In [1]:
from Crypto.Hash import HMAC, SHA256
from Crypto.Cipher import AES
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS

def sc_send_packet(send, recv, cmd_type, payload, kenc, kmac, packet_counter, iv):

    # Get the padding to apply
    pad = AES.block_size - ((len(payload) + 2) % AES.block_size)
    payload = cmd_type + len(payload).to_bytes(1, byteorder = 'big') + payload + (pad * b'\x00')

    # Encrypt the padder payload
    cipher = AES.new(kenc, AES.MODE_CBC, iv = iv)
    payload = cipher.encrypt(payload)

    # Compute the HMAC on
    h = HMAC.new(kmac, digestmod = SHA256)
    if len(payload) + h.digest_size > 255:
        logger.error("[ERROR] Payload len is too big")
        thread_exit()

    prepend = (len(payload) + h.digest_size).to_bytes(1, byteorder = 'big')

    # Update with the implicit 64 bits packet counter
    h.update(packet_counter.to_bytes(8, byteorder = 'big'))

    # Update with the length
    h.update(prepend)
    h.update(payload)
    # Append the HMAC
    new_iv = payload[-AES.block_size:]
    payload = prepend + payload + h.digest()

    # Check the whole length
    if len(payload) > 255:
        logger.error(f"[ERROR] Payload len {len(payload)} is too big")
        thread_exit()

    send(payload)
    return packet_counter + 1, new_iv

In [2]:
def sc_recv_packet(send, recv, kenc, kmac, packet_counter, iv, expected_cmd = None):

    h = HMAC.new(kmac, digestmod = SHA256)

    # Receive the encrypted command length
    packet_len_byte = recv(1)
    packet_len = int.from_bytes(packet_len_byte, byteorder = 'big')

    # Receive the rest
    packet = recv(packet_len)

    # Packet should be at least MAC plus one block
    if len(packet) < (h.digest_size + AES.block_size):
        print("[ERROR] Unexpected encrypted packet!")
        thread_exit()

    # Check the mac
    mac = packet[-h.digest_size:]
    enc_payload = packet[:-h.digest_size]
    new_iv = enc_payload[-AES.block_size:]

    # Update with length and packet counter
    h.update(packet_counter.to_bytes(8, byteorder = 'big'))
    h.update(packet_len_byte)
    h.update(enc_payload)
    hmac = h.digest()
    if hmac != mac:
        print("[ERROR] Erroneous MAC in encrypted packet!")
        thread_exit()

    # MAC is OK, decrypt stuff
    cipher = AES.new(kenc, AES.MODE_CBC, iv = iv)
    payload = cipher.decrypt(enc_payload)
    if len(payload) < 2:
        print("[ERROR] Erroneous payload size in encypted packet!")
        thread_exit()

    cmd = payload[0:1]
    if expected_cmd is not None:
        if expected_cmd != cmd:
            print(f"[ERROR] Unexpected command {expected_cmd} != {cmd}")
            thread_exit()

    real_len = int.from_bytes(payload[1:2], 'big')
    if len(payload[2:]) < real_len:
        print("[ERROR] Bad encrypted packet structure")
        thread_exit()

    payload = payload[2:2 + real_len]
    return cmd, payload, packet_counter + 1, new_iv

In [18]:
INITIAL_SEND_IV = b'\xaa' * 16
packet = bytes.fromhex(a)
packet = packet[1:packet[0]]
mac = packet[32:]
enc_payload = packet[:-32]
new_iv = enc_payload[-AES.block_size:]

In [24]:
new_iv[0] ^^ new_iv[0]

0