Skip to content

Commit

Permalink
hotfix habbo.com.br encryption update
Browse files Browse the repository at this point in the history
  • Loading branch information
@sirjonasxx
sirjonasxx committed Oct 2, 2018
1 parent e110a34 commit 065504f
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 18 deletions.
4 changes: 4 additions & 0 deletions src/main/protocol/crypto/RC4.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,4 +203,8 @@ public void undoRc4(byte[] buf) {
}

}

public byte[] getState () {
return state;
}
}
34 changes: 21 additions & 13 deletions src/main/protocol/memory/Rc4Obtainer.java
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
package main.protocol.memory;

import main.protocol.HConnection;
import main.protocol.HMessage;
import main.protocol.HPacket;
import main.protocol.crypto.RC4;
import main.protocol.memory.habboclient.HabboClient;
import main.protocol.memory.habboclient.HabboClientFactory;
import main.protocol.memory.habboclient.linux.LinuxHabboClient;
import main.protocol.packethandler.Handler;
import main.protocol.packethandler.IncomingHandler;
import main.protocol.packethandler.OutgoingHandler;
import main.protocol.packethandler.PayloadBuffer;
Expand All @@ -29,59 +31,65 @@ public Rc4Obtainer(HConnection hConnection) {
public void setOutgoingHandler(OutgoingHandler handler) {
outgoingHandler = handler;
handler.addBufferListener((int addedbytes) -> {
if (!hashappened1 && handler.getCurrentIndex() == 3) {
if (!hashappened1 && handler.isEncryptedStream()) {
hashappened1 = true;
onSendFirstEncryptedMessage();
onSendFirstEncryptedMessage(outgoingHandler);
}
});
}


private boolean hashappened2 = false;
public void setIncomingHandler(IncomingHandler handler) {
incomingHandler = handler;
handler.addBufferListener((int addedbytes) -> {
if (!hashappened2 && handler.isEncryptedStream()) {
hashappened2 = true;
onSendFirstEncryptedMessage(incomingHandler);
}
});
}


private void onSendFirstEncryptedMessage() {
private void onSendFirstEncryptedMessage(Handler handler) {
outgoingHandler.block();
incomingHandler.block();

new Thread(() -> {
if (DEBUG) System.out.println("[+] send encrypted");

if (DEBUG) System.out.println("[+] send encrypted");

List<byte[]> results = client.getRC4possibilities();
outerloop:
for (byte[] possible : results) {

byte[] encBuffer = new byte[outgoingHandler.getEncryptedBuffer().size()];
byte[] encBuffer = new byte[handler.getEncryptedBuffer().size()];
for (int i = 0; i < encBuffer.length; i++) {
encBuffer[i] = outgoingHandler.getEncryptedBuffer().get(i);
encBuffer[i] = handler.getEncryptedBuffer().get(i);
}

for (int i = 0; i < 256; i++) {
// System.out.println(i);
for (int j = 0; j < 256; j++) {
byte[] keycpy = Arrays.copyOf(possible, possible.length);
RC4 rc4Tryout = new RC4(keycpy, i, j);

rc4Tryout.undoRc4(encBuffer);
if (handler.getMessageSide() == HMessage.Side.TOSERVER) rc4Tryout.undoRc4(encBuffer);
if (rc4Tryout.couldBeFresh()) {
byte[] encDataCopy = Arrays.copyOf(encBuffer, encBuffer.length);
RC4 rc4TryCopy = rc4Tryout.deepCopy();

try {
PayloadBuffer payloadBuffer = new PayloadBuffer();
HPacket[] checker = payloadBuffer.pushAndReceive(rc4TryCopy.rc4(encDataCopy));
byte[] decoded = rc4TryCopy.rc4(encDataCopy);
HPacket[] checker = payloadBuffer.pushAndReceive(decoded);

if (payloadBuffer.peak().length == 0) {
outgoingHandler.setRc4(rc4Tryout);
incomingHandler.setRc4(rc4Tryout);
handler.setRc4(rc4Tryout);
break outerloop;
}

}
catch (Exception e) {

// e.printStackTrace();
}

}
Expand Down
12 changes: 9 additions & 3 deletions src/main/protocol/packethandler/Handler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,14 @@ public void setAsDataStream() {
isDataStream = true;
}

public boolean isEncryptedStream() {
return isEncryptedStream;
}

public abstract void act(byte[] buffer) throws IOException;
protected void continuedAct(byte[] buffer) throws IOException {
notifyBufferListeners(buffer.length);

if (!isEncryptedStream) {
payloadBuffer.push(buffer);
}
Expand All @@ -58,8 +64,6 @@ else if (decryptcipher == null) {
payloadBuffer.push(tm);
}

notifyBufferListeners(buffer.length);

if (!isTempBlocked) {
flush();
}
Expand Down Expand Up @@ -130,7 +134,7 @@ public void flush() throws IOException {
HPacket[] hpackets = payloadBuffer.receive();

for (HPacket hpacket : hpackets){
HMessage hMessage = new HMessage(hpacket, HMessage.Side.TOCLIENT, currentIndex);
HMessage hMessage = new HMessage(hpacket, getMessageSide(), currentIndex);
boolean isencrypted = isEncryptedStream;
if (isDataStream) {
notifyListeners(hMessage);
Expand All @@ -148,6 +152,8 @@ public void flush() throws IOException {
}
}

public abstract HMessage.Side getMessageSide();

public List<Byte> getEncryptedBuffer() {
return tempEncryptedBuffer;
}
Expand Down
9 changes: 7 additions & 2 deletions src/main/protocol/packethandler/IncomingHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ public IncomingHandler(OutputStream outputStream, Object[] listeners) {
super(outputStream, listeners);

((List<TrafficListener>)listeners[0]).add(message -> {
if (isDataStream && onlyOnce && message.getPacket().length() == 261) {
if (isDataStream && onlyOnce && (message.getPacket().length() == 261 || message.getPacket().length() == 517)) {
onlyOnce = false;
isEncryptedStream = message.getPacket().readBoolean(264);
isEncryptedStream = message.getPacket().readBoolean(message.getPacket().length() + 3);
}
});
}
Expand All @@ -32,6 +32,11 @@ public void act(byte[] buffer) throws IOException {
}
}

@Override
public HMessage.Side getMessageSide() {
return HMessage.Side.TOCLIENT;
}

@Override
protected void printForDebugging(byte[] bytes) {
System.out.println("-- DEBUG INCOMING -- " + new HPacket(bytes).toString() + " -- DEBUG --");
Expand Down
5 changes: 5 additions & 0 deletions src/main/protocol/packethandler/OutgoingHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ public void act(byte[] buffer) throws IOException {
}
}

@Override
public HMessage.Side getMessageSide() {
return HMessage.Side.TOSERVER;
}


@Override
protected void printForDebugging(byte[] bytes) {
Expand Down

0 comments on commit 065504f

Please sign in to comment.