Skip to content

Instantly share code, notes, and snippets.

View VulBusters's full-sized avatar

VulBusters

View GitHub Profile
@VulBusters
VulBusters / LoginWithEmailNormal.cs
Last active May 11, 2023 10:06
public class LoginWithEmailNormal
{
public void LoginWithEmail()
{
var loginReq = new LoginWithEmailAddressRequest
{
Email = EmailField.text,
Password = PasswordField.text
};
@VulBusters
VulBusters / LoginWithEmailPinning.cs
Last active June 5, 2023 09:31
public class LoginWithEmailPinning
{
public void LoginWithEmail()
{
var loginReq = new LoginWithEmailAddressRequest
{
Email = EmailField.text,
Password = PasswordField.text
};
PlayFab.Internal.PlayFabWebRequest.CustomCertValidationHook = CertPinning.CertCheck;
@VulBusters
VulBusters / CertPinning.cs
Last active July 25, 2023 06:47
public class CertPinning
{
public static bool CertCheck(object sender, X509Certificate certificate,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
String certSha256FingerprintHex = "xxxxxxxxxxxxxxxxxx";
if (certificate == null){
return false;
}
@VulBusters
VulBusters / CreateKeyPair.cs
Created August 9, 2023 07:53
private static void CreateKeyPair()
{
ECKeyPairGenerator keyPairGenerator = (ECKeyPairGenerator)GeneratorUtilities.GetKeyPairGenerator("ECDH");
keyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 521));
AsymmetricCipherKeyPair keyPair = keyPairGenerator.GenerateKeyPair();
ECPrivateKeyParameters clientPrivKey = (ECPrivateKeyParameters)keyPair.Private;
ECPublicKeyParameters clientPubKey = (ECPublicKeyParameters)keyPair.Public;
StringWriter sw1 = new StringWriter();
@VulBusters
VulBusters / PublicKeyDto.cs
Created August 9, 2023 07:54
public class PublicKeyDto
{
public String PublicKey { get; set; }
}
@VulBusters
VulBusters / KeyExchangeDto.cs
Created August 9, 2023 07:55
public class KeyExchangeDto
{
public int Code { get; set; }
public String KeyId { get; set; }
public String Salt { get; set; }
public String ServerPublicKey { get; set; }
}
@VulBusters
VulBusters / EcPemtoDer.cs
Created August 9, 2023 07:55
private static String EcPemtoDer(String pemKey, String type)
{
String trim = "";
if(type == "public")
{
trim = pemKey.Replace("-----BEGIN PUBLIC KEY-----\n", "")
.Replace("\n-----END PUBLIC KEY-----\n", "")
.Replace("\n", "");
}
if(type == "private")
@VulBusters
VulBusters / KeyExchange.cs
Created August 9, 2023 07:56
public static void KeyExchange()
{
String publicKeyPem = PlayerPrefs.GetString("clientPublicKey");
if(String.IsNullOrEmpty(publicKeyPem))
{
throw new PlayerPrefsItemNotFoundException("clientPublicKey");
}
String EcPublicKeyDerHexStr = EcPemtoDer(publicKeyPem, "public");
String serializedHttpBody = JsonConvert.SerializeObject(EcPublicKeyDerHexStr);
@VulBusters
VulBusters / get_shared_secret.py
Created August 9, 2023 07:56
def get_shared_secret(self, pub_key) -> bytes:
client_pub_key_der = serialization.load_der_public_key(bytes.fromhex(pub_key))
return self.serv_priv_key.exchange(ec.ECDH(), client_pub_key_der)
@VulBusters
VulBusters / get_session_key.py
Last active August 9, 2023 12:38
def get_session_key(self, _salt, shared_secret) -> bytes:
return PBKDF2HMAC(
algorithm = hashes.SHA256(),
length = 32,
salt = _salt,
iterations = 310000
).derive(shared_secret)