fix challenge exchange and tickets

2021-07-11 18:28:53 -04:00
parent 5662357981
commit e3c5c15a7c
14 changed files with 485 additions and 217 deletions
--- a/hacktv_updsrv/ServiceVault/wtv-1800/LC2.tok
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/LC2.tok
@@ -1,32 +0,0 @@
-ANDY........z.
-.`.6[......8(&.S.....}...lIa.;...b..c..d....e...f..g%.c*I.h..i!...j).k.B.lH.m.=C5*@.n
-.1].oQ.t..Ip.().{..Isetdtr..(C.);.Idoelay..1>..z..1....rC...}M.q.(..r..R.lIs|...w(...P)e..P;..r..0.t0.u.,~..v.,lIw;..1.v.){.i(.!..D).b;..'.P='.D.o.i(.-.>....j....IUx..y[.za.A..N8.B.=..C.C
-.UzN.D..A..y~..:...NC2<..y3.N....}.a....e{2.g.$.
-...=.v.[.A{.D..d
-(."M.A(.....r..a....f.u...ep.G...PQ...R.."E..F|.UG..H..F..F.....F.E%.r0.-.&.+ F..r-U.I.I.(lIJ..K.......j J|.J.w/C2
-.K.D..R,.%..H#LH"M.!.NM".!progr?esstex7 ....$..percen.tage..6...dGirt.".!')O...*IP.$Q.1*I.R..S
-.TF0;?.0..<..U.04..#.."version>P0GC9.|.0. .#....!g..hon}es0tings..|@1n!T.EC8i.r.!...y.1?<..
-.0U..2..v1..3.)1..4.34.44..0.printf.(.STS: cou.ldn't .. .size of CROa..5....+i.z.3(
-.9.)<
-.R.!R .>@S).4.A.C1S..464?4W>45W5R..6=..F..A."..:f0^.8..	15..w.9..8.I.;I.x...FON.E@%x, le?n=%d, ....+.,t.+w.,.!.... /Q.AP. ...@.....a.rF..Q>.Z!..
-P.-G.%+..$..e..2'.SV."W@P*I.X..Y... Z..a.a.CIba.[C.40.].aIfl.ush..send.s.QSATI3
-|.R!*SENT ....b..linf1Q.,WC3?..1.Q;.R.....8@.b}+fw .query go.t '%s'.,...i }efirmw.areb6.	..15..]mb..vb.`..c.m.`M.,SV1..001_WEBT.V-K56_DLB.0EDc8.!q..YE....;E.;.....b.?.....U S:.:..:i.sRockwel.l."..."..\....p|....+MR=0............CX. t.est retu.rned......O..`m....e...#S2.20.../..........._	x....+k1....0&.X#..s3&P..t6............Xt.....
-Z....&.;2
-.c%a..d....e.C.......g. .O.A....2.p@....Ii...A;61.AcIj...0.#.k#.7#.l5.8.5.mv.^.G.9G.*.InQ0S1.aT.oZ..pb.Iq..r	..s..t..u..=.e.nablemod.em..tflow.controlN../S].baud^.>..pOeIv ...D2GV1E.0.3..3..T...P@..@..@..
-@...@.........d.[[ound v..@ .@jP, di9s..x. 56..]....p.....`.4....F..|!X....!a...+.+MS=11,.....[...,.,SS.51=3*.....R...@ss@.38=0S.30=180S9.5=36;.L3&.Q5&K.c.	u ..qVP.5.I &(I...nec..with.videoa..)QN...	B.M..e...... 5.S6=101X.r:...4XNr....0GC7o.. x.. ......#1.!....2"..6.	.p1.8?.I..d.I.9}.....K.|....,.(./4.cw-.hack@...F.C.., .. S10=S%sS...,.A,.1.,.1,~1e.:.9....+....0$..0=S3...#...2.."./.1.....m......a.."A ...b..,.s.n..Z	......@..m9..1=@..P.'...(.(.1...(
-. (.Q.6P...'. P..	.P.C..|..}5.&P.C..-.h.-.b..3..9.2.4.Cetw.indow....;0.~j.Iw.cx,pl.Iy~o~o~o~e..v..@Jc6dA.....bB..g2.cC.g3ndD.I..b8<....V.M..L.H..Y....-J...R.O...&!..g-Us..QLD pref.ix.+W.....S,..%..........5.5..KG9.9.9...!q..r.A.E..F......P.<=.....<...wa.itfo..H..p...),C7;.6....p.fig ....L.b..?: TIMEO.UT f.\qj. OWK (V.=..)=..I...x..G....C..... from .l.,..Y.d..S...T7.B.G..H..I
-....statu..C.6F.J..C.B.....:...8.p..._.,S.lp*.*.%.orce.hook.....rt....K>.lIL.5.M|.N...R..=I.|._parser/esul_p@4.0.r5.b....@Ic9..e>.C..#T.NC4?255464...].V. -- %d /%s (..c...p...k....,..j#b{.&x.<C38l.,.A..C>..r..Up...oa
-.....%`..: ...7.$..q%..q&.N.O CARRIE.R-.<-...-	DI.ALTONE\.5x\.....BUSY...7..{@.	ANSW.......G......L.C....C..ed!...e..*.&.*..-.C.p.b....E.E.~..0..2?..3G.b2..9.pm.2>.2.....34<.:<.<...)4...pd..4.......5.55.4....1c...|...i
->.p;#>.N..79>....?'..4s...83. .*5.M.....58....C.&.96.%:.........8.B. .A.jP.1R..9unknown..3..9|.<.<..?.>..6..O..PJ.J.J."J.QJ..@..R..J.uS..:..lIT..qU..0.<.*IV...W..X..\.h.....?,SISP-.R...1.+..,..C1?.u0...b .....e.*......ork..nu.mbeyq......=.IYKaA.....=I9E....,C2#......G....3..a..=.....+0C....>..d.!.&G.&...t....|b.....Z..s....P|...........A.TDP...
-9...= v.R.......,:"....x.....Pb....k@P..D.....&.!<4.!b@...B r.c .W. r.r...,	.ti.r...x..9B.,>.I.a.ler..SErr...!.: Your. recei.. .can.... to. WebTV. .Please{.t.a..Custom.0.Care at. 1-800-4.69-3288..J.. 3.i(e"...p.......6........ ........&.}.$g..c..#E. .3=..#;....%3L....0]...f.ancy....l..6.:.....S;G...6..Id
- .A.O.IIir.G1.CuHlIew....Iw....... z..y......46.MC
-...%w.0eL.N.<..D..w..lin...B.A&.@06..H.b.1...E.....U.. @.W...P....`..1eh.8kd...=..Iatoi..Dr...(.B.~)3A...i.@R..Bdela..PC;.S,Pf.12@..n..r.2c...g]0.odd...S..{.\.QNmU....<z.>....Q..r.q......T.....E.IgoA=.5S.h
-...s.dter{at.q, dc...prot..com.p.p.!..h!.......g/'.d.i.@!.l.j.8...9..r,l*I.kb.r..=X.V.T...Q!.P.....XQ.p,.X......al. g.../%sa.x.v...v....7dx..26...@.i.aP.failur.e,.$2...;.....|	.s.....,`.....O.....l:.m,.nt....u7.nam.1.....pass#.d@vP*.........o.a.5.2.2..rtpp.4.T.u..Ap.P..)...=.AP/CHA?P auth..0..:0.0.PP ne.?0ia.AI.e_"r.C;0.........O..s.c..)<.....F.WARNING.@{S &. low.3..q6..R5q....rT"..Ys.#t.#u.#.c..[C3y.....0.`)U..8.Iii.>..NT%...,S.#..'....).08..I.1u.tefc.1^..v...V...k.:"p..M...sUs@1.. wi..".A/.D..l$r.".	..cv.dlIJ..J...system_>.`boxfe. ...la..
-.J..55G464b..2..IU.AJ..-a..-a..w........b...n."D.s.uppor.%.6.....u.h.......R..Ag........k.x..RlPyA.sPz..A
-.uB..C.SlIDf.cEbUS#...tiyA.C76:7f1#.#....yea..gA:....dl`/.local...I.g.nCk.NC7.;2(.{.<b...e.L....av.Pt./.a...,M...%..........(b......,.x....A...yofwee.[AN...hr...U....min{0'.`...l..
-.i.*...F*.*I.G..H..hrJ..K.........#.].....?rycoun.Qy.8"..tM.=Iq..n..
-.nex..seq.Len.....T.qC.==.f(..=..;R..<....Pu.....=IL...u,..[z..]Z.K.,@....s..c..rMG.-....y.|..E..-7.r.%.]..qe$...W.mQ00.E.:.%.as..J..I........!r.r.r..r.r.r	.1....ma.i..?.?.*..=@rA.4.DL.[C5.T.T...lINp.ti.ck~.le#
-.!.7.	g..v.O*..Q......+<C9..PU...qc..A...rog3..s.iJ.fullp.op....S.......r..E....,C2.....o.Q.+L...s.:'.&!z...?.....R.)..~...+.su{cc.., in.@.]0A..(..-..)./C3<..:.	..?...:.. #..d.;.@i.i........1Y..X. u...i(Z.[PP.]&.8V...2..0...3..)|~././. >./.z./._	7_..../..	6..c./..	5 ..........Z.. ..7.........lIS:..L^.Premp<..to 6pl.......a$cVO.}.,=.c...[C8n...SD...%s	.@........f.bf.f.f.f.A/.Nj.j...c.......WebTV...8....0.Wai.A...+.1...a.IS..n.swee.].=.\....-...M.....V
-O.(..(...yI. ....v..4.4....*....rn...k@..L(..T..U...IV..r..Sw.tv_6......S.....base.ts.f .. 77 (.ANI=(E.et;))^Eani.X..0.P.E..ldIl.....k..W....5...'......O...#.*.vi.c..9=39==s33.`
-.<32...n..Io.di.=SS ....[.`]...>a[.0...@j...)..6..8,.4G.66.V.o@J	7Y.../P,..Y.5w.......
-....4..g.....:.*.V.P*...G...5.qh	.J..h..4....=..d....;..$.69;....;.>J...Y...J.	1a.v.:A....._...q:.Q.6;..o.5.Y.Q...h.......?.a...<......Z.." h. "+..U..{.....l..,s?..r;..1C.47..7.... .\.. .zb~!..P.8.i..P.X)....Y......,*IZ@.*Ia9c. ..lIy.q...(.=S18006.13819..6.=;Sa	.mis..6..@...:.:.:.H.8.w..BUGd.....a1.....`.....i.........,..B...c.\.b...c..d..$.fcJ..g0.h..=.@,.U@-.@..@/.@0...BW.A.*C64..+P.I1..`...o.U....u.... for~..%d:%02...........l..p..r.;.S.S1. |.D.@S.D...e...e.\.\.\..\.L.A.......>.".^...S-a*.-...,..(...\.....;.<c=X.....
--- a/hacktv_updsrv/ServiceVault/wtv-1800/LC2/artemis_18004653537.tok
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/LC2/artemis_18004653537.tok
--- a/hacktv_updsrv/ServiceVault/wtv-1800/LC2/artemis_18006138199.tok
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/LC2/artemis_18006138199.tok
--- a/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/mame.jpg
--- a/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/offer-open-isp-suggest.js
@@ -1,29 +1,30 @@
-var ssid = initial_headers['wtv-client-serial-number'] || null;
-if (ssid != null && !sec_session[ssid]) {
-	sec_session[ssid] = new WTVNetworkSecurity();
-	sec_session[ssid].IssueChallenge();
+if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) {
+	sec_session[socket_session_data[socket.id].ssid] = new WTVNetworkSecurity();
+	sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
+	sec_session[socket_session_data[socket.id].ssid].set_incarnation(initial_headers['wtv-incarnation']);
 }

 headers = `200 OK
-Connection: Keep-Alive
+Connection: Close
+wtv-initial-key: ` + sec_session[socket_session_data[socket.id].ssid].challenge_key.toString(CryptoJS.enc.Base64) + `
 Content-Type: text/tellyscript
-wtv-initial-key: ` + sec_session[ssid].challenge_key.toString(CryptoJS.enc.Base64) + `
 wtv-service: reset
 wtv-service: name=wtv-1800 host=` + pubip + ` port=1615 connections=1
 wtv-service: name=wtv-head-waiter host=` + pubip + ` port=1615 flags=0x04 flags=0x00000001 connections=1
 wtv-service: name=htv-update host=` + pubip + ` port=1615 flags=0x04
-wtv-client-time-zone: GMT -0000
-wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT
 wtv-boot-url: wtv-head-waiter:/login?
-Location: wtv-head-waiter:/login?
-wtv-visit: wtv-head-waiter:/login?`;
+wtv-visit: wtv-head-waiter:/login?
+wtv-client-time-zone: GMT -0000
+wtv-client-time-dst-rule: GMT
+wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT`;


-var romtype = getWTVROMType(initial_headers);
+var romtype = socket_session_data[socket.id].romtype;

 switch (romtype) {
 	case "US-LC2-disk-0MB-8MB":
-		data = fs.readFileSync(__dirname + "/ServiceVault/wtv-1800/LC2/artemis_18006138199.tok");
+		data = fs.readFileSync(__dirname + "/ServiceDeps/LC2/artemis_18006138199.tok").buffer;
+		//data = fs.readFileSync(__dirname + "/ServiceDeps/LC2/LC2.tok").buffer;
 		break;
 		
 	default:
--- a/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js
+++ b/hacktv_updsrv/ServiceVault/wtv-1800/preregister.js
@@ -1,4 +1,5 @@
 headers = `200 OK
 Connection: Keep-Alive
 wtv-open-isp-disabled: false
-wtv-visit: wtv-1800:/offer-open-isp-suggest?`;
+wtv-visit: wtv-1800:/offer-open-isp-suggest?
+Content-type: text/html`;
--- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js
+++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js
@@ -1,17 +1,45 @@
-var ssid = initial_headers['wtv-client-serial-number'] || null;
-var initialChallenge, challenge_response, challenge_header = '';
+var challenge_response, challenge_header = '';
+var gourl;

-if (ssid !== null) {
-	if (sec_session[ssid].ticket) {
-		challenge_header = "wtv-ticket: "+sec_session[ssid].ticket;
+if (socket_session_data[socket.id].ssid !== null) {
+	if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
+		if (initial_headers['wtv-ticket']) {
+			if (initial_headers['wtv-ticket'].length > 8) {
+				DecodeTicket(initial_headers['wtv-ticket']);
+				sec_session[socket_session_data[socket.id].ssid].ticket_b64 = initial_headers['wtv-ticket'];
+				socket_session_data[socket.id].secure == true;
+			}
+		} else {
+			challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
+			var client_challenge_response = initial_headers['wtv-challenge-response'] || null;
+			if (challenge_response && client_challenge_response) {		
+				if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
+					console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
+					sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
+					socket_session_data[socket.id].secure == true;
+				} else {
+					gourl = "wtv-head-waiter:/login?reissue_challenge=true";
+				}
+			} else {
+				gourl = "wtv-head-waiter:/login?no_response=true";
+			}
+		}
 	}
 }
- 
-
-	

+if (gourl) {
 headers = `200 OK
-wtv-ticket: `+sec_session[ssid].ticket+`
+Connection: Keep-Alive
+wtv-open-isp-disabled: false
+wtv-visit: `+gourl+`
+Content-type: text/html`;
+	data = '';
+} else {
+	headers = `200 OK
+Connection: Keep-Alive
+wtv-encrypted: true
+wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
 Content-Type: text/html`;
-
-data = sec_session[ssid].EncryptKey1('hehe! stage two! and its encrypted!');
+	
+	data = "hehe! stage two! <a href='wtv-head-waiter:/finalize-security'>test</a>";
+}
--- a/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js
+++ b/hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js
@@ -1,43 +1,63 @@
-var ssid = initial_headers['wtv-client-serial-number'] || null;
 var initialChallenge, challenge_response, challenge_header = '';
-var gourl = "wtv-head-waiter:/login?reissue_challenge=true";
+var gourl = "wtv-head-waiter:/login-stage-two?";

-if (query['reissue_challenge']) {
-	gourl = "client:activ";
-} 
-if (ssid !== null) {
-	if (sec_session[ssid].ticket_b64 == null) {
+if (socket_session_data[socket.id].ssid !== null) {
+	if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
 		if (initial_headers['wtv-ticket']) {
-			DecodeTicket(initial_headers['wtv-ticket']);
-			sec_session[ssid].ticket_b64 = initial_headers['wtv-ticket'];
-			challenge_header = "wtv-ticket: "+initial_headers['wtv-ticket'];
+			if (initial_headers['wtv-ticket'].length > 8) {
+				DecodeTicket(initial_headers['wtv-ticket']);
+				sec_session[socket_session_data[socket.id].ssid].ticket_b64 = initial_headers['wtv-ticket'];
+			}
 		} else {
-			challenge_response = sec_session[ssid].challenge_response;
+			challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
 			var client_challenge_response = initial_headers['wtv-challenge-response'] || null;
 			if (challenge_response && client_challenge_response) {		
 				if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
-					console.log(" * wtv-challenge-response success for "+ssid);
-					sec_session[ssid].PrepareTicket();
-					challenge_header = "wtv-ticket: "+sec_session[ssid].ticket_b64;
-					var gourl = "wtv-head-waiter:/login-stage-two?";
+					console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
+					sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
 				} else {
-					challenge_header = "wtv-whatever: meh";
-					gourl = "wtv-1800:/preregister?";
+					challenge_header = "wtv-challenge: "+sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
 				}
 			} else {
-				if (sec_session[ssid].challenge_b64 == null) {
-					challenge_header = "wtv-whatever: meh";
-					gourl = "wtv-1800:/preregister?";					
-				} else {
-					challenge_header = "wtv-challenge: "+sec_session[ssid].challenge_b64;
-				}
+				challenge_header = "wtv-challenge: "+sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
 			}
 		}
-	} else {
-		challenge_header = "wtv-ticket: "+sec_session[ssid].ticket_b64;
 	}
 }
-	
+
+if (sec_session[socket_session_data[socket.id].ssid].ticket_b64) {
+	headers = `200 OK
+Connection: Keep-Alive
+wtv-encrypted: true
+wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
+wtv-client-time-zone: GMT -0000
+wtv-client-date: `+strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString()))+` GMT
+wtv-country: US
+wtv-language-header: en-US,en
+wtv-visit: client:closeallpanels
+wtv-expire-all: client:closeallpanels
+wtv-noback-all: wtv-
+wtv-service: reset
+wtv-service: name=wtv-1800 host=` + pubip + ` port=1615 connections=1
+wtv-service: name=wtv-head-waiter host=` + pubip + ` port=1615 flags=0x04 flags=0x00000001 connections=1
+wtv-service: name=htv-update host=` + pubip + ` port=1615 flags=0x04
+wtv-boot-url: wtv-head-waiter:/login?
+wtv-input-timeout: 14400
+wtv-connection-timeout: 90
+wtv-fader-timeout: 900
+wtv-ssl-log-url: wtv-log:/log
+wtv-bypass-proxy: true
+wtv-allow-dsc: true
+wtv-messenger-enable: 0
+wtv-nameserver: 1.1.1.1
+wtv-phone-log-url: wtv-log:/log
+wtv-visit: wtv-head-waiter:/login-stage-two?
+Content-type: text/html`
+
+data = '';
+//data = fs.readFileSync(__dirname + "/ServiceDeps/splash.html");
+
+} else {

 headers = `200 OK
 Connection: Keep-Alive
@@ -49,9 +69,6 @@ wtv-log-url: wtv-log:/log
 wtv-relogin-url: wtv-1800:/preregister?relogin=true
 wtv-reconnect-url: wtv-1800:/preregister?reconnect=true
 wtv-visit: `+gourl+`
-Content-length: 0
 Content-type: text/html`;
-
 data = '';
-
-
+}