From 06dd3d7ebfe7aba000d64d59cbe4e003cbc354d9 Mon Sep 17 00:00:00 2001 From: zefie Date: Tue, 13 Jul 2021 23:24:33 -0400 Subject: [PATCH] proper encryption sessions to maintain working RC4 stream --- hacktv_updsrv/ServiceDeps/LC2/LC2.tok | 34 --- .../ServiceDeps/LC2/LC2_OISP_5555732_56k.tok | Bin 0 -> 6047 bytes .../LC2/LC2_WTV_18006138199_56k.tok | Bin 0 -> 6063 bytes .../ServiceVault/htv-update/update.html | 2 +- .../ServiceVault/htv-update/updatemenu.txt | 16 -- .../ServiceVault/wtv-1800/finish-prereg.js | 45 ++++ hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg | Bin 13922 -> 0 bytes .../wtv-1800/offer-open-isp-suggest.js | 37 --- .../ServiceVault/wtv-1800/preregister.js | 38 ++- hacktv_updsrv/ServiceVault/wtv-1800/test.js | 9 - .../wtv-head-waiter/finalize-security.js | 1 + .../wtv-head-waiter/login-stage-two.js | 53 +++-- .../ServiceVault/wtv-head-waiter/login.js | 12 +- hacktv_updsrv/ServiceVault/wtv-home/home.js | 37 +++ .../ServiceVault/wtv-home/splash.txt | 2 +- .../ServiceVault/wtv-log/phone-log.js | 10 + hacktv_updsrv/app.js | 219 +++++++++++++----- hacktv_updsrv/hacktv_updsrv.njsproj | 29 +++ hacktv_updsrv/services.json | 38 +++ hacktv_updsrv/wtvsec.js | 12 +- 20 files changed, 397 insertions(+), 197 deletions(-) delete mode 100644 hacktv_updsrv/ServiceDeps/LC2/LC2.tok create mode 100644 hacktv_updsrv/ServiceDeps/LC2/LC2_OISP_5555732_56k.tok create mode 100644 hacktv_updsrv/ServiceDeps/LC2/LC2_WTV_18006138199_56k.tok delete mode 100644 hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt create mode 100644 hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js delete mode 100644 hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg delete mode 100644 hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js delete mode 100644 hacktv_updsrv/ServiceVault/wtv-1800/test.js create mode 100644 hacktv_updsrv/ServiceVault/wtv-home/home.js create mode 100644 hacktv_updsrv/ServiceVault/wtv-log/phone-log.js create mode 100644 hacktv_updsrv/services.json diff --git a/hacktv_updsrv/ServiceDeps/LC2/LC2.tok b/hacktv_updsrv/ServiceDeps/LC2/LC2.tok deleted file mode 100644 index adaab7b4..00000000 --- a/hacktv_updsrv/ServiceDeps/LC2/LC2.tok +++ /dev/null @@ -1,34 +0,0 @@ -ANDY...........r`.{....}..8..".,....}...lIa.;...b..c..d....e...f..g%.c*I.h..i!...j).k.B.lH.m.=C5*@.n -.1].oQ.t..Ip.().{..Isetdtr..(C.);.Idoelay..1>..z..1....rC...}M.q.(..r..R.lIs|...w(...P)e..P;..r..0.t0.u.,~..v.,lIw;..1.v.){.i(.!..D).b;..'.P='.D.o.i(.-.>....j....IUx..y[.za.A..N8.B.=..C.C -.UzN.D..A..y~..:...NC2<..y3.N....}.a....e{2.g.$. -...=.v.[.A{.D..d -(."M.A(.....r..a....f.u...ep.G...PQ...R.."E..F|.UG..H..F..F.....F.E%.r0.-.&.+ F..r-U.I.I.(lIJ..K.......j J|.J.w/C2 -.K.D..R,.%..H#LH"M.!.NM".!progr?esstex7 ....$..percen.tage..6...dGirt.".!')O...*IP.$Q.1*I.R..S -.TF0;?.0..<..U.04..#.."version>P0GC9.|.0. .#....!g..hon}es0tings..|@1n!T.EC8i.r.!...y.1?<.. -.0U..2..v1..3.)1..4.34.44..0.printf.(.STS: cou.ldn't .. .size of CROa..5....+i.z.3( -.9.)< -.R.!R .>@S).4.A.C1S..464?4W>45W5R..6=..F..A."..:f0^.8.. 15..w.9..8.I.;I.x...FON.E@%x, le?n=%d, ....+.,t.+w.,.!.... /Q.AP. ...@.....a.rF..Q>.Z!.. -P.-G.%+..$..e..2'.SV."W@P*I.X..Y... Z..a.a.CIba.[C.40.].aIfl.ush..send.s.QSATI3 -|.R!*SENT ....b..linf1Q.,WC3?..1.Q;.R.....8@.b}+fw .query go.t '%s'.,...i }efirmw.areb6. ..15..]mb..vb.`..c.m.`M.,SV1..001_WEBT.V-K56_DLB.0EDc8.!q..YE....;E.;.....b.?.....U S:.:..:i.sRockwel.l."..."..\....p|....+MR=0............CX. t.est retu.rned......O..`m....e...#S2.20.../..........._ x....+k1....0&.X#..s3&P..t6............Xt..... -Z....&.;2 -.c%a..d....e.C.......g. .O.A....2.p@....Ii...A;61.AcIj...0.#.k#.7#.l5.8.5.mv.^.G.9G.*.InQ0S1.aT.oZ..pb.Iq..r ..s..t..u..=.e.nablemod.em..tflow.controlN../S].baud^.>..pOeIv ...D2GV1E.0.3..3..T...P@..@..@.. -@...@.........d.[[ound v..@ .@jP, di9s..x. 56..]....p.....`.4....F..|!X....!a...+.+MS=11,.....[...,.,SS.51=3*.....R...@ss@.38=0S.30=180S9.5=36;.L3&.Q5&K.c. u ..qVP.5.I &(I...nec..with.videoa..)QN... B.M..e...... 5.S6=101X.r:...4XNr....0GC7o.. x.. ......#1.!....2"..6. .p1.8?.I..d.I.9}.....K.|....,.(./4.cw-.hack@...F.C.., .. S10=S%sS...,.A,.1.,.1,~1e.:.9....+....0$..0=S3...#...2.."./.1.....m......a.."A ...b..,.s.n..Z ......@..m9..1=@..P.'...(.(.1...( -. (.Q.6P...'. P.. .P.C..|..}5.&P.C..-.h.-.b..3..9.2.4.Cetw.indow....;0.~j.Iw.cx,pl.Iy~o~o~o~e..v..@Jc6dA.....bB..g2.cC.g3ndD.I..b8<....V.M..L.H..Y....-J...R.O...&!..g-Us..QLD pref.ix.+W.....S,..%..........5.5..KG9.9.9...!q..r.A.E..F......P.<=.....<...wa.itfo..H..p...),C7;.6....p.fig ....L.b..?: TIMEO.UT f.\qj. OWK (V.=..)=..I...x..G....C..... from .l.,..Y.d..S...T7.B.G..H..I -....statu..C.6F.J..C.B.....:...8.p..._.,S.lp*.*.%.orce.hook.....rt....K>.lIL.5.M|.N...R..=I.|._parser/esul_p@4.0.r5.b....@Ic9..e>.C..#T.NC4?255464...].V. -- %d /%s (..c...p...k....,..j#b{.&x...r..Up...oa -.....%`..: ...7.$..q%..q&.N.O CARRIE.R-.<-...- DI.ALTONE\.5x\.....BUSY...7..{@. ANSW.......G......L.C....C..ed!...e..*.&.*..-.C.p.b....E.E.~..0..2?..3G.b2..9.pm.2>.2.....34<.:<.<...)4...pd..4.......5.55.4....1c...|...i ->.p;#>.N..79>....?'..4s...83. .*5.M.....58....C.&.96.%:.........8.B. .A.jP.1R..9unknown..3..9|.<.<..?.>..6..O..PJ.J.J."J.QJ..@..R..J.uS..:..lIT..qU..0.<.*IV...W..X..\.h.....?,SISP-.R...1.+..,..C1?.u0...b .....e.*......ork..nu.mbeyq......=.IYKaA.....=I9E....,C2#......G....3..a..=.....+0C....>..d.!.&G.&...t....|b.....Z..s....P|...........A.TDP... -9...= v.R.......,:"....x.....Pb....k@P..D.....&.!<4.!b@...B r.c .W. r.r..., .ti.r...x..9B.,>.I.a.ler..SErr...!.: Your. recei.. .can.... to. WebTV. .Please{.t.a..Custom.0.Care at. 1-800-4.69-3288..J.. 3.i(e"...p.......6........ ........&.}.$g..c..#E. .3=..#;....%3L....0]...f.ancy....l..6.:.....S;G...6..Id - .A.O.IIir.G1.CuHlIew....Iw....... z..y......46.MC -...%w.0eL.N.<..D..w..lin...B.A&.@06..H.b.1...E.....U.. @.W...P....`..1eh.8kd...=..Iatoi..Dr...(.B.~)3A...i.@R..Bdela..PC;.S,Pf.12@..n..r.2c...g]0.odd...S..{.\.QNmU........Q..r.q......T.....E.IgoA=.5S.h -...s.dter{at.q, dc...prot..com.p.p.!..h!.......g/'.d.i.@!.l.j.8...9..r,l*I.kb.r..=X.V.T...Q!.P.....XQ.p,.X......al. g.../%sa.x.v...v....7dx..26...@.i.aP.failur.e,.$2...;.....| .s.....,`.....O.....l:.m,.nt....u7.nam.1.....pass#.d@vP*.........o.a.5.2.2..rtpp.4.T.u..Ap.P..)...=.AP/CHA?P auth..0..:0.0.PP ne.?0ia.AI.e_"r.C;0.........O..s.c..)<.....F.WARNING.@{S &. low.3..q6..R5q....rT"..Ys.#t.#u.#.c..[C3y.....0.`)U..8.Iii.>..NT%...,S.#..'....).08..I.1u.tefc.1^..v...V...k.:"p..M...sUs@1.. wi..".A/.D..l$r.". ..cv.dlIJ..J...system_>.`boxfe. ...la.. -.J..55G464b..2..IU.AJ..-a..-a..w........b...n."D.s.uppor.%.6.....u.h.......R..Ag........k.x..RlPyA.sPz..A -.uB..C.SlIDf.cEbUS#...tiyA.C76:7f1#.#....yea..gA:....dl`/.local...I.g.nCk.NC7.;2(.{../.z./._ 7_..../.. 6..c./.. 5 ..........Z.. ..7.........lIS:..L^.Premp<..to 6pl.......a$cVO.}.,=.c...[C8n...SD...%s .@........f.bf.f.f.f.A/.Nj.j...c.......WebTV...8....0.Wai.A...+.1...a.IS..n.swee.].=.\....-...M.....V -O.(..(...yI. ....v..4.4....*....rn ..k@..L(..Tx.bg..af....ebU..V*..W..X..Y.SW..windowsi.z;..u.........r.O.(@......ub.5.badQ(sVx. .(%d) for. Open...`.R8..$.Kr12#..o..t10..L0o..u1.d.<.J.m.i.j.S.-..-.1I...t.s...a...`..o.)....e.......,1.]...!..*...]...%.br..&! P.#. =y#mQ. x....."..Y...... ..........T..).,`+..r1.ZyS.{A.,se..tsf /4 7.7 (ANI=(...et)).uan.i..w.+.#.....I)l....k_.Z..g................n{amt.rvic...9=39==33\o. -.<32..na..IoA.i.=S |....[C6.]...0..9.....p. ).NN.=C6..G.5G....V.{.....7e.6Jt.8t.4J...j.. -.u.f. -.W.4..9....+...8...*...5RK.h ...h..; -..1..6....=C5 9-...6..3...K.U=^.4..;..:[..&.w.....3.w..@o..:.o.I.:..~......,.o.,.........~.I5....>....?...;.Q.{.ev..nlIUa..b..c..d...f..b..g.....!r. -r..y.........O.~........ \ No newline at end of file diff --git a/hacktv_updsrv/ServiceDeps/LC2/LC2_OISP_5555732_56k.tok b/hacktv_updsrv/ServiceDeps/LC2/LC2_OISP_5555732_56k.tok new file mode 100644 index 0000000000000000000000000000000000000000..a8116c0a58a8730a064e81e7e50bf0ac6b4fb861 GIT binary patch literal 6047 zcmW-lcUV)`|Hse0Hwhr)CSiyO<^}{A0kWBa#4xsxILXlrY28$hjXzrPmLwodq^ecsPG|D1E4=lpR#=lycl^hBSDN2i1d^EjC^Bb2bxX#n{wowu{Rk zg=86&1&lx!JrWNxoL~{W5!vlw!^;}?z)fr6%_>;-I$W4cUk)U}K+cpe0A-sC{j&mr z%t>w9hJ2C=dD05y{PZAdlK>PhM&_WcHWlcG+K4TDs2VKw^o4f-NkBbVOP6f{S$F8# z1<|zd0*Wk}{t>tbk*Ap|3OyLEf~*Jx2osv?li;B!rVP?c5GXwRBr~U(QI^XJT*0E} zd=!}THyH2<%mLYvFv$h+r=ma{mh(yg8DHjspTj}49?u(NtQ;E)@B~L08?n4*dLC#< zl=FQVD?ye6F5!Sk2D~C7e?@o!gZ;R$AiRfdB8}B#CSf*Ph{hx=3_N>l=|ZZBAT@+x zpG8$ogaI)K^Va6-NXxbGQTDQ!qNCtOEUq}UwAjvz#lJ40AxdAQG>4m(8OQ}tItwW~ z#1%r55p#RO>j~1VGa51!++2AIXgd!%q(Xf>;b1gbUwK)iGmhuej zQjjfA)p8vFu*`zJ39xyyZZm-yt1x*!Q#dURhZD9|^CJ zD%|C?iVCm31ir@BFk#hm)gw8sR)MwhKZIPc4yf=d{oht|O^CmlFle8f=ZlrHQe5EM ze7A%htIRGe#TG+vL+V$6UT3J{6$4I%T#!ityv4<7gC(vd=n_h@v`xJ=uBri>ud@|3~@n5*O+SCu-AYg$j5 z)O5U#0+C)&x7iP}oTXR~4oU`zd4o!=Cu)t_r$p_wKueY0*kIEb4HnXyzKY6EWrRn(08JAvgbR6bT=&B155Y9zS37VP)c|_jw^Ts8D86R`UD5%D3z#)ClSO_hE5JaCFr9M zrDn6#PmnC(D(3}U2``zeO!-435s1?Q@&!?7u_$WgSe=LIn9ey1H;LCh}8?B|I)~)lD+hZ!r+A zDkMK2@e6c+L`lYgOIV}-F>L3}_OBWJ5xijbeP=Mj4-fVf2YVef@hHieT{uF~+Hp$C z*1<1XT^jbWd!JzEO*kTCAY*AyJAj`3}!`N(~whsry`l6Z0vT z`9BI5$q7pXOJ~p;8$KAmF_y+1*tXGzyWdkI$D~K_rftT5Mf^5X-~O^RPb1dK7#^R| zJJidM9H{0W(8xcm78tZyJ~-T}PEOx_q8}=U3T}gZ*9s84dK7Ab;`8ngy;E|v2y{YG z?Avg4e3^Of*W&yv%tR7Zqq@f4xC(e52=G&K!0E{ET%+J{$X@t45TPQ(zA`rjb<5|i zC+xbTbaI!hHG3p52RgOglBARguP8jHz$q_%K(uY0r!+okwO%lUkOC=Dygu;>AvU!SrX2 z7PCcVv3}r^2a0nh@{YI5hnDwJd$$jz!f&)CBPR5Vmo`8g<&54Gi^kF-JB@C4{i?=j z+~nVWal%GgMv?13ugvJtpKI>eU{aB0f=ndLR{aK(R0wg~ zNl}M7!SVI16xXCUCW#D(9Qa3+fme+Mjii@U6NiYT?X=mX?cQ6Y+r4Ck%8H$Bo_ksbX}Jf6Q2J$h{x9-#_Gu4!ODCaa_dTB^ zXn)2sqXuJxnDLOj$HY)WK}Vd~Xg0cyd7Qh;o1eLhD##5`^WPpzflakkeuf`^FgWNE zO(0CCrKY3l9>;=Xg#C^uChaAb@Nz&1wB6n*@(_tUgg(EIo#Scfi_m8KBC5_eW4|da zB7;(R21-iF2n|`%levughS1#m6D3)29&3pec@{XgQ_uQ{k}3P4J#uQ4cZ!%AnHmuA zBK({4USMzX%gcYodS&M~Dt_XX%4F-x`;0#J>o_1fw`$Fc0jDYvV_a=%y zpH}4U`$yqwIS@Ts9Z*rt=(mzpLH;r)zlG2+svA7su_0CTNKUj z_0GIX-+z0_{Y4$J9i>@{@o$3{q}+dnA;IcmcJ}r&IH}>^-lp3dKk9og5Gd3M z)V=6V>W!-rG+6_w7B6hlPl&zMcKb=~Rk%JlxRM0RIC8>AXI9_jAbf?H8Q{9b$ zu9W3toD3T7ulie0kiWT<*(CYQvz-l6vDHQ^dCu+r8base!hY7M4Dk3%4>5~z9xG55 zVx{E?HcX)>RA!>t@zkPP1msq;#rV9I2juQJgQ?s}hZmpB<;Kqo#VPRuesVG|Vdcz8 zOn6BbT^0V`ApLvO)tUdzpfvHV+4@NMS%3ao8W)m`FVPQqm1v z>y7;+`?ly?9KWL*%;gQr>sRP;!l$u)M+e?;ZN#_tw}4>`Z0X(H`yU331PR6NO80BY zdu^uSESD%~F9hj_dsDM#8afeoy!&hH%JTddWv8WFF=GsGQJ?35`zLb#eE;10pOl|? z8Hf|#j}ElOJX}uQ79*5ReLbb? zla|mQFV_$yg)_M;1Xl^;@@NBh<} z3k_v6K90Wh&HfplCucf~A5h6lb&pOg3S_~_WuHH?U(dGT)h1a+`;=H&@%j6bT!s?A>Yhu(Z`Mvu zZcG`vJ)1gopXBIcm*Jb#k4aBhvU;Lo0+dY*7qejnrx<+1+2G+STah!V6QNp`{f{);3al`AH)k6lv&Fok{^$sdRd)2T5?gS;}XQB55AI zJqT#_qF8#SnG+rHm46_LznF^tHylLxkK)}wsfA-8fjZ<%{M4$5m`G;Jj#l$v=X3KuBcfBh!9aTKN_Be($kue}s zB+6IVWC~1WwbU#Oyw7`(%KL!VqflUm0wR;EQyrJ#OkzX02PseEqQ_>pU;N4Dx-C?+ zT4pp4TruhU+e4=3-pr|xl@#KIxqt1KDzPXSbEn0nUke86#O+-rqPhT&m+kM9;T~63 zo4<>&T#2xzeioq_V62r3HXk@euk@jISH_f0Fq2_irwia_fWp#9k6AiL`C-JtmsTx< zS*(E#7+IUyt=3EQbc*P5!Cjre9|Z0`DGrT4t8=?$EIYU6zYJ zBTM`<>msaQN)Cium|nA*`dO_TTtDb|o;T<;H@QKycI$>`m1<*S714{m=V#ZeZk+O^ z=lw7t+V_vUX=X$C)BbpCnLV$gHC}aXGG5gg)BrkJZUu*^`{4f?u7zhiGR;<#$w=BF zKM;F<$@-FI4XgS7`0n7BL#IkwUuIRmhU{Xw6{eqPJg}!nuV|9l&5F%5ME0vMvOEBh z?^NpXtcz7G+3GUo(#bRa7F|Y@Or9i8O{(H89SV&ApSLyRCsP*~z4oL4H>qwK~HV z?lMXx6ae?=oeTPPNNh;x;hb1o>`FX$Z{UiDjv6v=&H=5Yz;lj|zv^m_0PFhT^V`~I z$R;-@8!i@`Hs2114qFN!30^noyk&rVKQ$1Ip>1XYt;;72OIo+nI!brct(8kMW~!pQ zfutWgnD#D6KLmL~iuy@g;d%GTeERtJR?Z~!=i2{*b!(g}0Y{2WLw56hNORyWS+HU} zo?7}%SChS&M$aCG;*+m2$VkTehXZv)dF&E0Fr}jrKQkkJCkaqy5Ldf*E z1K!Vey8vqcXL8Hy3a^!NW45+mrQ1K5`BmoC*!Ee;9jR(lAT#NFHG@{)Q54(RUHq}b4U_xg(&Z`ry^6A~smuPFTkp!e zziM;0LGBBN%x~!OPF7jIqNao|f)}tdOw_?Jkw+$a3i~G_1w^gHY0S=}!tQwK7R)%3tqN zkVLI1A$`_j#Kb23nIRUG7jjayR8wAbZ7ZE4p}nJV&aRaw8wM`TDt)ugo{uzpO-P|n zn14=g|LtLwr@9LLS01v6#KMi}Ms&xRrlSQ4*>;5LcH)GDgt-Nw$7T~2SEzJPWE^J9 z=(mX>VY3?+zj5Hi}(Fy7A7jvTh4wjO8U#MQBDz2g-n|Ezcmw8aiQA&5k zLdq%@W%VUx@l?b7zrf>e57|Y1-&;@Y`&T>X)kPj4T6z!~m>vK|b>hG^wQ7BFxVgL$ z!J_9QwJ}(gk;Kp<6JfA1?^XU%((za5lF@9E$4@ugpSo_<&3Vr#vr9^fN-!1o;Lw4w zKG!yrmC$KDBQCM%JFKZv0Jw|jZ&(@W3`9UbYR!m1rj1uDavt|ZD2HpL|77K@zkN?U zo^`jnLw9kbO&JgWLW%F>$$Osl7+$S?;{z4AOut=uk*=GL_~pohJ%m>)Wx?!I28Rb% ze0|xmxILC;U$npCt#76x(HF>FuST&Il!p=9F-cQIb#W_3UJHW3>*4-EtC0X!KW zp!&4d&_mYiG>@PZn?#Tzkq893_JIXZx`5A|HmtplZ#8;SbwHxT04Mip`3sqs8`qkU#9kA^4bd9U(LsfXIANfx-Z9Nu_<=8I@4 zKGb&+5w@7R4?d2>LUu%$LcIwe@bh@bqsA+Q8B+6RPuhD-hA7pKdI!k}qo#7%Omi;> zeh7<`(x_bKpg5D62i=85DXXa&9eRfFRb~y8Sp(#M<|+?*ielJn+TSZ+tTc-xF>Qtv?v2|)~8^EPwzpsMTR;|L9nR(vlJm)#*{Lb^7KYr); zzVA;_oVyYL0R4Mxgo6Ut|NLzk0P}VNAmtV<;pri0c6M_spc*j^$e@6IS_-TSfb|Rz z2JpvJQWYDnjsd!O>_`ojWZ*!-U_%_K_EipSTng6#nNl1tCz<8|!CKf{3fV}rm<4d- zS~s=MVpiOyw-I2Ls|0Zwt(e}78#T>=K#&y-Z;YS{B9YcsLU|T^zqtsm2i*4o0lqAQ zjF`0rT!tFCzlA`mI2-^~M(e+bFukD)N0_q;V?mN zT&p&t_1a=cC0h*T0y8jh2NOY-8_b6{kap5qv5KZ$aPw+-qXt&|87`L6bAT)iD4EJR zpkiZjNNy-lxGBwBNSD(gKWecuC37yNSqO?3kY=FGts1ZoYR5OFK-FN8Ul6mb;p%;M0WMxVaV;RVG!eu-V!+@7Y7cPw|VsKs-7e)1OEQGn5$i}T!8{U+PMuOJ| z7R{qra6*Th_SiJlcqEX3$N+u5fv}B54RIF7m7D-~;xW~^MWqfwJoa@Nm81?Ll`r9E zWQXzrl*uMle8?9;67v}`33T$JO9+nK zPFei9dih{frCjCvPAe$z%In~3bQKfUywSW+VphysjZ|t%U7=8y1M$!P+`4mC>MG zxPAoaUe=ATFQV|&%LPfZe7;~^WnNDC?DE8AV#&JP!kicUyj-0W;?%b@SLPvY-Ec-8 z$Uu_dZ(%Jnd;2bOdvFD+PDj$oUFn8dYnfSB+lU(>2LK4NrfQqrb>EsCcN}kY+s(njEND@;{wxJ@8$o zWy*bm39r8*dI{RkED2<^a8`J3xTqXWt8*p+PAF2#1OlEnY>+gtdh7W!JcOrKBVvI} z7*F<`^+09FiwknARURyq%J}M8Azvnt^3`ci#4@2IgHA?$tXhkvc#b9u#uMnl0S=Z5~kdx^4yPaP%`l1D4oTu(EQc6^qpCruxh($n_ zX79yFWW56;r)}>45(Ltg4YW{y3Jc(!;O2q?T=0^Sw@K9Rm44a`Nn3FOzKf8j5R{L~jG+4Bc?geey<+-b$0~o%?E81T=jGj7>(W>(flU5~ zTSZz-**nEWxIl2sP3O)@Lb*sOkf;JDI~OCU3hMQzs}?9vkXm*ko5iG9Ritv8Un02% zNrbe$Ug4S9v>Pcuh~_JCTO-?G(wiGU8n`o@!9TraLo4RXrzW1oNWz-8nEwO(=c$Iy zcjW~-iC)2=eMaxn<{Up2m`yxJ@g~+_ze&v zVv=K7ej4IK;DJ}1`V(|whoUWSFmwrYuEQGusRlA-BeYLOZe)VpeT^E#V5>4SprznD ziysMz<0(@!ypn}egV!y4stncW{NeC@g|K$!tL${N94pEzxn5C@RzYj(HvqJxav929 zJ}kRE5GSKJF{cM^x&`vDkh@Qs7iTohM_Cmr73E+tuzf4s8};;E;MmUtwd z8q;m|vFlegW^-*w=e5yR!Zt*@{b*TMj}a@pDE_>tWpD9G=aDi7kYO_|UF$3w!ip2g zxYcf4XOW8_ekURB(k3~-o|a>}H0L;;_O-^=!O4MUU5v) zlv}%TJ*W50I8J>Y&y4MlpUX^ylsy)P7Mgq9ormNhTbQT#I|5R&cTj}+EN#kPhSOk6 z9VI0zIHf;q?sckAlu1p`L^5e7!{S7J&Q})wb++gRD;(-@bc<lM*N6idm6pj}Ez zY(ScX5|hqiy$%2D{wdTYeK+SZ>QY?Yp!!izHnTm=ZmKnz8%<<~&^u)DNi8(V&JqU`%e1s!(vhmX>qj2p4?uJQVc_6dG_COIBk z{^$FY$_Ubmu5D|s*1Z2@Wv9BrAo0c=o%c5c-n%|8$@v~Q*M-Z?5IyoR6U1_!xSA6WR!wrF6^pQ?uf=AwY zhT6=tXeF*KU!H_sQ5kWK72o8vz0vqYyxnRu*Uj*O(x+xnjcpbcBue@GMA57yEm4>v zl_rH1Or1f6*9}}e>PY`xi{H(upQjM2MQX5#Cq?T0I%^%YxS>OJ+hO%n8s!{fZuY7p;PVLXE~HDaYDuI ziD`pNUPgbBqxYGyqeoTBj5ak-RrQe|MLs@Zf?p9Ir|3Spe4=_SpJvwUFMYmCeSxxR zXpOtHxUOO>n@38Ill zt)J>`II&4%`%}G7Zs-DNPkhG2#)5U`I>>U~@`!VNq=xgYd(!>;?d{dcixK@}!)rO` zu5ob|FQ4U z_Zs6(w7T0t^HoNTx5;MW#}h*g1dlgC(t%in3y?IRB7*lNybMQJ+}+TG(}}Ub1IznYf-s+wLIB zqi8o*TEC69-Hf(>79FWO%~-7zHXlAm52Wz-t&gi1WlCYpU|?l|u;TI<+BBV~z7T!* zoyG9Ug>7*NU%F!o8xYtL8(yV5Ab1OeH1r&yFNaRUwIS(ImVZqbg&zIGT49w79?;Q7 zgO?sPrAU6Bdkr=&B2Gs!{Xd!3HB9S$zV&oh!HnB&ZT9)lx^-Ev*K5s9Rk#Zcc8nP{ z-<%7g7u*{ai}QWtrkxH?nGC@y9EyUjwnWY7c%r6zZeusw(ar7-3)l9-e>aUqOYZouziTE9c|j#Q)W~(D;!qUMk+}W zM6&0wNXqSMBbHmWRhOr&P)Cnn46zxS6>MdyBt5lC5bcQu!C$mB43uQtHC8ZDa2Q|| zh%_AWK^ys-={n7b;ox}oSJ}7X_e{&=gknhaTW(?JYNeP|ey_YU zkYdD&El!&uKv%nE$cRVJInU`&z3N}hpf+@s#CPv2{nSZjCGAPbRHpU0R26$~gw*Tq z9aIE-)$Z$p2t6;Y`wazWtL#Rjg=Dt88QbGle-8f$fB&a5#Mp0nF0XgWN1Fkjj_;qD z2TOYr3hAGRS_jh?gILbSvq^*5FGEiZ4wT)Ci=5mtaB4W=2djOPPUi(Y)LG#eR zzU5UBc%3D4dY;XUN-V~U9ySzy_K0SYZh6VrW;#zs)qUxnUagdxPG6r^=Ta|Sjj{TV z%Aw25=i@&=8?5rvRw4fZO_9tf-hgaCwhimLwnE{@DYO42;-n-g2tPf|Ur?zryjCPJ z-3dd2aQ3uj0j56XG108PL}#oGmrbt;Y==N1a&)k0x;F6jZI8FQff zz`w#920S7}M2loDh`%`y9!Z#bPJ3(R&#o16nSJH0%!+RqE^K+nuf)AUbtBEzuud`^ zJn_M!7wVnkGylA+^=W}5oAr+>baw}unu>CNR1{+}Zr&N(mJt{CR-VRWxVR#smp`n! zk=HR~)MLgYd;6y-wPZ)-!1&QY@h}}MzTw&Lr9&mZ-W-pfj-P5UywQC(kR}tR$z)cc zkhOjelqpR4Ti^egsE0B0L%qS*`BbBT${-0e#XbBW%DGs1u)io0l1LILselIuQ^~3w zJ!@SUOjhv#GnksT62d9sD)@rS28T-R0g?{dhQrh#QV-dohl8M{a5&{4oJzS&5$8%N z2T7uQ-!hm~;~zeU8D5iX$$Sn!m=1;N5Wr_BB^AiBrSuoR^S-+HDM8I);dPV z{|&Dqr>mGWrU7bUW^B)(mdtwxlBN3|)54VORj7Ri%qy zR`Z=Tx*o8|W>E3;)PDO9 zPw#a;L95IJ-4&xxr^WD7Xwa$7ZKPiKBz(h2dd~tuM8<^rj#>cT; Retrieving Files diff --git a/hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt b/hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt deleted file mode 100644 index e2aea456..00000000 --- a/hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt +++ /dev/null @@ -1,16 +0,0 @@ -200 OK -Connection: Keep-Alive -wtv-expire-all: wtv-home:/splash -Content-type: text/html - - - - - - - -Check for HackTV Updates
-Unlock Full Client (Options, Goto, etc)
-Splash test - - \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js b/hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js new file mode 100644 index 00000000..1e607636 --- /dev/null +++ b/hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js @@ -0,0 +1,45 @@ +if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) { + sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity(); + sec_session[socket_session_data[socket.id].ssid].IssueChallenge(); + sec_session[socket_session_data[socket.id].ssid].set_incarnation(initial_headers['wtv-incarnation']); +} + +var contype = "text/tellyscript"; + +// skip telly for now +var notelly = true; + +// if relogin, skip tellyscript +if (query['relogin']) { + contype = "text/html"; // skip tellyscript + sec_session[socket_session_data[socket.id].ssid].ticket_b64 = null; // clear old ticket +} + +headers = `200 OK +Connection: Keep-Alive +wtv-initial-key: ` + issueWTVInitialKey(socket) + ` +Content-Type: `+ contype + ` +wtv-service: reset +`+getServiceString('wtv-star')+` +`+getServiceString('wtv-head-waiter')+` +`+getServiceString('wtv-flashrom')+` +wtv-boot-url: wtv-1800:/preregister?relogin=true +wtv-visit: wtv-head-waiter:/login? +wtv-client-time-zone: GMT -0000 +wtv-client-time-dst-rule: GMT +wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT`; + +// if relogin, skip tellyscript +if (query['relogin'] == false || notelly == false) { + var romtype = getSessionData(socket_session_data[socket.id].ssid, 'wtv-client-rom-type'); + + switch (romtype) { + case "US-LC2-disk-0MB-8MB": + data = getFile("LC2/LC2_OISP_5555732_56k.tok", true); + break; + + default: + data = ''; + break; + } +} \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg b/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg deleted file mode 100644 index 2c3bdc9dcb4200ac300616d31f37198531b94696..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13922 zcmbVy1ymf%wrJxT2n2U`2^J*5bs)IAyE}xy5F`+s!GgQHTL|v%P9V5DgkXPi&iVJ= zxBmKnz5jZ8y1S}&*REZ=YuC2th39qPrK}W43V?xy0c4;*;JE|9LIyfv;Nf7f09Y&- zI4qdwWgrMZghxO`fJa0`Ktw`9L`KCzLq$PB#l?Jyjzx$^L_~l`fKN=$KuJtWONLKC z#ZFDj$i%|RLQKiQ{hFDZftiIF1_=oX6$KRs4Go8xgn)#E`TzHL?t#ex02l0s=fd6w(*k2Ebz>U{i94BEC{KMxt`Y;rtYvjZ7_8 z-HEF*c}Bx!;u3&@iib}?NJL9V&%nsU&GUwrk6%DsLQ+av1|+Mhrmmr>rLALXW^Q3= zWo_f?=I-I?<^3TrDEM6zKN`Gv)$jh~xa+dI2^`v>P2msi&}x4-Uw!vJu9lLNi}P0)YP1D$>tSa^6i zc%(n{z`%M!|8Q9F2$UR%*rLiv#?G&(I6oodh{a}CccM^pshr`OxJ;tr(Qt3jp8p}~ zFN*$q1O@z$DEb#c|Dxx42|$N~fqph{Sb#8a)`kQkO7)ge){~erZ{2L%)Sk(tYL2uS zN@?a<`*LIJgF>jBa)e!k#60#IED)-()BLiBk?#JL;>IbxPN0HEv|F#(U|^JW$zbn* zQctn!F7>ww`TRIN*_S5kosA@EaF@P(d8PV`@Xk!~c|?6*$Wk`6lI(jGOqlo%12e3r zi^qm?b(e6Ck5sfbA}9=bx;|4!DKLX%2c}$=_r(O;gGsBX&^Y#&iwC+6kVW^@EbQq- zK#GF%SX1A9sLZ@#baSdy?DtCGO=1mf7bK31H?#Y5B5r=&9aMFoUHD#PSz`wb&<=5PML5NtoEZy`}i&4gMg_x;q%WsM$Q=N=~?@WPyhNPoX7Vq$?hoKjQ`caUX zyMQ22Dkxw)=pCR4e>0G+p)n&=OO{JHLF-fhX&tK?;ftWZN%KP=W6Mx?A{C>an*m7^ zgz6_e-0+%^apJZVQu_#B{&9}tT$ZFz2=~iDmKcUefVL6cz5fz1r4(<9jc1b%!tj{E zeu6nv&x={x``9Uh6pMe00FYaT-v{`=IywhCDZ%~$Km~-x|K0Ehv^NXxuV$DVul6Qk zCZIM?f7l|Nh6a(bG4=%Wswhn@Avr`QaHpWR2buV4f7mHP(c2jEFY=VdToq|h~J{U#B zv0#3aGhbn#>xH`j8Ohp;o4L;6zVl#9r+pE2t~X39A`YRnAIRH+OS>v{ZgxN^u&QYH zf`!{oP;Nx-*~61+Vb!tK=|bot!ZBE_`j;AlutKYE-#HZ|^Fb3 zu6SeRF*MVZ1R(x&&G=sD10Q%0+cwl7P(PX?(4~se8zt?+q0S_$o1}_Kc%l>DlT@9h zj^(k7G(&D^tbBwQ^r(T~jC9k}Z4|{|D#4vfl8eY&q!B>BQP*A|Vjk!_pmUr*INqLEn51rqSE;>>((yz?KeMVDfnVNQ&QL8lSfIcpU=*nw~2n|70^dg zhw&}EUdmc`0LTg-V-*)Eet(mb?%_309unOl*}fs!bhdNfk5fHT`d*Hu73@qZb1v$F-mBQw)74wYNim32y(2y3r=0p)5jnuQIu~rB&ItjzAp1=W=U_=lA z8~_zy0J32HQGxo6Lzz>I!L&SU6c^Ec*|EGdjnB9RKkL{FLZ|Vp3MAzV6u<7GjPsL_ zeXhM}@Zi*nN~EZsikyKp6vWaFE26j@ir(o;D_JO>-}b0}CxAYc<~_-b`3=Jb0|xF# zQL#HD-0Yi*oC%>@O;S0K?2*UJ+^pI`L1KE2^VrxrGW5GkX~#TpV>wvLnl=(w4r$C! z36A6$*enR0S9I}fXvF}(&XRAu}l7XOnT4i=4KV`5abZ?sM2|LhowJzTd}TL zs0WrUQd4b5;4yUxylv%@b#G4pqR~b7$#B%@88GMC zB$YAY_^smVNjYa0D8qRWx70}i%Y%+~%?}qPR44GQddD=uPpe=UWurC1I4{~;NdzgI zRtj@{vFPSjlk4}=5vL$b?~2o?E0K4|HpQ#hPvZxS_qL_k-&AZR)H6YebancBeY?cY z6K;ohvr_e&BWlhl1%sOt`SJ7#-0!EzS23iXV1yOg4)lH8=nv(paatr|ZD1F7LjCsh z+0*<1nrDDot)!4R={k6LL?^C$%KwwO-q(nr*v?J|r1j>ao1;;a*4SsDOW1`HBJCB= zbOJQ45zzPx%8C=+u=kK^W~Z@L=Vdbv^!?K=^3F(!&^6DAq~4TleD=PSC8E*SC}Hr8Au?UM00+ z{A4LwZ<}YX{a!XE(FF%0CDMm9qoHm-RN*?G5**o`w~~h~O}d$C)GsgGZ9!7pwVco*X|wOrJR-%JQHJK|Cd*FpB6%?DfDYWpb^5I>u&laS<&dPc^tzmhZa8yuIJ3?B&WnXk zv}t;wOrPs~yqpH?c++nZMDiCyXKm*iZY&}+CtI+>ToNUPIXXynfqN>AbERVx6_`pW z3(?L?42rY5l{gNBj7PDG8f9>`3f&?``9SWpGb#gH$lCt& z#hc_)4XN#IGfTP3vdZkEg|D!4^>M9mdSoK})sRfD?+a?xS$>#eT7M5pst%sF50hsx zw2JSirtAkk^>2vHu@tp-uE^Bgr-nq7-_zkU5nKVxAAVOol<3W96phYAsF!KXWPPu0 z1j%m>=#L%etz%6*C8({KGt<~hcB#~d@RT*a(Qr*o7S#%bby+YOL*$q+7MQlDn`n-A zC}K5wGwSjY$x=Sk+nWtkhm2jyfRWGx|@Pntq)l_ zdPKvyMpI@~HwRmg%8TZ+Ws7t&axCB2+)Cc=e7R~-8NY_S)#rnkdb*46CiUv7y=?+` z4O6n?^0%`!uK4HvKJy9EHF-J zeaFN(##QIJ1)Psm3-KDr8k3l`$}V7s>mK@J_oZvU2n`8_U1yh|0#j!hu56^!Z+;Cm zV6x;^Zfa>RZ1vhjy5^4V>Xq@jmdTcRe3x?44IEcYx-K*4E_Y3zQy9#)sPg!Hu_Kop z5w@r8clwnd39f0~RScpi>LaHsmZw4IEB1TVA%ia`ttYIXf6#HS@Up})!BuNXbxRiX z3X~^@Lxs#v$3j@+AJa7CaeX%^EE}xMZzEw#cb7sfV2FvooaucW9Uqh0=8M3uCcoD0 z&R!~RR^`RR>%TfW+B#5yfzm-w{yxl80l(@of5YcRw8Co}yoQ1u^Us!)4G)FXO{D$V z1^J`CNaLgU%y<|nHO+3VU-?j4z4=!Ub`%K#B? zjvk-BB4vKyPon1ubCpHapbeCY)lWKx^qi<`t^05NCb{6xmgif|G1ob`p?T_wCnR)- z>qJY-2q6WZR_>}2(oI#hwItMW^3XzNH?daaXx<0HLpTOEugbHnt>*gWiRBG?rJ9oc zU$6whd`f($krw+#?Pm){*ooEZqHa<|p9|N;CJrBcRytoB!CX^vZHqRB7r&`A6{aOw z*RVTFF?Q?j(Ae~kxQsdmnoiZQ1)FiEDrV*YftUSZB(KP8qmBJ0Iphm8nInuEBvG*x z_Hd{&LVXMrOrkg_)g>0*ocDn`ueVYJQ`&lprEaOUw>4I3ngm@4rsHuEzTQzUd~9@; ztwte?rQF3q1(`M_+m&y`(E>-5Ah1wEGOth;%CO@!@i5+*SmM* zspV{1;Sj;#S2Co!KIR|HCWk(Cv1-wzfXu!1zr-%PlB*s{Gu4L-l^es?z$)B~xz0sN zF7Q*)-HdsXk434G6roky_kL}BzXN?PnS(vi!tSTe9+&kH9V#RKL33jFXbqw}=`|xW zJz;HYBrANE!V)sn07t!Uo(fke$as;p75d#Y?csRb;KQU@@Gx1o9QJEaFA9wc2t`c^ zs`gdjp#P)u{e6R9P{KzQM`eR~57h$^oU)8X@Za$bd>Z~HvxA6LmxcSHPvD6s(sp5| z$6%;$#c-iF=#rB#QEdeY)wz+6Ea;>RUua;bP3|HGMN|4hA{UcU!=yD7p~^}4oqF%M zNzTEMLabFuO~J2`_ubYkp6(8qS@+*&p3ZrlL9=`2Hl>Am)vPh5WFU_*MT5))Yx%(w zH)U5_6??X&-lP1)qas+btlAC#<=9U@(v%swk0e3kDU+;aI@DARGD5}#Yah%u&-z}N z<0~_B@d~u!@>sde)QqNuO`~8+(Nohu1LZoRL*rkYhVnBxswAVA$w*^Sf(H>~qx}5% z`sM4x99@ydeXcm%u4{a#8mTy5Cxou_nAsB`k=CZnHu_ZbUAVTl2#m3^=6`?HYNvW1 z=J*o=K2r(O%B$Ck{;}`TF}Ud3*IU@cuaWHbQmRUaPe5#k*zQ$4Z37 zuJ+N$thl&4lM21t2^V+vZ1>H{+#m#o!K;pq0i*y6q8W_g{Zz@GjE^0u+ zLOgiGHM8GyTYdEHa`wk-cZsQrI4ZX3mqv*A&TuDL{DQ9O*Uaf}uV{VLzAk&YS;Uma z*30_K#kMjJ3X99Pe0k9_h+8+{)*t2UL!m-*r%QjbTUGk)w9=$Rwxp5K0=drRp!Nu% zMq!cQ)2);675h+ioBp6fc^xs!2NsX)O;#FzY@BN1=y&8(=?6NiAca~+NqdK-@pwX= z+3@&b({1AFxL+FIrj#yu;%QOhp?y*5^hqEE4FF#s@(3Gewb^LcFe(z zzV*ird7F0TwR?B2aLxZMm{8+DbF%!ZnN_=TTOIrw=JKV-HaOdHsKg~DF;#0Suf){~ zM1G^ykf@IJg$M~j`^&WEc-NV5K+L%WJ&=yKu$f#2Xa zf+XD)HH2Ae);@7PNA$*>UYJc`jVsLAWy@nFpRvU6WGfmkiq>l~KA1&4JdKyt-?s|? zve+TN;>Bz=F{tnvuvra}8Lcg|X$5s`d%gri%}2AhYBklm>h}~4jk@x|GciY)^xKAq zEn#}|GgAR6j$el>0`n%$#*=DH84x6!*KdiF_#U{l<`%Yl)|QBLw&tc6WNyA2z!$v^ zEc`vG=dOo{^#j>_8_Nobk1ina0TJkNv;T%f9-NZQatxf%9X9uBd=~}j#qOf{d2v;2b5fveSh1RV?zQ@bZ^p9 z9JE<;bNSJT`(PGcch+XOE*Hv=CU3G+`#q#Go!b4^G>(oF)RN%;9sM3a^xu%&ks`*oGY?Q@LHj-P2a&95KC z>EGJ;@`DCXYD0(+W&JA)Z|+8nr~rE7i|UAgkcgA()4Ms1B%aApT%icv)HVif*~H0` zp~;$Jj@>5eOdS%-QNLg*Ty_r&YpTV1H1%|m2+I*Rm%_j(VWzqKBKZC&OQ$P2J+&43EuboR${tkl%&K~Zp(c6GPo0+7kAJ%E4oJ+ z!K)Qlfqiiiw}N&$;zsf%!R#f2dgo$4(#-Wvxs>52=SX>XcG|fJ2hTD-%86~YbwKKL zd|&S*-O$=+&vIC0?ULa!XHH&v%sfJRt0cg5C5iWKMExlIy72s-ZUuqh;Llh{xm+Cp>9 z&vDRF9#HQyeTQD*df;~}bghwa>RdE)B3>w;pR>xk;{AfovU$BvismrKn1+8%Q0gH+2;LUHh6<|w#iA^^fkijOt z%9P7u1Hl>r48iWF6xX2DPm`r9<<>s-7`g7wgv&r8FIoo+9IOb=HojRTlWJTIxpir_ z?dRm=_gO`v16ximiZ)50{OniRG<8IcbJYh#F=;4NiM~T(p9kQdfl%&k`KCo8AAar> z>bh@L(P|LuoF7;bFc(G+oAhK4Pwr*YAF_Rz(i+-TMk|U7MQPZoaLp*Hk@@dto&gF; zm#$z*y5-53BDI5|CH3Px%DFu}GUu3&{!w4|^|6EMs`F)CeeiO>Od_7m+Hq6SGq{!ZCXok`cZgEL-JYt>uv_)S#H<-fD`{GG1(uv>;P@dmcU9j+4Mx z%9Y#Dft`Nh}}l<{x%*38_f$$Q)PFiWrL+>z`Fb0BwHsT z#v62pT_p1N8e!NH@#SSy-QA}B&`ov2PjN?<=`w~8AIrf0xlDojE_G_$ zkwLnu=FsTXB$d`c=}TBa7bdl7Oy8ZVeiR8tal*Ac&K@X%EjoFbUl%a=jmByvu|QnrZh=d9f%z$ z<97BhGOS&*ePnJC>(f0g2oWda;@>Il1TOVnlal6lj~HuZjxOn16Y$|QPYA@;pKvda z;8cGW$%+A~`b#S-rX$sdIG3XreOlv1R)E9mB^ju&YHT{K9npe8PZmU+9u+dT{W24} zVd-Sz4bO(FfI^i$N^jy@=4cx_mxSuPHQ>D*leabNntd;GOT@ZkO~ex>cEG8|IDq3? zs`v4{zUQ@Uww%-^H8qoW{xKEFxi1KNY)3j08%0id^-htyEe~`PtFyv-OqX)DOcl+I zjZA}XS}7dN%boOkTZJQ<3-4#&PeMWiDvu%)%^doNswvj3H!RIQj2jao$swY2`J(R2B=&PhuNlM)yK+Rnm1RR z>zkG{sq~!3x_{)eTa*2~sXh@ra!{d-&5B`s>$iXSBu_Spw$yjiOuRf2c62t7jX{t= zO|J8CFJFaq@wKk?0;QH2WuGRh_iv@080gevmG7u)SfwHE$wGP2cY|q7wrLi*Ng)%F z7ZDL*QOtcqVwP9&d742MsLhshCPT=|dg1pvPt*>dNBjwLB78Ro`VYklpepf# zj}k8pdnAo}vtpBI0Q_JvI|$#1G%Gtk#t(CalB-o~EXq~ZO5EqiN}i(HUO z8=^5I8cbC;+?DFwxB!6PPbo!aL5U(LC+}N4j2y9uUHwoY zmX?`B3MP5t!2_*w@gf`g_B{huHY(T%sW=eUR3~pG#b4K@bsCL~Vwun=1aaw?+2B@g zmP$eth%`U_;iU>h88!ZAodlNQP)g+Lc6#kMN?c+OFH|JMp(NU$ISVVV!otm}4tO2H z4vox$Q%4V+WGJ@Cx|#TjZ)^ngk`$QbBA#YjgCpXWGFcn0X+I#4kpDt1y>Wu*BpsPt zy|1)m3j~#P6O~zxAcQ-i5C}()_F@dL*cD&Y4-CiJ@a`?sRkL#!QL`)}d{;qotlU=F z@0)K9FGMIYUAtEfuvYP*vy4oyLD{6Oy(Z^)C{l_jizBBYTKRJ74vTAA>yGekY?o%s zPwy%p%8ClCV4hayWOm9Ky2#_Q|#gU807b;N<|voFTDWt4{jxHY^P4Yp<(#*it1Pc zId=!Osx>FsO@gcYoG&Wz>C3OW_HC2rZymjzcLspB>LR561m)J<30ixFijX(VvnePd zcy(yaEE)VJk!HSMfv_+A$y$B&>{ewq=?3>>)8eJ%AF&N z^yP|m^cCT-;7$OzasE;@HB&RgDp`^uh@j31y&~JFhjeFky zoVdNa?V%Ob7uHU!ij^1_>8nB}l-BBD)Vxz?(>We^im#vgjvflr(w^eKm%sFq`JN+L zYDoQl)PZCm6|@9yk-p|p$x5ku$D;kB{&)r-d-TTWnC819#o5Z`?+iu({KyKuvjYuU zqViwyGL*!hkWMmB@t!P#LqJ+d!QtZbS~Kvi4{1?eOuhg#d?v|WTB?;6o;X!X1-zERBlI_BlcsAu*&|0oUx zo>-9tL9pQ&IEM`m(I3*%T1dTjRbq>nJMf4~Rlrm{!|~PEna7{ScZn=tU9BTib4qW$ z^_@O|T9W3t4iLLJHJtQ?d%5LOTic?<1uUWC5w$HdlP}6UjWPM6{PYW~juq>l`GSZc zuitDd!efg*%46qyx^;QEQ#!g69}cSpc!@@GL{O3<3je;!6_s2?cqb6pLLG2&L5yWZ z#fqqvz~lt#7gqixvB%hYjZ;Lo%uZ@?KIh>@JmQA>Rn^}GBy1q_VB=R2VSuHN1u9u> zCBKq{b9N`z-8N0jeDFG#SE_BX$W+(wP1R_NkwB=@4|&J9TS;D=SG5n@B~f`Z99{n| zXMWpiPVg&Vmp_uA4{D`Rxk(18OTLT7Ec@yXD;Ajt@5@4JAWB$3A&hn-A#ABG&d>nF z8*_kiC$$zhRgo^FA6cxr6&Yq|nfl}{{CKI860*4S3}iSy10PeM(Qw{}3-JApKW6Rd zGw?3+=?)qWzXXp%eLdf;V4@-->t{+oV2PktC(4+H$)v}2Y{ajJ0d0@P;AcR%QTX<{ zz0V)>Sne6Pdu)CN+RH^y{;y3>+(7$M<1=u1?+Q(q(D^T~J#oWi=g_s4>p!N-K~8=e zwT6`yemYE>b7$&G`L_Bw&WAYj?2Fg*llQ9S(|74-09WsjJOpfwd$hfv_)FrO^@Ox* z=I=Z52X!>^kS8-XkO#~LJCP-s{+zGSl<=<-TT;=-JRy(={u35E5qSJp-WuIitzSDt}&rDx!0k=JkXkwA!k;6K2b4=B)%$ql-n0ZvRyw$5h&IVn zKKh9%bG``7Nlw!WbM~h){qM@8`8_Zv2FL^MpHYAhx4`FWPwmjLkwA{fp`?uSVXczi zdy{X<9sUCEh(hVuz4n-^OWm!Vp=%A;0BDI+C$3KQxeugrcEVd|3mO@rzL6i#!1(d_ zolKVWMP^q<*YQPLRW}e4+jq8d3NN6>&l)PF{>$ z9;Py)7PFFx`jgiSs|Ym9!~V;dLmz&tx>L18FLgK5j-`4!$UyK1M2!1AMT=eAj@mly@LC; z?X@K43rR;DvdO6M4l=?7_1u>Bw@FUVfZSHJLHrzEl1%nxwRHFC3q0nVa&gLrOZOjy z{fZytUPwO1lN@~nV|;u|_pvonvdYP0)sj44xKz2VS;-aZ9z82}BfmQ=hJLq-P&aCH z$>fuokOlc!IX5)cUp`a&3>XSO+6a|O-zmAi7Jk8v355m!8Z%n|9ApkDS2J6vFZ z(ENZn^hMT=1%3}0Zpm5)nBn#*-FA-^XQ_#c0W&3U?7OtPqox0FjsF!)qWCkO z7p>`q(8~2`ohF-BxqSZ0T)TMc#SwTn`bo%kij&oP$-VrsKMq}n*xE&V0Dytm63r&i zdZ1}&H%*{p!@qgI6(F71Tf?^-T~rjslzM>j=14hlYK{Uuu`DYM7KGc9;xK^xtrhcb z^BIUv$znJ#5c?*!`eqB;n_iFsHvNy01v>%zx7h_F^u=qA(&7uw@OFY&HzjD3@3)4! z(N3AE4y34T)SBluiOh}~U2Cwux~YZ#DK&QHl?-{XfOkXG3Z1HhxZ9n`=0&!WrhRf5ZK@|tbWcqggg2(} zVt6*s>Y9O zsi|I-idUO(m{RjGN9!bEm~GN$F^9SNQ2M9TQ6OnI@=`@p9s zR5k=%*L?93;tiha_{vqbRyhy54`H7xkT}j&wQ3wO-jUmcY4619qOPaGLF8Y}u}H^# zREd|YI2qR$S|-08s1#=XMPA(Iml1++vvl=dF2$hrO|r{8UO)ENML4jhQ=fF3xdxP( zeYVyHd@a>XQ<9`3{&7393Y&2m?ZK{UoxQC&@hOb98I(i;i+%nNF%Xcmk5VZ#$$(+3tH z-B^fw!v2Br3`{h$2_NoF9#vi+-`Bsr193f!f?u>u}wWq*QC5lrN|n_s~Xfo8D;HFmdOu?;^1pXj2^Bc9xE5jGYu z!#}?5e^7<8XC0KgXeylU+v(*2_wz60|9XGIfYkq2V>fhBQFz9 zTsI_MP^5*LJDtQ-V^`G6ga4G^(6mQq+Mv9uF;ps+Mr0Q?7q;cKm!}v>ji*VmkcIJ) z;YsvREAor*$H_Y-m}+nfGpi02x9Nk-a`?93bPLLO9`&}uhgi2c}EHf8pL-` zFV4rt>R|HI*{3d_0n#iu0mJ;=r?(=AZtZg84<7#L`+iB8zm5UIsYiC<^Cf^Q|F;2n zvktJ7yMn6z{Z_zO(!Mt|OfdoT-|gZ3KRvR!efzr$n1A;<{tr&Czx#yU{Rhi`fc#I< z{u{~Fw}-_4gRXoR6E5Dx?$B1pcN6d*+~i*eFq}7^F{Oh~Btg@zG%WhSRL&#uV-yVfT{}wF2g?BH{kstdG{({0xGvu761% zA#61Tb|FOI84$qLYWu1kr)`~-GzntOZ0WhX~;4 z1qiZ$322G52smH>xB(aun4kXG{uql{fIGAWX3ihaAC>_I8Y4xiqr%(isRoer;+9hg zxC*ArKZdt@LbL#B6|k3}HFCNAPu{vlyZ{_8HHGqw@^JjPJDY@9XDm$pA+sXi)J9^(ZAkLAEQ14rY0rGozAgcuG54P-#k; zgcJaTzaQGmjdfAjY&-Wzmb7n)t$*%iW#IYn)4Y6~<9soCD|Ab;YbmVLUfin9*&G{J zdEjg)YL0`-MP#Ab$J-8f1)#14<0CGc4Hi~M>x;d-%0l=nKTu%?$jt|60n$C_T$%X8 zh@goe3n;;?K}C-aAPXp50ZmzO*?%T33OZ@9zHm=MN5Y3WP(}iKSIzW3hx!)-;xf(f zXWn^Ka)foRW-)7bAZLPR`+IMi09?gA>8U2#V^jJ89cAm40P`vP`a{GzTaQL;(v7ql zT%>K*jG(C8dSO2;AD&Y^wm5lwc2$X{rbO)u3QLa2WnF94y2sTlME;I<7|eXKB^p&i z`U5G`-4jwnm(pC{f?#XNSF<^d9z{^@QcC9&JIySACA)2fO$l-hGL_TG@|$QRfm9A8OiXz+)q0r@)q3}?xI8{)i^4RN z1zmh_CB#+4zAH-%tg>FiX=-ZVeKquj=wzsPumcI6EXYhHgO$-G50y3A5NTyVj^>=o zJ735}n&dLGsMu?-Pp^T*XiK?qA`f!&dv-@1vI^m$r{Ll;^204Ve*?;s)imEeGe2*{ zCOqyobC6%D>#x_S2{}<1I^dcRjx$_;sTM}q^U~l= zZPQJXx|7%N^yntSa7VyU!T_6v^szdMuZGEN9bVX)iYX%NOTHT98DXeyE!`DnP}&uG z2At+>iOW;=c!@EDUbIko$dy{iG@{2vR6$cbt$jU4=^7Cbhj{(SGL}^WCPrU*R}+5h z9aKVez25tvQPs;xzr}2$8{Jg{``Nar%4u1RbQuLsI2D7*fbC!(Axtv`C((mTo+V66 zs#XgBS1t>_@E7Cg?1F0E6d8FgoOvTeD}X))(3^m@@Q1a6%7wfMfB^;pApGf%el7yT z4OsZ2PXJbb5@cC^c`)WTH@rFbjwYj_s8Ry9pqWJ4YQ+SsBCEV#jNRa@A*aFd=WjML za%0|3MOyJRm6;{Z;5iL6GIV=%zcrGI26Vi0!}w)m~30yv|mtbo9$6TXlce8Zr*&{ z0M^qoM~ITU!ZmG;>~j!O9?8}--;N}E%4m_Kk$iqYKGXrJ)HH=It9+L*zA5!byUTNY z*Qobs(-tgv#Jwblukg$K9Q$bu?NDo2(v={VV6BK&3-0hoSY>JFvS=}<4`vYfWm%=h zfuPW8zWNf{YVjt)bxs4RdNfP$+~&!5+>dh2ml9RXG!fcy$EA%l5U=s(9B!%xQFb2} z%CqR7eAqA!9CYH(KtbhbM)OXIni@pj4&Ow$i#&APndI26z^V^x^kCaBg!_9Xu}-Ix zV~{XbayU;-q9CYE?|QtloV~Pfu1XJby20M_HqR|iu>pA?_86bxb?Jor{#pTnR_7{( zT`tu5B;Id$g$^~+JMy50>p#M6GWz1_IsJXn_=ACd-Jlc$4PeP@C>gCJey!*UJBw762`2PdFwH z@nZMxioT;`eEDWdl;X_C1;JP+ElgkiMQ|V46*!o#AE9M!0*%^K?WNxx?sXOkBhv-3^NGZT+HBnTEzKM==xF; zPyc8(_OBLI;xAdA9@6q%D!dLDLJs^;Z|qd*LB{n7b3Ds+s8L<5be(0!ER96mNC)Mu zB{lgm*|kddU}KTqY)Id9-sQke=aRIAUi<3cfPu8=zVbVAp85srTYl!GOAy5y*-wMx zcA9povOVM$Uef&rM73uX(e|!oI{n;lVyUzJ)PjMqMUd7D$6s20IL|=VYT@IxVlvQv zR`mci?nPS_?+>EPV8LD8XN8Z5$HJ#2{4r?H02*dj<`r=r)E%?8BSQbcB8&>2aF~Aj zo%>(jJc%-c`A^uQ|2HgxuXz6xeoEI4-*u_jDKS&zqXOfbGNfMoJmSFtenhD!_pbw1 ze>Q7`Ecn0ntN(b6ntu}9{H+9E0A;G+U#l4vcsl`C1pF=A|7>EII?z1$<3B1i0>In$ QU-ayM)NSYu=6Ugd0avS9v;Y7A diff --git a/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js b/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js deleted file mode 100644 index b61b6fe0..00000000 --- a/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js +++ /dev/null @@ -1,37 +0,0 @@ -if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) { - sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity(); - sec_session[socket_session_data[socket.id].ssid].IssueChallenge(); - sec_session[socket_session_data[socket.id].ssid].set_incarnation(initial_headers['wtv-incarnation']); -} - -headers = `200 OK -Connection: Close -wtv-initial-key: ` + issueWTVInitialKey(socket) + ` -Content-Type: text/html -wtv-service: reset -wtv-service: name=wtv-* host=` + pubip + ` port=`+port+` flags=0x00000007 -wtv-service: name=wtv-head-waiter host=` + pubip + ` port=`+port+` flags=0x04 flags=0x00000001 connections=1 -wtv-service: name=wtv-flashrom host=` + pubip + ` port=`+port+` flags=0x00000040 -wtv-service: name=htv-update host=` + pubip + ` port=`+port+` flags=0x04 -wtv-boot-url: wtv-head-waiter:/login? -wtv-visit: wtv-head-waiter:/login? -wtv-client-time-zone: GMT -0000 -wtv-client-time-dst-rule: GMT -wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT`; - - -/* -var romtype = socket_session_data[socket.id].romtype; - -switch (romtype) { - case "US-LC2-disk-0MB-8MB": - data = getFile("LC2/artemis_18004653537.tok",true); - break; - - default: - data = ''; - break; -} - -*/ -data=''; \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js b/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js index ea2b814b..41ef0928 100644 --- a/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js +++ b/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js @@ -1,10 +1,34 @@ -var gourl = "wtv-1800:/offer-open-isp-suggest?"; -if (initial_headers['wtv-ticket']) { - gourl = "wtv-head-waiter:/login-stage-two?"; -} +var gourl = "wtv-1800:/finish-prereg?"; +if (query['relogin']) gourl += "relogin=true"; -headers = `200 OK + +if (query['reconnect']) { + headers = `200 OK Connection: Keep-Alive +wtv-expire-all: wtv- +wtv-expire-all: htv-` + + if (sec_session[initial_headers['wtv-client-serial-number']].ticket_b64) { + headers += "wtv-encrypted: true\n"; + headers += "wtv-ticket: " + sec_session[initial_headers['wtv-client-serial-number']].ticket_b64 + "\n"; + } + + headers += `wtv-client-time-zone: GMT -0000 +wtv-client-time-dst-rule: GMT +wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT +Content-type: text/html`; +} else { + + if (initial_headers['wtv-ticket']) { + gourl = "wtv-head-waiter:/login-stage-two?"; + } + + headers = `200 OK +Connection: Keep-Alive +wtv-expire-all: wtv- +wtv-expire-all: htv- wtv-open-isp-disabled: false -wtv-visit: wtv-1800:/offer-open-isp-suggest? -Content-type: text/html`; \ No newline at end of file +wtv-visit: `+ gourl + ` +Content-type: text/html`; + +} \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-1800/test.js b/hacktv_updsrv/ServiceVault/wtv-1800/test.js deleted file mode 100644 index 2b1f464b..00000000 --- a/hacktv_updsrv/ServiceVault/wtv-1800/test.js +++ /dev/null @@ -1,9 +0,0 @@ -var wtv = new WTVNetworkSecurity(); -var test = CryptoJS.enc.Utf8.parse("this is a test"); -var test2 = wtv.wordArrayToUint8Array(test); -var test3 = CryptoJS.lib.WordArray.create(test2); -headers = `200 OK -Connection: Close -Content-type: text/plain` - -data = test3.toString(CryptoJS.enc.Utf8); \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js b/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js index 5bb623cb..ea99b6e5 100644 --- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js +++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js @@ -18,6 +18,7 @@ Connection: Keep-Alive wtv-encrypted: true wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+` wtv-expire-all: htv- +wtv-home-url: wtv-home:/home? wtv-visit: wtv-home:/splash? Content-Type: text/html `; \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js index bdbecf76..9c2f99be 100644 --- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js +++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js @@ -16,11 +16,12 @@ if (socket_session_data[socket.id].ssid !== null) { //if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) { if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) { console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid); - if (zdebug) console.log("Response Expected:",challenge_response.toString(CryptoJS.enc.Base64)); - if (zdebug) console.log("Response Received:",client_challenge_response) sec_session[socket_session_data[socket.id].ssid].PrepareTicket(); //socket_session_data[socket.id].secure = true; } else { + console.log(" * wtv-challenge-response FAILED for " + socket_session_data[socket.id].ssid); + if (zdebug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64)); + if (zdebug) console.log("Response Received:", client_challenge_response) gourl = "wtv-head-waiter:/login?reissue_challenge=true"; } } else { @@ -31,55 +32,55 @@ if (socket_session_data[socket.id].ssid !== null) { } if (gourl) { -headers = `200 OK + headers = `200 OK Connection: Keep-Alive wtv-open-isp-disabled: false -wtv-visit: `+gourl+` +wtv-visit: `+ gourl + ` Content-type: text/html`; data = ''; -} else { - var nickname = 'HackTVUsr_'+Math.floor(Math.random() * 100000); +} +else { + var namerand = Math.floor(Math.random() * 100000); + var nickname = 'HackTVUsr_' + namerand; + var userid = '1'+ Math.floor(Math.random() * 1000000000000000000); + var offline_user_list = CryptoJS.enc.Latin1.parse("\n\t\n").toString(CryptoJS.enc.Base64); + headers = `200 OK Connection: Keep-Alive wtv-encrypted: true -wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+` wtv-client-time-zone: GMT -0000 -wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT +wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT wtv-country: US wtv-language-header: en-US,en -wtv-tv-zipcode: 90210 wtv-visit: client:closeallpanels -wtv-messagewatch-checktimeoffset: off wtv-expire-all: client:closeallpanels +wtv-offline-user-list: `+offline_user_list+` +wtv-bypass-proxy: true +wtv-ticket: `+ sec_session[socket_session_data[socket.id].ssid].ticket_b64 + ` +wtv-messagewatch-checktimeoffset: off wtv-input-timeout: 14400 wtv-connection-timeout: 90 wtv-fader-timeout: 900 wtv-ssl-log-url: wtv-log:/log wtv-smartcard-inserted-message: Contacting service -user-id: 1`+Math.floor(Math.random() * 1000000000000000000)+` +user-id: `+userid+` wtv-transition-override: off -wtv-bypass-proxy: true wtv-allow-dsc: true wtv-messenger-enable: 0 wtv-noback-all: wtv- wtv-service: reset -wtv-service: name=wtv-1800 host=` + pubip + ` port=` + port + ` connections=1 -wtv-service: name=wtv-head-waiter host=` + pubip + ` port=` + port + ` flags=0x04 flags=0x00000001 connections=1 -wtv-service: name=htv-update host=` + pubip + ` port=` + port + ` connections=3 -wtv-service: name=wtv-log host=` + pubip + ` port=` + port + ` connections=1 -wtv-service: name=wtv-home host=` + pubip + ` port=` + port + ` flags=0x00000010 -wtv-boot-url: wtv-1800:/preregister -wtv-user-name: `+nickname+` -wtv-human-name: `+nickname+` -wtv-irc-nick: `+nickname+` -wtv-home-url: htv-update:/update? +`+ getServiceString('all') + ` +wtv-boot-url: wtv-1800:/preregister?relogin=true +wtv-user-name: `+ nickname + ` +wtv-human-name: `+ nickname + ` +wtv-irc-nick: `+ nickname + ` +wtv-home-url: wtv-home:/home? wtv-domain: wtv.zefie.com wtv-inactive-timeout: 0 wtv-connection-timeout: 90 wtv-show-time-enabled: true wtv-fader-timeout: 900 wtv-tourist-enabled: true -wtv-boot-url: wtv-head-waiter:/login wtv-connection-timeout: 180 wtv-ssl-timeout: 240 wtv-login-timeout: 7200 @@ -87,9 +88,7 @@ wtv-open-isp-disabled: false wtv-log-url: wtv-log:/log wtv-demo-mode: 0 wtv-wink-deferrer-retries: 3 -wtv-offline-mail-enable: true -wtv-visit: wtv-head-waiter:/finalize-security? +wtv-offline-mail-enable: false +wtv-visit: wtv-home:/splash? Content-Type: text/html`; - -data = ''; } \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js index fd40b586..7ae2ae77 100644 --- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js +++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js @@ -6,17 +6,15 @@ if (socket_session_data[socket.id].ssid !== null) { if (initial_headers['wtv-ticket'].length > 8) { sec_session[socket_session_data[socket.id].ssid].DecodeTicket(initial_headers['wtv-ticket']); sec_session[socket_session_data[socket.id].ssid].ticket_b64 = initial_headers['wtv-ticket']; - //socket_session_data[socket.id].secure = true; } - } + } } else { challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response; var client_challenge_response = initial_headers['wtv-challenge-response'] || null; if (challenge_response && client_challenge_response) { if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) { console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid); - sec_session[socket_session_data[socket.id].ssid].PrepareTicket(); - //socket_session_data[socket.id].secure = true; + sec_session[socket_session_data[socket.id].ssid].PrepareTicket(); } else { challenge_header = "wtv-challenge: "+issueWTVChallenge(socket); } @@ -26,6 +24,7 @@ if (socket_session_data[socket.id].ssid !== null) { } } +/* if (initial_headers) { var cookiedata = {}; Object.keys(initial_headers).forEach(function (k) { @@ -41,14 +40,13 @@ if (initial_headers) { break; } }); - cookie_dat[socket_session_data[socket.id].ssid] = CryptoJS.enc.Utf8.parse(JSON.stringify(cookiedata)).toString(CryptoJS.enc.Base64); } - +*/ headers = `200 OK Connection: Keep-Alive Expires: Wed, 09 Oct 1991 22:00:00 GMT wtv-expire-all: wtv-head-waiter: -wtv-service: name=wtv-log host=` + pubip + ` port=`+port+` connections=1 +`+getServiceString('wtv-log')+` wtv-log-url: wtv-log:/log `+challenge_header+` wtv-relogin-url: wtv-1800:/preregister?relogin=true diff --git a/hacktv_updsrv/ServiceVault/wtv-home/home.js b/hacktv_updsrv/ServiceVault/wtv-home/home.js new file mode 100644 index 00000000..b8abbdb7 --- /dev/null +++ b/hacktv_updsrv/ServiceVault/wtv-home/home.js @@ -0,0 +1,37 @@ +headers =`200 OK +Connection: Keep-Alive +wtv-expire-all: wtv-home:/splash +wtv-expire-all: htv- +Content-type: text/html` + +if (initial_headers['psuedo-encryption']) { + var cryptstatus = "Psuedo-encrypted"; +} else { + var cryptstatus = ((socket_session_data[socket.id].secure === true) ? "Encrypted" : "Not Encrypted") +} + + +data =` + + + + + +

Encryption Status: `+cryptstatus+`

` +if (socket_session_data[socket.id].secure) { + data += 'Encryption Key (Server): ' + sec_session[socket.id].session_key2.toString(CryptoJS.enc.Hex)+'
'; + data += 'Encryption Key (Client): ' + sec_session[socket.id].session_key1.toString(CryptoJS.enc.Hex)+'

'; +} +data += `client:relog (via text/url)
+client:relog (direct)
+HackTV Updater Test
+ + + +` \ No newline at end of file diff --git a/hacktv_updsrv/ServiceVault/wtv-home/splash.txt b/hacktv_updsrv/ServiceVault/wtv-home/splash.txt index ca62b258..c97f3d67 100644 --- a/hacktv_updsrv/ServiceVault/wtv-home/splash.txt +++ b/hacktv_updsrv/ServiceVault/wtv-home/splash.txt @@ -8,7 +8,7 @@ Content-type: text/html diff --git a/hacktv_updsrv/ServiceVault/wtv-log/phone-log.js b/hacktv_updsrv/ServiceVault/wtv-log/phone-log.js new file mode 100644 index 00000000..78cd7415 --- /dev/null +++ b/hacktv_updsrv/ServiceVault/wtv-log/phone-log.js @@ -0,0 +1,10 @@ +// dummy page, we could handle the logs here. + +headers = `200 OK +Connection: Keep-Alive +wtv-visit: wtv-home:/splash? +Content-length: 0`; + +data = ''; + + diff --git a/hacktv_updsrv/app.js b/hacktv_updsrv/app.js index 0f9deb22..40c8a5e3 100644 --- a/hacktv_updsrv/app.js +++ b/hacktv_updsrv/app.js @@ -10,13 +10,30 @@ const mime = require('mime-types'); var WTVNetworkSecurity = require('./wtvsec.js'); var zdebug = true; -var secure_mode = true; var pubip = "192.168.11.8"; -var port = 1615; +var ports = []; +//pubip = getPublicIP(); + +function getServiceString(service) { + if (service === "all") { + var out = ""; + Object.keys(services_configured.services).forEach(function (k) { + out += services_configured.services[k].toString() + "\n"; + }); + return out; + } else { + if (!services_configured.services[service]) { + throw ("SERVICE ERROR: Attempted to provision unconfigured service: " + service) + } else { + return services_configured.services[service].toString(); + } + } +} + +var ssid_data = new Array(); var sec_session = new Array(); -var cookie_dat = new Array(); var socket_buffer = new Array(); var socket_session_data = new Array(); @@ -24,6 +41,19 @@ var overrides = new Array(); //overrides['initial_key'] = "CC5rWmRUE0o="; //overrides['challenge'] = "0kjyqIYAu0ziFBbSERN6DGaZ6S0fT+DBUCtpHCJ4lpuM7CbXdAm+x83BIDoJYztd1Z+5KFZ7ghmb3LJCT/6mhWUYkqqKOyfPRW8ZIdbICK/CV+Kxm8EUjRXZSk/97tsmFpH3hcCJ7C2TBw+TX38uQQ=="; +function getSessionData(ssid, key = null) { + if (typeof (ssid_data[ssid]) === 'undefined') return null; + if (key == null) return ssid_data[ssid]; + else if (ssid_data[ssid][key]) return ssid_data[ssid][key]; + else return null; +} + +function setSessionData(ssid, key, value) { + if (typeof (ssid_data[ssid]) === 'undefined') ssid_data[ssid] = new Array(); + ssid_data[ssid][key] = value; +} + + function getPublicIP() { var options = { host: 'www.planeptune.org', @@ -53,6 +83,7 @@ function getFile(path, deps = false) { return null; } + function issueWTVInitialKey(socket) { if (overrides['initial_key']) { sec_session[socket_session_data[socket.id].ssid].initial_shared_key = CryptoJS.enc.Base64.parse(overrides['initial_key']); @@ -113,14 +144,14 @@ function processPath(socket, path, initial_headers = new Array(), query = new Ar if (request_is_direct_file) { // file exists, read it and return it - console.log(" * Found " + path + " to handle request (Direct File Mode)"); + console.log(" * Found " + path + " to handle request (Direct File Mode) [Socket " + socket.id +"]"); var contype = mime.lookup(path); data = fs.readFileSync(path).buffer; headers = "200 OK\n" headers += "Content-Type: " + contype; } else if (fs.existsSync(path + ".txt")) { // raw text format, entire payload expected (headers and content) - console.log(" * Found " + path + ".txt to handle request (Raw TXT Mode)"); + console.log(" * Found " + path + ".txt to handle request (Raw TXT Mode) [Socket " + socket.id +"]"); var fdat = fs.readFileSync(path + ".txt").toString(); if (fdat.indexOf("\n\n") > 0) { var fdata = fdat.split("\n\n"); @@ -137,12 +168,12 @@ function processPath(socket, path, initial_headers = new Array(), query = new Ar // js scripting, process with vars, must set 'headers' and 'data' appropriately. // loaded script will have r/w access to any JavaScript vars this function does. // any query args are in an array named 'query' - console.log(" * Found " + path + ".js to handle request (JS Interpreter mode)"); + console.log(" * Found " + path + ".js to handle request (JS Interpreter mode) [Socket "+socket.id+"]"); var fdat = fs.readFileSync(path + ".js").toString(); eval(fdat); } else if (fs.existsSync(path + ".html")) { // Standard HTML with no headers, WTV Style - console.log(" * Found " + path + ".html to handle request (HTML Mode)"); + console.log(" * Found " + path + ".html to handle request (HTML Mode) [Socket " + socket.id +"]"); data = fs.readFileSync(path + ".html").toString(); headers = "200 OK\n" headers += "Content-Type: text/html" @@ -216,10 +247,13 @@ function processURL(socket, initial_headers) { if (initial_headers['encrypted'] || initial_headers['secure']) { reqverb = "Encrypted " + reqverb; } + if (initial_headers['psuedo-encryption']) { + reqverb = "Psuedo-encrypted " + reqverb; + } if (ssid != null) { - console.log(" * "+reqverb+" for " + initial_headers['request_url'] + " from WebTV SSID " + ssid); + console.log(" * "+reqverb+" for " + initial_headers['request_url'] + " from WebTV SSID " + ssid, 'on', socket.id); } else { - console.log(" * "+reqverb+" for " + initial_headers['request_url']); + console.log(" * "+reqverb+" for " + initial_headers['request_url'], 'on', socket.id); } // assume webtv since there is a :/ in the GET var urlToPath = __dirname + "/ServiceVault/" + shortURL.split(':/')[0] + "/" + shortURL.split(':/')[1]; @@ -276,6 +310,16 @@ function processURL(socket, initial_headers) { header_obj = headers; } + if (!headers_obj['Connection']) { + headers_obj['Connection'] = "Keep-Alive"; + headers_obj = moveObjectElement('Connection','http_response', headers_obj); + } + + if (initial_headers['psuedo-encryption']) { + headers_obj['wtv-encrypted'] = true; + headers_obj = moveObjectElement('wtv-encrypted', 'Connection', headers_obj); + } + // set wtv-encrypted and put it near the top of the headers (unknown if needed) if (socket_session_data[socket.id].secure == true) { var clen = null; @@ -291,7 +335,7 @@ function processURL(socket, initial_headers) { if (typeof (data) === 'string') { data = CryptoJS.enc.Utf8.parse(data); } - var enc_data = sec_session[socket_session_data[socket.id].ssid].Encrypt(1,data); + var enc_data = sec_session[socket.id].Encrypt(1,data); data = enc_data; } } @@ -316,7 +360,7 @@ function processURL(socket, initial_headers) { socket.write(toClient); } else if (typeof data == 'object') { if (socket_session_data[socket.id].secure_headers == true) { - var enc_headers = sec_session[socket_session_data[socket.id].ssid].Encrypt(1,headers+"\n"); + var enc_headers = sec_session[socket.id].Encrypt(1,headers+"\n"); socket.write(new Uint8Array(concatArrayBuffer(enc_headers, data))); } else { socket.write(new Uint8Array(concatArrayBuffer(Buffer.from(headers + "\n"), data))); @@ -360,14 +404,16 @@ function moveObjectElement(currentKey, afterKey, obj) { if (next !== -1) return result; else return obj; } -function headersAreStandard(string) { +function headersAreStandard(string, verbose) { // the test will see the binary compressed/enrypted data as ASCII, so a generic "isAscii" // is not suffuicent. This checks for characters expected in unecrypted headers, and returns // true only if every character in the string matches the regex. Once we know the string is binary // we can better process it with the raw base64 data in processHeaders() below. var test = /^([A-Za-z0-9\+\/\=\-\.\,\ \;\:\?\&\r\n\(\)\%\<\>\_]{8,})$/.test(string); - if (zdebug) console.log("request is ascii: " + test); - if (zdebug) console.log("request is SECURE ON: " + /^SECURE ON/.test(string)); + if (verbose) { + if (zdebug) console.log("request is ascii: " + test); + if (zdebug) console.log("request is SECURE ON: " + /^SECURE ON/.test(string)); + } return test; } @@ -379,14 +425,12 @@ function processHeaders(socket, data_hex, returnHeadersBeforeSecure = false, enc if (typeof data === "string") { if (data.length > 1) { data = data.split("\r\n\r\n")[0]; - if (headersAreStandard(data)) { + if (headersAreStandard(data, (!returnHeadersBeforeSecure && !encryptedRequest))) { data.split('\n').forEach(function (d) { if (d.length > 0) { if (/^SECURE ON/.test(d)) { - secure_mode = true; headers['secure'] = true; - socket_session_data[socket.id].secure = true; - socket_session_data[socket.id].secure_headers = true; + //socket_session_data[socket.id].secure_headers = true; } if (d.indexOf(":") > 0 && d.indexOf(":/") == -1) { headers[d.split(':')[0]] = (d.split(':')[1]).replace("\r", ""); @@ -399,36 +443,43 @@ function processHeaders(socket, data_hex, returnHeadersBeforeSecure = false, enc } } }); - } else { + } else if (!returnHeadersBeforeSecure) { if (!encryptedRequest) { // failed the headersAreStandard test, so we think this is a binary blob if (socket_session_data[socket.id].secure != true) { // first time so reroll sessions - sec_session[socket_session_data[socket.id].ssid].SecureOn(); + sec_session[socket.id] = new WTVNetworkSecurity(); + sec_session[socket.id].IssueChallenge(); + console.log(" [ UNEXPECTED BINARY BLOCK ] First sign of encryption, re-creating RC4 sessions for socket id",socket.id); + sec_session[socket.id].SecureOn(); socket_session_data[socket.id].secure = true; } var enc_data = CryptoJS.enc.Hex.parse(data_hex.substring(header_length * 2)); if (enc_data.sigBytes > 0) { - var dec_data = CryptoJS.lib.WordArray.create(sec_session[socket_session_data[socket.id].ssid].Decrypt(0,enc_data)); + var dec_data = CryptoJS.lib.WordArray.create(sec_session[socket.id].Decrypt(0,enc_data)); var dec_data_text = dec_data.toString(CryptoJS.enc.Latin1); var secure_headers = processHeaders(socket, dec_data.toString(CryptoJS.enc.Hex), true, true); headers['encrypted'] = true; - console.log("Encrypted Request (Decrypted):", dec_data.toString(CryptoJS.enc.Latin1)); + console.log("Encrypted Request (Decrypted):", dec_data.toString(CryptoJS.enc.Latin1),"on",socket.id); Object.keys(secure_headers).forEach(function (k, v) { headers[k] = secure_headers[k]; }); } } } - if (headers['wtv-client-rom-type'] != null) { - socket_session_data[socket.id].romtype = headers['wtv-client-rom-type']; - } if (headers['wtv-client-serial-number'] != null) { socket_session_data[socket.id].ssid = headers['wtv-client-serial-number']; } + if (headers['wtv-client-rom-type'] != null) { + if (socket_session_data[socket.id].ssid) { + setSessionData(socket_session_data[socket.id].ssid, 'wtv-client-rom-type', headers['wtv-client-rom-type']); + } + } if (headers['wtv-incarnation'] != null) { - if (sec_session[socket_session_data[socket.id].ssid]) { - sec_session[socket_session_data[socket.id].ssid].set_incarnation(headers['wtv-incarnation']); + if (sec_session[socket.id]) { + sec_session[socket.id].set_incarnation(headers['wtv-incarnation']); + } else { + setSessionData(socket_session_data[socket.id].ssid, 'incarnation', headers['wtv-incarnation']) } } @@ -437,21 +488,47 @@ function processHeaders(socket, data_hex, returnHeadersBeforeSecure = false, enc } if (headers['secure'] === true) { - if (!sec_session[socket_session_data[socket.id].ssid]) { - sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity(); - sec_session[socket_session_data[socket.id].ssid].DecodeTicket(headers['wtv-ticket']); - sec_session[socket_session_data[socket.id].ssid].ticket_b64 = headers['wtv-ticket']; - sec_session[socket_session_data[socket.id].ssid].SecureOn(); + if (!sec_session[socket.id]) { + console.log("Starting new WTVNetworkSecurity instance on socket", socket.id); + sec_session[socket.id] = new WTVNetworkSecurity(); + sec_session[socket.id].DecodeTicket(headers['wtv-ticket']); + sec_session[socket.id].ticket_b64 = headers['wtv-ticket']; + if (getSessionData(socket_session_data[socket.id].ssid, 'incarnation')) { + sec_session[socket.id].incarnation = getSessionData(socket_session_data[socket.id].ssid, 'incarnation'); + } + sec_session[socket.id].SecureOn(); + } + if (socket_session_data[socket.id].secure != true) { + // first time so reroll sessions + console.log(" [ SECURE ON BLOCK ("+socket.id+")]"); + socket_session_data[socket.id].secure = true; } if (!headers['request_url']) { - var header_length = data.length + 4; + + if (data_hex.indexOf("0d0a0d0a")) { + // \r\n\r\n + var header_length = data.length + 4; + } else if (data_hex.indexOf("0a0a")) { + // \n\n + var header_length = data.length + 2; + } var enc_data = CryptoJS.enc.Hex.parse(data_hex.substring(header_length * 2)); if (enc_data.sigBytes > 0) { - var dec_data = CryptoJS.lib.WordArray.create(sec_session[socket_session_data[socket.id].ssid].Decrypt(0,enc_data)) - //var dec_data_text = dec_data.toString(CryptoJS.enc.Latin1); - var secure_headers = processHeaders(socket, dec_data.toString(CryptoJS.enc.Hex), true); - console.log("Encrypted Request (Decrypted):", secure_headers.toString(CryptoJS.enc.Latin1)); - Object.keys(secure_headers).forEach(function (k,v) { + if (headersAreStandard(enc_data.toString(CryptoJS.enc.Latin1), (!returnHeadersBeforeSecure && !encryptedRequest))) { + // some builds (like our targeted 3833), send SECURE ON but then unencrypted headers + console.log("Psuedo-encrypted Request (SECURE ON)", "on", socket.id); + // don't actually encrypt output + headers['psuedo-encryption'] = true; + socket_session_data[socket.id].secure = false; + var secure_headers = processHeaders(socket, enc_data.toString(CryptoJS.enc.Hex), true); + } else { + // SECURE ON and detected encrypted data + var dec_data = CryptoJS.lib.WordArray.create(sec_session[socket.id].Decrypt(0, enc_data)) + var secure_headers = processHeaders(socket, dec_data.toString(CryptoJS.enc.Hex), true); + console.log("Encrypted Request (SECURE ON)", "on", socket.id); + } + // Merge new headers into existing headers object + Object.keys(secure_headers).forEach(function (k, v) { headers[k] = secure_headers[k]; }); } @@ -466,18 +543,18 @@ function processHeaders(socket, data_hex, returnHeadersBeforeSecure = false, enc return null; } -var server = net.createServer(function (socket) { - socket.id = Math.floor(Math.random() * 1000); + +function handleSocket(socket) { + socket.id = Math.floor(Math.random() * 100000); socket_session_data[socket.id] = []; socket.setEncoding('hex'); //set data encoding (either 'ascii', 'utf8', or 'base64') - socket.on('data', function (data_hex) { socket.setTimeout(300); if (socket_buffer[socket.id]) { socket_buffer[socket.id].concat(CryptoJS.enc.Hex.parse(data_hex)); } else { socket_buffer[socket.id] = CryptoJS.enc.Hex.parse(data_hex); - } + } }); socket.on('timeout', function () { @@ -487,19 +564,57 @@ var server = net.createServer(function (socket) { }); socket.on('error', (err, socket) => { - console.log('client socket error:', err); + console.log(" * Client disconnected unexpectedly"); }); - socket.on('end', function () { - socket_buffer[socket.id] = null; - secure_mode = false; - socket_session_data[socket.id] = null; + socket.on('end', function () { + console.log(" * Destroying old WTVNetworkSecurity instance on socket", socket.id); + delete socket_buffer[socket.id]; + delete socket_session_data[socket.id]; + delete sec_session[socket.id]; }); +} + +var z_version = "0.5.1a"; +var z_title = "zefie's wtv minisrv v" + z_version; +console.log("**** Welcome to " + z_title + " ****"); + +console.log(" *** Reading service configuration..."); +var services_configured = JSON.parse(fs.readFileSync(__dirname + "/services.json")); +Object.keys(services_configured.services).forEach(function (k) { + services_configured.services[k].name = k; + if (!services_configured.services[k].host) { + services_configured.services[k].host = pubip; + } + if (services_configured.services[k].port) { + ports.push(services_configured.services[k].port); + } + services_configured.services[k].toString = function () { + var outstr = "wtv-service: name=" + this.name + " host=" + this.host + " port=" + this.port; + if (this.flags) outstr += " flags=" + this.flags; + if (this.connections) outstr += " flags=" + this.connections; + if (k == "wtv-star") { + outstr += "\nwtv-service: name=wtv-* host=" + this.host + " port=" + this.port; + if (this.flags) outstr += " flags=" + this.flags; + if (this.connections) outstr += " flags=" + this.connections; + } + return outstr; + } + console.log(" * Configured Service", k, "on port", services_configured.services[k].port); +}) + +var initstring = ''; +ports.sort(); +ports.forEach(function (v) { + try { + var server = net.createServer(handleSocket); + server.listen(v, '0.0.0.0'); + initstring += v + ", "; + } catch (e) { + throw ("Could not bind to port", v, e.toString()); + } }); +initstring = initstring.substring(0, initstring.length - 2); -server.listen(port, '0.0.0.0'); -process.stdout.write("Looking up public IP address... "); -//pubip = getPublicIP(); -console.log(pubip + " ..."); +console.log(" * Started server on ports " + initstring + "... Public IP is " + pubip); -console.log('Listening on port ' + port + ' for WebTV Units in Scriptless Mode'); \ No newline at end of file diff --git a/hacktv_updsrv/hacktv_updsrv.njsproj b/hacktv_updsrv/hacktv_updsrv.njsproj index 5758b1e2..0c783daf 100644 --- a/hacktv_updsrv/hacktv_updsrv.njsproj +++ b/hacktv_updsrv/hacktv_updsrv.njsproj @@ -29,11 +29,40 @@ + + Code + + + + + + + + + + + + + + + + + + Code + + + + + + + + + \ No newline at end of file diff --git a/hacktv_updsrv/services.json b/hacktv_updsrv/services.json new file mode 100644 index 00000000..19194250 --- /dev/null +++ b/hacktv_updsrv/services.json @@ -0,0 +1,38 @@ +{ + "services": { + + "wtv-1800": { + "port": 1615, + "connections": 1 + }, + "wtv-star": { + "port": 1603, + "flags": "0x00000007" + }, + "wtv-head-waiter": { + "port": 1601, + "flags": "0x00000001", + "connections": 1 + }, + "htv-update": { + "port": 1619, + "connections": 3 + }, + "wtv-log": { + "port": 1609, + "connections": 1 + }, + "wtv-home": { + "port": 1612, + "flags": "0x00000010" + }, + "wtv-tricks": { + "port": "1602", + "flags": "0x00000004" + }, + "wtv-flashrom": { + "port": 1618, + "flags": "0x00000040" + } + } +} diff --git a/hacktv_updsrv/wtvsec.js b/hacktv_updsrv/wtvsec.js index d95bb684..f4315de7 100644 --- a/hacktv_updsrv/wtvsec.js +++ b/hacktv_updsrv/wtvsec.js @@ -3,6 +3,8 @@ const endianness = require('endianness'); var crypto = require('crypto'); class WTVNetworkSecurity { + //initial_shared_key = CryptoJS.lib.WordArray.random(8); + initial_shared_key_b64 = "CC5rWmRUE0o="; initial_shared_key = null; current_shared_key = null; challenge_key = null; @@ -19,15 +21,13 @@ class WTVNetworkSecurity { zdebug = true; - constructor(wtv_initial_key = CryptoJS.lib.WordArray.random(8), wtv_incarnation = 1) { - var initial_key = wtv_initial_key; - + constructor(wtv_incarnation = 1) { this.zdebug = true; + this.initial_shared_key = CryptoJS.enc.Base64.parse(this.initial_shared_key_b64); - if (initial_key.sigBytes === 8) { + if (this.initial_shared_key.sigBytes === 8) { this.incarnation = wtv_incarnation; - this.initial_shared_key = initial_key; - this.current_shared_key = initial_key; + this.current_shared_key = this.initial_shared_key; } else { throw ("Invalid initial key length"); }