Converting proxy to standalone server

[zyxwvuts]

Excellent work with the proxy. I couldn't be more impressed with your first C# project.

I'm trying to convert your proxy to a private server that doesn't pass traffic to the real server. The approach I am using so far is to modify ServerCrypto.decryptPacket() to not call ClientCrypto.encryptPacket(). Instead, I will create messages in response to messages from the client.

When creating the 20104 message, what would my values for the nonce and shared key be? I'm hoping I can just make up a nonce (PublicKeyBox.GenerateNonce()). For a shared key, would I need to call crypto_box_beforenm? I don't see that exposed in the LibSodium.NET wrapper, but I can call the libsodium.dll directly if needed. If that's what I need to do, which of the public and private keys would I pass it?

Thanks for your help.

[clugh]

Yes, you could use PublicKeyBox.GenerateNonce() for both the "sessionkey" from 20100 and servernonce from 20104. For the sharedkey in 20104, you could use SecretBox.GenerateKey().

[zyxwvuts]

Thanks for your help - I've spent hours trying to figure this out and I'll bet you will know right off the top of your head. I think I have my ServerState object wrong - probably the nonce.

I made a simplified version of what I am trying to do. It basically adds a couple of hooks in ServerCrypto to call a PrivateServer class that will figure out the message to return. Right now, if you set PrivateServer.privateServer to false, and it will behave like your proxy except it will also write the messages to file (unencrypted). When you set PrivateServer.privateServer to true, it will respond to 10100 and 10101 up until the point we send OwnHomeData. This currently causes the client to crash, so I imagine that the encryption is incorrect.

Below is ServerCrypto, with my change blocks commented. Below that is the PrivateServer class. You have any idea what I am doing wrong?

using System;
using System.Net.Sockets;
using System.Linq;
using Sodium;
using Newtonsoft.Json.Linq;

namespace coc_proxy_csharp
{
    public class ServerCrypto : Protocol
    {
        protected static KeyPair serverKey = PublicKeyBox.GenerateKeyPair(Utilities.HexToBinary("1891d401fadb51d25d3a9174d472a9f691a45b974285d47729c45c6538070d85"));

        public static void DecryptPacket(Socket socket, ServerState state, byte[] packet)
        {
            int messageId = BitConverter.ToInt32(new byte[2].Concat(packet.Take(2)).Reverse().ToArray(), 0);
            int payloadLength = BitConverter.ToInt32(new byte[1].Concat(packet.Skip(2).Take(3)).Reverse().ToArray(), 0);
            int unknown = BitConverter.ToInt32(new byte[2].Concat(packet.Skip(2).Skip(3).Take(2)).Reverse().ToArray(), 0);
            byte[] cipherText = packet.Skip(2).Skip(3).Skip(2).ToArray();
            byte[] plainText;

            if (messageId == 10100)
            {
                plainText = cipherText;
            }
            else if (messageId == 10101)
            {
                state.clientKey = cipherText.Take(32).ToArray();
                byte[] nonce = GenericHash.Hash(state.clientKey.Concat(state.serverKey.PublicKey).ToArray(), null, 24);
                cipherText = cipherText.Skip(32).ToArray();
                plainText = PublicKeyBox.Open(cipherText, nonce, state.serverKey.PrivateKey, state.clientKey);
                state.sessionKey = plainText.Take(24).ToArray();
                state.clientState.nonce = plainText.Skip(24).Take(24).ToArray();
                plainText = plainText.Skip(24).Skip(24).ToArray();
            }
            else
            {
                state.clientState.nonce = Utilities.Increment(Utilities.Increment(state.clientState.nonce));
                plainText = SecretBox.Open(new byte[16].Concat(cipherText).ToArray(), state.clientState.nonce, state.sharedKey);
            }
            try
            {
                JObject decoded = state.decoder.decode(messageId, unknown, plainText);
                Console.WriteLine("{0}: {1}", decoded["name"], decoded["fields"]);
// let private server reply to the message
                if (PrivateServer.privateServer)
                    PrivateServer.HandleMessage(messageId, decoded, state);
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
                Console.WriteLine("{0} {1}", messageId, Utilities.BinaryToHex(BitConverter.GetBytes(messageId).Reverse().Skip(2).Concat(BitConverter.GetBytes(plainText.Length).Reverse().Skip(1)).Concat(BitConverter.GetBytes(unknown).Reverse().Skip(2)).Concat(plainText).ToArray()));
            }
// don't send the message to the real server
            if (!PrivateServer.privateServer)
                ClientCrypto.EncryptPacket(state.clientState.socket, state.clientState, messageId, unknown, plainText);
        }

        public static void EncryptPacket(Socket socket, ServerState state, int messageId, int unknown, byte[] plainText)
        {
            byte[] cipherText;
            if (messageId == 20100 || (messageId == 20103 && state.sharedKey == null))
            {
                cipherText = plainText;
            }
            else if (messageId == 20103 || messageId == 20104)
            {
// when in private server mode, nonce and shared key will be null
                if (PrivateServer.privateServer && state.nonce == null)
                    state.nonce = PublicKeyBox.GenerateNonce();
                if (PrivateServer.privateServer && state.sharedKey == null)
                    state.sharedKey = SecretBox.GenerateKey();

                byte[] nonce = GenericHash.Hash(state.clientState.nonce.Concat(state.clientKey).Concat(state.serverKey.PublicKey).ToArray(), null, 24);
                plainText = state.nonce.Concat(state.sharedKey).Concat(plainText).ToArray();
                cipherText = PublicKeyBox.Create(plainText, nonce, state.serverKey.PrivateKey, state.clientKey);
            }
            else
            {
                // nonce was already incremented in ClientCrypto.DecryptPacket

// probably need to increment nonce since we aren't using ClientCrypto in private server mode
// tried it with and without incrementing nonce though
                state.nonce = Utilities.Increment(Utilities.Increment(state.nonce));

                cipherText = SecretBox.Create(plainText, state.nonce, state.sharedKey).Skip(16).ToArray();
            }
            byte[] packet = BitConverter.GetBytes(messageId).Reverse().Skip(2).Concat(BitConverter.GetBytes(cipherText.Length).Reverse().Skip(1)).Concat(BitConverter.GetBytes(unknown).Reverse().Skip(2)).Concat(cipherText).ToArray();
// when not in private server mode, write the messages to files so we can use them to test reply
            if (!PrivateServer.privateServer)
            {
                System.IO.Directory.CreateDirectory("replies");
                System.IO.File.WriteAllBytes("replies\\" + messageId + ".dat", packet);
            }
            socket.BeginSend(packet, 0, packet.Length, 0, new AsyncCallback(SendCallback), state);
        }
    }
}

PrivateServer:

using Newtonsoft.Json.Linq;
using System.IO;

namespace coc_proxy_csharp
{
    class PrivateServer
    {
        public static bool privateServer = true;

        internal static void HandleMessage(int messageId, JObject decoded, ServerState state)
        {
            if (messageId == 10100)
                reply(state, File.ReadAllBytes("replies\\20100.dat"));
            else if (messageId == 10101)
            {
                reply(state, File.ReadAllBytes("replies\\20104.dat"));
                reply(state, File.ReadAllBytes("replies\\24101.dat"));
            }
        }

        private static void reply(ServerState state, byte[] unencryptedPacket)
        {
            int messageId = BitConverter.ToInt32(new byte[2].Concat(unencryptedPacket.Take(2)).Reverse().ToArray(), 0);
            int unknown = BitConverter.ToInt32(new byte[2].Concat(unencryptedPacket.Skip(2).Skip(3).Take(2)).Reverse().ToArray(), 0);
            byte[] payload = unencryptedPacket.Skip(2).Skip(3).Skip(2).ToArray();
            ServerCrypto.EncryptPacket(state.socket, state, messageId, unknown, payload);
        }
    }
}

[clugh]

Two things. First, you're storing encrypted packets (edited for emphasis):

byte[] packet = [...].Concat(cipherText).[...];
System.IO.File.WriteAllBytes([...], packet);

Second, you're sending the saved and generated nonce and sharedkey with packet 20104, as the line that concatenates them is called before the data is saved and again when it is encrypted.

My suggestion to solve both issues would be to store plaintext at the top of encryptPacket(), rather than packet at the bottom.

Also, you should make a fork and push your code there. That'll make it easier for me to run it and provide a patch where necessary.

[zyxwvuts]

Whoops, you're right. I was only saving and loading messages so I could post a nice simple example here. The real standalone server constructs its messages from scratch. My actual problem wasn't related to encryption at all - it was 7 extra bytes (past what's defined in OwnHomeData.json) that I wasn't properly writing. I'm experienced in dealing with those types of problems, though, and got it fixed - it's just the encryption that was way over my head. Thanks again for all your help!

[tc-maxx]

@zyxwvuts : Could you post your bug fixed privateServer code? I would like to test it? Thank you!

[zyxwvuts]

@tc-maxx the code above should work, except for the way it saves the messages it encrypts to disk. Move the saving to the top of the Encrypt method and it works fine. Obviously for a real private server, though, you won't be just saving messages to disk and replaying them back. I was just doing that until I had the encryption correct. Now, I read information from a database and generate the messages on the fly.