1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
From c647af72f0d5699c341ec8cee995f2aee46261a9 Mon Sep 17 00:00:00 2001
From: Davide Depau <davide@depau.eu>
Date: Tue, 16 Jun 2020 03:27:36 +0200
Subject: [PATCH] Monkey-patch time to fix bug in pycrypto
---
proto9x/tls.py | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/proto9x/tls.py b/proto9x/tls.py
index e1c7759..4dfe175 100644
--- a/proto9x/tls.py
+++ b/proto9x/tls.py
@@ -1,3 +1,8 @@
+# Monkey-patch time module since pycrypto uses a deprecated function.
+# See https://github.com/fabiant7t/pycrypto/commit/6d41ad025331afce9e495d7be3205730ddfa8f07
+import time
+time.clock = time.process_time
+
import re
import hmac
import sys
@@ -15,7 +20,6 @@ from fastecdsa.encoding.der import DEREncoder
from .util import assert_status
import pickle
-
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
@@ -34,7 +38,7 @@ fff000000000000000000000000000000000000000000000000000000000000000000000000
def prf(secret, seed, length):
n = (length + 0x20 - 1) // 0x20
-
+
res = b''
a = hmac.new(secret, seed, sha256).digest()
@@ -47,7 +51,7 @@ def prf(secret, seed, length):
def hs_key():
key=password_hardcoded[:0x10]
- seed=password_hardcoded[0x10:] + b'\xaa'*2
+ seed=password_hardcoded[0x10:] + b'\xaa'*2
hs_key=prf(key, b'HS_KEY_PAIR_GEN' + seed, 0x20)
return int(hs_key[::-1].hex(), 16)
@@ -78,7 +82,7 @@ def unpad(b):
# TODO assert the right state transitions
class Tls():
-
+
def __init__(self, usb):
self.usb = usb
self.reset()
@@ -119,10 +123,10 @@ class Tls():
self.make_keys()
rsp=self.usb.cmd(
- unhexlify('44000000') +
+ unhexlify('44000000') +
self.make_handshake(
- self.make_certs() +
- self.make_client_kex() +
+ self.make_certs() +
+ self.make_client_kex() +
self.make_cert_verify()) +
self.make_change_cipher_spec() +
self.make_handshake(self.make_finish()))
@@ -160,7 +164,7 @@ class Tls():
def save(self):
with open('tls.dict', 'wb') as f:
- pickle.dump({
+ pickle.dump({
'sign_key': self.sign_key,
'validation_key': self.validation_key,
'encryption_key': self.encryption_key,
@@ -205,7 +209,7 @@ class Tls():
self.trace('<tls< %02x: %s' % (t, hexlify(b).decode()))
return b
-
+
def sign(self, t, b):
self.trace('>tls> %02x: %s' % (t, hexlify(b).decode()))
@@ -341,7 +345,7 @@ class Tls():
elif t == 0x14:
if pkt != unhexlify('01'):
raise Exception('Unexpected ChangeCipherSpec payload')
-
+
self.secure_rx = True
elif t == 0x17:
@@ -477,14 +481,14 @@ class Tls():
# The following pub key is hardcoded for each fw revision in the synaWudfBioUsb.dll.
# Corresponding private key should only be known to a genuine Synaptic device.
fwpub=Point(
- 0xf727653b4e16ce0665a6894d7f3a30d7d0a0be310d1292a743671fdf69f6a8d3,
+ 0xf727653b4e16ce0665a6894d7f3a30d7d0a0be310d1292a743671fdf69f6a8d3,
0xa85538f8b6bec50d6eef8bd5f4d07a886243c58b2393948df761a84721a6ca94, P256)
signature=DEREncoder().decode_signature(signature)
if not verify(signature, key, fwpub):
raise Exception('Untrusted device')
-
+
def handle_priv(self, body):
self.priv_blob = body
@@ -496,7 +500,7 @@ class Tls():
sig=hmac.new(self.psk_validation_key, c, sha256).digest()
if hs != sig:
raise Exception('Signature verification failed. This device was probably paired with another computer.')
-
+
iv, c = c[:AES.block_size], c[AES.block_size:]
aes=AES.new(self.psk_encryption_key, AES.MODE_CBC, iv)
m=aes.decrypt(c)
--
2.27.0
|