Passwords in SSL with Jetty tutorial - ssl

In this tutorial , where are the following values coming from?
password (OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4)
keyPassword (OBF:1u2u1wml1z7s1z7a1wnl1u2g)
trustPassword (OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4)

Someone (ack_ of the Norn Iron Hacker Scene) made a Python script to reverse the Jetty password obfuscation. Useful when you need to export the keystore to other programs.
# Jetty Deobfuscation Tool
from __future__ import print_function
import sys
def deobfuscate_jetty(ciphertext):
plaintext = ""
for i in range(0, len(ciphertext), 4):
t = ciphertext[i:i + 4]
i0 = int(t, 36)
i1, i2 = divmod(i0, 256)
x = (i1 + i2 - 254) >> 1
plaintext += chr(x)
return plaintext
if __name__ == '__main__':
if len(sys.argv) == 2:
print(deobfuscate_jetty(sys.argv[1]))
else:
print("Jetty Deobfuscation Tool v1.0")
print("%s <string>" % sys.argv[0])
exit(1)

The passwords prefixed with OBF: come from Jetty's own system for obfuscating passwords. There is more documentation here: http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
Note that this is obfuscated and not encrypted. It just prevents a human from reading it quickly:
In some cases such as keystore passwords and digest authentication,
the system must retrieve the original password, which requires the
obfuscation method. The drawback of the obfuscation algorithm is that
it protects passwords from casual viewing only.
You could put them in clear too, it wouldn't change much.
In this case, the password, keyPassword and trustPassword are respectively the passwords for the key store, the key password (that should be optional if it's the same as the key store password) and the trust store password. These are the ones you set when you create these keystores.

This was driving me kind of crazy too. Here's a script that you can use to generate the various passwords. The script works with this particular version of jetty: jetty-hightide-8.1.10.v20130312, but can be modified through the JETTY_VER variable.
jetty-passwd.sh
#!/bin/bash
# url: http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
# set -x
if [ $# -ne 2 ]; then
echo -e "\nUSAGE: `basename $0`: <user> <password>\n";
exit 0;
fi
JETTY_VER=8.1.10.v20130312
JETTY_HOME=/opt/jetty-hightide-$JETTY_VER
java -cp $JETTY_HOME/lib/jetty-util-${JETTY_VER}.jar org.eclipse.jetty.util.security.Password $1 $2
example run
% ./jetty-passwd.sh me blah
blah
OBF:1t2x1toq1to41t39
MD5:6f1ed002ab5595859014ebf0951522d9
CRYPT:me/DjMjPzbKG.

The following function is an ES6 port of the Python function by Thilo. It could be used to deobfuscate a password on a Node server.
I also added an obfuscation method that I adapted from: arthepsy/deobf/jetty.obf.py
In addition, I added some mocha/chai tests to run through random passwords verify that the obfuscate/deobfuscate methods are symetric.
const
clipText = (str, length) => `${str.slice(0, length)}…`,
fill = (size, fn) => new Array(size).fill(0).map((_, i) => fn ? fn(i) : i);
/** test.js */
const main = () => {
const
generator = new PasswordGenerator({ symbols: true, length: 16 }),
passwords = fill(100, () => generator.next());
mocha.setup('bdd');
chai.should();
describe('Test JettyUtil', () =>
passwords.forEach(pw => {
const
ciphertext = JettyUtil.obfuscate(pw),
plaintext = JettyUtil.deobfuscate(ciphertext);
it(clipText(`${pw} → ${ciphertext}`, 64), () =>
pw.should.equal(plaintext))
}));
mocha.run();
};
/** jetty-util.js */
const
OBF_PREFIX = 'OBF:',
divmod = (m, n) => [ Math.trunc(m / n), m % n ],
unpack = (str) => str.split('').map(c => c.charCodeAt(0) & 0xFF),
chunk = (str, size) => str.match(new RegExp(`.{1,${size}}`, 'g'));
class JettyUtil {
static deobfuscate(ciphertext) {
return chunk(ciphertext.slice(OBF_PREFIX.length), 4)
.reduce((plaintext, i0) => {
const [ i1, i2 ] = divmod(parseInt(i0, 36), 256);
return plaintext + String.fromCharCode((i1 + i2 - 254) >> 1);
}, '');
}
static obfuscate(plaintext) {
return unpack(plaintext).reduce((ciphertext, b1, index, bytes) => {
const b2 = bytes[bytes.length - (index + 1)],
[ i1, i2 ] = [ 127 + b1 + b2, 127 + b1 - b2 ];
return ciphertext + (i1 * 256 + i2).toString(36).padStart(4, '0');
}, OBF_PREFIX);
}
}
// export default JettyUtil;
/** password-generator.js */
const Alphabet = {
UPPERCASE : 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
LOWERCASE : 'abcdefghijklmnopqrstuvwxyz',
NUMBERS : '0123456789',
SYMBOLS : ' !"#$%&\'()*+,-./:;<=>?#[\]^_`{|}~'
};
class PasswordGenerator {
constructor(config) {
this.opts = { ...PasswordGenerator.defaultOptions, ...config };
this.alphabet = Object.entries(this.opts)
.map(([k, v]) => v === true ? Alphabet[k.toUpperCase()] : null)
.filter(v => v != null)
.join('');
}
next() {
return fill(this.opts.length, () => rando(this.alphabet)).join('');
}
}
PasswordGenerator.defaultOptions = {
uppercase : true,
lowercase : true,
numbers : true,
symbols : false,
length : 12
};
// export default PasswordGenerator;
main();
.as-console-wrapper { top: 0; max-height: 100% !important; }
<script src="https://randojs.com/2.0.0.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/mocha/7.2.0/mocha.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mocha/7.2.0/mocha.css" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/chai/4.2.0/chai.min.js"></script>
<div id="mocha"></div>
Here is my original response:
const divmod = (m, n) => [ ~~(m / n), m % n ];
const deobfuscate = (ciphertext) => {
if (!ciphertext.startsWith('OBF:')) return null;
let plaintext = '';
for (let offset = 4; offset < ciphertext.length; offset += 4) {
const i0 = parseInt(ciphertext.slice(offset, offset + 4), 36);
const [ i1, i2 ] = divmod(i0, 256);
plaintext += String.fromCharCode((i1 + i2 - 254) >> 1);
}
return plaintext;
};
const pwList = [
'OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4', // storepwd
'OBF:1u2u1wml1z7s1z7a1wnl1u2g', // keypwd
];
pwList.forEach(pw => console.log(deobfuscate(pw)));

Related

VSCode API: registerCompletionItemProvider doesn't work with "#" trigger symbol

I am trying to use registerCompletionItemProviderto add autocompletion inside of JSDoc comments, but my provider doesn't work on the "#" trigger symbol, it is strange, but with other symbols, like "|" or "!" it works fine. I tried to check it with the VSCode debugger but it shows that my provideCompletionItems function isn't even called on the "#" trigger symbol.
That's how it looks like with the "#" symbol
That's how it looks like with the "|" symbol or any other symbols
My extension.ts file
export function activate(context: ExtensionContext) {
context.subscriptions.push(
languages.registerCompletionItemProvider(SUPPORTED_LANGUAGES, {
provideCompletionItems,
}, "#");
);
}
My provideCompletionItems
const provideCompletionItems = (
doc: TextDocument,
pos: Position
) => {
let keys = Object.keys(JSDocElements);
let completions = keys.map(key => {
// #ts-ignore
let e = JSDocElements[key];
let r = new CompletionItem(key + " ");
r.documentation = e.desc;
r.kind = CompletionItemKind.Snippet;
return r;
});
const txt = doc.getText();
const matcher = /\/\*\*[^\*](?:\r|\n|.)*?\*\//g;
let match = matcher.exec(txt);
let p = doc.offsetAt(pos);
while (match) {
if (match.index > p) {
match = null;
break;
}
if (match.index < p && match.index + match[0].length > p) {
break;
}
match = matcher.exec(txt);
}
if (!match) return [];
return completions;
};

composes an array of functions into a function that passes a value through a pipeline of functions

Does anyone know how to do this ?
#compose pipeline
Q) composes an array of functions into a function that passes
a value through a pipeline of functions.
We need to create compose () as follows !
function compose(funcs) {
}
Example 1
javascript
const pipeline = [
(num) => num - 1,
(num) => num * 10,
(num) => `${ num } as a string`
];
const composed = compose(pipeline);
The output will be :--->
composed(4); // => `30 as a string`
Example 2
javascript
const pipeline = [
(str) => str.length,
(length) => length * 100,
(num) => num + 5
];
const composed = compose(pipeline);
composed('cat'); // => 305

ML Kit Barcode Scanner (used in reactnative-camera) cut displayValue after U+0000 / NULL

I am trying to scan ECC Data Matrix code with binary content, but if there is a NULL byte I can only get the string up to there.
Unfortunately, I have no control over these matrix codes, as I have to scan the codes provided.
Does somebody has any idea?
Is it possibly to convert the rawData?
It would be enough if I received the content as a hex value.
The rawData is allready hex, but not as expected, maybe it is also corrupt or in an unknown coding.
Does somebody know encoding of rawdata?
see https://developers.google.com/ml-kit/reference/ios/mlkitbarcodescanning/api/reference/Classes/MLKBarcode#rawdata
I found a solution for me:
Here my Code for React-Native:
import {DataMatrixDecodedBitStreamParser, ZXingStringEncoding} from "#zxing/library";
const bin2hex = (s)=> {
// discuss at: https://locutus.io/php/bin2hex/
// original by: Kevin van Zonneveld (https://kvz.io)
// bugfixed by: Onno Marsman (https://twitter.com/onnomarsman)
// bugfixed by: Linuxworld
// improved by: ntoniazzi (https://locutus.io/php/bin2hex:361#comment_177616)
// example 1: bin2hex('Kev')
// returns 1: '4b6576'
// example 2: bin2hex(String.fromCharCode(0x00))
// returns 2: '00'
let i;
let l;
let o = '';
let n;
s += '';
for (i = 0, l = s.length; i < l; i++) {
n = s.charCodeAt(i)
.toString(16);
o += n.length < 2 ? '0' + n : n;
}
return o;
}
const hex2bin = (s)=> {
// discuss at: https://locutus.io/php/hex2bin/
// original by: Dumitru Uzun (https://duzun.me)
// example 1: hex2bin('44696d61')
// returns 1: 'Dima'
// example 2: hex2bin('00')
// returns 2: '\x00'
// example 3: hex2bin('2f1q')
// returns 3: false
const ret = []
let i = 0
let l
s += ''
for (l = s.length; i < l; i += 2) {
const c = parseInt(s.substr(i, 1), 16);
const k = parseInt(s.substr(i + 1, 1), 16);
if (isNaN(c) || isNaN(k)) return false;
ret.push((c << 4) | k);
}
return String.fromCharCode.apply(String, ret);
}
const fromHexString = hexString => new Uint8Array(hexString.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
const matrixcodeRAW2HEX = raw_hex => {
let data = fromHexString(raw_hex);
try {
global.Buffer = global.Buffer || require('buffer').Buffer;
ZXingStringEncoding.customDecoder = (stringContent, encodingName) => {
let encodingName2 = encodingName;
if(encodingName.toLowerCase()=="iso-8859-1"){
encodingName2="latin1";
}
return new Buffer(stringContent).toString(encodingName2);
}
ZXingStringEncoding.customEncoder = (stringContent, encodingName) => {
let encodingName2 = encodingName;
if(encodingName.toLowerCase()=="iso-8859-1"){
encodingName2="latin1";
}
return new Buffer(stringContent).toString(encodingName2);
};
let newData = DataMatrixDecodedBitStreamParser.decode(data);
return bin2hex(newData.getText());
}catch (e) {
console.log(e);
}
}
My function will return the original data as hex, so there is no problem with NUL, but you can also use hex2bin to get it as a Text if necessary.
I´m using the zxing polyfill for JS => https://github.com/zxing-js/library, cause JS does not Cut String like Objective C do.
I found out in Objective C NUL always will cut a string, so there is no solution yet.

Couldn't read accelerometer and gyro from sensortag using react-native

I have been working on react-native-ble-plx with sensortag cc2650stk and having issues fetching accelerometer and gyro data.
Error: Characteristic "f000aa82-0451-4000-b000-000000000000" write failed for device xxxxxx and service "f000aa80-0451-4000-b000-000000000000"
Things work fine for all the other sensors of the ticc2650 sensortag. like humidity,temperature,barometer etc.
constructor() {
super();
this.manager = new BleManager()
this.state = {info: "", values: {}}
this.prefixUUID = "f000aa"
this.suffixUUID = "-0451-4000-b000-000000000000"
this.sensors = {
0: "Temperature",
8: "Accelerometer",
2: "Humidity",
7: "Magnetometer",
4: "Barometer",
// 5: "Gyroscope"
}
}
serviceUUID(num) {
return this.prefixUUID + num + "0" + this.suffixUUID
}
notifyUUID(num) {
return this.prefixUUID + num + "1" + this.suffixUUID
}
writeUUID(num) {
return this.prefixUUID + num + "2" + this.suffixUUID
}
My sensortag Movemnet UUIDS are:
MOVEMENT_SERVICE = 'f000aa80-0451-4000-b000-000000000000';
MOVEMENT_DATA = 'f000aa81-0451-4000-b000-000000000000';
MOVEMENT_CONFIG = 'f000aa82-0451-4000-b000-000000000000';
MOVEMENT_PERIOD = 'f000aa83-0451-4000-b000-000000000000';
MOVEMENT_NOTIFICATION = '00002902-0000-1000-8000-00805f9b34fb';
if (device.name === 'CC2650 SensorTag' || device.name === 'SensorTag') {
this.info("Connecting to TI Sensor")
this.manager.stopDeviceScan();
device.connect()
.then((device) => {
this.info("Discovering services and characteristics")
return device.discoverAllServicesAndCharacteristics()
})
.then((device) => {
this.info("Setting notifications")
console.log(device);
return this.setupNotifications(device)
})
.then(() => {
this.info("Listening...")
}, (error) => {
this.error(error.message)
})
}
async setupNotifications(device) {
for (const id in this.sensors) {
//id = 8;
const service = this.serviceUUID(id);
const characteristicW = this.writeUUID(id);
const characteristicN = this.notifyUUID(id);
const characteristic = await device.writeCharacteristicWithResponseForService(
service, characteristicW, "AQ==" /* 0x01 in hex */
)
device.monitorCharacteristicForService(service, characteristicN, (error, characteristic) => {
if (error) {
this.error(error.message)
return
}
console.log(characteristic.uuid+":::"+characteristic.value);
this.updateValue(characteristic.uuid, characteristic.value)
})
}
}
work fine for other sensors but not gyro and accelerometer.
Things work fine for other sensors when we write "AQ==" / 0x01 in hex / But for movement sensor we need to add "MDE=" for 0x01 in function for notifications
const characteristic = await device.writeCharacteristicWithResponseForService(
service, characteristicW, "AQ==" /* 0x01 in hex */
)
I dont know why have they done so but this solved the issue for me.

rxjs, call next on generator only after previous operation completes

I'm uploading a file by creating slices of file using Blob.slice() in a generator function
export function* chunkFile(file: File, chunkSize: number) {
let chunkStart = 0;
const _chunkEnd = chunkStart + chunkSize;
let chunkEnd = _chunkEnd > file.size ? file.size : _chunkEnd;
while (chunkStart < file.size) {
yield <ChunkType>{
chunk: file.slice(chunkStart, chunkEnd),
start: chunkStart,
end: chunkEnd
};
chunkStart = chunkEnd;
const _chunkEndIn = chunkStart + chunkSize;
chunkEnd = _chunkEndIn > file.size ? file.size : _chunkEndIn;
}
}
and I'm uploading file like this
Observable.from(chunckFile(file,chunkSize)).concatMap(uploadRoutine).subscribe();
But all chunks are created at same time.
what I need is create new chunck (call next on generator) only when current chunk upload completes.
Found Solution by my own
export function rxIterable<T, R>(source: Iterator<T>, consumer: (value: T) => Observable<R>) {
const first = source.next();
if (first.done) {
return empty<R>();
}
return consumer(first.value).pipe(
expand(() => {
const next = source.next();
if (next.done) {
return empty<R>();
}
return consumer(next.value);
}),
finalize(() => source.return())
);
}