caret
/
harasho
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
harasho/utils
History
Caret d45d5c862e encryption matches 2024-02-11 19:49:30 -06:00
..
README.md encryption matches 2024-02-11 19:49:30 -06:00
certs.sh Removed certs 2023-09-23 21:27:23 -05:00
install.bat Revert "made" 2023-06-27 22:43:50 -05:00
nesys.bat Revert "made" 2023-06-27 22:43:50 -05:00
pad_plaintext.py so close 2024-02-11 13:16:55 -06:00
pkcs8_public_key.pem Finally basicinfo works 2023-09-25 20:36:02 -05:00
private_key.pem Finally basicinfo works 2023-09-25 20:36:02 -05:00
public_key.pem Finally basicinfo works 2023-09-25 20:36:02 -05:00
runme.reg hmm 2023-07-11 22:38:03 -05:00

README.md

Utils

todo (add the missing encrypted endpoints)

Encryption testing with curl and openssl

/basicinfo request

curl -X POST http://localhost/basicinfo -o encrypted_data.bin

Decrypt:

openssl rsautl -inkey public_key.pem -pubin -in encrypted_data.bin -raw (it decrypts with public key and encrypts with private)

Oneliner:

curl -X POST http://localhost/basicinfo | openssl rsautl -inkey public_key.pem -pubin

/game/* request

curl -X POST http://localhost/game -o aes.bin

Decrypt:

(key and iv are 0123456789012345 in hex format for openssl)

openssl enc -d -aes-128-cfb -in aes.bin -out lol.txt -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435'

Oneliner: curl -X POST http://localhost/game | openssl enc -d -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435'

Test a game command:

The python file pads the given protocol string, then openssl encrypts it for the server to then decrypt and respond. With the response we get, we are able to decrypt that using the same method.

python pad_plaintext.py '{"game":{"eventcode":"000","version":"2.4.1"},"param":{},"protocol":"unlock"}' | openssl enc -e -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435' | curl -X POST -H "Content-Type: application/octet-stream" --data-binary @- http://10.3.0.141/game | openssl enc -d -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435'

python pad_plaintext.py '{"game":{"eventcode":"000","version":"2.4.1"},"param":{},"protocol":"unlock","terminal":{"tenpo_id":"1337","tenpo_index":1337,"terminal_attrib":0,"terminal_id":"1C1B0D07CDBB"}}' | openssl enc -e -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435' | curl -X POST -H "Content-Type: application/octet-stream" --data-binary @- http://localhost/game | openssl enc -d -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435'

Test unlock: python pad_plaintext.py '{"game":{"eventcode":"000","version":"2.4.1"},"param":{},"protocol":"unlock","terminal":{"tenpo_id":"1337","tenpo_index":1337,"terminal_attrib":0,"terminal_id":"1C1B0D07CDBB"}}' | openssl enc -e -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435' | curl -X POST -H "Content-Type: application/octet-stream" --data-binary @- http://localhost/game | openssl enc -d -aes-128-cfb -K '30313233343536373839303132333435' -iv '30313233343536373839303132333435' > mine.xxd && xxd mine.xxd