proper encryption sessions to maintain working RC4 stream

2021-07-13 23:24:33 -04:00
parent 6229567272
commit 06dd3d7ebf
20 changed files with 397 additions and 197 deletions
--- a/hacktv_updsrv/ServiceVault/htv-update/update.html
+++ b/hacktv_updsrv/ServiceVault/htv-update/update.html
@@ -2,7 +2,7 @@
 <head>
        <meta
                http-equiv=refresh
-                content="0;url=client:Fetch?source=htv-update:/upd?diskmap=update&root=file://Disk/Browser&group=hacktv"
+                content="0;url=client:Fetch?source=htv-update:/upd?diskmap=update&root=file://Disk/Browser/&group=hacktv"
        >		
        <display downloadsuccess="client:ShowAlert?message=HackTV%20Update%20was%20successful%21&buttonlabel2=Go%20to%20HackTV&action2=file%3A%2F%2FDisk%2FBrowser%2FGames%2FGames.html&buttonlabel1=Okay&buttonaction1=client:goback&image=file://disk/browser/Games/hacktv2.gif&noback=true" downloadfail="client:ShowAlert?message=HackTV%20Update%20failed...&buttonlabel1=Okay...&buttonaction1=client:goback&image=file://disk/browser/Games/hacktv2.gif&noback=true">
        <title>Retrieving Files</title>
--- a/hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt
+++ b/hacktv_updsrv/ServiceVault/htv-update/updatemenu.txt
@@ -1,16 +0,0 @@
-200 OK
-Connection: Keep-Alive
-wtv-expire-all: wtv-home:/splash
-Content-type: text/html
-
-<html>
-<head>
-<DISPLAY showwhencomplete noscroll>
-</head>
-<body bgcolor="black" link="gold" vlink="gold" alink="gold" text="gold">
-
-<a href="htv-update:/update">Check for HackTV Updates</a><br>
-<a href="wtv-home:/unlock">Unlock Full Client (Options, Goto, etc)</a><br>
-<a href="wtv-home:/splash">Splash test</a>
-</body>
-</html>
--- a/hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js
@@ -0,0 +1,45 @@
+if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) {
+	sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity();
+	sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
+	sec_session[socket_session_data[socket.id].ssid].set_incarnation(initial_headers['wtv-incarnation']);
+}
+
+var contype = "text/tellyscript";
+
+// skip telly for now
+var notelly = true;
+
+// if relogin, skip tellyscript
+if (query['relogin']) {
+	contype = "text/html"; // skip tellyscript
+	sec_session[socket_session_data[socket.id].ssid].ticket_b64 = null; // clear old ticket
+}
+
+headers = `200 OK
+Connection: Keep-Alive
+wtv-initial-key: ` + issueWTVInitialKey(socket) + `
+Content-Type: `+ contype + `
+wtv-service: reset
+`+getServiceString('wtv-star')+`
+`+getServiceString('wtv-head-waiter')+`
+`+getServiceString('wtv-flashrom')+`
+wtv-boot-url: wtv-1800:/preregister?relogin=true
+wtv-visit: wtv-head-waiter:/login?
+wtv-client-time-zone: GMT -0000
+wtv-client-time-dst-rule: GMT
+wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT`;
+
+// if relogin, skip tellyscript
+if (query['relogin'] == false || notelly == false) {
+	var romtype = getSessionData(socket_session_data[socket.id].ssid, 'wtv-client-rom-type');
+
+	switch (romtype) {
+		case "US-LC2-disk-0MB-8MB":
+			data = getFile("LC2/LC2_OISP_5555732_56k.tok", true);
+			break;
+
+		default:
+			data = '';
+			break;
+	}
+}
--- a/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg
--- a/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js
@@ -1,37 +0,0 @@
-if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) {
-	sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity();
-	sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
-	sec_session[socket_session_data[socket.id].ssid].set_incarnation(initial_headers['wtv-incarnation']);
-}
-
-headers = `200 OK
-Connection: Close
-wtv-initial-key: ` + issueWTVInitialKey(socket) + `
-Content-Type: text/html
-wtv-service: reset
-wtv-service: name=wtv-* host=` + pubip + ` port=`+port+` flags=0x00000007
-wtv-service: name=wtv-head-waiter host=` + pubip + ` port=`+port+` flags=0x04 flags=0x00000001 connections=1
-wtv-service: name=wtv-flashrom host=` + pubip + ` port=`+port+` flags=0x00000040
-wtv-service: name=htv-update host=` + pubip + ` port=`+port+` flags=0x04
-wtv-boot-url: wtv-head-waiter:/login?
-wtv-visit: wtv-head-waiter:/login?
-wtv-client-time-zone: GMT -0000
-wtv-client-time-dst-rule: GMT
-wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT`;
-
-
-/*
-var romtype = socket_session_data[socket.id].romtype;
-
-switch (romtype) {
-	case "US-LC2-disk-0MB-8MB":
-		data = getFile("LC2/artemis_18004653537.tok",true);
-		break;
-		
-	default:
-		data = '';
-		break;
-}
-
-*/
-data='';
--- a/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js
@@ -1,10 +1,34 @@
-var gourl = "wtv-1800:/offer-open-isp-suggest?";
-if (initial_headers['wtv-ticket']) {
-	gourl = "wtv-head-waiter:/login-stage-two?";
-}
+var gourl = "wtv-1800:/finish-prereg?";
+if (query['relogin']) gourl += "relogin=true";

-headers = `200 OK
+
+if (query['reconnect']) {
+	headers = `200 OK
 Connection: Keep-Alive
+wtv-expire-all: wtv-
+wtv-expire-all: htv-`
+
+	if (sec_session[initial_headers['wtv-client-serial-number']].ticket_b64) {
+		headers += "wtv-encrypted: true\n";
+		headers += "wtv-ticket: " + sec_session[initial_headers['wtv-client-serial-number']].ticket_b64 + "\n";
+	}
+
+	headers += `wtv-client-time-zone: GMT -0000
+wtv-client-time-dst-rule: GMT
+wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT
+Content-type: text/html`;
+} else {
+
+	if (initial_headers['wtv-ticket']) {
+		gourl = "wtv-head-waiter:/login-stage-two?";
+	}
+
+	headers = `200 OK
+Connection: Keep-Alive
+wtv-expire-all: wtv-
+wtv-expire-all: htv-
 wtv-open-isp-disabled: false
-wtv-visit: wtv-1800:/offer-open-isp-suggest?
-Content-type: text/html`;
+wtv-visit: `+ gourl + `
+Content-type: text/html`;
+
+}
--- a/hacktv_updsrv/ServiceVault/wtv-1800/test.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/test.js
@@ -1,9 +0,0 @@
-var wtv = new WTVNetworkSecurity();
-var test = CryptoJS.enc.Utf8.parse("this is a test");
-var test2 = wtv.wordArrayToUint8Array(test);
-var test3 = CryptoJS.lib.WordArray.create(test2);
-headers = `200 OK
-Connection: Close
-Content-type: text/plain`
-
-data = test3.toString(CryptoJS.enc.Utf8);
--- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js
+++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js
@@ -18,6 +18,7 @@ Connection: Keep-Alive
 wtv-encrypted: true
 wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
 wtv-expire-all: htv-
+wtv-home-url: wtv-home:/home?
 wtv-visit: wtv-home:/splash?
 Content-Type: text/html
 `;
--- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js
+++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js
@@ -16,11 +16,12 @@ if (socket_session_data[socket.id].ssid !== null) {
 				//if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
 				if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) {
 					console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
-					if (zdebug) console.log("Response Expected:",challenge_response.toString(CryptoJS.enc.Base64));
-					if (zdebug) console.log("Response Received:",client_challenge_response)
 					sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
 					//socket_session_data[socket.id].secure = true;
 				} else {
+					console.log(" * wtv-challenge-response FAILED for " + socket_session_data[socket.id].ssid);
+					if (zdebug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64));
+					if (zdebug) console.log("Response Received:", client_challenge_response)
 					gourl = "wtv-head-waiter:/login?reissue_challenge=true";
 				}
 			} else {
@@ -31,55 +32,55 @@ if (socket_session_data[socket.id].ssid !== null) {
 }

 if (gourl) {
-headers = `200 OK
+	headers = `200 OK
 Connection: Keep-Alive
 wtv-open-isp-disabled: false
-wtv-visit: `+gourl+`
+wtv-visit: `+ gourl + `
 Content-type: text/html`;
 	data = '';
-} else {
-	var nickname = 'HackTVUsr_'+Math.floor(Math.random() * 100000);
+}
+else {
+	var namerand = Math.floor(Math.random() * 100000);
+	var nickname = 'HackTVUsr_' + namerand;
+	var userid = '1'+ Math.floor(Math.random() * 1000000000000000000);
+	var offline_user_list = CryptoJS.enc.Latin1.parse("<user-list>\n\t<user userid=\"" + userid + " user-name=\"" + nickname + "\" first-name=\"HackTV\" last-name=\"User \"" + namerand + "\" password=\"\" mail-enabled=\"true\" />\n</user-list>").toString(CryptoJS.enc.Base64);
+
 	headers = `200 OK
 Connection: Keep-Alive
 wtv-encrypted: true
-wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
 wtv-client-time-zone: GMT -0000
-wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT
+wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT
 wtv-country: US
 wtv-language-header: en-US,en
-wtv-tv-zipcode: 90210
 wtv-visit: client:closeallpanels
-wtv-messagewatch-checktimeoffset: off
 wtv-expire-all: client:closeallpanels
+wtv-offline-user-list: `+offline_user_list+`
+wtv-bypass-proxy: true
+wtv-ticket: `+ sec_session[socket_session_data[socket.id].ssid].ticket_b64 + `
+wtv-messagewatch-checktimeoffset: off
 wtv-input-timeout: 14400
 wtv-connection-timeout: 90
 wtv-fader-timeout: 900
 wtv-ssl-log-url: wtv-log:/log
 wtv-smartcard-inserted-message: Contacting service
-user-id: 1`+Math.floor(Math.random() * 1000000000000000000)+`
+user-id: `+userid+`
 wtv-transition-override: off
-wtv-bypass-proxy: true
 wtv-allow-dsc: true
 wtv-messenger-enable: 0
 wtv-noback-all: wtv-
 wtv-service: reset
-wtv-service: name=wtv-1800 host=` + pubip + ` port=` + port + ` connections=1
-wtv-service: name=wtv-head-waiter host=` + pubip + ` port=` + port + ` flags=0x04 flags=0x00000001 connections=1
-wtv-service: name=htv-update host=` + pubip + ` port=` + port + ` connections=3
-wtv-service: name=wtv-log host=` + pubip + ` port=` + port + ` connections=1
-wtv-service: name=wtv-home host=` + pubip + ` port=` + port + ` flags=0x00000010
-wtv-boot-url: wtv-1800:/preregister
-wtv-user-name: `+nickname+`
-wtv-human-name: `+nickname+`
-wtv-irc-nick: `+nickname+`
-wtv-home-url: htv-update:/update?
+`+ getServiceString('all') + `
+wtv-boot-url: wtv-1800:/preregister?relogin=true
+wtv-user-name: `+ nickname + `
+wtv-human-name: `+ nickname + `
+wtv-irc-nick: `+ nickname + `
+wtv-home-url: wtv-home:/home?
 wtv-domain: wtv.zefie.com
 wtv-inactive-timeout: 0
 wtv-connection-timeout: 90
 wtv-show-time-enabled: true
 wtv-fader-timeout: 900
 wtv-tourist-enabled: true
-wtv-boot-url: wtv-head-waiter:/login
 wtv-connection-timeout: 180
 wtv-ssl-timeout: 240
 wtv-login-timeout: 7200
@@ -87,9 +88,7 @@ wtv-open-isp-disabled: false
 wtv-log-url: wtv-log:/log
 wtv-demo-mode: 0
 wtv-wink-deferrer-retries: 3
-wtv-offline-mail-enable: true
-wtv-visit: wtv-head-waiter:/finalize-security?
+wtv-offline-mail-enable: false
+wtv-visit: wtv-home:/splash?
 Content-Type: text/html`;
-	
-data = '';
 }
--- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js
+++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js
@@ -6,17 +6,15 @@ if (socket_session_data[socket.id].ssid !== null) {
 			if (initial_headers['wtv-ticket'].length > 8) {
 				sec_session[socket_session_data[socket.id].ssid].DecodeTicket(initial_headers['wtv-ticket']);
 				sec_session[socket_session_data[socket.id].ssid].ticket_b64 = initial_headers['wtv-ticket'];
-				//socket_session_data[socket.id].secure = true;
 			}
-		} 
+		}
 	} else {
 		challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
 		var client_challenge_response = initial_headers['wtv-challenge-response'] || null;
 		if (challenge_response && client_challenge_response) {		
 			if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
 				console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
-				sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
-				//socket_session_data[socket.id].secure = true;					
+				sec_session[socket_session_data[socket.id].ssid].PrepareTicket();				
 			} else {
 				challenge_header = "wtv-challenge: "+issueWTVChallenge(socket);
 			}
@@ -26,6 +24,7 @@ if (socket_session_data[socket.id].ssid !== null) {
 	}
 }

+/*
 if (initial_headers) {
 	var cookiedata = {};
 	Object.keys(initial_headers).forEach(function (k) {
@@ -41,14 +40,13 @@ if (initial_headers) {
 				break;
 		}
 	});
-	cookie_dat[socket_session_data[socket.id].ssid] = CryptoJS.enc.Utf8.parse(JSON.stringify(cookiedata)).toString(CryptoJS.enc.Base64);
 }
-
+*/
 headers = `200 OK
 Connection: Keep-Alive
 Expires: Wed, 09 Oct 1991 22:00:00 GMT
 wtv-expire-all: wtv-head-waiter:
-wtv-service: name=wtv-log host=` + pubip + ` port=`+port+` connections=1
+`+getServiceString('wtv-log')+`
 wtv-log-url: wtv-log:/log
 `+challenge_header+`
 wtv-relogin-url: wtv-1800:/preregister?relogin=true
--- a/hacktv_updsrv/ServiceVault/wtv-home/home.js
+++ b/hacktv_updsrv/ServiceVault/wtv-home/home.js
@@ -0,0 +1,37 @@
+headers =`200 OK
+Connection: Keep-Alive
+wtv-expire-all: wtv-home:/splash
+wtv-expire-all: htv-
+Content-type: text/html`
+
+if (initial_headers['psuedo-encryption']) {
+	var cryptstatus = "<a href='client:showalert?message=Your%20WebTV%20Unit%20sent%20us%20a%20request%20for%20SECURE%20ON%2C%20but%20did%20not%20encrypt%20any%20data%2C%20nor%20will%20accept%20it.%20However%2C%20we%20send%20the%20wtv-encryption%20flag%20to%20roll%20with%20it%2C%20enabling%20%27psuedo-encryption%27.%20Nothing%20is%20encrypted%2C%20but%20the%20box%20trusts%20us.%20This%20will%20probably%20go%20away%20if%20you%20reload%20or%20change%20pages.&buttonaction1=client:donothing&buttonlabel1=Oh%2C%20okay...'>Psuedo-encrypted</a>";
+} else {
+	var cryptstatus = ((socket_session_data[socket.id].secure === true) ? "Encrypted" : "Not Encrypted")
+}
+
+
+data =`<html>
+<head>
+<DISPLAY showwhencomplete noscroll>
+</head>
+<body bgcolor="black" link="gold" vlink="gold" alink="gold" text="gold">
+<script>
+function ax(a) {
+		document.open("text/url");
+		document.write(a);
+		document.close();
+}
+</script>
+<h2>Encryption Status: `+cryptstatus+`</h2>`
+if (socket_session_data[socket.id].secure) {
+	data += '<span size="-1">Encryption Key (Server): ' + sec_session[socket.id].session_key2.toString(CryptoJS.enc.Hex)+'<br>';
+	data += 'Encryption Key (Client): ' + sec_session[socket.id].session_key1.toString(CryptoJS.enc.Hex)+'</span><br><br>';
+}
+data += `<a href="javascript:ax('client:relog')" selected>client:relog (via text/url)</a><br>
+<a href="client:relog">client:relog (direct)</a><br>
+<a href="htv-update:/update">HackTV Updater Test</a><br>
+<!-- <a href="wtv-home:/unlock">Unlock Full Client (Options, Goto, etc)</a><br> -->
+
+</body>
+</html>`
--- a/hacktv_updsrv/ServiceVault/wtv-home/splash.txt
+++ b/hacktv_updsrv/ServiceVault/wtv-home/splash.txt
@@ -8,7 +8,7 @@ Content-type: text/html
 	<display nooptions nostatus skipback clearback fontsize=medium>
    <meta
        http-equiv=refresh
-        content="5; url=htv-update:/updatemenu"
+        content="5; url=wtv-home:/home?"
    >	
 </head>

--- a/hacktv_updsrv/ServiceVault/wtv-log/phone-log.js
+++ b/hacktv_updsrv/ServiceVault/wtv-log/phone-log.js
@@ -0,0 +1,10 @@
+// dummy page, we could handle the logs here.
+
+headers = `200 OK
+Connection: Keep-Alive
+wtv-visit: wtv-home:/splash?
+Content-length: 0`;
+
+data = '';
+
+