valter/umskt-rs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
umskt-rs/src/bink2002.rs
Alex Page 6f648b6556 Implement bink2002
2023-06-20 22:35:15 -04:00

300 lines
8.9 KiB
Rust
Raw Blame History

use anyhow::Result;
use bitreader::BitReader;
use openssl::{
bn::{BigNum, BigNumContext, MsbOption},
ec::{EcGroup, EcPoint},
sha::sha1,
};
use crate::key::{base24_decode, base24_encode};
const FIELD_BITS: i32 = 512;
const FIELD_BYTES: usize = 64;
const SHA_MSG_LENGTH: usize = 3 + 2 * FIELD_BYTES;
#[derive(Clone, Copy, Debug)]
struct ProductKey {
upgrade: bool,
channel_id: u32,
hash: u32,
signature: u64,
auth_info: u32,
}
pub fn verify(
e_curve: &EcGroup,
base_point: &EcPoint,
public_key: &EcPoint,
cd_key: &str,
) -> Result<bool> {
let mut num_context = BigNumContext::new()?;
let b_key = base24_decode(cd_key);
let product_key = unpack(&b_key)?;
let p_data = product_key.channel_id << 1 | product_key.upgrade as u32;
let mut msg_buffer: [u8; SHA_MSG_LENGTH] = [0; SHA_MSG_LENGTH];
msg_buffer[0x00] = 0x5D;
msg_buffer[0x01] = (p_data & 0x00FF) as u8;
msg_buffer[0x02] = ((p_data & 0xFF00) >> 8) as u8;
msg_buffer[0x03] = (product_key.hash & 0x000000FF) as u8;
msg_buffer[0x04] = ((product_key.hash & 0x0000FF00) >> 8) as u8;
msg_buffer[0x05] = ((product_key.hash & 0x00FF0000) >> 16) as u8;
msg_buffer[0x06] = ((product_key.hash & 0xFF000000) >> 24) as u8;
msg_buffer[0x07] = (product_key.auth_info & 0x00FF) as u8;
msg_buffer[0x08] = ((product_key.auth_info & 0xFF00) >> 8) as u8;
msg_buffer[0x09] = 0x00;
msg_buffer[0x0A] = 0x00;
let msg_digest = sha1(&msg_buffer[..=0x0A]);
let i_signature = next_sn_bits(by_dword(&msg_digest[4..8]) as u64, 30, 2) << 32
| by_dword(&msg_digest[0..4]) as u64;
let e = BigNum::from_slice(&i_signature.to_be_bytes())?;
let s = BigNum::from_slice(&product_key.signature.to_be_bytes())?;
let mut x = BigNum::new()?;
let mut y = BigNum::new()?;
let mut p = EcPoint::new(e_curve)?;
let mut t = EcPoint::new(e_curve)?;
t.mul(e_curve, base_point, &s, &num_context)?;
p.mul(e_curve, public_key, &e, &num_context)?;
let p_2 = p.to_owned(e_curve)?;
p.add(e_curve, &t, &p_2, &mut num_context)?;
let p_2 = p.to_owned(e_curve)?;
p.mul(e_curve, &p_2, &s, &num_context)?;
p.affine_coordinates(e_curve, &mut x, &mut y, &mut num_context)?;
let mut x_bin = x.to_vec_padded(FIELD_BYTES as i32)?;
x_bin.reverse();
let mut y_bin = y.to_vec_padded(FIELD_BYTES as i32)?;
y_bin.reverse();
msg_buffer[0x00] = 0x79;
msg_buffer[0x01] = (p_data & 0x00FF) as u8;
msg_buffer[0x02] = ((p_data & 0xFF00) >> 8) as u8;
msg_buffer[3..3 + FIELD_BYTES].copy_from_slice(&x_bin);
msg_buffer[3 + FIELD_BYTES..3 + FIELD_BYTES * 2].copy_from_slice(&y_bin);
let msg_digest = sha1(&msg_buffer);
let hash: u32 = by_dword(&msg_digest[0..4]) & bitmask(31) as u32;
Ok(hash == product_key.hash)
}
pub fn generate(
e_curve: &EcGroup,
base_point: &EcPoint,
gen_order: &BigNum,
private_key: &BigNum,
p_channel_id: u32,
p_auth_info: u32,
p_upgrade: bool,
) -> Result<String> {
let mut num_context = BigNumContext::new().unwrap();
let mut c = BigNum::new()?;
let mut x = BigNum::new()?;
let mut y = BigNum::new()?;
let p_data = p_channel_id << 1 | p_upgrade as u32;
let mut no_square = false;
let p_raw: Vec<u8> = loop {
let mut r = EcPoint::new(e_curve)?;
c.rand(FIELD_BITS, MsbOption::MAYBE_ZERO, false)?;
r.mul(e_curve, base_point, &c, &num_context)?;
r.affine_coordinates(e_curve, &mut x, &mut y, &mut num_context)?;
let mut msg_buffer: [u8; SHA_MSG_LENGTH] = [0; SHA_MSG_LENGTH];
let mut x_bin = x.to_vec_padded(FIELD_BYTES as i32)?;
x_bin.reverse();
let mut y_bin = y.to_vec_padded(FIELD_BYTES as i32)?;
y_bin.reverse();
msg_buffer[0x00] = 0x79;
msg_buffer[0x01] = (p_data & 0x00FF) as u8;
msg_buffer[0x02] = ((p_data & 0xFF00) >> 8) as u8;
msg_buffer[3..3 + FIELD_BYTES].copy_from_slice(&x_bin);
msg_buffer[3 + FIELD_BYTES..3 + FIELD_BYTES * 2].copy_from_slice(&y_bin);
let msg_digest = sha1(&msg_buffer);
let p_hash: u32 = by_dword(&msg_digest[0..4]) & bitmask(31) as u32;
msg_buffer[0x00] = 0x5D;
msg_buffer[0x01] = (p_data & 0x00FF) as u8;
msg_buffer[0x02] = ((p_data & 0xFF00) >> 8) as u8;
msg_buffer[0x03] = (p_hash & 0x000000FF) as u8;
msg_buffer[0x04] = ((p_hash & 0x0000FF00) >> 8) as u8;
msg_buffer[0x05] = ((p_hash & 0x00FF0000) >> 16) as u8;
msg_buffer[0x06] = ((p_hash & 0xFF000000) >> 24) as u8;
msg_buffer[0x07] = (p_auth_info & 0x00FF) as u8;
msg_buffer[0x08] = ((p_auth_info & 0xFF00) >> 8) as u8;
msg_buffer[0x09] = 0x00;
msg_buffer[0x0A] = 0x00;
let msg_digest = sha1(&msg_buffer[..=0x0A]);
let i_signature = next_sn_bits(by_dword(&msg_digest[4..8]) as u64, 30, 2) << 32
| by_dword(&msg_digest[0..4]) as u64;
let mut e = BigNum::from_slice(&i_signature.to_be_bytes())?;
let e_2 = e.to_owned()?;
e.mod_mul(&e_2, private_key, gen_order, &mut num_context)?;
let mut s = e.to_owned()?;
let s_2 = s.to_owned()?;
s.mod_sqr(&s_2, gen_order, &mut num_context)?;
let c_2 = c.to_owned()?;
c.lshift(&c_2, 2)?;
s = &s + &c;
let s_2 = s.to_owned()?;
if s.mod_sqrt(&s_2, gen_order, &mut num_context).is_err() {
no_square = true;
};
let s_2 = s.to_owned()?;
s.mod_sub(&s_2, &e, gen_order, &mut num_context)?;
if s.is_bit_set(0) {
s = &s + gen_order;
}
let s_2 = s.to_owned()?;
s.rshift1(&s_2)?;
let p_signature = u64::from_be_bytes(s.to_vec_padded(8)?.try_into().unwrap());
let product_key = ProductKey {
upgrade: p_upgrade,
channel_id: p_channel_id,
hash: p_hash,
signature: p_signature,
auth_info: p_auth_info,
};
if p_signature <= bitmask(62) && !no_square {
break pack(product_key);
}
no_square = false;
};
Ok(base24_encode(&p_raw))
}
const SIGNATURE_LENGTH_BITS: u8 = 62;
const HASH_LENGTH_BITS: u8 = 31;
const CHANNEL_ID_LENGTH_BITS: u8 = 10;
const UPGRADE_LENGTH_BITS: u8 = 1;
const EVERYTHING_ELSE: u8 =
SIGNATURE_LENGTH_BITS + HASH_LENGTH_BITS + CHANNEL_ID_LENGTH_BITS + UPGRADE_LENGTH_BITS;
fn unpack(p_raw: &[u8]) -> Result<ProductKey> {
let mut reader = BitReader::new(p_raw);
let auth_info_length_bits = (p_raw.len() * 8) as u8 - EVERYTHING_ELSE;
let p_auth_info = reader.read_u32(auth_info_length_bits)?;
let p_signature = reader.read_u64(SIGNATURE_LENGTH_BITS)?;
let p_hash = reader.read_u32(HASH_LENGTH_BITS)?;
let p_channel_id = reader.read_u32(CHANNEL_ID_LENGTH_BITS)?;
let p_upgrade = reader.read_bool()?;
Ok(ProductKey {
upgrade: p_upgrade,
channel_id: p_channel_id,
hash: p_hash,
signature: p_signature,
auth_info: p_auth_info,
})
}
fn pack(p_key: ProductKey) -> Vec<u8> {
let mut p_raw: u128 = 0;
p_raw |= (p_key.auth_info as u128)
<< (SIGNATURE_LENGTH_BITS
+ HASH_LENGTH_BITS
+ CHANNEL_ID_LENGTH_BITS
+ UPGRADE_LENGTH_BITS);
p_raw |= (p_key.signature as u128)
<< (HASH_LENGTH_BITS + CHANNEL_ID_LENGTH_BITS + UPGRADE_LENGTH_BITS);
p_raw |= (p_key.hash as u128) << (CHANNEL_ID_LENGTH_BITS + UPGRADE_LENGTH_BITS);
p_raw |= (p_key.channel_id as u128) << UPGRADE_LENGTH_BITS;
p_raw |= p_key.upgrade as u128;
p_raw
.to_be_bytes()
.into_iter()
.skip_while(|&x| x == 0)
.collect()
}
fn bitmask(n: u64) -> u64 {
(1 << n) - 1
}
fn next_sn_bits(field: u64, n: u32, offset: u32) -> u64 {
(field >> offset) & ((1u64 << n) - 1)
}
fn by_dword(n: &[u8]) -> u32 {
(n[0] as u32) | (n[1] as u32) << 8 | (n[2] as u32) << 16 | (n[3] as u32) << 24
}
#[cfg(test)]
mod tests {
use std::{fs::File, io::BufReader};
use serde_json::from_reader;
use crate::crypto::initialize_elliptic_curve;
#[test]
fn verify_test() {
// Example product key and its BINK ID
let product_key = "R882X-YRGC8-4KYTG-C3FCC-JCFDY";
let bink_id = "54";
// Load keys.json
let path = "keys.json";
let file = File::open(path).unwrap();
let reader = BufReader::new(file);
let keys: serde_json::Value = from_reader(reader).unwrap();
let bink = &keys["BINK"][&bink_id];
let p = bink["p"].as_str().unwrap();
let a = bink["a"].as_str().unwrap();
let b = bink["b"].as_str().unwrap();
let gx = bink["g"]["x"].as_str().unwrap();
let gy = bink["g"]["y"].as_str().unwrap();
let kx = bink["pub"]["x"].as_str().unwrap();
let ky = bink["pub"]["y"].as_str().unwrap();
let (e_curve, gen_point, pub_point) = initialize_elliptic_curve(p, a, b, gx, gy, kx, ky);
assert!(super::verify(&e_curve, &gen_point, &pub_point, product_key).unwrap());
}
}
Reference in a new issue View git blame Copy permalink