Mirror/Novaria
1
0
Fork 0
mirror of https://github.com/raphaeIl/Novaria.git synced 2025-12-13 15:04:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

server now fully supports PC client, implement AESGCM, (Aes256Gcm not supported on android),

Browse Source
This commit is contained in:
raphaeIl
2025-01-15 01:17:15 -05:00
parent 7bd937dac5
commit 582d91d2a5
9 changed files with 4770 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
Novaria.Common/Crypto/AeadTool.cs
View File

@@ -1,32 +1,42 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using Novaria.Common.Util;
//using Mono.Security.Cryptography;
using NSec.Cryptography;
using Serilog;
using static System.Runtime.InteropServices.JavaScript.JSType;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Parameters;
namespace Novaria.Common.Crypto
{
public static class AeadTool
{
public static ClientType clientType; // apprently the ike key for pc and mobile is different somehow
public static ClientType clientType = ClientType.PC; // PC uses AESGCM while Android uses chacha20 (Aes256Gcm not supported on android ig)
// for now set this field when switching, TODO: implement auto client detection from sdk auth request
public static byte[] PS_REQUEST_NONCE = new byte[12];
public static AeadTool.AeadEncryptHandler Encrypt;
public static AeadTool.AeadDecryptHandler Decrypt;
private static readonly byte[] associatedData = new byte[13];
public static readonly int NonceSize = 12;
public static readonly int MacSize = 128;
public static readonly int KeySize = 32;
public static readonly int IVSize = 16;
public static byte[] PS_REQUEST_NONCE = new byte[12]; // hardcoded nonce, probably makes it easier for server idk? could also just randomly generate but me lazy
public static byte[] PS_PUBLIC_KEY { get => DiffieHellman.Instance.ServerPublicKey.ToByteArray(); }
public static string TOKEN = "seggs"; // hardcoded for now
public static readonly byte[] DEFAULT_SERVERLIST_KEY;
public static readonly byte[] DEFAULT_SERVERLIST_IV;
public static readonly byte[] DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
public static readonly byte[] DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };
public static readonly byte[] FIRST_IKE_KEY;
public static readonly byte[] IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
public static readonly byte[] associatedData;
private static GcmBlockCipher cipher;
private static AesEngine engine;
public delegate void AeadEncryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData);
public delegate bool AeadDecryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated);
public static ReadOnlySpan<byte> AEADMARK
{
@@ -40,57 +50,71 @@ namespace Novaria.Common.Crypto
static AeadTool()
{
AeadTool.clientType = ClientType.Mobile;
DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };
FIRST_IKE_KEY = new byte[] { 51, 76, 83, 57, 38, 111, 89, 100, 115, 112, 94, 53, 119, 105, 56, 38, 90, 120, 67, 35, 99, 55, 77, 90, 103, 55, 51, 104, 98, 69, 68, 119 };
//if (clientType == ClientType.Mobile)
//{
// FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
// Log.Information("Mobile Client Type with key:");
// Utils.PrintByteArray(FIRST_IKE_KEY);
//}
//else
//{
// FIRST_IKE_KEY = Encoding.ASCII.GetBytes("#$*;1H&x*)0!@,/OcIe4VbiL[~fLyE7t");
// Log.Information("PC Client Type with key:");
// Utils.PrintByteArray(FIRST_IKE_KEY);
//}
FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
associatedData = new byte[13];
// assume AesGcm not supported (frida log)
associatedData[associatedData.Length - 1] = 1;
PS_PUBLIC_KEY[0] = 69;
PS_PUBLIC_KEY[95] = 69;
PS_REQUEST_NONCE[0] = 42;
PS_REQUEST_NONCE[11] = 42;
InitAeadTool();
}
public static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, ReadOnlySpan<byte> associatedData)
public static void InitAeadTool()
{
Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
bool result2;
using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
if (clientType == ClientType.PC)
{
result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
}
AeadTool.InitBouncyCastle();
AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_AESGCM_BouncyCastle);
AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_AESGCM_BouncyCastle);
AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 2;
Console.WriteLine("Select PC client, now using AESGCM");
return;
}
AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_ChaCha20);
AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_ChaCha20);
AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 1;
Console.WriteLine("Select Mobile client, now using ChaCha20");
}
public static void InitBouncyCastle()
{
AeadTool.engine = new AesEngine();
AeadTool.cipher = new GcmBlockCipher(AeadTool.engine);
}
private static void Encrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
{
if (!needAssociatedData)
{
byte[] array = AeadTool.Encrypt_BouncyCastle(key, nonce, data, null);
result.Clear();
MemoryExtensions.CopyTo<byte>(array, result);
return;
}
nonce.CopyTo(MemoryExtensions.AsSpan<byte>(AeadTool.associatedData, 0, 12));
Span<byte> associated = MemoryExtensions.AsSpan<byte>(AeadTool.associatedData);
byte[] array2 = AeadTool.Encrypt_BouncyCastle(key, nonce, data, associated);
result.Clear();
MemoryExtensions.CopyTo<byte>(array2, result);
}
private static bool Dencrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated)
{
bool result2;
try
{
byte[] array = AeadTool.Decrypt_BouncyCastle(key.ToArray(), nonce, data.ToArray(), associated);
result.Clear();
MemoryExtensions.CopyTo<byte>(array, result);
result2 = true;
} catch (Exception ex)
{
Console.WriteLine(ex.Message);
result2 = false;
}
return result2;
}
public static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
private static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
{
Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
@@ -108,6 +132,21 @@ namespace Novaria.Common.Crypto
}
}
private static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associatedData)
{
Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
bool result2;
using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
{
result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
}
return result2;
}
// probably wrong
public static byte[] DecryptAesCBCInfo(byte[] key, byte[] IV, byte[] cipherBytes)
{
@@ -140,6 +179,47 @@ namespace Novaria.Common.Crypto
}
}
}
private static byte[] Encrypt_BouncyCastle(ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> secretMessage, Span<byte> associated)
{
if (key == null || key.Length != AeadTool.KeySize)
{
throw new ArgumentException(string.Format("Key needs to be {0} bit!", AeadTool.KeySize), "key");
}
if (secretMessage == null || secretMessage.Length == 0)
{
throw new ArgumentException("Secret Message Required!", "secretMessage");
}
if (AeadTool.cipher == null)
{
Console.WriteLine("Must Init:BouncyCastleAesGcm");
return null;
}
AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key.ToArray()), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
AeadTool.cipher.Init(true, aeadParameters);
byte[] array = new byte[AeadTool.cipher.GetOutputSize(secretMessage.Length)];
int num = AeadTool.cipher.ProcessBytes(secretMessage.ToArray(), 0, secretMessage.Length, array, 0);
AeadTool.cipher.DoFinal(array, num);
return array;
}
private static byte[] Decrypt_BouncyCastle(byte[] key, ReadOnlySpan<byte> nonce, byte[] cipherText, Span<byte> associated)
{
if (cipherText == null || cipherText.Length == 0)
{
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
}
if (AeadTool.cipher == null)
{
throw new ArgumentException("BouncyCastleAesGcm must be initialized first");
}
AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
AeadTool.cipher.Init(false, aeadParameters);
byte[] array = new byte[AeadTool.cipher.GetOutputSize(cipherText.Length)];
int num = AeadTool.cipher.ProcessBytes(cipherText, 0, cipherText.Length, array, 0);
AeadTool.cipher.DoFinal(array, num);
return array;
}
}
public enum ClientType