-магическая константа (DWORD) 4 -версия протокола (DWORD) 4 -ид бота (DWORD) 4 -номер команды (DWORD) 4 -blob с данными (DWORD)(BYTE[n])4 -padding (BYTE[n]) 0 */ if (strlen($data) >= 20) { //расшифруем $data = decrypt($data); //парсим данные $magic = substr($data, 0, 4); if ($magic == "VXLB") { $vers = raw2int(substr($data, 4, 4)); if ($vers == $proto_vers) { $botid = raw2hex(substr($data, 8, 4)); $cnum = raw2int(substr($data, 12, 4)); $blobnum = raw2int(substr($data, 16, 4)); if ($blobnum > 0 and $blobnum < strlen($data) - 20) { $blobdata = substr($data, 20, $blobnum); } echo "botid {$botid}\n"; echo "cnum {$cnum}\n"; echo "blobnum {$blobnum}\n"; echo "blobdata {$blobdata}\n"; } } } function decrypt($r) { $data = $r;
if (empty($_POST['password'])) { // Plaintext $passhash = 'nopass'; $url = $_POST['url']; if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) { $url = "http://{$url}"; } } else { // 2012-09-07: // Updated the passhash algorithm. Prior to today, this was the line of code // that produced a hash for simple TLWSD links. Upgrade uses SHA-2 and bcrypt // $passhash = substr(hash('sha512', $_POST['password']), 0, 64); // Hash $cost = floor(10 + (date('Ym') - 201204) / 30); // Increase by 1 every 30 months // to conform to Moore's Law $random = convBase(raw2hex(openssl_random_pseudo_bytes(33)), '0123456789abcdef', './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'); if ($random[23]) { $random = substr($random, 0, 22); } $salt = "\$2a\${$cost}\${$random}"; $passhash = substr(hash('sha512', $_POST['password']), 0, 64); // Step 1: Part of SHA512 for ($i = 1; $i <= 1000; $i++) { // Step 2: HMAC-SHA256 with an increasing key $passhash = hash_hmac('sha256', $_POST['password'] . $passhash, $i); } $passhash = crypt($passhash, $salt); // Bcrypt the final result -- new feature! $key = substr(hash('sha512', $_POST['password'], 1), 32); // Encryption key $IV = hash('sha256', $_POST['password'], 1);