Digitalstack/otclient
2
0
Fork 0
mirror of https://github.com/edubart/otclient.git synced 2025-10-19 14:03:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

encrypt password and account number

Browse Source 
* the encryption uses a unique machine key, this means that if anyone steals config.otml with a saved password,
he will not be able to decrypt the password without the machine UUID key
* the encrypt uses a simple XOR encryption method, encoded with base64 and adler32 summing
This commit is contained in:
Eduardo Bart
2012-06-04 09:38:15 -03:00
parent 296f2a17c4
commit e5000fa577
13 changed files with 249 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
src/framework/util/crypt.cpp Normal file
View File

@@ -0,0 +1,161 @@
/*
* Copyright (c) 2010-2012 OTClient <https://github.com/edubart/otclient>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "crypt.h"
#include <framework/stdext/math.h>
#include <boost/uuid/uuid.hpp>
#include <boost/functional/hash.hpp>
static const std::string base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static inline bool is_base64(unsigned char c) { return (isalnum(c) || (c == '+') || (c == '/')); }
std::string Crypt::base64Encode(const std::string& decoded_string)
{
std::string ret;
int i = 0;
int j = 0;
uint8 char_array_3[3];
uint8 char_array_4[4];
int pos = 0;
int len = decoded_string.size();
while(len--) {
char_array_3[i++] = decoded_string[pos++];
if(i == 3) {
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
char_array_4[3] = char_array_3[2] & 0x3f;
for(i = 0; (i <4) ; i++)
ret += base64_chars[char_array_4[i]];
i = 0;
}
}
if(i) {
for(j = i; j < 3; j++)
char_array_3[j] = '\0';
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
char_array_4[3] = char_array_3[2] & 0x3f;
for(j = 0; (j < i + 1); j++)
ret += base64_chars[char_array_4[j]];
while((i++ < 3))
ret += '=';
}
return ret;
}
std::string Crypt::base64Decode(const std::string& encoded_string)
{
int len = encoded_string.size();
int i = 0;
int j = 0;
int in_ = 0;
uint8 char_array_4[4], char_array_3[3];
std::string ret;
while(len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) {
char_array_4[i++] = encoded_string[in_]; in_++;
if(i ==4) {
for(i = 0; i <4; i++)
char_array_4[i] = base64_chars.find(char_array_4[i]);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
for(i = 0; (i < 3); i++)
ret += char_array_3[i];
i = 0;
}
}
if(i) {
for(j = i; j <4; j++)
char_array_4[j] = 0;
for(j = 0; j <4; j++)
char_array_4[j] = base64_chars.find(char_array_4[j]);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
for(j = 0; (j < i - 1); j++)
ret += char_array_3[j];
}
return ret;
}
std::string Crypt::xorCrypt(const std::string& buffer, const std::string& key)
{
std::string out;
out.resize(buffer.size());
register size_t i, j=0;
for(i=0;i<buffer.size();++i) {
out[i] = buffer[i] ^ key[j++];
if(j >= key.size())
j = 0;
}
return out;
}
std::string Crypt::genUUIDKey()
{
boost::hash<boost::uuids::uuid> uuid_hasher;
std::size_t hash = uuid_hasher(boost::uuids::uuid());
std::string key;
key.assign((const char *)&hash, sizeof(hash));
return key;
}
std::string Crypt::encrypt(const std::string& decrypted_string)
{
std::string tmp = "0000" + decrypted_string;
uint32 sum = stdext::adler32((const uint8*)decrypted_string.c_str(), decrypted_string.size());
stdext::writeLE32((uint8*)&tmp[0], sum);
std::string encrypted = base64Encode(xorCrypt(tmp, genUUIDKey()));
return encrypted;
}
std::string Crypt::decrypt(const std::string& encrypted_string)
{
std::string decoded = base64Decode(encrypted_string);
std::string tmp = xorCrypt(base64Decode(encrypted_string), genUUIDKey());
if(tmp.length() >= 4) {
uint32 readsum = stdext::readLE32((const uint8*)tmp.c_str());
std::string decrypted_string = tmp.substr(4);
uint32 sum = stdext::adler32((const uint8*)decrypted_string.c_str(), decrypted_string.size());
if(readsum == sum)
return decrypted_string;
}
return std::string();
}

38
src/framework/util/crypt.h Normal file
View File

@@ -0,0 +1,38 @@
/*
* Copyright (c) 2010-2012 OTClient <https://github.com/edubart/otclient>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#ifndef CRYPT_H
#define CRYPT_H
#include "../stdext/types.h"
#include <string>
namespace Crypt {
std::string base64Encode(const std::string& decoded_string);
std::string base64Decode(const std::string& encoded_string);
std::string xorCrypt(const std::string& buffer, const std::string& key);
std::string genUUIDKey();
std::string encrypt(const std::string& decrypted_string);
std::string decrypt(const std::string& encrypted_string);
}
#endif

124
src/framework/util/rsa.cpp Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (c) 2010-2012 OTClient <https://github.com/edubart/otclient>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "rsa.h"
#include <gmp.h>
void RSA::encrypt(char *msg, int size, const char* key)
{
assert(size <= 128);
mpz_t plain, c;
mpz_init2(plain, 1024);
mpz_init2(c, 1024);
mpz_t e;
mpz_init(e);
mpz_set_ui(e,65537);
mpz_t mod;
mpz_init2(mod, 1024);
mpz_set_str(mod, key, 10);
mpz_import(plain, size, 1, 1, 0, 0, msg);
mpz_powm(c, plain, e, mod);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, size - count);
mpz_export(&msg[size - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(plain);
mpz_clear(e);
mpz_clear(mod);
}
void RSA::decrypt(char *msg, int size, const char *p, const char *q, const char *d)
{
assert(size <= 128);
mpz_t mp, mq, md, u, dp, dq, mod, c, v1, v2, u2, tmp;
mpz_init2(mp, 1024);
mpz_init2(mq, 1024);
mpz_init2(md, 1024);
mpz_init2(u, 1024);
mpz_init2(dp, 1024);
mpz_init2(dq, 1024);
mpz_init2(mod, 1024);
mpz_init2(c, 1024);
mpz_init2(v1, 1024);
mpz_init2(v2, 1024);
mpz_init2(u2, 1024);
mpz_init2(tmp, 1024);
mpz_set_str(mp, p, 10);
mpz_set_str(mq, q, 10);
mpz_set_str(md, d, 10);
mpz_t pm1,qm1;
mpz_init2(pm1, 520);
mpz_init2(qm1, 520);
mpz_sub_ui(pm1, mp, 1);
mpz_sub_ui(qm1, mq, 1);
mpz_invert(u, mp, mq);
mpz_mod(dp, md, pm1);
mpz_mod(dq, md, qm1);
mpz_mul(mod, mp, mq);
mpz_import(c, size, 1, 1, 0, 0, msg);
mpz_mod(tmp, c, mp);
mpz_powm(v1, tmp, dp, mp);
mpz_mod(tmp, c, mq);
mpz_powm(v2, tmp, dq, mq);
mpz_sub(u2, v2, v1);
mpz_mul(tmp, u2, u);
mpz_mod(u2, tmp, mq);
if(mpz_cmp_si(u2, 0) < 0) {
mpz_add(tmp, u2, mq);
mpz_set(u2, tmp);
}
mpz_mul(tmp, u2, mp);
mpz_set_ui(c, 0);
mpz_add(c, v1, tmp);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, size - count);
mpz_export(&msg[size - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(v1);
mpz_clear(v2);
mpz_clear(u2);
mpz_clear(tmp);
mpz_clear(pm1);
mpz_clear(qm1);
mpz_clear(mp);
mpz_clear(mq);
mpz_clear(md);
mpz_clear(u);
mpz_clear(dp);
mpz_clear(dq);
mpz_clear(mod);
}

34
src/framework/util/rsa.h Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright (c) 2010-2012 OTClient <https://github.com/edubart/otclient>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#ifndef RSA_H
#define RSA_H
#include <framework/global.h>
namespace RSA
{
void encrypt(char *msg, int size, const char *key);
void decrypt(char *msg, int size, const char *p, const char *q, const char *d);
};
#endif