@mtproto/core - npm Package Compare versions

Comparing version 3.1.0 to 3.1.1

package.json

 {
   "name": "@mtproto/core",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "description": "Telegram API (MTProto) client library for browser and nodejs",
@@ -90,8 +90,2 @@ "keywords": [
     },
-    "./src/storage/local/package.json": "./src/storage/local/package.json",
-    "./src/storage/local": {
-      "require": "./src/storage/local/index.cjs",
-      "import": "./src/storage/local/index.js",
-      "browser": "./src/storage/local/index.browser.js"
-    },
     "./src/tl/deserializer/package.json": "./src/tl/deserializer/package.json",
@@ -107,2 +101,8 @@ "./src/tl/deserializer": {
     },
+    "./src/storage/local/package.json": "./src/storage/local/package.json",
+    "./src/storage/local": {
+      "require": "./src/storage/local/index.cjs",
+      "import": "./src/storage/local/index.js",
+      "browser": "./src/storage/local/index.browser.js"
+    },
     "./src/transport/obfuscated/package.json": "./src/transport/obfuscated/package.json",
@@ -109,0 +109,0 @@ "./src/transport/obfuscated": {

src/rpc/index.js

@@ -377,3 +377,3 @@ import bigInt from 'big-integer';
           throw new Error(
-            `bad_server_salt. Not found message width id ${message.bad_msg_id}`
+            `bad_server_salt. Not found message with id ${message.bad_msg_id}`
           );
@@ -380,0 +380,0 @@ }

src/transport/obfuscated/index.js

@@ -6,30 +6,55 @@ import EventEmitter from 'events';
 class Obfuscated extends EventEmitter {
+  // https://core.telegram.org/mtproto/mtproto-transports#transport-obfuscation
   async generateObfuscationKeys() {
-    const protocolId = 0xeeeeeeee;
-    const init1bytes = getRandomBytes(64);
-    const init1buffer = init1bytes.buffer;
-    const init1data = new DataView(init1buffer);
-    init1data.setUint32(56, protocolId, true);
+    let initBytes = null;
 
-    const init2buffer = new ArrayBuffer(init1buffer.byteLength);
-    const init2bytes = new Uint8Array(init2buffer);
-    for (let i = 0; i < init2buffer.byteLength; i++) {
-      init2bytes[init2buffer.byteLength - i - 1] = init1bytes[i];
+    while (true) {
+      initBytes = getRandomBytes(64);
+      const initDataView = new DataView(initBytes.buffer);
+      initDataView.setUint32(56, 0xeeeeeeee, true);
+
+      if (initBytes[0] === 0xef) {
+        continue;
+      }
+
+      const firstInt = initDataView.getUint32(0, true);
+
+      if (
+        [
+          0x44414548,
+          0x54534f50,
+          0x20544547,
+          0x4954504f,
+          0xdddddddd,
+          0xeeeeeeee,
+          0x02010316,
+        ].includes(firstInt)
+      ) {
+        continue;
+      }
+
+      const secondInt = initDataView.getUint32(4, true);
+
+      if (secondInt === 0) {
+        continue;
+      }
+
+      break;
     }
 
-    let encryptKey = new Uint8Array(init1buffer, 8, 32);
-    const encryptIV = new Uint8Array(16);
-    encryptIV.set(new Uint8Array(init1buffer, 40, 16));
+    const initRevBytes = new Uint8Array(initBytes).reverse();
 
-    let decryptKey = new Uint8Array(init2buffer, 8, 32);
-    const decryptIV = new Uint8Array(16);
-    decryptIV.set(new Uint8Array(init2buffer, 40, 16));
+    const encryptKey = initBytes.slice(8, 40);
+    const encryptIV = initBytes.slice(40, 56);
 
+    const decryptKey = initRevBytes.slice(8, 40);
+    const decryptIV = initRevBytes.slice(40, 56);
+
     this.encryptAES = new AES.CTR(encryptKey, encryptIV);
     this.decryptAES = new AES.CTR(decryptKey, decryptIV);
 
-    const init3buffer = (await this.obfuscate(init1bytes)).buffer;
-    init1bytes.set(new Uint8Array(init3buffer, 56, 8), 56);
+    const encryptedInitBytes = await this.obfuscate(initBytes);
+    initBytes.set(encryptedInitBytes.slice(56, 64), 56);
 
-    return init1bytes;
+    return initBytes;
   }
@@ -36,0 +61,0 @@

src/transport/tcp/index.js

@@ -37,20 +37,28 @@ import { Socket } from 'net';
 
-    const dataView = new DataView(this.stream.buffer);
-    const payloadLength = dataView.getUint32(0, true);
+    while (true) {
+      if (this.stream.length < 8) {
+        break;
+      }
 
-    if (payloadLength === this.stream.length - 4) {
-      const payload = this.stream.slice(4);
+      const dataView = new DataView(this.stream.buffer);
+      const payloadLength = dataView.getUint32(0, true);
 
-      if (payloadLength === 4) {
-        const code = dataView.getInt32(4, true) * -1;
+      if (payloadLength <= this.stream.length - 4) {
+        const payload = this.stream.slice(4, payloadLength + 4);
 
-        this.emit('error', {
-          type: 'transport',
-          code,
-        });
+        if (payloadLength === 4) {
+          const code = dataView.getInt32(4, true) * -1;
+
+          this.emit('error', {
+            type: 'transport',
+            code,
+          });
+        } else {
+          this.emit('message', payload.buffer);
+        }
+
+        this.stream = this.stream.slice(payloadLength + 4);
       } else {
-        this.emit('message', payload.buffer);
+        break;
       }
-
-      this.stream = new Uint8Array();
     }
@@ -87,2 +95,4 @@ }
 
+    // TODO: Remove this.socket.on
+
     if (!this.socket.destroyed) {
@@ -89,0 +99,0 @@ this.socket.destroy();

src/utils/common/random/index.js

 import crypto from 'crypto';
 
 function getRandomBytes(length) {
-  return crypto.randomBytes(length);
+  return new Uint8Array(crypto.randomBytes(length));
 }
 
 export { getRandomBytes };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1115509

increased by0.09%

Lines of code

47717

increased by0.11%

No dependency changes