");
}
fwrite($bytes_io, $this->struct->pack('<q', $value));
return $this->struct->pack('<q', $value);
break;
case 'int128':
case 'int256':
if (!is_string($value)) {
throw new Exception("serialize_param: given value isn't a string");
}
fwrite($bytes_io, $value);
return $value;
break;
case 'string':
case 'bytes':
$l = strlen($value);
$concat = '';
if ($l < 254) {
fwrite($bytes_io, $this->struct->pack('<b', $l));
fwrite($bytes_io, $value);
fwrite($bytes_io, pack('@'.posmod((-$l - 1), 4)));
$concat .= $this->struct->pack('<b', $l);
$concat .= $value;
$concat .= pack('@'.posmod((-$l - 1), 4));
} else {
fwrite($bytes_io, string2bin('\xfe'));
fwrite($bytes_io, substr($this->struct->pack('<i', $l), 0, 3));
fwrite($bytes_io, $value);
fwrite($bytes_io, pack('@'.posmod(-$l, 4)));
$concat .= string2bin('\xfe');
$concat .= substr($this->struct->pack('<i', $l), 0, 3);
$concat .= $value;
$concat .= pack('@'.posmod(-$l, 4));
}
break;
default:

View File

@ -181,13 +181,13 @@ class Session
throw new Exception('Nothing in the socket!');
}
$packet_length = $this->struct->unpack('<I', $packet_length_data)[0];
var_dump($packet_length);
$packet = fread($this->sock, ($packet_length - 4));
if (!(newcrc32($packet_length_data.substr($packet, 0, -4)) == $this->struct->unpack('<I', substr($packet, -4))[0])) {
throw new Exception('CRC32 was not correct!');
}
$x = $this->struct->unpack('<I', substr($packet, 0, 4));
$auth_key_id = substr($packet, 4, 8);
hex_dump($packet);
if ($auth_key_id == string2bin('\x00\x00\x00\x00\x00\x00\x00\x00')) {
list($message_id, $message_length) = $this->struct->unpack('<8sI', substr($packet, 12, 12));
$data = substr($packet, 24, (24 + $message_length) - 24);
@ -238,6 +238,7 @@ class Session
$f = file_get_contents(__DIR__.'/rsa.pub');
$key = new \phpseclib\Crypt\RSA();
$key->load($f);
$nonce = \phpseclib\Crypt\Random::string(16);
pyjslib_printnl('Requesting pq');
$ResPQ = $this->method_call('req_pq', ['nonce' => $nonce]);
@ -247,7 +248,6 @@ class Session
$server_nonce = $ResPQ['server_nonce'];
$public_key_fingerprint = (int) $ResPQ['server_public_key_fingerprints'][0];
$pq_bytes = $ResPQ['pq'];
var_dump(new \phpseclib\Math\BigInteger($public_key_fingerprint), $key->getPublicKeyFingerprint('sha1'));
$pq = new \phpseclib\Math\BigInteger($pq_bytes, 256);
list($p, $q) = $this->PrimeModule->primefactors($pq);

View File

@ -157,6 +157,7 @@ class Session:
q_bytes = long_to_bytes(q)
f = open(os.path.join(os.path.dirname(__file__), "rsa.pub"))
key = RSA.importKey(f.read())
print(key.exportKey('OpenSSH'))
new_nonce = os.urandom(32)
data = TL.serialize_obj('p_q_inner_data',
@ -166,10 +167,8 @@ class Session:
nonce=nonce,
server_nonce=server_nonce,
new_nonce=new_nonce)
print(len(data), len(p_bytes))
sha_digest = SHA.new(data).digest()
random_bytes = os.urandom(255-len(data)-len(sha_digest))
print(len(sha_digest), len(data), len(random_bytes))
to_encrypt = sha_digest + data + random_bytes
encrypted_data = key.encrypt(to_encrypt, 0)[0]
print("Starting Diffie Hellman key exchange", len(to_encrypt))

0
public.pub Normal file
View File

0
rsa.pub Normal file → Executable file
View File

1
ssh Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBUAI+L3DbeYXe0GR1nP7PCvMo5ppB2vTW8BtTgTWm+R+PiyoOybqXIM41Lvz2xWgP/EJL1jSGSQLeC0vW1J9OWAIw466X2VyLGUQrPAoQ2PVjP+zt1pJqf22rDdt9RX+eqBuEZfzW//7tEUAR35HAWcrtr5diX2yW7MdHJVVpNO94HYZrNPAR/OTYNaCQGW6aXw5ESa9+tpfduQdklMpfgRBKMFtt0nZlcixGtg5d9oD7FrIQYH7yF2UuYCNsJV9qKDFfQIOpZ5HXIUv2TB30/Q2xlE+yaipXAxsy7uZK0VqLpoiFzedKW/ySD2q/WbpcdVBjc+cTD5BC2pIheSUf