Example #1
0
-магическая константа (DWORD) 4
-версия протокола (DWORD) 4
-ид бота (DWORD) 4
-номер команды (DWORD) 4
-blob с данными (DWORD)(BYTE[n])4
-padding (BYTE[n]) 0 
*/
if (strlen($data) >= 20) {
    //расшифруем
    $data = decrypt($data);
    //парсим данные
    $magic = substr($data, 0, 4);
    if ($magic == "VXLB") {
        $vers = raw2int(substr($data, 4, 4));
        if ($vers == $proto_vers) {
            $botid = raw2hex(substr($data, 8, 4));
            $cnum = raw2int(substr($data, 12, 4));
            $blobnum = raw2int(substr($data, 16, 4));
            if ($blobnum > 0 and $blobnum < strlen($data) - 20) {
                $blobdata = substr($data, 20, $blobnum);
            }
            echo "botid {$botid}\n";
            echo "cnum {$cnum}\n";
            echo "blobnum {$blobnum}\n";
            echo "blobdata {$blobdata}\n";
        }
    }
}
function decrypt($r)
{
    $data = $r;
Example #2
0
if (empty($_POST['password'])) {
    // Plaintext
    $passhash = 'nopass';
    $url = $_POST['url'];
    if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) {
        $url = "http://{$url}";
    }
} else {
    // 2012-09-07:
    // Updated the passhash algorithm. Prior to today, this was the line of code
    // that produced a hash for simple TLWSD links. Upgrade uses SHA-2 and bcrypt
    // $passhash = substr(hash('sha512', $_POST['password']), 0, 64); // Hash
    $cost = floor(10 + (date('Ym') - 201204) / 30);
    // Increase by 1 every 30 months
    // to conform to Moore's Law
    $random = convBase(raw2hex(openssl_random_pseudo_bytes(33)), '0123456789abcdef', './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
    if ($random[23]) {
        $random = substr($random, 0, 22);
    }
    $salt = "\$2a\${$cost}\${$random}";
    $passhash = substr(hash('sha512', $_POST['password']), 0, 64);
    // Step 1: Part of SHA512
    for ($i = 1; $i <= 1000; $i++) {
        // Step 2: HMAC-SHA256 with an increasing key
        $passhash = hash_hmac('sha256', $_POST['password'] . $passhash, $i);
    }
    $passhash = crypt($passhash, $salt);
    // Bcrypt the final result -- new feature!
    $key = substr(hash('sha512', $_POST['password'], 1), 32);
    // Encryption key
    $IV = hash('sha256', $_POST['password'], 1);