socked and bytes operation

luca72 lucaberto at libero.it
Sat Apr 24 10:51:58 CEST 2010



i attach some part of the server so maybe you can help me to
understand :
Packet description (before encryption)

Messages sent back and forth between newcamd and a cardserver always
consist of
a three byte header and (optional) data bytes. The header always
starts with a
command tag byte. This is always the first byte (byte 1) of a message.
In case of an ECM or EMM this is simply the table id of the ECM (0x80,
0x81)
or EMM (0x82 - 0x8f). Other commands use cmd tags starting from 0xe0
like this:

#define CWS_FIRSTCMDNO 0xe0

typedef enum
{
        MSG_CLIENT_2_SERVER_LOGIN = CWS_FIRSTCMDNO,
        MSG_CLIENT_2_SERVER_LOGIN_ACK,
        MSG_CLIENT_2_SERVER_LOGIN_NAK,
        MSG_CARD_DATA_REQ,
        MSG_CARD_DATA,
        MSG_SERVER_2_CLIENT_NAME,
        MSG_SERVER_2_CLIENT_NAME_ACK,
        MSG_SERVER_2_CLIENT_NAME_NAK,
        MSG_SERVER_2_CLIENT_LOGIN,
        MSG_SERVER_2_CLIENT_LOGIN_ACK,
        MSG_SERVER_2_CLIENT_LOGIN_NAK,
        MSG_ADMIN,
        MSG_ADMIN_ACK,
        MSG_ADMIN_LOGIN,
        MSG_ADMIN_LOGIN_ACK,
        MSG_ADMIN_LOGIN_NAK,
        MSG_ADMIN_COMMAND,
        MSG_ADMIN_COMMAND_ACK,
        MSG_ADMIN_COMMAND_NAK,
	MSG_KEEPALIVE = CWS_FIRSTCMDNO + 0x1d,
} net_msg_type_t;


Client to Server Login

This describes how to login . Remember each card has its
own dedicated TCP port, this is how you choose, which card you want.

Client <- Server 1/5 - 090f - Thu Jan  8 17:20:17 CET 2004
encryption: none
----------------------------------------------------------
00: 77 9d cc 5d d2 0d 59 2e dc ed b8 17 c1 ab         w  ]  Y.   (this
are the bites that i receive ofter the connection)

After opening a TCP connection to the server, the client first
receives 14
random bytes. These bytes are to be XORed to the Triple-DES key from
the config
file. (cardserver: DESKEY = 0102030405060708091011121314). The result
forms the
Triple DES key to be used to send Username and Password to the
cardserver, I
call it the login key.

for make this i do :
import socket,crypt, itertools
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.1.11',11502))
ricevo = sock.recv(8192)
stringa = '0102030405060708091011121314'
ricevo = map(ord, ricevo)
print ricevo
#print '\n'
#luca= []
stringa = map(ord, stringa)
print stringa

plain_chars = []

for cypher_char, key_char in zip(ricevo, itertools.cycle(stringa)):
    plain_char = (cypher_char) ^ (key_char)
    plain_chars.append(plain_char)
print plain_chars

i get:
[133, 234, 201, 215, 129, 130, 252, 113, 15, 226, 29, 193, 67, 103]


Client -> Server 1/5 - 090f - Thu Jan  8 17:20:18 CET 2004
encryption: login
----------------------------------------------------------
00: e0 00 29 64 75 6d 6d 79 00 24 31 24 61 62 63 64     )dummy $1$abcd
10: 65 66 67 68 24 6e 70 53 45 54 51 73 72 49 6d 33   efgh$npSETQsrIm3
20: 35 4d 51 66 69 55 49 41 64 6e 2e 00               5MQfiUIAdn.

Next the client has to send a packet with cmd =
MSG_CLIENT_2_SERVER_LOGIN (e0)
including username and password in the data field.
The username is sent as a C-String (NULL terminated), the password
follows directly after the zero termination byte of the username. The
password has to be put through the glibc crypt() function, using salt
$1$abcdefgh$. The password in the data field has to be NULL terminated
and the
packet encrypted with the login key.

cryptPw = crypt(plainPw, "$1$abcdefgh$");

If i understand right i have to do this :

ris = cript.crypt(password,"$1$abcdefgh$")
than
sock.send('e0'+password+ris)
and than read again
is this correct?



More information about the Python-list mailing list