From 4c7ea09670d3f6e9dc3fbbcfefd7de2752c2f0cb Mon Sep 17 00:00:00 2001 From: baibaratsky Date: Tue, 28 Apr 2015 22:09:21 +0300 Subject: [PATCH] Fixed #5: Some key digests are encrypted using only the first half of the password --- Signer.php | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/Signer.php b/Signer.php index 3c339fe..eb84721 100644 --- a/Signer.php +++ b/Signer.php @@ -34,13 +34,20 @@ public function __construct($wmid, $keyFileName, $keyPassword) } $keyData = unpack('vreserved/vsignFlag/a16hash/Vlength/a*buffer', $key); - $keyData['buffer'] = self::encryptKey($keyData['buffer'], $wmid, $keyPassword); - if (!self::verifyHash($keyData)) { - throw new \Exception('Hash check failed. Key file seems to be corrupted.'); + $keyBuffer = self::readKeyBuffer($keyData, $wmid, $keyPassword); + + if ($keyBuffer === false) { + // Try one more time using only the first half of the password + $keyPassword = substr($keyPassword, 0, ceil(strlen($keyPassword) / 2)); + $keyBuffer = self::readKeyBuffer($keyData, $wmid, $keyPassword); + + if ($keyBuffer === false) { + throw new \Exception('Hash check failed. Key file seems to be corrupted.'); + } } - $this->initSignVariables($keyData['buffer']); + $this->initSignVariables($keyBuffer); } /** @@ -96,6 +103,22 @@ private function initSignVariables($keyBuffer) $this->modulus = self::reverseToDecimal($data['modulus']); } + /** + * Check and return the key buffer + * + * @param array $keyData + * @param string $wmid + * @param string $keyPassword + * + * @return string|false The key buffer, or false if the hash doesn't match + */ + private static function readKeyBuffer($keyData, $wmid, $keyPassword) + { + $keyData['buffer'] = self::encryptKey($keyData['buffer'], $wmid, $keyPassword); + + return self::verifyHash($keyData) ? $keyData['buffer'] : false; + } + /** * Encrypt the key using the hash of the WMID and the key password *