레이블이 LINE인 게시물을 표시합니다. 모든 게시물 표시
레이블이 LINE인 게시물을 표시합니다. 모든 게시물 표시

2014년 8월 2일 토요일

[Python] LINE

LINE

 
PyPi versionPyPi downloadsPyPi statusPyPi license
May the LINE be with you...
The documentation is available at here

Screenshot

License

Source codes are distributed under BSD license.

Author

Taehoon Kim / @carpedm20
댓글 없음:
라벨: , ,

2013년 9월 21일 토요일

LINE(라인) protocol analysis [4] : Registration


* 2014.08.02 update *

If you need a python code right away, then please keep in touch with https://github.com/carpedm20/LINE



* This post is composed of a collection of data that I got from the analysis of LINE registration
* I will beautify this post, later...


* There are two kinds of registration, one is for mobile phone and the other for tablet

* 1. For mobile phone : use SMS registration
* 2. For tablet : login with e-mail and password authentication

Links
====

 https://gd2.line.naver.jp/authct/v1/keys/naver
http://t.line.naver.jp/authct/v1/keys # not working

 # t stands for tablet ( maybe..? )
# t.line.naver.jp/authct is used when 'RegisterWithNaverIdOrEmailPageVM.SetIdentityCredential()' is called

 https://t.line.naver.jp/authct/v1/keys/naver
https://t.line.naver.jp/authct/v1/keys/line

Wireshark Filter
============

 ip.addr == 119.235.235.0/24 

 .Net Reflector
===========

1. Tablet authentication
===================
  1. # from 'https://t.line.naver.jp/authct/v1/keys/line'
  2. {
  3.   "session_key":"jvhk3Vl3A1KJ8nK0",
  4.   "rsa_key":
  5.     "1696, # key name
  6.    DBAE063DBDC04244CD0D6669AC6545CD0E7337C1E6ABC74E4C939D3958AADB2EF5B51013D46C0BFD1C9AFFEAA72F771DA4D450347606EFBD082625920202EF848204E783456F59AD953EA3E5872A38CF6415C97B818DB6AD2C6C9AF84676DFFB358EA41F08A4B81D8F3A653F7D68C449F5650B5894323D0B3C0A1A12FEB9E6EBBDEB6F69B2AA1136741D3ACC504048AFAEBDB52C034F, # e
  7.    010001" # n
  8. }
  10. # personal information
  11. string password = String.fromCharCode (session_key.length) + session_key  
  12.                 + String.fromCharCode (email.length) + email  
  13.                 + String.fromCharCode (password.length) + password;  
  15. # generate encrypted password
  16. var rsa =  new  RSAKey ();  
  17. rsa.setPublic (evalue, nvalue);  
  18. password = rsa.encrypt (password);  
  20. # send POST request to http://gd2.line.naver.jp/rest/v1/login
  21. {
  22.   id : keyname  // In this case, '1696'
  23.   password : password  // encrypted password
  24.   persistent : 0  //  
  25.   provider : 1  //
  26. }

 2. Mobile registration
=================

 1. gm.line.naver.jp/api/v3/TalkService.do

    # request : [startverification] country_code + phone_number + druid + device_name + ???
   # response: auth_key(?)

 2. gm.line.naver.jp/api/v3/TalkService.do

    # request : [verifyphone] auth_key + druid
   # response: verifyphone


3. gm.line.naver.jp/api/v3/TalkService.do

    # request : [registerDevice] auth_key
   # response : encrypted_key -> this is used to make X-Line-Access ( by using bellow C# code)

  # This code will make X-Line-Access key from auth_key

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  6. namespace ConsoleApplication1
  7. {
  8.    
  9.     class Program
  10.     {
  11.         static void Main(string[] args)
  12.         {
  13.             String issuedTo = "1" ;
  15.             DateTime l = DateTime .UtcNow;
  17.             long timestamp = (long )((- new DateTime(1970110001)).TotalMilliseconds);
  19.             String authToken = "????"; // auth_key
  21.             string[] strArray = authToken.Split(new char[] { ':' });
  22.             string issueTo = strArray[0];
  23.             string encodedSecretKey = strArray[1];
  25.             string str2 = string .Format("iat: {1}\n", issuedTo, timestamp);
  26.             string str3 = Convert .ToBase64String(Encoding.UTF8.GetBytes(str2));
  27.             string str4 = string .Empty;
  28.             string str5 = str3 + "." + str4;
  29.             byte[] key = Convert .FromBase64String(str3);
  30.             string str6 = Convert.ToBase64String(LINE.Service.YamlWebToken .HmacAlgorithm.CreateInstance(LINE.Service.YamlWebToken.DEFAULT_ALOGORITHM.Name, key).ComputeHash(Encoding.UTF8.GetBytes(str5)));
  31.             String str = str5 + "." + str6 // base64(issuedTo) + '..' + Hmac(SecretKey)
  32.         }
  33.     }
  34. }



In my view point, the analysis of LINE protocol was much easier than LOCO protocol which uses their own protocol.

Now, what...? :)

댓글 4개:
라벨: ,

2013년 9월 12일 목요일

LINE(라인) protocol analysis [3] : session key


* 2014.08.02 update *

If you need a python code right away, then please keep in touch with https://github.com/carpedm20/LINE
Finally, I want to talk about session key  and auth key.


5. Session key

At first, I tried to follow UpdateAuthToken() function because this function adds the "X-Line-Access" header to the HTTP protocol.

As I followed this function, I finally arrived to create() function which updates the old session key.

It wasn't hard to understand how this function updates authKey, but I couldn't figure out when LINE change an auth key.

It seems like LINE's session key is changed when a user change his/her mobile phone or re-install the application.

In other words, the session key won't be changed if you don't erase or change your mobile phone.

This can cause security problems if someone change the code of LINE application and distribute it to the internet...but I don't think it will happen :)

Bellow is the list of functions that I followed to find out how LINE update their authorization key.

  1. public void UpdateAuthToken(string authKey)
  2. {
  3.     if (authKey != null)
  4.     {
  5.         this._transport.AddRequestHeader("X-Line-Access", AccessTokenHelper.GetAccessToken(authKey)); // add "X-Line-Access" header to HTTP(s) protocol
  6.     }
  7. }
  9. public void UpdateAuthToken(string authKey)
  10. {
  11.     try
  12.     {
  13.         if (authKey != null)
  14.         {
  15.             this._transport.AddRequestHeader("X-Line-Access", AccessTokenHelper.GetAccessToken(authKey)); // add "X-Line-Access" header to HTTP(s) protocol
  16.         }
  17.     }
  18.     catch (Exception)
  19.     {
  20.     }
  21. }

  22. private void _addCustomHeader(HttpWebRequest httpWebRequest)
  23. {
  24.     Profile current = ProfileViewModel.GetInstance().Current;
  25.     httpWebRequest.get_Headers().set_Item("X-Line-Access", AccessTokenHelper.GetAccessToken(current.AuthKey)); // add "X-Line-Access" header to HTTP(s) protocol
  26.     httpWebRequest.get_Headers().set_Item("X-Line-Application", DeviceUtility.GetLineApplicationString());
  27.     httpWebRequest.get_Headers().set_Item("Cache-Control""no-cache");
  28.     httpWebRequest.get_Headers().set_Item("Pragma""no-cache");
  29. }
  31. public static string GetAccessToken(string authKey)
  32. {
  33.     long timestamp = (DateTime.get_UtcNow() - new DateTime(0x7b2, 110001)).get_TotalMilliseconds(); // use time stamp for making access token
  34.     return GetAccessToken(timestamp, authKey);
  35. }
  37. public static string GetAccessToken(long timestamp, string authKey)
  38. {
  39.     if (((_accessToken == "") || !_accessToken.Equals(_lastAuthToken)) || (timestamp > (_lastUpdated + 0x5265c00L)))
  40.     {
  41.         lock (_thisLock)
  42.         {
  43.             _accessToken = Generate(authKey, timestamp);
  44.             _lastUpdated = timestamp;
  45.             _lastAuthToken = authKey;
  46.         }
  47.     }
  48.     return _accessToken;
  49. }
  51. public static string Generate(string authToken, long timestamp)
  52. {
  53.     string[] strArray = authToken.Split(new char[] { ':' });
  54.     if (strArray.Length != 2)
  55.     {
  56.         throw new ArgumentException("authToken");
  57.     }
  58.     string issueTo = strArray[0]; // use previous authToken for the new authToken
  59.     string encodedSecretKey = strArray[1]// use previous authToken for the new authToken
  60.     string str3 = YamlWebToken.Create(issueTo, timestamp, encodedSecretKey);
  61.     return (issueTo + ":" + str3);
  62. }
  64. public class YamlWebToken
  65. {
  66.     // Fields
  67.     public static HmacAlgorithm DEFAULT_ALOGORITHM; // use Hmac algorith for generating token
  69.     // Methods
  70.     static YamlWebToken();
  71.     public YamlWebToken();
  72.     public static string Create(string issueTo, long timestamp, string encodedSecretKey);
  73.     public static string Create(string issuedTo, long timestamp, string encodedSecretKey, HmacAlgorithm algorithm);
  75.     // Nested Types
  76.     public class HmacAlgorithm
  77.     {
  78.         // Methods
  79.         public HmacAlgorithm(string name);
  80.         public static HMAC CreateInstance(string name, byte[] key);
  82.         // Properties
  83.         public string Name { get; set; }
  84.     }
  85. }
  87. public static string Create(string issueTo, long timestamp, string encodedSecretKey)
  88. {
  89.     return Create(issueTo, timestamp, encodedSecretKey, DEFAULT_ALOGORITHM);
  90. }
  92. public static string Create(string issuedTo, long timestamp, string encodedSecretKey, HmacAlgorithm algorithm)
  93. {
  94.     string str = "";
  95.     try
  96.     {
            // core algorithm to make new session key
  97.         string str2 = string.Format("iat: {1}\n", issuedTo, timestamp)
  98.         string str3 = Convert.ToBase64String(Encoding.get_UTF8().GetBytes(str2));
  99.         string str4 = string.Empty;
  100.         string str5 = str3 + "." + str4;
  101.         byte[] key = Convert.FromBase64String(encodedSecretKey);
  102.         string str6 = Convert.ToBase64String(HmacAlgorithm.CreateInstance(algorithm.Name, key).ComputeHash(Encoding.get_UTF8().GetBytes(str5)));
  103.         str = str5 + "." + str6; // base64(issuedTo) + '..' + Hmac(SecretKey)
  104.     }
  105.     catch (Exception)
  106.     {
  107.     }
  108.     return str;
  109. }

Anyway, I wrote an C# code that make updated session key... 

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  6. namespace ConsoleApplication1
  7. {
  8.    
  9.     class Program
  10.     {
  11.         static void Main(string[] args)
  12.         {
  13.             String issuedTo = "1" ;
  15.             DateTime l = DateTime .UtcNow;
  17.             long timestamp = (long )((- new DateTime(1970110001)).TotalMilliseconds);
  19.             String authToken = "????" // your old session key
  21.             string[] strArray = authToken.Split(new char[] { ':' });
  22.             string issueTo = strArray[0];
  23.             string encodedSecretKey = strArray[1];
  25.             string str2 = string .Format("iat: {1}\n", issuedTo, timestamp);
  26.             string str3 = Convert .ToBase64String(Encoding.UTF8.GetBytes(str2));
  27.             string str4 = string .Empty;
  28.             string str5 = str3 + "." + str4;
  29.             byte[] key = Convert .FromBase64String(encodedSecretKey);
  30.             string str6 = Convert.ToBase64String(LINE.Service.YamlWebToken .HmacAlgorithm.CreateInstance(LINE.Service.YamlWebToken.DEFAULT_ALOGORITHM.Name, key).ComputeHash(Encoding.UTF8.GetBytes(str5)));
  31.             String str = str5 + "." + str6 // base64(issuedTo) + '..' + Hmac(SecretKey)
  32.         }
  33.     }
  34. }
댓글 없음:
라벨: , ,
피드 구독하기: 글 (Atom)