Announcement

Collapse
No announcement yet.

MSN contact grabber for Powerbasic - Still need help.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    MSN contact grabber for Powerbasic - Still need help.

    Well I have almost everything working. But i cant still figure
    how this part (The REMarked one) is translated into PowerBASIC:

    Code:
    FUNCTION Derive_key(Key AS STRING, Magic AS STRING) AS STRING
  LOCAL hash1, hash2, hash3, hash4 AS STRING
  hash1 = HMac_Sha1(Key, Magic)
  hash2 = HMac_Sha1(Key, Hash1 & Magic)
  hash3 = HMac_Sha1(Key, hash1)
  hash4 = HMac_Sha1(Key, Hash3 & Magic)
  FUNCTION = Hash2 & MID$(Hash4, 1, 4)
END FUNCTION

FUNCTION MBI_Encrypt(Key AS STRING, nonce AS STRING) AS STRING

        LOCAL key1, key2, key3, IV, hHash, Gg AS STRING

        key1 = DecodeStr64(key)

        key2 = derive_key(key1, "WS-SecureConversationSESSION KEY HASH")
        key3 = derive_key(key1, "WS-SecureConversationSESSION KEY ENCRYPTION")


        hHash = HMac_Sha1(Key2, nonce)

        RANDOMIZE TIMER
        IV = "aT7gJlKz"

'        alg3 = TripleDESCryptoServiceProvider.Create
'        alg3.Key = Encoding.Default.GetBytes(key3)
'        alg3.Mode = CipherMode.CBC
'        alg3.IV = iv
'        akm = alg3.CreateEncryptor

        Gg = (nonce & CHR$(8,8,8,8,8,8,8,8))
       
        FUNCTION = EncodeStr64(MKDWD$(28) & MKDWD$(1) & MKDWD$(26115) & MKDWD$(32772) & MKDWD$(8) & MKDWD$(LEN(hHash)) & MKDWD$(LEN(Gg)) & IV & hHash & Gg)
        
END FUNCTION
    I have received lots of help already, but If someone can help me ill appreciate it very much. The part that is not translated is REMarked.

    Here is a reference in PYTON:
    OpenRCE
    http://www.openrce.org/blog/view/449/MSNP15_authentication_scheme_REd
    OpenRCE: The Open Reverse Code Engineering Community


    Here is snippet in Java:
    Code:
              //generate key's
          byte key1[] = Base64Coder.decode(secret);
          byte key2[] = derive_key(key1, "WS-SecureConversationSESSION KEY HASH".getBytes());
          byte key3[] = derive_key(key1, "WS-SecureConversationSESSION KEY ENCRYPTION".getBytes());

          //create hash
          byte hash[] = HMAC(key2, nonce.getBytes());

          //add 8 bytes to the nonce
          byte nonceFillup[] = new byte[8];
          for(int i = 0; i < 8; i++){
            nonceFillup[i] = 0x08;
          }

          //create des3 thingy
          byte des[] = DES3(key3, byteCombine(nonce.getBytes(),nonceFillup), iv);

          //fill struct
          byte struct[] = byteCombine(byteCombine(byteCombine(start, iv ), hash ), des);

          //return stuff
          return ticket +" "+ new String(Base64Coder.encode(struct));
    Same code in C For Linux:
    http://www.eroster.cn/article/article_50.html


    And here is a reference in VB .NET (I think):
    http://72.14.205.104/search?q=cache:4I6QApau2DMJ:c2wn.com/sso-vb.txt+%27Working+MSNP15+MBI+MODULE&hl=es&ct=clnk&cd=3&gl=mx




    More Info Here:
    http://forums.fanatic.net.nz/index.php?act=Print&client=printer&f=91&t=18479


    All the rest of the code is already working, and i will make it available
    when finished.

    I dont know what commands like "TripleDESCryptoServiceProvider" do, Ill investigate it.

    Feel free to help in any possible way, i will appreciate it very much.
    Last edited by Elias Montoya; 15 Feb 2008, 09:58 AM.
    Tags: None
  • #2
    Elias,

    All of those examples are importing crypto classes or libraries, where the real work is done.

    M$ had a very nice digital signature object in MSXML5, but only in the M$ Office version, and they removed it in version 6.

    There's also the old Windows crypto API, which probably doesn't support newer algorithyms, and its replacement is .NET only.

    You might have a look here:

    http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=50290&lngWId=1


    There's also OpenSSL, which the "C" example you posted is using.
    Last edited by Paul Franks; 15 Feb 2008, 11:19 AM.
    --pdf

    Comment

    • #3
      Originally posted by Paul Franks View Post
      Elias,

      All of those examples are importing crypto classes or libraries, where the real work is done.
      Hmm... that could be bad, since i need this to be a PB CGI, i cant use any
      classes or tools that are not installed in my server...

      Comment

      • #4
        Hello Paul,

        Thanx for enduring me all this days of questions.
        Please check this:

        Skipjack encryption for 3.0/7.0 - PowerBASIC Peer Support Community
        http://www.powerbasic.com/support/pbforums/showthread.php?t=23509&highlight=Skipjack+encryption
        PowerBASIC and related source code. Please do not post questions or discussions, just source code.



        Maybe i can use that to encrypt as DES3?

        Comment

        • #5
          I ported this DES3 functions from Purebasic to PowerBasic.... Can i use it for my purpose? :coffee2:lease::afraid::lam:


          Code:
          #INCLUDE "WINCRYPT.INC"

%PROV_RSA_FULL   = 1
%ALG_SID_MD5     = 3
%ALG_SID_RC4     = 1
%ALG_SID_RC5     = 13
%ALG_CLASS_DATA_ENCRYPT = 24576

%ALG_CLASS_HASH  = 32768
%ALG_TYPE_ANY    = 0
%ALG_TYPE_STREAM = 2048
%CALG_MD5        = %ALG_CLASS_HASH OR %ALG_TYPE_ANY OR %ALG_SID_MD5
%ALG_TYPE_BLOCK  = 1536
%CRYPT_OAEP      = 64
%CALG_RC4          = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_STREAM OR %ALG_SID_RC4
%CALG_RC5          = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_BLOCK OR %ALG_SID_RC5
%CRYPT_CREATE_SALT = 4
%CRYPT_EXPORTABLE  = 1
%CRYPT_NEWKEYSET   = 8
$MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"
%ALG_SID_3DES = 3
%CALG_3DES = %ALG_CLASS_DATA_ENCRYPT OR %ALG_TYPE_BLOCK OR %ALG_SID_3DES
$MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0"


'=========================================================================================================
FUNCTION DES3_Encrypt(StringToEncrypt AS STRING, Key AS STRING) AS STRING

  LOCAL Buffer AS ASCIIZ * 1024
  LOCAL myKey  AS ASCIIZ * 1024
  LOCAL myIV   AS ASCIIZ * 1024
  LOCAL hProv AS LONG
  LOCAL hhash AS LONG
  LOCAL hKey  AS LONG
  LOCAL DataLength AS LONG

  DataLength = LEN(StringToEncrypt)

  Buffer = StringToEncrypt
  myKey  = Key
  myIV   = IV

  IF ISFALSE(CryptAcquireContext(hProv, BYVAL %NULL, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, 0)) THEN
   CryptAcquireContext(hProv, BYVAL %NULL, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, %CRYPT_NEWKEYSET)
  END IF

  IF hProv THEN
    CALL CryptCreateHash(hProv, %CALG_MD5, 0, 0, hHash)
    IF hHash THEN
      CryptHashData(hHash, BYVAL VARPTR(myKey), LEN(Key), 0)
      CryptDeriveKey(hProv, %CALG_3DES, hHash, %CRYPT_EXPORTABLE, hKey)
      IF hKey THEN
        IF CryptEncrypt(hKey, 0, 1, 0, BYVAL VARPTR(Buffer), DataLength, (LEN(StringToEncrypt)+200)) THEN
        END IF
        CryptDestroyKey(hKey)
      END IF
      CryptDestroyHash(hHash)
    END IF
    CryptReleaseContext(hProv, 0)
  END IF

  FUNCTION = EncodeStr64(LTRIM$(Buffer))

END FUNCTION


FUNCTION DES3_Decrypt(StringToDecrypt AS STRING, Key AS STRING) AS STRING

  LOCAL hProv AS LONG
  LOCAL hhash AS LONG
  LOCAL hKey  AS LONG
  LOCAL DataLength AS LONG

  LOCAL Result AS STRING
  LOCAL Buffer AS ASCIIZ * 1024
  LOCAL myKey  AS ASCIIZ * 1024

  'SetLastError 0

  Buffer     = Decodestr64(StringToDecrypt)
  myKey      = Key
  DataLength = LEN(Buffer)

  IF ISFALSE(CryptAcquireContext(hProv, BYVAL %Null, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, 0)) THEN
    CryptAcquireContext(hProv, BYVAL %Null, TRIM$($MS_ENHANCED_PROV & CHR$(0)), %PROV_RSA_FULL, %CRYPT_NEWKEYSET)
  END IF

  IF hProv THEN
    CryptCreateHash(hProv, %CALG_MD5, 0, 0, hHash)
    IF hHash THEN
      CryptHashData(hHash, BYVAL VARPTR(myKey), LEN(Key), 0)
      CryptDeriveKey(hProv, %CALG_3DES, hHash, %CRYPT_EXPORTABLE, hKey)
      IF hKey THEN
        IF CryptDecrypt(hKey, 0, %True, 0, BYVAL VARPTR(Buffer), DataLength) THEN
          Result = PEEK$(VARPTR(Buffer), DataLength)
        END IF
        CryptDestroyKey(hKey)
      END IF
      CryptDestroyHash(hHash)
    END IF
    CryptReleaseContext(hProv, 0)
  END IF

  FUNCTION = Result

END FUNCTION

          Comment

          • #6
            Elias,

            I'm not really up to speed on crypto, mostly just use SSL by using the https protocol. Your DES3 function looks OK, but you may want to ask about it in a more active forum, like the Programming forum.
            --pdf

            Comment

            • #7
              Thats a very good idea paul, i think ill do it.

              Comment

              Previous template Next
              Working...
              X

              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

              I Agree