server now fully supports PC client, implement AESGCM, (Aes256Gcm not supported on android),

2025-12-12 14:34:38 +01:00 · 2025-01-15 01:17:15 -05:00
parent 7bd937dac5
commit 582d91d2a5
9 changed files with 4770 additions and 79 deletions
--- a/Novaria.Common/Core/HttpNetworkManager.cs
+++ b/Novaria.Common/Core/HttpNetworkManager.cs
@@ -27,7 +27,7 @@ namespace Novaria.Common.Core
            byte[] packetData = ((MemoryStream)packetWriter.BaseStream).ToArray();
            Span<byte> encryptedPacketData = (new byte[packetData.Length + 16]).AsSpan();

-            AeadTool.Encrypt_ChaCha20(encryptedPacketData, AeadTool.FIRST_IKE_KEY, AeadTool.PS_REQUEST_NONCE, packetData, false);
+            AeadTool.Encrypt(encryptedPacketData, AeadTool.IKE_KEY, AeadTool.PS_REQUEST_NONCE, packetData, false);

            BinaryWriter rawResponseWriter = new BinaryWriter(new MemoryStream());
            rawResponseWriter.Write(AeadTool.PS_REQUEST_NONCE);
@@ -88,7 +88,7 @@ namespace Novaria.Common.Core
            byte[] packetData = ((MemoryStream)packetWriter.BaseStream).ToArray();
            Span<byte> encryptedPacketData = (new byte[packetData.Length + 16]).AsSpan();

-            AeadTool.Encrypt_ChaCha20(encryptedPacketData, AeadTool.key3, AeadTool.PS_REQUEST_NONCE, packetData, false);
+            AeadTool.Encrypt(encryptedPacketData, AeadTool.key3, AeadTool.PS_REQUEST_NONCE, packetData, false);

            BinaryWriter rawResponseWriter = new BinaryWriter(new MemoryStream());
            rawResponseWriter.Write(AeadTool.PS_REQUEST_NONCE);
@@ -121,7 +121,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();

-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.key3, nonce, packet_data, null);
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.key3, nonce, packet_data, null);

            if (!success)
            {
@@ -179,7 +179,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();

-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.key3, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.key3, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 

            if (!success)
            {
@@ -223,6 +223,8 @@ namespace Novaria.Common.Core
                packetSize--; // skip in payload
            }

+            Console.WriteLine("aeadbyte: " + aeadBytes[0]);
+
            byte[] packetBytes = new byte[packetSize];
            reader.Read(packetBytes);

@@ -241,9 +243,18 @@ namespace Novaria.Common.Core
            byte[] associateData = new byte[13]; // this is needed for req decrypt (size: nonce(12) + 1)

            nonceBytes.CopyTo(associateData, 0); // associateData: [nonce, 1], 1 means AesGcm not supported
-            associateData[associateData.Length - 1] = 1;

-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.FIRST_IKE_KEY, nonce, packet_data, associateData);
+            if (AeadTool.clientType == ClientType.PC)
+            {
+                associateData[associateData.Length - 1] = 0;
+            }
+
+            else
+            {
+                associateData[associateData.Length - 1] = 1;
+            }
+
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.IKE_KEY, nonce, packet_data, associateData);

            if (!success)
            {
@@ -303,7 +314,7 @@ namespace Novaria.Common.Core
            Span<byte> nonce = nonceBytes.AsSpan();
            Span<byte> packet_data = packetBytes.AsSpan();

-            bool success = AeadTool.Dencrypt_ChaCha20(decrypt_result, AeadTool.FIRST_IKE_KEY, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 
+            bool success = AeadTool.Decrypt(decrypt_result, AeadTool.IKE_KEY, nonce, packet_data, null); // associateData NULL FOR THIS response pcap 

            if (!success)
            {
--- a/Novaria.Common/Crypto/AeadTool.cs
+++ b/Novaria.Common/Crypto/AeadTool.cs
@@ -1,32 +1,42 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
-using System.Threading.Tasks;
-using Novaria.Common.Util;
-
-//using Mono.Security.Cryptography;
 using NSec.Cryptography;
-using Serilog;
-using static System.Runtime.InteropServices.JavaScript.JSType;
+using Org.BouncyCastle.Crypto.Engines;
+using Org.BouncyCastle.Crypto.Modes;
+using Org.BouncyCastle.Crypto.Parameters;

 namespace Novaria.Common.Crypto
 {
    public static class AeadTool
    {
-        public static ClientType clientType; // apprently the ike key for pc and mobile is different somehow
+        public static ClientType clientType = ClientType.PC; // PC uses AESGCM while Android uses chacha20 (Aes256Gcm not supported on android ig)
+                                                             // for now set this field when switching, TODO: implement auto client detection from sdk auth request

-        public static byte[] PS_REQUEST_NONCE = new byte[12];
+        public static AeadTool.AeadEncryptHandler Encrypt;
+        public static AeadTool.AeadDecryptHandler Decrypt;
+
+        private static readonly byte[] associatedData = new byte[13];
+        public static readonly int NonceSize = 12;
+        public static readonly int MacSize = 128;
+        public static readonly int KeySize = 32;
+        public static readonly int IVSize = 16;
+
+        public static byte[] PS_REQUEST_NONCE = new byte[12]; // hardcoded nonce, probably makes it easier for server idk? could also just randomly generate but me lazy
        public static byte[] PS_PUBLIC_KEY { get => DiffieHellman.Instance.ServerPublicKey.ToByteArray(); }
        public static string TOKEN = "seggs"; // hardcoded for now

-        public static readonly byte[] DEFAULT_SERVERLIST_KEY;
-        public static readonly byte[] DEFAULT_SERVERLIST_IV;
+        public static readonly byte[] DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
+        public static readonly byte[] DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };

-        public static readonly byte[] FIRST_IKE_KEY;
+        public static readonly byte[] IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");

-        public static readonly byte[] associatedData;
+        private static GcmBlockCipher cipher;
+
+        private static AesEngine engine;
+
+        public delegate void AeadEncryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData);
+        public delegate bool AeadDecryptHandler(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated);

        public static ReadOnlySpan<byte> AEADMARK
        {
@@ -40,57 +50,71 @@ namespace Novaria.Common.Crypto

        static AeadTool()
        {
-            AeadTool.clientType = ClientType.Mobile;
-
-            DEFAULT_SERVERLIST_KEY = new byte[] { 74, 72, 42, 67, 80, 51, 50, 57, 89, 120, 111, 103, 81, 74, 69, 120 };
-            DEFAULT_SERVERLIST_IV = new byte[] { 225, 92, 61, 72, 193, 89, 3, 64, 50, 61, 50, 145, 59, 128, 99, 72 };
-            
-            FIRST_IKE_KEY = new byte[] { 51, 76, 83, 57, 38, 111, 89, 100, 115, 112, 94, 53, 119, 105, 56, 38, 90, 120, 67, 35, 99, 55, 77, 90, 103, 55, 51, 104, 98, 69, 68, 119 };
-
-            //if (clientType == ClientType.Mobile)
-            //{
-            //    FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
-            //    Log.Information("Mobile Client Type with key:");
-            //    Utils.PrintByteArray(FIRST_IKE_KEY);
-            //}
-
-            //else
-            //{
-            //    FIRST_IKE_KEY = Encoding.ASCII.GetBytes("#$*;1H&x*)0!@,/OcIe4VbiL[~fLyE7t");
-            //    Log.Information("PC Client Type with key:");
-            //    Utils.PrintByteArray(FIRST_IKE_KEY);
-            //}
-            FIRST_IKE_KEY = Encoding.ASCII.GetBytes("3LS9&oYdsp^5wi8&ZxC#c7MZg73hbEDw");
-
-            associatedData = new byte[13];
-
-            // assume AesGcm not supported (frida log)
-            associatedData[associatedData.Length - 1] = 1;
-
-            PS_PUBLIC_KEY[0] = 69;
-            PS_PUBLIC_KEY[95] = 69;
-
            PS_REQUEST_NONCE[0] = 42;
            PS_REQUEST_NONCE[11] = 42;
+
+            InitAeadTool();
        }

-        public static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, ReadOnlySpan<byte> associatedData)
+        public static void InitAeadTool()
        {
-            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
-            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
-            KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
-            bool result2;
-
-            using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
+            if (clientType == ClientType.PC)
            {
-                result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
-            }
+                AeadTool.InitBouncyCastle();
+                AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_AESGCM_BouncyCastle);
+                AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_AESGCM_BouncyCastle);

+                AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 2;
+                Console.WriteLine("Select PC client, now using AESGCM");
+
+                return;
+            }
+            AeadTool.Encrypt = new AeadTool.AeadEncryptHandler(AeadTool.Encrypt_ChaCha20);
+            AeadTool.Decrypt = new AeadTool.AeadDecryptHandler(AeadTool.Dencrypt_ChaCha20);
+            AeadTool.associatedData[AeadTool.associatedData.Length - 1] = 1;
+            Console.WriteLine("Select Mobile client, now using ChaCha20");
+        }
+
+        public static void InitBouncyCastle()
+        {
+            AeadTool.engine = new AesEngine();
+            AeadTool.cipher = new GcmBlockCipher(AeadTool.engine);
+        }
+
+        private static void Encrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
+        {
+            if (!needAssociatedData)
+            {
+                byte[] array = AeadTool.Encrypt_BouncyCastle(key, nonce, data, null);
+                result.Clear();
+                MemoryExtensions.CopyTo<byte>(array, result);
+                return;
+            }
+            nonce.CopyTo(MemoryExtensions.AsSpan<byte>(AeadTool.associatedData, 0, 12));
+            Span<byte> associated = MemoryExtensions.AsSpan<byte>(AeadTool.associatedData);
+            byte[] array2 = AeadTool.Encrypt_BouncyCastle(key, nonce, data, associated);
+            result.Clear();
+            MemoryExtensions.CopyTo<byte>(array2, result);
+        }
+
+        private static bool Dencrypt_AESGCM_BouncyCastle(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associated)
+        {
+            bool result2;
+            try
+            {
+                byte[] array = AeadTool.Decrypt_BouncyCastle(key.ToArray(), nonce, data.ToArray(), associated);
+                result.Clear();
+                MemoryExtensions.CopyTo<byte>(array, result);
+                result2 = true;
+            } catch (Exception ex)
+            {
+                Console.WriteLine(ex.Message);
+                result2 = false;
+            }
            return result2;
        }

-
-        public static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
+        private static void Encrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, bool needAssociatedData)
        {
            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
@@ -108,6 +132,21 @@ namespace Novaria.Common.Crypto
            }
        }

+        private static bool Dencrypt_ChaCha20(Span<byte> result, ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> data, Span<byte> associatedData)
+        {
+            Algorithm chaCha20Poly = AeadAlgorithm.ChaCha20Poly1305;
+            KeyBlobFormat keyBlobFormat = KeyBlobFormat.RawSymmetricKey;
+            KeyCreationParameters keyCreationParameters = default(KeyCreationParameters);
+            bool result2;
+
+            using (Key key2 = Key.Import(chaCha20Poly, key, keyBlobFormat, ref keyCreationParameters))
+            {
+                result2 = AeadAlgorithm.ChaCha20Poly1305.Decrypt(key2, nonce, associatedData, data, result);
+            }
+
+            return result2;
+        }
+
        // probably wrong
        public static byte[] DecryptAesCBCInfo(byte[] key, byte[] IV, byte[] cipherBytes)
        {
@@ -140,6 +179,47 @@ namespace Novaria.Common.Crypto
                }
            }
        }
+
+        private static byte[] Encrypt_BouncyCastle(ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> secretMessage, Span<byte> associated)
+        {
+            if (key == null || key.Length != AeadTool.KeySize)
+            {
+                throw new ArgumentException(string.Format("Key needs to be {0} bit!", AeadTool.KeySize), "key");
+            }
+            if (secretMessage == null || secretMessage.Length == 0)
+            {
+                throw new ArgumentException("Secret Message Required!", "secretMessage");
+            }
+            if (AeadTool.cipher == null)
+            {
+                Console.WriteLine("Must Init:BouncyCastleAesGcm");
+                return null;
+            }
+            AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key.ToArray()), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
+            AeadTool.cipher.Init(true, aeadParameters);
+            byte[] array = new byte[AeadTool.cipher.GetOutputSize(secretMessage.Length)];
+            int num = AeadTool.cipher.ProcessBytes(secretMessage.ToArray(), 0, secretMessage.Length, array, 0);
+            AeadTool.cipher.DoFinal(array, num);
+            return array;
+        }
+
+        private static byte[] Decrypt_BouncyCastle(byte[] key, ReadOnlySpan<byte> nonce, byte[] cipherText, Span<byte> associated)
+        {
+            if (cipherText == null || cipherText.Length == 0)
+            {
+                throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
+            }
+            if (AeadTool.cipher == null)
+            {
+                throw new ArgumentException("BouncyCastleAesGcm must be initialized first");
+            }
+            AeadParameters aeadParameters = new AeadParameters(new KeyParameter(key), AeadTool.MacSize, nonce.ToArray(), associated.ToArray());
+            AeadTool.cipher.Init(false, aeadParameters);
+            byte[] array = new byte[AeadTool.cipher.GetOutputSize(cipherText.Length)];
+            int num = AeadTool.cipher.ProcessBytes(cipherText, 0, cipherText.Length, array, 0);
+            AeadTool.cipher.DoFinal(array, num);
+            return array;
+        }
    }

    public enum ClientType
--- a/Novaria.Common/Crypto/DiffieHellman.cs
+++ b/Novaria.Common/Crypto/DiffieHellman.cs
@@ -33,11 +33,6 @@ namespace Novaria.Common.Crypto
            //    return result.ToByteArray(false, true)[..32];
            //}

-            //else
-            //{
-                
-            //}
-
            return result.ToByteArray(true, true)[..32];
        }

--- a/Novaria.Common/Novaria.Common.csproj
+++ b/Novaria.Common/Novaria.Common.csproj
@@ -5,10 +5,11 @@
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
-    <AllowUnsafeBlocks>True</AllowUnsafeBlocks>
+    <AllowUnsafeBlocks>False</AllowUnsafeBlocks>
  </PropertyGroup>

 	<ItemGroup>
+		<PackageReference Include="BouncyCastle.Cryptography" Version="2.5.0" />
 		<PackageReference Include="Google.Protobuf" Version="3.24.3" />
 		<PackageReference Include="NSec.Cryptography" Version="24.4.0" />
 		<PackageReference Include="Serilog" Version="3.1.1" />
--- a/Novaria.PcapParser/Novaria.PcapParser.sln
+++ b/Novaria.PcapParser/Novaria.PcapParser.sln
@@ -0,0 +1,24 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.5.2.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Novaria.PcapParser", "Novaria.PcapParser.csproj", "{E5605F32-2159-31B7-BB16-7C24F60235B5}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E5605F32-2159-31B7-BB16-7C24F60235B5}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {3F500C61-DDA4-474F-AE04-A3F97AEEF0B6}
+	EndGlobalSection
+EndGlobal
--- a/Novaria.PcapParser/accidently_too_many.json
+++ b/Novaria.PcapParser/accidently_too_many.json
--- a/Novaria.PcapParser/full_everytghing
+++ b/Novaria.PcapParser/full_everytghing
--- a/Novaria.SDKServer/Controllers/Api/ProtocolHandlers/Login.cs
+++ b/Novaria.SDKServer/Controllers/Api/ProtocolHandlers/Login.cs
@@ -40,7 +40,7 @@ namespace Novaria.GameServer.Controllers.Api.ProtocolHandlers
                Id = 1,
                Hashtag = 4562,
                HeadIcon = 100101,
-                NickName = "夏萝莉是小楠梁",
+                NickName = "seggs",
                Gender = false,
                Signature = "",
                TitlePrefix = 1,
@@ -54,9 +54,18 @@ namespace Novaria.GameServer.Controllers.Api.ProtocolHandlers


            byte[] real_key = AeadTool.key3;
+            ClientType real_client_type = AeadTool.clientType;
+
            // load from pcap
+            AeadTool.clientType = ClientType.Mobile; // my pcap were from mobile so gotta switch it over
+            AeadTool.InitAeadTool();
+
            PcapParser.PcapParser.Instance.Parse("all_mainmenu_packets.json");

+            // after pcap parse switch it back, this should rlly be done inside PcapParser.Parse()
+            AeadTool.clientType = real_client_type;
+            AeadTool.InitAeadTool();
+
            PlayerInfo pcapPlayerInfo = (PlayerInfo)PcapParser.PcapParser.Instance.GetPcapPacket(NetMsgId.player_data_succeed_ack);

            PlayerInfo playerInfoResponse = new PlayerInfo()
--- a/Novaria.SDKServer/GameServer.cs
+++ b/Novaria.SDKServer/GameServer.cs
@@ -19,16 +19,7 @@ namespace Novaria.GameServer
    {
        public static void Main(string[] args)
        {
-            //byte[] spub = new byte[] { 0, 219, 176, 103, 73, 245, 239, 125, 227, 240, 79, 51, 62, 250, 113, 143, 251, 155, 158, 45, 101, 1, 6, 185, 140, 153, 221, 163, 200, 112, 161, 11, 138, 163, 7, 71, 182, 127, 144, 192, 147, 169, 124, 54, 220, 208, 253, 121, 80, 41, 4, 97, 51, 129, 32, 228, 40, 227, 89, 226, 152, 51, 24, 105, 233, 140, 153, 114, 142, 244, 105, 13, 201, 150, 39, 192, 101, 50, 39, 57, 59, 110, 88, 201, 150, 221, 251, 248, 247, 250, 33, 114, 125, 200, 182, 163, 176 };
-            //byte[] cpriv = new byte[] { 10,128,76,30};
-
-            //byte[] res = DiffieHellman.Instance.CalculateKey(spub, cpriv);
-
-            //Utils.PrintByteArray(res);
-
-            //table_Character table_Character = table_Character.Parser.ParseFrom(File.ReadAllBytes("E:\\documents\\Decompiling\\Extracted\\NOVA\\Novaria\\Novaria.SDKServer\\Character"));
-
-            //Log.Information("Starting SDK Server...");
+            Log.Information("Starting SDK Server...");
            try
            {
                var builder = WebApplication.CreateBuilder(args);