$ python wshell.py
****** CLIENT STATE BEG ******
prekey_id : 1
counter : 0
cryptokey : None
registration_id: b'[0'
shared_key : None
salt : b'Noise_XX_25519_AESGCM_SHA256\x00\x00\x00\x00'
hash : b'$\x07l\xa3\x81Y'...
static_key : b'\xae\r"G'...; b'\x90\xfba\xf5'...
ephemeral_key : b'\t &)'...;b'\xf0(\x1aP'...
prekey_sig : b'\xef\x04_\xa8'...
****** CLIENT STATE END ******
-> size: 43
<- size: 350
-> size: 334
<- size: 607
-> size: 37
█████████████████████████████████████████████████████████
██ ▄▄▄▄▄ █▀▄▀▄▀▄█▄█▄█▄▀▀▄█▄ █▄█▄ █▀█▀▀▀▄█▀▀▀ ▀██ ▄▄▄▄▄ ██
██ █ █ █▀▄ ▀ ▀█▄▀▀▀██▄▄▀▄▀▀█ ▄▀▄ █▄▀▄ ▄█▀▀▄▀█ █ █ ██
██ █▄▄▄█ █▀▀▀ █ ▀█▄▄▀ ▄▄ ▄▄▄ ▀▄ ▄▀█▄▀ █▄▄ ███ █▄▄▄█ ██
██▄▄▄▄▄▄▄█▄█▄█▄█ ▀ ▀ █ █ █ █▄█ ▀▄█ █▄█▄▀ █ █ ▀ █▄▄▄▄▄▄▄██
██▄▄▄ █▄ ▄█ ▀ ▄▄▄▀▄ ▄▀▀▀▄ ▄▄ ▀▄▀██▄▄ ▄▄█▀ █▄█▄█ ▀ ▀██
██▀▀▀ ▀█▄█▀▀ █▀▀▀▄ ▀▀█▀█▀▄▀▀███▀▀▄▄█ ▄ ▀█▄ ▀▀█▀ ██ ▄▀▀██
██▀▀▄█▄█▄ █ █▄█▄███ ▄▀▄▄▀█▀█▄ █▀ ▄▀██▄ ██▀ ▀▀▄▀▄ █▀ ▀██
███▀█▄▀ ▄▀▀▄█ ▀█ ▀ █▀▀▄█▀██▀▀▄█▄▄▀▄▀▀ ▄ ▀ █▄▀▀▄ ▄ ▄ ▀██
██▀██ ▄▀▄█▄██▄ ▀█▀█▀▄▀██▀ ▄ █▀▀ ██▄ ▄▀█▀▀▄ ▄▄▄▄ █▀█▀██
██▄█▄▀▀ ▄ ▄ ▄▄▄▀█▀▀▄▀ █▀▀▀██▀▄▀▄ ▀ ██ ▄███▀ █ █▄███
███ █▀▀█▄ █▄ ▄▀▄█▄▄▀▄▀▀█▀▄█▀█▀ ▄▀ ▄ ▄█▄█▀▀▀ █▄█▄ ▀▀▀▀██
███▄ ▄▄▀▄▀▀▄▄██▄ █▄█ █▄▀▀▄▀█▀▀█▀▄▄ ▄ ▄ ▀▄▄ █▄▀ █▀█████
██▀▀ █ ▄▄▄ █ ▄ ▄▄▄▀▄▄ ██▀▄ ▄▄▄ █▀▄▄ ███▄▀ ▄▄▄ ▀ ▄██
██▄█ █▄█ ▀▀▄▀█▀▄ █▄██▄▄ █▄█ ▀▄█▀ ▀ ▄▀█▄▄█▄ █▄█ ▀▄▀███
████▄█ ▄▄ ▄█▀█▄ ▀██▄▄▀▄███▄ ▄ ▀ ▄▀█▄ ▄ ██▀▀▀▀▄ ▄ █ ▀██
███▄ ▄▄▀▄██ █▄▀███ ▄▀▀████▀▄▀▄██▄▄▄▄▀█▄▀ ▄ ▄███ ▄█▀███
██▀ █▄▀ ▄▀▀▄▀▀▄▀█▀█▀▄ ▄▀▀▀▀▀▀▄ ▀▀ ▀▀▄ ▀▄▀█▀ ▀ ▀▀█▀ ▀▄██
██▀█▀ ▀▀▄▄▀█▀▄▀▀▀▀█ █ ▀▀███▄█▀▀██▀▄▄▀██▀█ ▀ ▀█▀ ▄▀█▀▀██
██ █▄█▀ ▄ █ ▄ ▀▄▄▀▄▀█▄▀▀▄ █ ▄▀ ▄██▄▄▄ █▀█▀▀▀█ ▀▄▀▀█ ▀██
██▀▀ ▄▄ █ █▀▄▄ ██ ▀ ██ ▀ ██▄██ ▄ ███▀▀ ▄▄█▄▀█▀▄▄▄██▀██
██▀▀▄ ▀▄█ █▄██▄▄▄▀█ ▄▄██▀█▀▀▄█▀▀ █▄█ ▄▀███▄ ▀▄██▄▀▄▄█ ██
██▄ ▀▄▄▄▄ ▀ ▄▄▄ ▄ ▄▄▄▄▄██▄▀▄▀▄▄█▄▀█▄▄▄██▄ ▀▄ ██ ▀ █▄███
█████▄██▄█▀▄▀██▄▀█▄▄ ▄▀▀█ ▄▄▄ ▀ ▀█ ▄▄▄ █▄█▄▀█ ▄▄▄ ██ ██
██ ▄▄▄▄▄ █▄█▄▄ ███▄▄█ █▄█▀ █▄█ ▄▄ ▀ ▀█▀▀ ▄ ▀▀ █▄█ ▀█▀▀██
██ █ █ █ ▄ ▄█ ▀█▄▀ █▀▀▀ ▄▄▄ ▀ ▀▄█▄ ████ ▀█ ▄ █ ▄███
██ █▄▄▄█ █ █ ▀▀ ▀▀█ ▀█▀ ▄▄ ▄▄ ██▄ ▄▀█ ▄█▀ ▀███ ▄▀█▀▄██
██▄▄▄▄▄▄▄█▄██▄██▄█▄█▄█▄██▄▄████▄▄██▄█▄▄▄▄█████▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
<- size: 258
- Finish the
NOISE_XX_AES_128handshake-
Reverse the
.protofile for the structure of the protobufThis was easy enough in the Debugger where the structure can be viewed quite easily. Will put up an image detailing it soon. Possibly make an extract script from it as well.- Finish decrypting the
shello.staticandshello.payloadblobs - Construct the client finish message
- Finish decrypting the
-
- Get the QR
-
Decrypt the server response on Noise Handshake successful
-
Extract the correct
refstring from the decrypted parsed data -
Construct the QR code
-
Scan and test
Scanning shows an error msg saying that device could not be linked now. However, our client gets partially linked as it throws a max linking error after ~5 tries. Need to figure out why linking fails. -
Write a
WapParser(Line #11128) -
Write a
WapEncoder(Line #10727) -
A 37 byte frame is sent to the server.
what is it ?-- possibly called theresult -
A ~250 byte response is sent from the server which I don't get yet. Get that msg
-
Repair the parser
Y
-
- Correctly send device pairing info to the server. Don't know for sure if it's correct though.
- After a correct message containing pairing device info is sent, the server terminates the cnx
with a
515error message. Now a new login session needs to be started. -
bad-macstanza after sending alogoutrequest. Could it be because the keys are reset after the successful login stanza. We do getcompanion_enc_staticin that stanza. - Server is probably expecting a response from client after sending the
streamendreply- Reply might be able to quicken the logout process
- Refactor
wap.py - Refactor
wshell.py - Replicate
libsignal-protocol's signing algo and see how it is diff fromDJM - Retrieve Messages
-
asyncify theClient - Review class design for front-end compat - initially in
ncursesI guess.
- The signature generation problem appears to be one reagrding the incompatibility of
Ed25519andXEd25519signatures. In a nutshell, it appears that signatures generated byXEd25519keys (which are also equivalent to X25519 keys) are required for verification. When I generated sigs using theEd25519routines from thecryptography/ed25519library, they cannot be verified.
Reference - https://crypto.stackexchange.com/questions/62879/verifying-eddsa-signatures-using-xeddsa-verify-function
- The Signal docs also mention this signature scheme.
Reference - https://signal.org/docs/specifications/xeddsa/
- For now, I'm generating keys using
X25519()and signing using a python binding for thelibsignallib. - Also take a look at whether the
XEd25519spec allows for randomisation. (it was not there in theed25519signature algo) - Try to use the
libcryptolibrary to mimic thelibsignallibrary and build a python wrapper around it