Skip to content

Commit

Permalink
[core] Generate and handle tgtgtKey correctly, fix #2418 (#2419)
Browse files Browse the repository at this point in the history
* Generate and handle tgtgtKey correctly, fix #2418

* Optimize the code readability of WtLogin9

* Add utility method to write t106 with A1
  • Loading branch information
sandtechnology authored Jan 13, 2023
1 parent e7bcb19 commit 53f1971
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import net.mamoe.mirai.internal.utils.io.serialization.toByteArray
import net.mamoe.mirai.utils.*
import kotlin.jvm.Synchronized
import kotlin.jvm.Volatile
import kotlin.random.Random

/**
* For a [Bot].
Expand Down Expand Up @@ -138,7 +139,7 @@ internal fun AccountSecretsImpl(
dpwd = get_mpasswd().toByteArray(),
randSeed = EMPTY_BYTE_ARRAY,
ksid = EMPTY_BYTE_ARRAY,
tgtgtKey = (account.passwordMd5 + ByteArray(4) + account.id.toInt().toByteArray()).md5(),
tgtgtKey = (Random.nextBytes(16) + device.guid).md5(),
randomKey = getRandomByteArray(16),
ecdhInitialPublicKey = QQEcdhInitialPublicKey.default
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,15 @@ internal fun BytePacketBuilder.t106(
)
}

internal fun BytePacketBuilder.t106(
encryptA1: ByteArray
) {
writeShort(0x106)
writeShortLVPacket {
writeFully(encryptA1)
}
}

/**
* A1
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,9 @@ internal class WtLogin {
tlvMap119.smartToString().printStructure("TlvMap119")
}

tlvMap119[0x106]?.let { client.analyzeTlv106(it) }
tlvMap119[0x10c]?.read {
client.tgtgtKey = readBytes(16)
}

// ???
tlvMap119[0x1c]?.read {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import io.ktor.utils.io.core.*
import net.mamoe.mirai.internal.network.*
import net.mamoe.mirai.internal.network.protocol.packet.*
import net.mamoe.mirai.internal.network.protocol.packet.login.WtLogin
import net.mamoe.mirai.internal.utils.io.writeShortLVByteArray
import kotlin.math.abs
import kotlin.random.Random

Expand Down Expand Up @@ -56,9 +55,7 @@ internal object WtLogin15 : WtLoginExt {
t1(client.uin, ByteArray(4))

// t106(client = client)
writeShort(0x106)
val encryptA1 = client.wLoginSigInfo.encryptA1!!
writeShortLVByteArray(encryptA1)
t106(client.wLoginSigInfo.encryptA1!!)
// kotlin.run {
// val key = (client.account.passwordMd5 + ByteArray(4) + client.uin.toInt().toByteArray()).md5()
// kotlin.runCatching {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,25 @@ internal object WtLogin9 : WtLoginExt {
writeSsoPacket(client, client.subAppId, WtLogin.Login.commandName, sequenceId = sequenceId) {
writeOicqRequestPacket(client, commandId = 0x0810) {
writeShort(9) // subCommand
writeShort(if (allowSlider) 0x18 else 0x17) // count of TLVs, probably ignored by server?
var tlvCount = if (allowSlider) 0x18 else 0x17;
val useEncryptA1AndNoPicSig =
client.wLoginSigInfoInitialized
&& client.wLoginSigInfo.noPicSig != null
&& client.wLoginSigInfo.encryptA1 != null
if (useEncryptA1AndNoPicSig) {
tlvCount++;
}
writeShort(tlvCount.toShort()) // count of TLVs, probably ignored by server?
//writeShort(LoginType.PASSWORD.value.toShort())

t18(appId, client.appClientVersion, client.uin)
t1(client.uin, client.device.ipAddress)

t106(appId, client)
if (useEncryptA1AndNoPicSig) {
t106(client.wLoginSigInfo.encryptA1!!)
} else {
t106(appId, client)
}

/* // from GetStWithPasswd
int mMiscBitmap = this.mMiscBitmap;
Expand Down Expand Up @@ -66,8 +78,9 @@ internal object WtLogin9 : WtLoginExt {
t166(1)
}
*/

// ignored t16a because array5 is null
if (useEncryptA1AndNoPicSig) {
t16a(client.wLoginSigInfo.noPicSig!!)
}

t154(sequenceId)
t141(client.device.simInfo, client.networkType, client.device.apn)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ import net.mamoe.mirai.internal.network.WLoginSigInfo
import net.mamoe.mirai.internal.network.protocol.packet.Tlv
import net.mamoe.mirai.internal.network.protocol.packet.login.WtLogin
import net.mamoe.mirai.internal.network.protocol.packet.t145
import net.mamoe.mirai.internal.utils.crypto.TEA
import net.mamoe.mirai.internal.utils.io.writeShortLVByteArray
import net.mamoe.mirai.utils.*

Expand Down Expand Up @@ -208,22 +207,9 @@ internal interface WtLoginExt { // so as not to register to global extension
}
}

fun QQAndroidClient.analyzeTlv106(t106: ByteArray) {
val tgtgtKey = decodeA1(t106) {
discardExact(51)
readBytes(16)
}
this.tgtgtKey = tgtgtKey
}

fun Input.readUShortLVString(): String = String(this.readUShortLVByteArray())
}

internal inline fun <R> QQAndroidClient.decodeA1(a1: ByteArray, block: ByteReadPacket.() -> R): R {
val key = (account.passwordMd5 + ByteArray(4) + uin.toInt().toByteArray()).md5()
val v = TEA.decrypt(a1, key)
return v.toReadPacket().withUse(block)
}

internal fun ByteArray?.orEmpty(size: Int = 0): ByteArray {
return this ?: if (size == 0) EMPTY_BYTE_ARRAY else ByteArray(size)
Expand Down

0 comments on commit 53f1971

Please sign in to comment.