v0.6.1
- fix challenge exchange and tickets - full encrypted convo to splash - proper encryption sessions to maintain working RC4 stream - proper nodejs versioning, encryption working - minor changes, included mini tutorial, version inc - fix file loading issues
This commit is contained in:
zefie
@@ -0,0 +1,24 @@
|
||||
var challenge_response, challenge_header = '';
|
||||
var gourl;
|
||||
|
||||
if (socket_session_data[socket.id].ssid !== null) {
|
||||
if (request_headers['wtv-ticket']) {
|
||||
if (request_headers['wtv-ticket'].length > 8) {
|
||||
DecodeTicket(request_headers['wtv-ticket']);
|
||||
sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
|
||||
//socket_session_data[socket.id].secure == true;
|
||||
}
|
||||
} else if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
|
||||
// TODO: client should have a ticket and send it back by now, if not we should handle this correctly
|
||||
}
|
||||
}
|
||||
|
||||
headers = `200 OK
|
||||
Connection: Keep-Alive
|
||||
wtv-encrypted: true
|
||||
wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
|
||||
wtv-expire-all: htv-
|
||||
wtv-home-url: wtv-home:/home?
|
||||
wtv-visit: wtv-home:/splash?
|
||||
Content-Type: text/html
|
||||
`;
|
||||
@@ -1,17 +1,95 @@
|
||||
var ssid = initial_headers['wtv-client-serial-number'] || null;
|
||||
var initialChallenge, challenge_response, challenge_header = '';
|
||||
var challenge_response, challenge_header = '';
|
||||
var gourl;
|
||||
|
||||
if (ssid !== null) {
|
||||
if (sec_session[ssid].ticket) {
|
||||
challenge_header = "wtv-ticket: "+sec_session[ssid].ticket;
|
||||
if (socket_session_data[socket.id].ssid !== null) {
|
||||
if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
|
||||
if (request_headers['wtv-ticket']) {
|
||||
if (request_headers['wtv-ticket'].length > 8) {
|
||||
sec_session[socket_session_data[socket.id].ssid].DecodeTicket(request_headers['wtv-ticket']);
|
||||
sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
|
||||
//socket_session_data[socket.id].secure = true;
|
||||
}
|
||||
} else {
|
||||
challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
|
||||
var client_challenge_response = request_headers['wtv-challenge-response'] || null;
|
||||
if (challenge_response && client_challenge_response) {
|
||||
//if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
|
||||
if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) {
|
||||
console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
|
||||
sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
|
||||
//socket_session_data[socket.id].secure = true;
|
||||
} else {
|
||||
console.log(" * wtv-challenge-response FAILED for " + socket_session_data[socket.id].ssid);
|
||||
if (zdebug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64));
|
||||
if (zdebug) console.log("Response Received:", client_challenge_response)
|
||||
gourl = "wtv-head-waiter:/login?reissue_challenge=true";
|
||||
}
|
||||
} else {
|
||||
gourl = "wtv-head-waiter:/login?no_response=true";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (gourl) {
|
||||
headers = `200 OK
|
||||
Connection: Keep-Alive
|
||||
wtv-open-isp-disabled: false
|
||||
wtv-visit: `+ gourl + `
|
||||
Content-type: text/html`;
|
||||
data = '';
|
||||
}
|
||||
else {
|
||||
var namerand = Math.floor(Math.random() * 100000);
|
||||
var nickname = 'HackTVUsr_' + namerand;
|
||||
var userid = '1'+ Math.floor(Math.random() * 1000000000000000000);
|
||||
var offline_user_list = CryptoJS.enc.Latin1.parse("<user-list>\n\t<user userid=\"" + userid + " user-name=\"" + nickname + "\" first-name=\"HackTV\" last-name=\"User \"" + namerand + "\" password=\"\" mail-enabled=\"true\" />\n</user-list>").toString(CryptoJS.enc.Base64);
|
||||
|
||||
headers = `200 OK
|
||||
wtv-ticket: `+sec_session[ssid].ticket+`
|
||||
headers = `200 OK
|
||||
Connection: Keep-Alive
|
||||
wtv-encrypted: true
|
||||
wtv-client-time-zone: GMT -0000
|
||||
wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT
|
||||
wtv-country: US
|
||||
wtv-language-header: en-US,en
|
||||
wtv-visit: client:closeallpanels
|
||||
wtv-expire-all: client:closeallpanels
|
||||
wtv-offline-user-list: `+offline_user_list+`
|
||||
wtv-bypass-proxy: true
|
||||
wtv-ticket: `+ sec_session[socket_session_data[socket.id].ssid].ticket_b64 + `
|
||||
wtv-messagewatch-checktimeoffset: off
|
||||
wtv-input-timeout: 14400
|
||||
wtv-connection-timeout: 90
|
||||
wtv-fader-timeout: 900
|
||||
wtv-ssl-log-url: wtv-log:/log
|
||||
wtv-smartcard-inserted-message: Contacting service
|
||||
user-id: `+userid+`
|
||||
wtv-transition-override: off
|
||||
wtv-allow-dsc: true
|
||||
wtv-messenger-enable: 0
|
||||
wtv-noback-all: wtv-
|
||||
wtv-service: reset
|
||||
`+ getServiceString('all') + `
|
||||
wtv-boot-url: wtv-1800:/preregister?relogin=true
|
||||
wtv-user-name: `+ nickname + `
|
||||
wtv-human-name: `+ nickname + `
|
||||
wtv-irc-nick: `+ nickname + `
|
||||
wtv-home-url: wtv-home:/home?
|
||||
wtv-domain: wtv.zefie.com
|
||||
wtv-inactive-timeout: 0
|
||||
wtv-connection-timeout: 90
|
||||
wtv-show-time-enabled: true
|
||||
wtv-fader-timeout: 900
|
||||
wtv-tourist-enabled: true
|
||||
wtv-connection-timeout: 180
|
||||
wtv-ssl-timeout: 240
|
||||
wtv-login-timeout: 7200
|
||||
wtv-open-isp-disabled: false
|
||||
wtv-log-url: wtv-log:/log
|
||||
wtv-demo-mode: 0
|
||||
wtv-wink-deferrer-retries: 3
|
||||
wtv-offline-mail-enable: false
|
||||
wtv-name-server: 8.8.8.8
|
||||
wtv-visit: wtv-home:/splash?
|
||||
Content-Type: text/html`;
|
||||
|
||||
data = sec_session[ssid].EncryptKey1('hehe! stage two! and its encrypted!');
|
||||
}
|
||||
@@ -1,57 +1,56 @@
|
||||
var ssid = initial_headers['wtv-client-serial-number'] || null;
|
||||
var initialChallenge, challenge_response, challenge_header = '';
|
||||
var gourl = "wtv-head-waiter:/login?reissue_challenge=true";
|
||||
var challenge_response, challenge_header = '';
|
||||
|
||||
if (query['reissue_challenge']) {
|
||||
gourl = "client:activ";
|
||||
}
|
||||
if (ssid !== null) {
|
||||
if (sec_session[ssid].ticket_b64 == null) {
|
||||
if (initial_headers['wtv-ticket']) {
|
||||
DecodeTicket(initial_headers['wtv-ticket']);
|
||||
sec_session[ssid].ticket_b64 = initial_headers['wtv-ticket'];
|
||||
challenge_header = "wtv-ticket: "+initial_headers['wtv-ticket'];
|
||||
} else {
|
||||
challenge_response = sec_session[ssid].challenge_response;
|
||||
var client_challenge_response = initial_headers['wtv-challenge-response'] || null;
|
||||
if (challenge_response && client_challenge_response) {
|
||||
if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
|
||||
console.log(" * wtv-challenge-response success for "+ssid);
|
||||
sec_session[ssid].PrepareTicket();
|
||||
challenge_header = "wtv-ticket: "+sec_session[ssid].ticket_b64;
|
||||
var gourl = "wtv-head-waiter:/login-stage-two?";
|
||||
} else {
|
||||
challenge_header = "wtv-whatever: meh";
|
||||
gourl = "wtv-1800:/preregister?";
|
||||
}
|
||||
} else {
|
||||
if (sec_session[ssid].challenge_b64 == null) {
|
||||
challenge_header = "wtv-whatever: meh";
|
||||
gourl = "wtv-1800:/preregister?";
|
||||
} else {
|
||||
challenge_header = "wtv-challenge: "+sec_session[ssid].challenge_b64;
|
||||
}
|
||||
if (socket_session_data[socket.id].ssid !== null) {
|
||||
if (request_headers['wtv-ticket']) {
|
||||
if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
|
||||
if (request_headers['wtv-ticket'].length > 8) {
|
||||
sec_session[socket_session_data[socket.id].ssid].DecodeTicket(request_headers['wtv-ticket']);
|
||||
sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
challenge_header = "wtv-ticket: "+sec_session[ssid].ticket_b64;
|
||||
challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
|
||||
var client_challenge_response = request_headers['wtv-challenge-response'] || null;
|
||||
if (challenge_response && client_challenge_response) {
|
||||
if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
|
||||
console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
|
||||
sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
|
||||
} else {
|
||||
challenge_header = "wtv-challenge: "+issueWTVChallenge(socket);
|
||||
}
|
||||
} else {
|
||||
challenge_header = "wtv-challenge: "+issueWTVChallenge(socket);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
if (request_headers) {
|
||||
var cookiedata = {};
|
||||
Object.keys(request_headers).forEach(function (k) {
|
||||
switch (k) {
|
||||
case "wtv-capability-flags":
|
||||
case "wtv-system-version":
|
||||
case "wtv-client-rom-type":
|
||||
case "wtv-client-bootrom-version":
|
||||
case "wtv-system-chipversion":
|
||||
case "wtv-system-sysconfig":
|
||||
case "wtv-system-cpuspeed":
|
||||
cookiedata[k] = request_headers[k];
|
||||
break;
|
||||
}
|
||||
});
|
||||
}
|
||||
*/
|
||||
headers = `200 OK
|
||||
Connection: Keep-Alive
|
||||
Expires: Wed, 09 Oct 1991 22:00:00 GMT
|
||||
wtv-expire-all: wtv-head-waiter:
|
||||
wtv-service: name=wtv-log host=` + pubip + ` port=1615 connections=1
|
||||
`+getServiceString('wtv-log')+`
|
||||
wtv-log-url: wtv-log:/log
|
||||
`+challenge_header+`
|
||||
wtv-relogin-url: wtv-1800:/preregister?relogin=true
|
||||
wtv-reconnect-url: wtv-1800:/preregister?reconnect=true
|
||||
wtv-visit: `+gourl+`
|
||||
Content-length: 0
|
||||
wtv-visit: wtv-head-waiter:/login-stage-two?
|
||||
Content-type: text/html`;
|
||||
|
||||
data = '';
|
||||
|
||||
|
||||
|
||||
@@ -1,2 +0,0 @@
|
||||
var wtvtest = new WTVNetworkSecurity();
|
||||
wtvtest.Test();
|
||||
Reference in New Issue
Block a user