Update
This commit is contained in:
parent
7143b75969
commit
1f499a4138
40
TL.php
40
TL.php
@ -73,37 +73,36 @@ class TL
|
||||
|
||||
public function serialize_obj($type_, $kwargs)
|
||||
{
|
||||
$bytes_io = fopen('php://memory', 'rw+b');
|
||||
$bytes_io = '';
|
||||
if (isset($this->constructor_type[$type_])) {
|
||||
$tl_constructor = $this->constructor_type[$type_];
|
||||
} else {
|
||||
throw new Exception(sprintf('Could not extract type: %s', $type_));
|
||||
}
|
||||
fwrite($bytes_io, $this->struct->pack('<i', $tl_constructor->id));
|
||||
$bytes_io .= $this->struct->pack('<i', $tl_constructor->id);
|
||||
foreach ($tl_constructor->params as $arg) {
|
||||
$this->serialize_param($bytes_io, $arg['type'], $kwargs[$arg['name']]);
|
||||
$bytes_io .= $this->serialize_param($arg['type'], $kwargs[$arg['name']]);
|
||||
}
|
||||
|
||||
return fread_all($bytes_io);
|
||||
return $bytes_io;
|
||||
}
|
||||
|
||||
public function serialize_method($type_, $kwargs)
|
||||
{
|
||||
$bytes_io = fopen('php://memory', 'rw+b');
|
||||
$bytes_io = '';
|
||||
if (isset($this->method_name[$type_])) {
|
||||
$tl_method = $this->method_name[$type_];
|
||||
} else {
|
||||
throw new Exception(sprintf('Could not extract type: %s', $type_));
|
||||
}
|
||||
fwrite($bytes_io, $this->struct->pack('<i', $tl_method->id));
|
||||
$bytes_io .= $this->struct->pack('<i', $tl_method->id);
|
||||
foreach ($tl_method->params as $arg) {
|
||||
$this->serialize_param($bytes_io, $arg['type'], $kwargs[$arg['name']]);
|
||||
$bytes_io .= $this->serialize_param($arg['type'], $kwargs[$arg['name']]);
|
||||
}
|
||||
|
||||
return fread_all($bytes_io);
|
||||
return $bytes_io;
|
||||
}
|
||||
|
||||
public function serialize_param($bytes_io, $type_, $value)
|
||||
public function serialize_param($type_, $value)
|
||||
{
|
||||
switch ($type_) {
|
||||
case 'int':
|
||||
@ -113,33 +112,34 @@ class TL
|
||||
if (!(strlen(decbin($value)) <= 32)) {
|
||||
throw new Exception('Given value is too long.');
|
||||
}
|
||||
fwrite($bytes_io, $this->struct->pack('<i', $value));
|
||||
return $this->struct->pack('<i', $value);
|
||||
break;
|
||||
case 'long':
|
||||
if (!is_numeric($value)) {
|
||||
throw new Exception("serialize_param: given value isn't numeric");
|
||||
}
|
||||
fwrite($bytes_io, $this->struct->pack('<q', $value));
|
||||
return $this->struct->pack('<q', $value);
|
||||
break;
|
||||
case 'int128':
|
||||
case 'int256':
|
||||
if (!is_string($value)) {
|
||||
throw new Exception("serialize_param: given value isn't a string");
|
||||
}
|
||||
fwrite($bytes_io, $value);
|
||||
return $value;
|
||||
break;
|
||||
case 'string':
|
||||
case 'bytes':
|
||||
$l = strlen($value);
|
||||
$concat = '';
|
||||
if ($l < 254) {
|
||||
fwrite($bytes_io, $this->struct->pack('<b', $l));
|
||||
fwrite($bytes_io, $value);
|
||||
fwrite($bytes_io, pack('@'.posmod((-$l - 1), 4)));
|
||||
$concat .= $this->struct->pack('<b', $l);
|
||||
$concat .= $value;
|
||||
$concat .= pack('@'.posmod((-$l - 1), 4));
|
||||
} else {
|
||||
fwrite($bytes_io, string2bin('\xfe'));
|
||||
fwrite($bytes_io, substr($this->struct->pack('<i', $l), 0, 3));
|
||||
fwrite($bytes_io, $value);
|
||||
fwrite($bytes_io, pack('@'.posmod(-$l, 4)));
|
||||
$concat .= string2bin('\xfe');
|
||||
$concat .= substr($this->struct->pack('<i', $l), 0, 3);
|
||||
$concat .= $value;
|
||||
$concat .= pack('@'.posmod(-$l, 4));
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
@ -181,13 +181,13 @@ class Session
|
||||
throw new Exception('Nothing in the socket!');
|
||||
}
|
||||
$packet_length = $this->struct->unpack('<I', $packet_length_data)[0];
|
||||
var_dump($packet_length);
|
||||
$packet = fread($this->sock, ($packet_length - 4));
|
||||
if (!(newcrc32($packet_length_data.substr($packet, 0, -4)) == $this->struct->unpack('<I', substr($packet, -4))[0])) {
|
||||
throw new Exception('CRC32 was not correct!');
|
||||
}
|
||||
$x = $this->struct->unpack('<I', substr($packet, 0, 4));
|
||||
$auth_key_id = substr($packet, 4, 8);
|
||||
hex_dump($packet);
|
||||
if ($auth_key_id == string2bin('\x00\x00\x00\x00\x00\x00\x00\x00')) {
|
||||
list($message_id, $message_length) = $this->struct->unpack('<8sI', substr($packet, 12, 12));
|
||||
$data = substr($packet, 24, (24 + $message_length) - 24);
|
||||
@ -238,6 +238,7 @@ class Session
|
||||
$f = file_get_contents(__DIR__.'/rsa.pub');
|
||||
$key = new \phpseclib\Crypt\RSA();
|
||||
$key->load($f);
|
||||
|
||||
$nonce = \phpseclib\Crypt\Random::string(16);
|
||||
pyjslib_printnl('Requesting pq');
|
||||
$ResPQ = $this->method_call('req_pq', ['nonce' => $nonce]);
|
||||
@ -247,7 +248,6 @@ class Session
|
||||
$server_nonce = $ResPQ['server_nonce'];
|
||||
$public_key_fingerprint = (int) $ResPQ['server_public_key_fingerprints'][0];
|
||||
$pq_bytes = $ResPQ['pq'];
|
||||
var_dump(new \phpseclib\Math\BigInteger($public_key_fingerprint), $key->getPublicKeyFingerprint('sha1'));
|
||||
|
||||
$pq = new \phpseclib\Math\BigInteger($pq_bytes, 256);
|
||||
list($p, $q) = $this->PrimeModule->primefactors($pq);
|
||||
|
@ -157,6 +157,7 @@ class Session:
|
||||
q_bytes = long_to_bytes(q)
|
||||
f = open(os.path.join(os.path.dirname(__file__), "rsa.pub"))
|
||||
key = RSA.importKey(f.read())
|
||||
print(key.exportKey('OpenSSH'))
|
||||
|
||||
new_nonce = os.urandom(32)
|
||||
data = TL.serialize_obj('p_q_inner_data',
|
||||
@ -166,10 +167,8 @@ class Session:
|
||||
nonce=nonce,
|
||||
server_nonce=server_nonce,
|
||||
new_nonce=new_nonce)
|
||||
print(len(data), len(p_bytes))
|
||||
sha_digest = SHA.new(data).digest()
|
||||
random_bytes = os.urandom(255-len(data)-len(sha_digest))
|
||||
print(len(sha_digest), len(data), len(random_bytes))
|
||||
to_encrypt = sha_digest + data + random_bytes
|
||||
encrypted_data = key.encrypt(to_encrypt, 0)[0]
|
||||
print("Starting Diffie Hellman key exchange", len(to_encrypt))
|
||||
|
0
public.pub
Normal file
0
public.pub
Normal file
1
ssh
Normal file
1
ssh
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBUAI+L3DbeYXe0GR1nP7PCvMo5ppB2vTW8BtTgTWm+R+PiyoOybqXIM41Lvz2xWgP/EJL1jSGSQLeC0vW1J9OWAIw466X2VyLGUQrPAoQ2PVjP+zt1pJqf22rDdt9RX+eqBuEZfzW//7tEUAR35HAWcrtr5diX2yW7MdHJVVpNO94HYZrNPAR/OTYNaCQGW6aXw5ESa9+tpfduQdklMpfgRBKMFtt0nZlcixGtg5d9oD7FrIQYH7yF2UuYCNsJV9qKDFfQIOpZ5HXIUv2TB30/Q2xlE+yaipXAxsy7uZK0VqLpoiFzedKW/ySD2q/WbpcdVBjc+cTD5BC2pIheSUf
|
Loading…
Reference in New Issue
Block a user