server now fully supports PC client, implement AESGCM, (Aes256Gcm not supported on android),

2025-12-12 22:44:35 +01:00 · 2025-01-15 01:17:15 -05:00
parent 7bd937dac5
commit 582d91d2a5
9 changed files with 4770 additions and 79 deletions
--- a/Novaria.Common/Core/HttpNetworkManager.cs
+++ b/Novaria.Common/Core/HttpNetworkManager.cs
@@ -27,7 +27,7 @@ namespace Novaria.Common.Core
            byte[] packetData = ((MemoryStream)packetWriter.BaseStream).ToArray();
            Span<byte> encryptedPacketData = (new byte[packetData.Length + 16]).AsSpan();
-            AeadTool.Encrypt_ChaCha20(encryptedPacketData, AeadTool.FIRST_IKE_KEY, AeadTool.PS_REQUEST_NONCE, packetData, false);
+            AeadTool.Encrypt(encryptedPacketData, AeadTool.IKE_KEY, AeadTool.PS_REQUEST_NONCE, packetData, false);
            BinaryWriter rawResponseWriter = new BinaryWriter(new MemoryStream());
            rawResponseWriter.Write(AeadTool.PS_REQUEST_NONCE);
@@ -88,7 +88,7 @@ namespace Novaria.Common.Core
            byte[] packetData = ((MemoryStream)packetWriter.BaseStream).ToArray();
            Span<byte> encryptedPacketData = (new byte[packetData.Length + 16]).AsSpan();
-            AeadTool.Encrypt_ChaCha20(encryptedPacketData, AeadTool.key3, AeadTool.PS_REQUEST_NONCE, packetData, false);
+            AeadTool.Encrypt(encryptedPacketData, AeadTool.key3, AeadTool.PS_REQUEST_NONCE, packetData, false);
            BinaryWriter rawResponseWriter = new BinaryWriter(new MemoryStream());
            rawResponseWriter.Write(AeadTool.PS_REQUEST_NONCE);
@@ -121,7 +121,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();
-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.key3, nonce, packet_data, null);
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.key3, nonce, packet_data, null);
            if (!success)
            {
@@ -179,7 +179,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();
-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.key3, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.key3, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
            if (!success)
            {
@@ -223,6 +223,8 @@ namespace Novaria.Common.Core
                packetSize--; // skip in payload
            }
            Console.WriteLine("aeadbyte: " + aeadBytes[0]);
            byte[] packetBytes = new byte[packetSize];
            reader.Read(packetBytes);
@@ -241,9 +243,18 @@ namespace Novaria.Common.Core
            byte[] associateData = new byte[13]; // this is needed for req decrypt (size: nonce(12) + 1)
            nonceBytes.CopyTo(associateData, 0); // associateData: [nonce, 1], 1 means AesGcm not supported
            associateData[associateData.Length - 1] = 1;
-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.FIRST_IKE_KEY, nonce, packet_data, associateData);
+            if (AeadTool.clientType == ClientType.PC)
            {
                associateData[associateData.Length - 1] = 0;
            }
            else
            {
                associateData[associateData.Length - 1] = 1;
            }
            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.IKE_KEY, nonce, packet_data, associateData);
            if (!success)
            {
@@ -303,7 +314,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();
-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.FIRST_IKE_KEY, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.IKE_KEY, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
            if (!success)
            {
--- a/Novaria.Common/Crypto/AeadTool.cs
+++ b/Novaria.Common/Crypto/AeadTool.cs
@@ -1,32 +1,42 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Novaria.Common.Util;
 //using Mono.Security.Cryptography;
 using NSec.Cryptography;
-using Serilog;
+using Org.BouncyCastle.Crypto.Engines;
-using static System.Runtime.InteropServices.JavaScript.JSType;
+using Org.BouncyCastle.Crypto.Modes;
 using Org.BouncyCastle.Crypto.Parameters;
 namespace Novaria.Common.Crypto
 {
    public static class AeadTool
    {
-        public static ClientType clientType; // apprently the ike key for pc and mobile is different somehow
+        public static ClientType clientType = ClientType.PC; // PC uses AESGCM while Android uses chacha20 (Aes256Gcm not supported on android ig)
                                                             // for now set this field when switching, TODO: implement auto client detection from sdk auth request
-        public static byte[] PS_REQUEST_NONCE = new byte[12];
+        public static AeadTool.AeadEncryptHandler Encrypt;
        public static AeadTool.AeadDecryptHandler Decrypt;
        private static readonly byte[] associatedData = new byte[13];
        public static readonly int NonceSize = 12;
        public static readonly int MacSize = 128;
        public static readonly int KeySize = 32;
        public static readonly int IVSize = 16;
        public static byte[] PS_REQUEST_NONCE = new byte[12]; // hardcoded nonce, probably makes it easier for server idk? could also just randomly generate but me lazy
        public static byte[] PS_PUBLIC_KEY { get => DiffieHellman.Instance.ServerPublicKey.ToByteArray(); }
        public static string TOKEN = "seggs"; // hardcoded for now
-        public static readonly byte[] DEFAULT_SERVERLIST_KEY;
+        public static readonly byte[] DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
-        public static readonly byte[] DEFAULT_SERVERLIST_IV;
+        public static readonly byte[] DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };
-        public static readonly byte[] FIRST_IKE_KEY;
+        public static readonly byte[] IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
-        public static readonly byte[] associatedData;
+        private static GcmBlockCipher cipher;
        private static AesEngine engine;
        public delegate void AeadEncryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData);
        public delegate bool AeadDecryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated);
        public static ReadOnlySpan<byte> AEADMARK
        {
@@ -40,57 +50,71 @@ namespace Novaria.Common.Crypto
        static AeadTool()
        {
            AeadTool.clientType = ClientType.Mobile;
            DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
            DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };
            FIRST_IKE_KEY = new byte[] { 51, 76, 83, 57, 38, 111, 89, 100, 115, 112, 94, 53, 119, 105, 56, 38, 90, 120, 67, 35, 99, 55, 77, 90, 103, 55, 51, 104, 98, 69, 68, 119 };
            //if (clientType == ClientType.Mobile)
            //{
            //    FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
            //    Log.Information("Mobile Client Type with key:");
            //    Utils.PrintByteArray(FIRST_IKE_KEY);
            //}
            //else
            //{
            //    FIRST_IKE_KEY = Encoding.ASCII.GetBytes("#$*;1H&x*)0!@,/OcIe4VbiL[~fLyE7t");
            //    Log.Information("PC Client Type with key:");
            //    Utils.PrintByteArray(FIRST_IKE_KEY);
            //}
            FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
            associatedData = new byte[13];
            // assume AesGcm not supported (frida log)
            associatedData[associatedData.Length - 1] = 1;
            PS_PUBLIC_KEY[0] = 69;
            PS_PUBLIC_KEY[95] = 69;
            PS_REQUEST_NONCE[0] = 42;
            PS_REQUEST_NONCE[11] = 42;
            InitAeadTool();
        }
-        public static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, ReadOnlySpan<byte> associatedData)
+        public static void InitAeadTool()
        {
-            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
+            if (clientType == ClientType.PC)
            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
            KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
            bool result2;
            using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
            {
-                result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
+                AeadTool.InitBouncyCastle();
-            }
+                AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_AESGCM_BouncyCastle);
                AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_AESGCM_BouncyCastle);
                AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 2;
                Console.WriteLine("Select PC client, now using AESGCM");
                return;
            }
            AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_ChaCha20);
            AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_ChaCha20);
            AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 1;
            Console.WriteLine("Select Mobile client, now using ChaCha20");
        }
        public static void InitBouncyCastle()
        {
            AeadTool.engine = new AesEngine();
            AeadTool.cipher = new GcmBlockCipher(AeadTool.engine);
        }
        private static void Encrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
        {
            if (!needAssociatedData)
            {
                byte[] array = AeadTool.Encrypt_BouncyCastle(key, nonce, data, null);
                result.Clear();
                MemoryExtensions.CopyTo<byte>(array, result);
                return;
            }
            nonce.CopyTo(MemoryExtensions.AsSpan<byte>(AeadTool.associatedData, 0, 12));
            Span<byte> associated = MemoryExtensions.AsSpan<byte>(AeadTool.associatedData);
            byte[] array2 = AeadTool.Encrypt_BouncyCastle(key, nonce, data, associated);
            result.Clear();
            MemoryExtensions.CopyTo<byte>(array2, result);
        }
        private static bool Dencrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated)
        {
            bool result2;
            try
            {
                byte[] array = AeadTool.Decrypt_BouncyCastle(key.ToArray(), nonce, data.ToArray(), associated);
                result.Clear();
                MemoryExtensions.CopyTo<byte>(array, result);
                result2 = true;
            } catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                result2 = false;
            }
            return result2;
        }
-
+        private static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
        public static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
        {
            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
@@ -108,6 +132,21 @@ namespace Novaria.Common.Crypto
            }
        }
        private static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associatedData)
        {
            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
            KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
            bool result2;
            using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
            {
                result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
            }
            return result2;
        }
        // probably wrong
        public static byte[] DecryptAesCBCInfo(byte[] key, byte[] IV, byte[] cipherBytes)
        {
@@ -140,6 +179,47 @@ namespace Novaria.Common.Crypto
                }
            }
        }
        private static byte[] Encrypt_BouncyCastle(ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> secretMessage, Span<byte> associated)
        {
            if (key == null || key.Length != AeadTool.KeySize)
            {
                throw new ArgumentException(string.Format("Key needs to be {0} bit!", AeadTool.KeySize), "key");
            }
            if (secretMessage == null || secretMessage.Length == 0)
            {
                throw new ArgumentException("Secret Message Required!", "secretMessage");
            }
            if (AeadTool.cipher == null)
            {
                Console.WriteLine("Must Init:BouncyCastleAesGcm");
                return null;
            }
            AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key.ToArray()), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
            AeadTool.cipher.Init(true, aeadParameters);
            byte[] array = new byte[AeadTool.cipher.GetOutputSize(secretMessage.Length)];
            int num = AeadTool.cipher.ProcessBytes(secretMessage.ToArray(), 0, secretMessage.Length, array, 0);
            AeadTool.cipher.DoFinal(array, num);
            return array;
        }
        private static byte[] Decrypt_BouncyCastle(byte[] key, ReadOnlySpan<byte> nonce, byte[] cipherText, Span<byte> associated)
        {
            if (cipherText == null || cipherText.Length == 0)
            {
                throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
            }
            if (AeadTool.cipher == null)
            {
                throw new ArgumentException("BouncyCastleAesGcm must be initialized first");
            }
            AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
            AeadTool.cipher.Init(false, aeadParameters);
            byte[] array = new byte[AeadTool.cipher.GetOutputSize(cipherText.Length)];
            int num = AeadTool.cipher.ProcessBytes(cipherText, 0, cipherText.Length, array, 0);
            AeadTool.cipher.DoFinal(array, num);
            return array;
        }
    }
    public enum ClientType
--- a/Novaria.Common/Crypto/DiffieHellman.cs
+++ b/Novaria.Common/Crypto/DiffieHellman.cs
@@ -33,11 +33,6 @@ namespace Novaria.Common.Crypto
            //    return result.ToByteArray(false, true)[..32];
            //}
            //else
            //{
            //}
            return result.ToByteArray(true, true)[..32];
        }
--- a/Novaria.Common/Novaria.Common.csproj
+++ b/Novaria.Common/Novaria.Common.csproj
@@ -5,10 +5,11 @@
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
-    <AllowUnsafeBlocks>True</AllowUnsafeBlocks>
+    <AllowUnsafeBlocks>False</AllowUnsafeBlocks>
  </PropertyGroup>
 	<ItemGroup>
 		<PackageReference Include="BouncyCastle.Cryptography" Version="2.5.0" />
 		<PackageReference Include="Google.Protobuf" Version="3.24.3" />
 		<PackageReference Include="NSec.Cryptography" Version="24.4.0" />
 		<PackageReference Include="Serilog" Version="3.1.1" />
--- a/Novaria.PcapParser/Novaria.PcapParser.sln
+++ b/Novaria.PcapParser/Novaria.PcapParser.sln
@@ -0,0 +1,24 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.5.2.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Novaria.PcapParser", "Novaria.PcapParser.csproj", "{E5605F32-2159-31B7-BB16-7C24F60235B5}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {3F500C61-DDA4-474F-AE04-A3F97AEEF0B6}
 	EndGlobalSection
 EndGlobal
--- a/Novaria.PcapParser/accidently_too_many.json
+++ b/Novaria.PcapParser/accidently_too_many.json
--- a/Novaria.PcapParser/full_everytghing
+++ b/Novaria.PcapParser/full_everytghing
--- a/Novaria.SDKServer/Controllers/Api/ProtocolHandlers/Login.cs
+++ b/Novaria.SDKServer/Controllers/Api/ProtocolHandlers/Login.cs
@@ -40,7 +40,7 @@ namespace Novaria.GameServer.Controllers.Api.ProtocolHandlers
                Id = 1,
                Hashtag = 4562,
                HeadIcon = 100101,
-                NickName = "夏萝莉是小楠梁",
+                NickName = "seggs",
                Gender = false,
                Signature = "",
                TitlePrefix = 1,
@@ -54,9 +54,18 @@ namespace Novaria.GameServer.Controllers.Api.ProtocolHandlers
            byte[] real_key = AeadTool.key3;
            ClientType real_client_type = AeadTool.clientType;
            // load from pcap
            AeadTool.clientType = ClientType.Mobile; // my pcap were from mobile so gotta switch it over
            AeadTool.InitAeadTool();
            PcapParser.PcapParser.Instance.Parse("all_mainmenu_packets.json");
            // after pcap parse switch it back, this should rlly be done inside PcapParser.Parse()
            AeadTool.clientType = real_client_type;
            AeadTool.InitAeadTool();
            PlayerInfo pcapPlayerInfo = (PlayerInfo)PcapParser.PcapParser.Instance.GetPcapPacket(NetMsgId.player_data_succeed_ack);
            PlayerInfo playerInfoResponse = new PlayerInfo()
--- a/Novaria.SDKServer/GameServer.cs
+++ b/Novaria.SDKServer/GameServer.cs
@@ -19,16 +19,7 @@ namespace Novaria.GameServer
    {
        public static void Main(string[] args)
        {
-            //byte[] spub = new byte[] { 0, 219, 176, 103, 73, 245, 239, 125, 227, 240, 79, 51, 62, 250, 113, 143, 251, 155, 158, 45, 101, 1, 6, 185, 140, 153, 221, 163, 200, 112, 161, 11, 138, 163, 7, 71, 182, 127, 144, 192, 147, 169, 124, 54, 220, 208, 253, 121, 80, 41, 4, 97, 51, 129, 32, 228, 40, 227, 89, 226, 152, 51, 24, 105, 233, 140, 153, 114, 142, 244, 105, 13, 201, 150, 39, 192, 101, 50, 39, 57, 59, 110, 88, 201, 150, 221, 251, 248, 247, 250, 33, 114, 125, 200, 182, 163, 176 };
+            Log.Information("Starting SDK Server...");
            //byte[] cpriv = new byte[] { 10,128,76,30};
            //byte[] res = DiffieHellman.Instance.CalculateKey(spub, cpriv);
            //Utils.PrintByteArray(res);
            //table_Character table_Character = table_Character.Parser.ParseFrom(File.ReadAllBytes("E:\\documents\\Decompiling\\Extracted\\NOVA\\Novaria\\Novaria.SDKServer\\Character"));
            //Log.Information("Starting SDK Server...");
            try
            {
                var builder = WebApplication.CreateBuilder(args);