ClientToken Challenge not solved

[Velka-DEV]

Hello, it's not really a bug because it seems to work in this implementation but I'm trying to transcribe librespot in C# and I encounter a problem. During the initial request to retrieve the client token, a challenge is asked which doesn't seem to happen in librespot-java.

oneof parameters {
        ClientSecretParameters client_secret_parameters = 2;
        EvaluateJSParameters evaluate_js_parameters = 3;
        HashCashParameters evaluate_hashcash_parameters = 4;
    }

Librespot doesn't seem to solve these challenges in the ApiClient class, if anyone could enlighten me on this point.

Also, during the HashCash challenge in this request there is no LoginContext and the length is not the same (20) so the resolution algorithm must be somewhat different.

[Velka-DEV]

@devgianlu Thanks for the move on the right place.

As you have implemented the new playplay HTTP API, don't have you encountered these challenges ?

[devgianlu]

The playplay request isn't implemented yet as there are some fields missing that I don't know how to retrieve. I have implemented the clienttoken request, but didn't encounter any challenge, probably because the device id is already marked as logged in and therefore a challenge has already been resolved.

[Velka-DEV]

The playplay request isn't implemented yet as there are some fields missing that I don't know how to retrieve. I have implemented the clienttoken request, but didn't encounter any challenge, probably because the device id is already marked as logged in and therefore a challenge has already been resolved.

Okay thanks for the info, what are the missing fields in question ? I'm actually reversing on Android App, it would be the same fields normally

EDIT: And do you know how to key obfuscation is done on playplay ?

[devgianlu]

Nope I don't. You can look at https://github.com/librespot-org/librespot-java/pull/355/files#diff-9f7f618df1568d204e759cc250af047681f95acf9d1f54ff7abc8d9f778e1b23R218 and see that the cache id is also missing (don't know if that's required).

[Velka-DEV]

Nope I don't. You can look at https://github.com/librespot-org/librespot-java/pull/355/files#diff-9f7f618df1568d204e759cc250af047681f95acf9d1f54ff7abc8d9f778e1b23R218 and see that the cache id is also missing (don't know if that's required).

Thanks i will try to find what is the key and how it's obfuscated

[SuisChan]

there is no LoginContext

Just use SHA1("")[12:20] as uint64 (BigEndian).

[Velka-DEV]

@SuisChan Following your advice i've a made test's on java before making it in C# and that seems don't work. The output seems to be incorrect.

Challenge received:
Prefix: 95482A78F5381CADD929E3DD520E68A2
Length: 20

The ouput should be: 95601890AFE38BCC00000000000B84C3

But using your solution the result is: 95601890AFD80D45000000000000063C (With 1596 Iters)

Java tests

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Main {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String prefix = "95482A78F5381CADD929E3DD520E68A2";
        int length = 20;
        byte[] seed = new byte[8];
        byte[] loginContextDigest = MessageDigest.getInstance("SHA1").digest("".getBytes());
        System.arraycopy(loginContextDigest, 12, seed, 0, 8);

        solveHashCash(prefix.getBytes(), length, seed);
    }

    private static boolean checkTenTrailingBits(byte[] array) {
        if (array[array.length - 1] != 0) return false;
        else return Integer.numberOfTrailingZeros(array[array.length - 2]) >= 2;
    }

    private static void incrementCtr(byte[] ctr, int index) {
        ctr[index]++;
        if (ctr[index] == 0 && index != 0)
            incrementCtr(ctr, index - 1);
    }

    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
    public static String bytesToHex(byte[] bytes) {
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static void solveHashCash(byte[] prefix, int length, byte[] random) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA1");

        byte[] suffix = new byte[16];
        System.arraycopy(random, 0, suffix, 0, 8);

        assert length == 10;

        int iters = 0;
        while (true) {
            md.reset();
            md.update(prefix);
            md.update(suffix);
            byte[] digest = md.digest();
            if (checkTenTrailingBits(digest)) {
                //return new ChallengeSolve(suffix, iters);
                System.out.println("Output: " +bytesToHex(suffix) + " | Iters: " + iters);
                return;
            }

            incrementCtr(suffix, suffix.length - 1);
            incrementCtr(suffix, 7);
            iters++;
        }
    }
}

If you have any idea of the problem. (Maybe the hashcash is not exactly the same as Login Hashcash ...)

[SuisChan]

Maybe the hashcash is not exactly the same as Login Hashcash ..

I fixed it in that way

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.nio.ByteBuffer;

public class Main {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String prefix = "95482A78F5381CADD929E3DD520E68A2";
        int length = 20;
        byte[] seed = new byte[8];
        byte[] loginContextDigest = MessageDigest.getInstance("SHA1").digest();
        System.arraycopy(loginContextDigest, 12, seed, 0, 8);

        byte[] new_prefix = hexStringToByteArray(prefix); // fix conv str to byte array
        solveHashCash(new_prefix, length, seed);
    }

    private static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i+1), 16));
        }
        return data;
    }

    private static byte[] longToBytes(long x) {
        ByteBuffer buffer = ByteBuffer.allocate(Long.BYTES);
        buffer.putLong(x);
        return buffer.array();
    }

    private static void solveHashCash(byte[] prefix, int length, byte[] random) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA1");

        ByteBuffer rnd = ByteBuffer.wrap(random);

        Long l1 = rnd.getLong();
        Long l2 = Long.valueOf(0);

        while (true) {
            md.reset();
            md.update(prefix);
            md.update(longToBytes(l1));
            md.update(longToBytes(l2));
            byte[] digest = md.digest();

            ByteBuffer buf = ByteBuffer.wrap(digest);
            Long bufLong = buf.getLong(12); //  [12:20]
            
            if (Long.numberOfTrailingZeros(bufLong) >= length) { // CTZ 
                System.out.println("Output: " +bytesToHex(longToBytes(l1)) + bytesToHex(longToBytes(l2)));
                return;
            }

            l1++;
            l2++;
        }
    }
}

[SuisChan]

And reference impl / golang

https://play.golang.org/p/xL2ym1HfwjR

func solve() {
	digest := sha1.Sum(nil)

	target := binary.BigEndian.Uint64(digest[12:20])
	prefix, _ := hex.DecodeString("95482A78F5381CADD929E3DD520E68A2")
	length := int32(20)

	suffix := findSuffix(prefix, length, target)

	fmt.Printf("suffix: %x\n", suffix)
}

func findSuffix(prefix []byte, length int32, target_u64 uint64) []byte {
	counter_u64 := uint64(0)

	target := make([]byte, 8)
	counter := make([]byte, 8)

	for true {
		binary.BigEndian.PutUint64(target, target_u64)
		binary.BigEndian.PutUint64(counter, counter_u64)

		concat := append(target, counter...)

		h := sha1.New()
		h.Write(prefix)
		h.Write(concat)

		sum := h.Sum(nil)
		digest := binary.BigEndian.Uint64(sum[12:20])

		if bits.TrailingZeros64(digest) >= int(length) {
			return concat
		}

		counter_u64++
		target_u64++
	}

	panic("Never happens")
}

``

[Velka-DEV]

Thanks you a lot for this fix @SuisChan. I'm actually rewritting it to C#. It's a bit tricky as C# is little Endian and java is BigEndian.

[SuisChan]

Thanks you a lot for this fix @SuisChan. I'm actually rewritting it to C#. It's a bit tricky as C# is little Endian and java is BigEndian.

You're welcome

[tradertrue]

Hey, i'm trying to solve the hashcash challenge that happens during the connection to the accesspoint
I receive the following Challenge :
PoWHashCashChallenge { prefix: <Buffer 9c 89 f2 1f e8 b7 03 1a ea 17 76 7d e5 ae be 55>, length: 14, target: 1852 }
And the expected result is : PoWHashCashResponse { hashSuffix: <Buffer 5a 35 2d 14 c2 c6 c6 64 00 00 00 00 00 00 e0 79> }

I've tried to solve this challenge with the algorithm mentionned in this thread and with the one implemented in librespot-java but i couldn't get the expected result. Could someone point me in the right direction for this pelase ?

By the way here's the current algo i'm testing :

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.nio.ByteBuffer;
import java.math.BigInteger;

public class Main {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String prefix = "9c89f21fe8b7031aea17767de5aebe55";
        int length = 14;
        byte[] seed = new byte[8];
        byte[] target = bigIntToByteArray(1852);
        System.out.println(bytesToHex(target));
        System.arraycopy(target, 0, seed, 0, 2);
        byte[] new_prefix = hexStringToByteArray(prefix);
        solveHashCash(new_prefix, length, seed);
        // Expected : 5a352d14c2c6c664000000000000e079
    }

    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();

    private static byte[] bigIntToByteArray(final int i) {
        BigInteger bigInt = BigInteger.valueOf(i);
        return bigInt.toByteArray();
    }

    public static String bytesToHex(byte[] bytes) {
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
        }
        return data;
    }

    private static void incrementCtr(byte[] ctr, int index) {
        ctr[index]++;
        if (ctr[index] == 0 && index != 0)
            incrementCtr(ctr, index - 1);
    }

    private static void solveHashCash(byte[] prefix, int length, byte[] random) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA1");
        byte[] suffix = new byte[16];
        System.arraycopy(random, 0, suffix, 0, 8);
        while (true) {
            md.reset();
            md.update(prefix);
            md.update(suffix);
            byte[] digest = md.digest();
            ByteBuffer buf = ByteBuffer.wrap(digest);
            Long bufLong = buf.getLong(12); // [12:20]
            if (Long.numberOfTrailingZeros(bufLong) >= length) { // CTZ
                System.out.println("Output: " + bytesToHex(suffix));
                return;
            }

            incrementCtr(suffix, suffix.length - 1);
            incrementCtr(suffix, 7);
        }
    }
}```

[SuisChan]

during the connection to the accesspoint

This is a slightly different algorithm, maybe I'll write the implementation details later.