Add test for matching key for DLNA; fallback to direct; fail if no key matches

This commit is contained in:
df 2020-10-19 12:25:50 +00:00 committed by HummyPkg
parent a1cf871a84
commit 6f45884f94
2 changed files with 69 additions and 19 deletions

View File

@ -94,6 +94,13 @@ proc ::decrypt::dequeue {q ts} {
::auto::startclock ::auto::startclock
log " DECRYPT: $rfile" 0 log " DECRYPT: $rfile" 0
if {$mode eq "dlna"} {
if {[$ts getkey $mode] eq ""} {
::auto::log "system key doesn't match, trying direct"
set mode direct
}
}
if {$mode eq "dlna"} { if {$mode eq "dlna"} {
log " DLNA: $url" 0 log " DLNA: $url" 0
if {[catch {exec wget -O "$tmp/$bfile" $url} msg opts]} { if {[catch {exec wget -O "$tmp/$bfile" $url} msg opts]} {
@ -104,24 +111,12 @@ proc ::decrypt::dequeue {q ts} {
if {$helper} { system dlnahelper -release } if {$helper} { system dlnahelper -release }
} else { } else {
log " Direct decryption" 0 log " Direct decryption" 0
set keys {}
if {![catch {set fd [open "/mod/boot/cryptokey"]}]} { set key [$ts getkey $mode]
set bytes [$fd read 16] if {$key eq ""} {
$fd close return {"FAILED" "No matching key for decryption"}
binary scan $bytes H* key
if {[string length $key] == 32} {
lappend keys $key
}
}
lappend keys [string range [system nugget cryptokey -key] 0 31]
lappend keys [system encryptionkey]
foreach key $keys {
::auto::log "Testing key ($key)" 2
if {[catch {
set ret [exec /mod/bin/stripts -q/ $key $rfile]
}]} continue
if {$ret eq "1"} break
} }
::auto::log "Using key ($key)" 2 ::auto::log "Using key ($key)" 2
if {[catch {exec /mod/bin/stripts -@ $key $rfile "$tmp/[\ if {[catch {exec /mod/bin/stripts -@ $key $rfile "$tmp/[\
file rootname $bfile]" } msg opts]} { file rootname $bfile]" } msg opts]} {

View File

@ -2,6 +2,8 @@
if {![exists -command class]} { package require oo } if {![exists -command class]} { package require oo }
if {![exists -command pack]} { package require pack } if {![exists -command pack]} { package require pack }
if {![exists -command xconv]} { package require xconv } if {![exists -command xconv]} { package require xconv }
if {![exists -command binary]} { package require binary }
source /mod/webif/lib/setup source /mod/webif/lib/setup
require system.class tvdb.class classdump require system.class tvdb.class classdump
@ -838,3 +840,56 @@ proc {ts genrelist} {} {
return $glist return $glist
} }
# return the key that will decrypt the file in the mode, or nothing
ts method getkey {mode} {
# mode: dlna (active key), direct
set rfile [file rootname $file]
set keys {}
# the active key
set key [string range [system nugget cryptokey -key] 0 31]
if {$key ne ""} {
lappend keys $key
}
if { $mode ne "dlna" } {
# also try other keys, such as this - same as active?
try {
set fd [open "/mod/boot/cryptokey"]
set bytes [$fd read 16]
binary scan $bytes H* key
if {[string length $key] == 32} {
ladd keys $key
}
} finally {
catch {$fd close}
}
# the native key
if {![catch {set key [system encryptionkey]}]} {
ladd keys $key
}
# support a file listing other keys in hex, one-per-line
# eg, for recordings imported from a broken box
try {
set fd [open "/mod/etc/keys" r]
foreach key [split [$fd read -nonewline] "\n"] {
ladd keys $key
}
} finally {
catch {$fd close}
}
}
foreach key $keys {
if {[catch {
set ret [exec /mod/bin/stripts -q/ $key $rfile]
}]} continue
if {$ret eq "1"} {
return $key
}
}
return
}