10ba2d32df
lib/bnet.ts reimplementa la criptografía Battle.net de home/bnet.py con BigInt nativo + node:crypto: - SRP6 v2 (battlenet_accounts): PBKDF2-HMAC-SHA512, N 2048 bits, g=2, ajuste de bit alto, módulo estilo Python, verifier little-endian (ToByteVector). - SRP6 Grunt/SHA1 (cuenta de juego): g=7, N 256 bits, verifier 32B little-endian. - bnetMakeRegistration/bnetVerify, gameCalculateVerifier/gameMakeRegistration/ gameVerify, bnetSrpUsername, normalizeEmail, makeGameAccountUsername. Validado con vectores cruzados contra la impl. Python (mismos email/pass/salt -> mismo verifier; verificación en ambos sentidos): TODO COINCIDE. Se añade tsx (dev) para ejecutar scripts TS (Node del sistema no trae strip-types). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
149 lines
5.3 KiB
TypeScript
149 lines
5.3 KiB
TypeScript
import crypto from 'node:crypto'
|
|
|
|
/**
|
|
* Port TS de home/bnet.py (autenticación 3.4.3 / Battle.net).
|
|
* Debe producir EXACTAMENTE el mismo salt/verifier que la implementación Python
|
|
* (validado con vectores idénticos) o los logins contra AzerothCore fallan.
|
|
*
|
|
* - battlenet_accounts -> SRP6 v2 (PBKDF2-HMAC-SHA512, N de 2048 bits, g=2).
|
|
* - account (cuenta de juego) -> SRP6 Grunt/SHA1 (clásico 3.3.5a).
|
|
*/
|
|
|
|
// --- SRP6 v2 (battlenet_accounts) ---
|
|
const BNET_N = BigInt(
|
|
'0x' +
|
|
'AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050' +
|
|
'A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50' +
|
|
'E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B8' +
|
|
'55F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773B' +
|
|
'CA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748' +
|
|
'544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6' +
|
|
'AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6' +
|
|
'94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73',
|
|
)
|
|
const BNET_g = 2n
|
|
const BNET_SALT_LEN = 32
|
|
const BNET_ITERATIONS = 15000
|
|
const BNET_SRP_VERSION = 2
|
|
const TWO_POW_512 = 1n << 512n
|
|
// TrinityCore guarda el verifier little-endian (BigNumber::ToByteVector).
|
|
const BNET_VERIFIER_LITTLE_ENDIAN = true
|
|
|
|
// --- SRP6 Grunt/SHA1 (cuenta de juego) ---
|
|
const GRUNT_g = 7n
|
|
const GRUNT_N = BigInt('0x894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7')
|
|
const GRUNT_SALT_LEN = 32
|
|
|
|
// --- utilidades BigInt <-> bytes ---
|
|
function modpow(base: bigint, exp: bigint, mod: bigint): bigint {
|
|
let result = 1n
|
|
base %= mod
|
|
while (exp > 0n) {
|
|
if (exp & 1n) result = (result * base) % mod
|
|
exp >>= 1n
|
|
base = (base * base) % mod
|
|
}
|
|
return result
|
|
}
|
|
|
|
/** Módulo no negativo (como el `%` de Python). */
|
|
function pyMod(a: bigint, m: bigint): bigint {
|
|
return ((a % m) + m) % m
|
|
}
|
|
|
|
function bytesToBigInt(buf: Buffer, littleEndian = false): bigint {
|
|
const b = littleEndian ? Buffer.from(buf).reverse() : buf
|
|
const hex = b.toString('hex')
|
|
return hex.length ? BigInt('0x' + hex) : 0n
|
|
}
|
|
|
|
/** Emula int.to_bytes: longitud mínima (o fija si se da length), endianness dada. */
|
|
function bigIntToBytes(value: bigint, littleEndian = false, length?: number): Buffer {
|
|
let hex = value.toString(16)
|
|
if (hex.length % 2) hex = '0' + hex
|
|
let buf = Buffer.from(hex, 'hex') // big-endian, longitud mínima
|
|
if (buf.length === 0) buf = Buffer.from([0])
|
|
if (length && buf.length < length) {
|
|
buf = Buffer.concat([Buffer.alloc(length - buf.length), buf]) // pad izquierda (BE)
|
|
}
|
|
return littleEndian ? Buffer.from(buf).reverse() : buf
|
|
}
|
|
|
|
// --- SRP6 v2 (bnet) ---
|
|
export function bnetSrpUsername(email: string): string {
|
|
return crypto.createHash('sha256').update(email.trim().toUpperCase(), 'utf8').digest('hex').toUpperCase()
|
|
}
|
|
|
|
function bnetCalculateX(email: string, password: string, salt: Buffer): bigint {
|
|
const srpUser = bnetSrpUsername(email)
|
|
const tmp = Buffer.from(srpUser + ':' + password, 'utf8')
|
|
const xBytes = crypto.pbkdf2Sync(tmp, salt, BNET_ITERATIONS, 64, 'sha512')
|
|
let x = bytesToBigInt(xBytes, false) // big-endian
|
|
if (xBytes[0] & 0x80) x -= TWO_POW_512
|
|
return pyMod(x, BNET_N - 1n)
|
|
}
|
|
|
|
export interface BnetRegistration {
|
|
salt: Buffer
|
|
verifier: Buffer
|
|
srpVersion: number
|
|
}
|
|
|
|
export function bnetMakeRegistration(email: string, password: string): BnetRegistration {
|
|
const salt = crypto.randomBytes(BNET_SALT_LEN)
|
|
const x = bnetCalculateX(email, password, salt)
|
|
const v = modpow(BNET_g, x, BNET_N)
|
|
return { salt, verifier: bigIntToBytes(v, BNET_VERIFIER_LITTLE_ENDIAN), srpVersion: BNET_SRP_VERSION }
|
|
}
|
|
|
|
export function bnetVerify(
|
|
email: string,
|
|
password: string,
|
|
salt: Buffer | null,
|
|
storedVerifier: Buffer | null,
|
|
): boolean {
|
|
if (!salt || !storedVerifier) return false
|
|
const x = bnetCalculateX(email, password, salt)
|
|
const v = modpow(BNET_g, x, BNET_N)
|
|
return v === bytesToBigInt(storedVerifier, BNET_VERIFIER_LITTLE_ENDIAN)
|
|
}
|
|
|
|
// --- SRP6 Grunt/SHA1 (cuenta de juego) ---
|
|
function sha1(data: Buffer): Buffer {
|
|
return crypto.createHash('sha1').update(data).digest()
|
|
}
|
|
|
|
export function gameCalculateVerifier(username: string, password: string, salt: Buffer): Buffer {
|
|
const h1 = sha1(Buffer.from(username.toUpperCase() + ':' + password.toUpperCase(), 'utf8'))
|
|
const h2 = sha1(Buffer.concat([salt, h1]))
|
|
const h2int = bytesToBigInt(h2, true) // little-endian
|
|
const v = modpow(GRUNT_g, h2int, GRUNT_N)
|
|
return bigIntToBytes(v, true, 32)
|
|
}
|
|
|
|
export function gameMakeRegistration(username: string, password: string): { salt: Buffer; verifier: Buffer } {
|
|
const salt = crypto.randomBytes(GRUNT_SALT_LEN)
|
|
const verifier = gameCalculateVerifier(username, password.slice(0, 16), salt)
|
|
return { salt, verifier }
|
|
}
|
|
|
|
export function gameVerify(
|
|
username: string,
|
|
password: string,
|
|
salt: Buffer | null,
|
|
storedVerifier: Buffer | null,
|
|
): boolean {
|
|
if (!salt || !storedVerifier) return false
|
|
const calc = gameCalculateVerifier(username, password.slice(0, 16), salt)
|
|
return bytesToBigInt(calc, true) === bytesToBigInt(storedVerifier, true)
|
|
}
|
|
|
|
// --- helpers varios ---
|
|
export function normalizeEmail(email: string): string {
|
|
return email.trim().toUpperCase()
|
|
}
|
|
|
|
export function makeGameAccountUsername(bnetId: number, index = 1): string {
|
|
return `${bnetId}#${index}`
|
|
}
|