Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lua - Controlling your Panasonic TV. #45

Open
nodecentral opened this issue Dec 29, 2020 · 1 comment
Open

Lua - Controlling your Panasonic TV. #45

nodecentral opened this issue Dec 29, 2020 · 1 comment

Comments

@nodecentral
Copy link

nodecentral commented Dec 29, 2020
edited
Loading

Not being the best programmer, I’m trying to do it with Lua, leveraging various resources, e.g. https://community.getvera.com/t/panasonic-tv-pincode-and-encryption-support/216268 ) to get there..

I found a really great resource here -> https://forum.logicmachine.net/showthread.php?tid=232&pid=16580#pid16580 but much of the libraries/modules they used seem to be proprietary, so I’m looking to find alternative ways create the required keys etc.

Various online tools exist, (see below)

hmac = https://www.devglan.com/online-tools/hmac-sha256-online
aes decryption. = https://www.devglan.com/online-tools/aes-encryption-decryption
base64 = https://www.devglan.com/online-tools/base64-encode-decode
string-to-ascii = https://onlinestringtools.com/convert-string-to-ascii

but what I’m most keen to find are pure Lua libraries to help do the job..
@nodecentral
Copy link
Author

nodecentral commented Mar 5, 2022
edited
Loading

I’ve been trying to get this to work for a while now, and hopefully I’m getting closer, but I’m still grateful for any help.

Using Lua, I can get the XML back from the TV and extract the Challenge_key

<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
 <s:Body>
  <u:X_DisplayPinCodeResponse xmlns:u="urn:panasonic-com:service:p00NetworkControl:1">
   <X_ChallengeKey>iL9XqQOMfkFWz2rvh0Xm+w==</X_ChallengeKey>
  </u:X_DisplayPinCodeResponse>
 </s:Body>
</s:Envelope>

It seems I then need to encode that in Base64, which would be this..

local mime = require("mime")
local challenge_key = "iL9XqQOMfkFWz2rvh0Xm+w=="
local challenge_Key_b64 = mime.b64(challenge_key)
print (challenge_Key_b64)

Which gives me this..

aUw5WHFRT01ma0ZXejJydmgwWG0rdz09

To then get the key which I assume is the real encryption key, it looks like I would do the following…

local bit = require("bit")
	
local challenge_Key_b64 = "aUw5WHFRT01ma0ZXejJydmgwWG0rdz09"
local challengekey_vals = { challenge_Key_b64:byte(1, -1) }
local key_vals = {}

for i = 1, 16, 4 do
	key_vals[ i ] = bit.band(bit.bnot(challengekey_vals[ i + 3 ]), 0xFF)
	key_vals[ i + 1 ] = bit.band(bit.bnot(challengekey_vals[ i + 2 ]), 0xFF)
	key_vals[ i + 2 ] = bit.band(bit.bnot(challengekey_vals[ i + 1 ]), 0xFF)
	key_vals[ i + 3 ] = bit.band(bit.bnot(challengekey_vals[ i ]), 0xFF)
end

local key = string.char(unpack(key_vals))
print(key)

Which give me this..

ʈªž­¹·¨’ÎÏ«§¥Ïž

**

I’m conscious at this point that I’m using a web based Lua IDE, so I’m not sure if the values returned are accurate, so rather than B64 can I use HEX ?

**

Continuing on, to get the hmac_val it looks like I need to use the same challengekey_vals to generate the hmac_key

local bit = require("bit")
local binascii = require("binascii")
	
local challengekey_64 = "aUw5WHFRT01ma0ZXejJydmgwWG0rdz09" 
local challengekey_vals = { challengekey_64:byte(1, -1) }
	
local hmac_key_mask = binascii.unhexlify('15C95AC2B08AA7EB4E228F811E34D04FA54BA7DCAC9879FA8ACDA3FC244F3854')
local hmac_key_mask_vals = { hmac_key_mask:byte(1, -1) }
local hmac_vals = {}

for i = 1, 32, 4 do
	hmac_vals[ i ] = bit.bxor(hmac_key_mask_vals[ i ], challengekey_vals[ bit.band(i + 1, 0xF) + 1 ])
	hmac_vals[ i + 1 ] = bit.bxor(hmac_key_mask_vals[ i + 1 ], challengekey_vals[ bit.band(i + 2, 0xF) + 1 ])
	hmac_vals[ i + 2 ] = bit.bxor(hmac_key_mask_vals[ i + 2 ], challengekey_vals[ bit.band(i - 1, 0xF) + 1 ])
	hmac_vals[ i + 3 ] = bit.bxor(hmac_key_mask_vals[ i + 3 ], challengekey_vals[ bit.band(i, 0xF) + 1 ])
end

local hmac_key = string.char(unpack(hmac_vals))
print(hmac_key)

Which give me this…

bü;—öØð£�OÛ±Dl±�Ò~ƉêÊ.²» ÷Ì~�Yd

And then I think to get the IV, i would do the following.

local bit = require("bit")
	
local payload = '000000000000' -- First 12 bytes are randomised
local pincode = "<X_PinCode>1234</X_PinCode>"  -- Next 4 bytes are from the pincode prompted by the TV
n = #pincode

payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF))
payload = payload .. string.char(bit.band(n, 0xFF))
payload = payload .. pincode
	
local iv = payload
print(iv)

Which returns this ..

000000000000�1234

Does all of the above look correct to create the 3 items needed below.. ?

Key = ʈªž­¹·¨’ÎÏ«§¥Ïž
HMAC_KEY = bü;—öØð£�OÛ±Dl±�ÒƉêÊ.²» ÷Ì�Yd
IV = 000000000000�1234

@nodecentral nodecentral changed the title Alternatives way to get the key(s) ? Lua - Controlling your Panasonic TV. Mar 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nodecentral