From 0d59561bee4cf7db10d53a8aa58952ae65e856b5 Mon Sep 17 00:00:00 2001
From: Wither OrNot
Date: Thu, 13 Feb 2025 09:49:35 -0500
Subject: Initial commit

Co-authored-by: neko <109633131+nekoppai@users.noreply.github.com>
Co-authored-by: Lyssa <75037904+thecatontheceiling@users.noreply.github.com>
Co-authored-by: abbodi1406 <33669284+abbodi1406@users.noreply.github.com>
---
 LibTSforge/Crypto/PhysStoreCrypto.cs | 71 ++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 LibTSforge/Crypto/PhysStoreCrypto.cs

(limited to 'LibTSforge/Crypto/PhysStoreCrypto.cs')

diff --git a/LibTSforge/Crypto/PhysStoreCrypto.cs b/LibTSforge/Crypto/PhysStoreCrypto.cs
new file mode 100644
index 0000000..6d77897
--- /dev/null
+++ b/LibTSforge/Crypto/PhysStoreCrypto.cs
@@ -0,0 +1,71 @@
+namespace LibTSforge.Crypto
+{
+    using System;
+    using System.Collections.Generic;
+    using System.IO;
+    using System.Linq;
+    using System.Text;
+
+    public static class PhysStoreCrypto
+    {
+        public static byte[] DecryptPhysicalStore(byte[] data, bool production)
+        {
+            byte[] rsaKey = production ? Keys.PRODUCTION : Keys.TEST;
+            BinaryReader br = new BinaryReader(new MemoryStream(data));
+            br.BaseStream.Seek(0x10, SeekOrigin.Begin);
+            byte[] aesKeySig = br.ReadBytes(0x80);
+            byte[] encAesKey = br.ReadBytes(0x80);
+
+            if (CryptoUtils.RSAVerifySignature(rsaKey, encAesKey, aesKeySig))
+            {
+                byte[] aesKey = CryptoUtils.RSADecrypt(rsaKey, encAesKey);
+                byte[] decData = CryptoUtils.AESDecrypt(br.ReadBytes((int)br.BaseStream.Length - 0x110), aesKey);
+                byte[] hmacKey = decData.Take(0x10).ToArray();
+                byte[] hmacSig = decData.Skip(0x10).Take(0x14).ToArray();
+                byte[] psData = decData.Skip(0x28).ToArray();
+
+                if (!CryptoUtils.HMACVerify(hmacKey, psData, hmacSig))
+                {
+                    Logger.WriteLine("Warning: Failed to verify HMAC. Physical store is either corrupt or in Vista format.");
+                }
+
+                return psData;
+            }
+
+            throw new Exception("Failed to decrypt physical store.");
+        }
+
+        public static byte[] EncryptPhysicalStore(byte[] data, bool production, PSVersion version)
+        {
+            Dictionary<PSVersion, int> versionTable = new Dictionary<PSVersion, int>
+            {
+                {PSVersion.Win7, 5},
+                {PSVersion.Win8, 1},
+                {PSVersion.WinBlue, 2},
+                {PSVersion.WinModern, 3}
+            };
+
+            byte[] rsaKey = production ? Keys.PRODUCTION : Keys.TEST;
+
+            byte[] aesKey = Encoding.UTF8.GetBytes("massgrave.dev :3");
+            byte[] hmacKey = CryptoUtils.GenerateRandomKey(0x10);
+
+            byte[] encAesKey = CryptoUtils.RSAEncrypt(rsaKey, aesKey);
+            byte[] aesKeySig = CryptoUtils.RSASign(rsaKey, encAesKey);
+            byte[] hmacSig = CryptoUtils.HMACSign(hmacKey, data);
+
+            byte[] decData = new byte[] { };
+            decData = decData.Concat(hmacKey).Concat(hmacSig).Concat(BitConverter.GetBytes(0)).Concat(data).ToArray();
+            byte[] encData = CryptoUtils.AESEncrypt(decData, aesKey);
+
+            BinaryWriter bw = new BinaryWriter(new MemoryStream());
+            bw.Write(versionTable[version]);
+            bw.Write(Encoding.UTF8.GetBytes("UNTRUSTSTORE"));
+            bw.Write(aesKeySig);
+            bw.Write(encAesKey);
+            bw.Write(encData);
+
+            return bw.GetBytes();
+        }
+    }
+}
-- 
cgit v1.2.3