Thursday, July 13, 2017

I'm not saying is military grade...but I'm almost certain its the NSA phones


This plugin will allow you to encrypt data with RSA algorythm in an Ajax request (client side) and decrypt in PHP (server side).
IMPORTANT: Unfortunately, this plugin does not provide a foolproof method against hacks
ONLINE DEMONSTRATION


How to use it ?

Downloads

Here are 3 downloads necessary to use AJAXRSA with Construct 2 :

RSA Keys Generator

Download and dezip the folder.
Execute the «index.exe».
(size: 18 Mo)
DownloadRSA Keys Generator

Plugin Construct 2

Download, dezip and put the folder called «ajaxrsa».
in the Construct 2 Plugin folder.
(size: 10 Ko)
DownloadPlugin Construct 2

PHP Library and Demo

Download and dezip the folder.
You will obtain 2 folders et 1 example script.
(size: 143 Ko)
DownloadPHP Library & Demo

RSA Keys

In first, you will need two keys : Public Key and Private Key
Launch the RSA Keys Generator (search an executable called «index.exe»).
You get this :

Construct 2 Plugin

Make sure your folder «ajaxrsa» is present in the Construct 2 Plugins folder.
C:/Program Files/Construct 2/exporters/html5/plugins/ajaxrsa/
Launch Construct 2, create a new project, add new object : AJAX-RSA.
Now, open your Event Sheet to add the following Events/Actions :

PHP Library & Demo

On server side, make sure your folders «Crypt» and «Math» are in the same folder.
Below, the demo script to process the data server side:

// Use it for local preview (localhost:50000)
// See : https://www.scirra.com/manual/107/ajax
//header('Access-Control-Allow-Origin: * '); 

ini_set("display_errors", 0);

session_start(); // Need session to store Token

require_once('Crypt/RSA.php'); // Math folders must be the same level as the folder Crypt

// IMPORTANT : Keep the complete syntax and the jump lines for Private Key
define("KEY_PRIVATE", "-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAMrXPEVu4LxhOUvV2mreOoHIchPlJYgvRdpqkBd6t2sD7SM02DqP
n89eSj+oqG1ZR+l7Yj1SMCZMrav6257UivMCAwEAAQJAHHwerKl7dI46sO72iJdt
+UJ1iAcKlECp5e2dD+Rd1EXYNfIH26AyprDRXNTRoTYidiVaUH1Z8NxifWagf36j
gQIhAOKOTxjSwgDIWQxoMxw2AL8AAGF3g4uWXgRZKp4f9QghAiEA5TPn1H/j7AQW
NTW7WmM6PjV/Xdl0YI4y2OUTdw2E4JMCIQCvYFJCeQPM70pfnFnUQMmbETk6OfYO
nDvzScL/3OUlgQIgZop6RU+SIJ0Tcmq/jwilnf9BJDONJUV46iBSPQkHUZECIAnE
byHHtgYokdOrheh+O1FWUtq5q/xq28TR+tHUFa1i
-----END RSA PRIVATE KEY-----");

// Function to decrypt data
function decrypt($data) {
 $rsa = new Crypt_RSA();
 $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
 $rsa->loadKey(KEY_PRIVATE, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
 $s = new Math_BigInteger($data, 16);
 return $rsa->decrypt($s->toBytes());
}

$arr_data = array(); // Array where we will store our data

// Check if the Ajax Request come from the game folder
// example : http://www.domain.com/folderGame/ or http://www.domain.com/folderGame/index.html
if(isset($_SERVER['HTTP_REFERER']) 
 && ($_SERVER['HTTP_REFERER']=="http://www.payondev.fr/projet/ajaxrsa/demonstration/" 
 || $_SERVER['HTTP_REFERER']=="http://www.payondev.fr/projet/ajaxrsa/demonstration/index.html"))
{

 // If "Post to URL"
 if(isset($HTTP_POST_VARS[d])) $data = $HTTP_POST_VARS[d];
 // If "Request URL"
 if(isset($HTTP_GET_VARS[d])) $data = $HTTP_GET_VARS[d];

 if(trim($data, " \t\n\r")!="")
 {
  // Decrypt Data
  $decrypted_data = utf8_decode(decrypt($data));
  parse_str($decrypted_data, $arr_data);

  // Check if there is a data called "token"
  if(isset($arr_data['token']) && trim($arr_data['token'], " \t\n\r")!="")
  {
   // Check if token exist (get key if exist)
   if( ($k = array_search($arr_data['token'], $_SESSION['token'])) !== FALSE )
   {
    // Remove current token (expired or not)
    unset($_SESSION['token'][$k]);

    $expiration = explode("_", $arr_data['token']); 
    $delayToken = time() - $expiration[1];
    if($delayToken<=2)
    {

     // *******************************************************************
     // ************************ YOUR CODE HERE ***************************
     // *******************************************************************
     
     // EX : www.domain.com/index.php?player=Vincent&score=150&token=123abc...
     // $arr_data["player"]  =  "Vincent";
     // $arr_data["score"]  =  "150";
     // $arr_data["token"]  =  "123abc...";
     foreach($arr_data as $key => $value) echo $key .": ". $value."   ";

    }else{ echo "Error : Token Expired"; }
   }else{ echo "Error : Invalid Token"; }
  }else{ echo "Error : Token missing"; }
 }else{
  // If no data in URL, generate Token and return it
  $token = md5(rand(1000, 999999));
  echo $_SESSION['token'][] = $token."_".time();
 }
}else{ echo "Error : It's not a call from the game"; }


Of course, the use of Tokens (either side Construct 2 or PHP) is not mandatory but recommended for browser games.

Friday, July 7, 2017

I'm thinking on ATM's, bank vaults, army computers...do it remotely

AAC Keys is a keyboard and mouse emulation program for Microsoft Windows-based and Macintosh computers. AAC Keys receives commands through your computer’s serial port and translates them into keystrokes and mouse movements, giving you full control of your computer from another device such as an AAC system. (If your computer has only USB ports, an inexpensive adapter is available.)

Sending Keys/Mouse Via Serial

For advanced users, you may want to hook up your Bluefruit to a microcontroller and send characters or strings via Bluetooth. 

You can do this with the UART port on the EZ-Key. The UART pins are labeled RX (data going into the module) and TX (debug data coming out of the module). You can get away with just connecting to RX. The RX pin is 5V compliant, you can send it 3V or 5V TTL logic levels. Use 9600 baud serial, all microcontrollers will support this.

You can also send raw HID Keyboard reports for complex key-stroke combinations and controls. 

In version v1.1 (Oct 22, 2013 or later) HID Mouse reports are also supported, you can send mouse movement and clicks via the UART and microcontroller
In version v1.2 (Nov 2013 or later) HID consumer report keys are supported, there are a few supported 'multimedia keys' - see below for a list and how to send via the UART

Don't forget to also tie a ground pin from your microcontroller to the EZ-Key for the logic ground reference!

Printable character keymap


For printing ASCII characters, you can simply send those to the UART and they will be 'typed out'. See below for the list of printable ASCII characters, starting with 0x20 and ending with 0x7E