socked and bytes operation

[luca72]

Hello i have this question :
i connect to the server in this way:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.1.11',11502))
rcv = sock.recv(8124)
here i get 14 random bytes , in a string with strange chars like :
¬¨^.á‹•Ò
a„ãj
I think because sock.recv return a string.
Now i have to xor this 14 bytes with a key stored in file as a sting.
Can you help me to understand how to do it.

Thanks

Luca

 

[Chris Rebert]

Hello i have this question :
i connect to the server in this way:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.1.11',11502))
rcv = sock.recv(8124)
here i get 14 random bytes , in a string with strange chars like :
¬¨^.á‹•Ò
a„ãj
I think because sock.recv return a string.
Now i have to xor this 14 bytes with a key stored in file as a sting.
Can you help me to understand how to do it.

# Disclaimer: Completely untested
from itertools import cycle
f = open("path/to/key_file", 'r') # open file
key = f.read() # read from file
f.close() # close file
# convert strings to lists of integers
rcv = map(ord, rcv)
key = map(ord, key)
plain_chars = []
# do the XOR-ing
for cypher_char, key_char in zip(rcv, cycle(key)):
plain_char = chr(ord(cypher_char) ^ ord(key_char))
plain_chars.append(plain_char)
# join decrypted characters into a string
# and output it
print ''.join(plain_chars) # Python idiom

You'll probably need to read up on what zip(), map(), ord(), and chr() do:
http://docs.python.org/library/functions.html

Cheers,
Chris

 

[John Nagle]

Hello i have this question :
i connect to the server in this way:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.1.11',11502))
rcv = sock.recv(8124)
here i get 14 random bytes , in a string with strange chars like :
¬¨^.á‹•Ò
a„ãj
I think because sock.recv return a string.
Now i have to xor this 14 bytes with a key stored in file as a sting.
Can you help me to understand how to do it.

Port 11502? What are you talking to? An eSoft Distributed
Intelligent Architecture node? Unlikely. Let me guess. A Counter-Strike
server.

John Nagle

 

[luca72]

     Port 11502?  What are you talking to?  An eSoft Distributed
Intelligent Architecture node? Unlikely. Let me guess. A Counter-Strike
server.

                                John Nagle

i'm tolking to a cardserv in a dvb decoder with linux inside

 

[luca72]

i attach some part of the server so maybe you can help me to
understand :
Packet description (before encryption)

Messages sent back and forth between newcamd and a cardserver always
consist of
a three byte header and (optional) data bytes. The header always
starts with a
command tag byte. This is always the first byte (byte 1) of a message.
In case of an ECM or EMM this is simply the table id of the ECM (0x80,
0x81)
or EMM (0x82 - 0x8f). Other commands use cmd tags starting from 0xe0
like this:

#define CWS_FIRSTCMDNO 0xe0

typedef enum
{
MSG_CLIENT_2_SERVER_LOGIN = CWS_FIRSTCMDNO,
MSG_CLIENT_2_SERVER_LOGIN_ACK,
MSG_CLIENT_2_SERVER_LOGIN_NAK,
MSG_CARD_DATA_REQ,
MSG_CARD_DATA,
MSG_SERVER_2_CLIENT_NAME,
MSG_SERVER_2_CLIENT_NAME_ACK,
MSG_SERVER_2_CLIENT_NAME_NAK,
MSG_SERVER_2_CLIENT_LOGIN,
MSG_SERVER_2_CLIENT_LOGIN_ACK,
MSG_SERVER_2_CLIENT_LOGIN_NAK,
MSG_ADMIN,
MSG_ADMIN_ACK,
MSG_ADMIN_LOGIN,
MSG_ADMIN_LOGIN_ACK,
MSG_ADMIN_LOGIN_NAK,
MSG_ADMIN_COMMAND,
MSG_ADMIN_COMMAND_ACK,
MSG_ADMIN_COMMAND_NAK,
MSG_KEEPALIVE = CWS_FIRSTCMDNO + 0x1d,
} net_msg_type_t;


Client to Server Login

This describes how to login . Remember each card has its
own dedicated TCP port, this is how you choose, which card you want.

Client <- Server 1/5 - 090f - Thu Jan 8 17:20:17 CET 2004
encryption: none
----------------------------------------------------------
00: 77 9d cc 5d d2 0d 59 2e dc ed b8 17 c1 ab w ] Y. (this
are the bites that i receive ofter the connection)

After opening a TCP connection to the server, the client first
receives 14
random bytes. These bytes are to be XORed to the Triple-DES key from
the config
file. (cardserver: DESKEY = 0102030405060708091011121314). The result
forms the
Triple DES key to be used to send Username and Password to the
cardserver, I
call it the login key.

for make this i do :
import socket,crypt, itertools
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.1.11',11502))
ricevo = sock.recv(8192)
stringa = '0102030405060708091011121314'
ricevo = map(ord, ricevo)
print ricevo
#print '\n'
#luca= []
stringa = map(ord, stringa)
print stringa

plain_chars = []

for cypher_char, key_char in zip(ricevo, itertools.cycle(stringa)):
plain_char = (cypher_char) ^ (key_char)
plain_chars.append(plain_char)
print plain_chars

i get:
[133, 234, 201, 215, 129, 130, 252, 113, 15, 226, 29, 193, 67, 103]


Client -> Server 1/5 - 090f - Thu Jan 8 17:20:18 CET 2004
encryption: login
----------------------------------------------------------
00: e0 00 29 64 75 6d 6d 79 00 24 31 24 61 62 63 64 )dummy $1$abcd
10: 65 66 67 68 24 6e 70 53 45 54 51 73 72 49 6d 33 efgh$npSETQsrIm3
20: 35 4d 51 66 69 55 49 41 64 6e 2e 00 5MQfiUIAdn.

Next the client has to send a packet with cmd =
MSG_CLIENT_2_SERVER_LOGIN (e0)
including username and password in the data field.
The username is sent as a C-String (NULL terminated), the password
follows directly after the zero termination byte of the username. The
password has to be put through the glibc crypt() function, using salt
$1$abcdefgh$. The password in the data field has to be NULL terminated
and the
packet encrypted with the login key.

cryptPw = crypt(plainPw, "$1$abcdefgh$");

If i understand right i have to do this :

ris = cript.crypt(password,"$1$abcdefgh$")
than
sock.send('e0'+password+ris)
and than read again
is this correct?