samfirm: initial commit

Author: jesec

.eslintrc.json

@@ -0,0 +1,10 @@
+{
+  "extends": [
+    "plugin:@typescript-eslint/recommended",
+    "prettier",
+    "prettier/@typescript-eslint"
+  ],
+  "parserOptions": {
+    "project": "./tsconfig.json"
+  }
+}

.gitignore

@@ -0,0 +1,4 @@
+*/
+!/.vscode/
+!/types/
+!/utils/

.vscode/launch.json

@@ -0,0 +1,15 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Launch",
+      "type": "node",
+      "request": "launch",
+      "skipFiles": ["<node_internals>/**"],
+      "runtimeExecutable": "${workspaceFolder}/node_modules/.bin/ts-node-dev",
+      "runtimeArgs": ["--inspect", "--transpile-only"],
+      "program": "index.ts",
+      "args": ["--region", "DBT", "--model", "SM-F916B"]
+    }
+  ]
+}

index.ts

@@ -0,0 +1,232 @@
+#!/usr/bin/env node
+
+import axios, { AxiosResponse } from "axios";
+import cliProgress from "cli-progress";
+import crypto from "crypto";
+import fs from "fs";
+import { parse as xmlParse } from "fast-xml-parser";
+import path from "path";
+import unzip from "unzip-stream";
+import yargs from "yargs";
+
+import { handleAuthRotation } from "./utils/authUtils";
+import {
+  getBinaryInformMsg,
+  getBinaryInitMsg,
+  getDecryptionKey,
+} from "./utils/msgUtils";
+import { version as packageVersion } from "./package.json";
+
+const getLatestVersion = async (
+  region: string,
+  model: string
+): Promise<{ pda: string; csc: string; modem: string }> => {
+  return axios
+    .get(
+      `https://fota-cloud-dn.ospserver.net/firmware/${region}/${model}/version.xml`
+    )
+    .then((res: AxiosResponse) => {
+      const [pda, csc, modem] = xmlParse(
+        res.data
+      ).versioninfo.firmware.version.latest.split("/");
+
+      return { pda, csc, modem };
+    });
+};
+
+const main = async (region: string, model: string): Promise<void> => {
+  console.log(`
+  Model: ${model}
+  Region: ${region}`);
+
+  const { pda, csc, modem } = await getLatestVersion(region, model);
+
+  console.log(`
+  Latest version:
+    PDA: ${pda}
+    CSC: ${csc}
+    MODEM: ${modem}`);
+
+  const nonce = {
+    encrypted: "",
+    decrypted: "",
+  };
+
+  const headers: Record<string, string> = {
+    "User-Agent": "Kies2.0_FUS",
+  };
+
+  const handleHeaders = (responseHeaders: any) => {
+    if (responseHeaders.nonce != null) {
+      const { Authorization, nonce: newNonce } = handleAuthRotation(
+        responseHeaders
+      );
+
+      Object.assign(nonce, newNonce);
+      headers.Authorization = Authorization;
+    }
+
+    const sessionID = responseHeaders["set-cookie"]
+      ?.find((cookie: string) => cookie.startsWith("JSESSIONID"))
+      ?.split(";")[0];
+
+    if (sessionID != null) {
+      headers.Cookie = sessionID;
+    }
+  };
+
+  await axios
+    .post("https://neofussvr.sslcs.cdngc.net/NF_DownloadGenerateNonce.do", "", {
+      headers: {
+        Authorization:
+          'FUS nonce="", signature="", nc="", type="", realm="", newauth="1"',
+        "User-Agent": "Kies2.0_FUS",
+        Accept: "application/xml",
+      },
+    })
+    .then((res) => {
+      handleHeaders(res.headers);
+      return res;
+    });
+
+  const {
+    binaryByteSize,
+    binaryDescription,
+    binaryFilename,
+    binaryLogicValue,
+    binaryModelPath,
+    binaryOSVersion,
+    binaryVersion,
+  } = await axios
+    .post(
+      "https://neofussvr.sslcs.cdngc.net/NF_DownloadBinaryInform.do",
+      getBinaryInformMsg(
+        `${pda}/${csc}/${modem}/${pda}`,
+        region,
+        model,
+        nonce.decrypted
+      ),
+      {
+        headers: {
+          ...headers,
+          Accept: "application/xml",
+          "Content-Type": "application/xml",
+        },
+      }
+    )
+    .then((res) => {
+      handleHeaders(res.headers);
+      return res;
+    })
+    .then((res: AxiosResponse) => {
+      const parsedInfo = xmlParse(res.data);
+
+      return {
+        binaryByteSize: parsedInfo.FUSMsg.FUSBody.Put.BINARY_BYTE_SIZE.Data,
+        binaryDescription: parsedInfo.FUSMsg.FUSBody.Put.DESCRIPTION.Data,
+        binaryFilename: parsedInfo.FUSMsg.FUSBody.Put.BINARY_NAME.Data,
+        binaryLogicValue:
+          parsedInfo.FUSMsg.FUSBody.Put.LOGIC_VALUE_FACTORY.Data,
+        binaryModelPath: parsedInfo.FUSMsg.FUSBody.Put.MODEL_PATH.Data,
+        binaryOSVersion: parsedInfo.FUSMsg.FUSBody.Put.CURRENT_OS_VERSION.Data,
+        binaryVersion: parsedInfo.FUSMsg.FUSBody.Results.LATEST_FW_VERSION.Data,
+      };
+    });
+
+  console.log(`
+  OS: ${binaryOSVersion}
+  Filename: ${binaryFilename}
+  Size: ${binaryByteSize} bytes
+  Logic Value: ${binaryLogicValue}
+  Description:
+    ${binaryDescription.split("\n").join("\n    ")}`);
+
+  const decryptionKey = getDecryptionKey(binaryVersion, binaryLogicValue);
+
+  await axios
+    .post(
+      "https://neofussvr.sslcs.cdngc.net/NF_DownloadBinaryInitForMass.do",
+      getBinaryInitMsg(binaryFilename, nonce.decrypted),
+      {
+        headers: {
+          ...headers,
+          Accept: "application/xml",
+          "Content-Type": "application/xml",
+        },
+      }
+    )
+    .then((res) => {
+      handleHeaders(res.headers);
+      return res;
+    });
+
+  const binaryDecipher = crypto.createDecipheriv(
+    "aes-128-ecb",
+    decryptionKey,
+    null
+  );
+
+  await axios
+    .get("http://cloud-neofussvr.sslcs.cdngc.net/NF_DownloadBinaryForMass.do", {
+      headers,
+      params: {
+        file: `${binaryModelPath}${binaryFilename}`,
+      },
+      responseType: "stream",
+    })
+    .then((res: AxiosResponse) => {
+      const outputFolder = `${process.cwd()}/${model}_${region}/`;
+      console.log();
+      console.log(outputFolder);
+      fs.mkdirSync(outputFolder, { recursive: true });
+
+      let downloadedSize = 0;
+      let currentFile = "";
+      const progressBar = new cliProgress.SingleBar({
+        format: "{bar} {percentage}% | {value}/{total} | {file}",
+        barCompleteChar: "\u2588",
+        barIncompleteChar: "\u2591",
+      });
+      progressBar.start(binaryByteSize, downloadedSize);
+
+      return res.data
+        .on("data", (buffer: Buffer) => {
+          downloadedSize += buffer.length;
+          progressBar.update(downloadedSize, { file: currentFile });
+        })
+        .pipe(binaryDecipher)
+        .pipe(unzip.Parse())
+        .on("entry", (entry) => {
+          currentFile = `${entry.path.slice(0, 18)}...`;
+          progressBar.update(downloadedSize, { file: currentFile });
+          entry
+            .pipe(fs.createWriteStream(path.join(outputFolder, entry.path)))
+            .on("finish", () => {
+              if (downloadedSize === binaryByteSize) {
+                process.exit();
+              }
+            });
+        });
+    });
+};
+
+const { argv } = yargs
+  .option("model", {
+    alias: "m",
+    describe: "Model",
+    type: "string",
+    demandOption: true,
+  })
+  .option("region", {
+    alias: "r",
+    describe: "Region",
+    type: "string",
+    demandOption: true,
+  })
+  .version(packageVersion)
+  .alias("v", "version")
+  .help();
+
+main(argv.region, argv.model);
+
+export {};

package-lock.json

@@ -0,0 +1,39 @@
+{
+  "name": "samfirm",
+  "version": "0.0.1",
+  "description": "",
+  "author": "Jesse Chan",
+  "license": "GPL-3.0-or-later",
+  "files": [
+    "dist"
+  ],
+  "bin": {
+    "samfirm": "dist/index.js"
+  },
+  "scripts": {
+    "build": "ncc build index.ts -m -t",
+    "check-source-formatting": "prettier -c .",
+    "check-types": "tsc --noEmit",
+    "format-source": "prettier -w .",
+    "lint": "eslint --max-warnings 0 --ext .ts .",
+    "start": "ts-node-dev --transpile-only index.ts"
+  },
+  "devDependencies": {
+    "@types/cli-progress": "^3.8.0",
+    "@types/node": "^14.14.6",
+    "@types/yargs": "^15.0.9",
+    "@typescript-eslint/eslint-plugin": "^4.6.1",
+    "@typescript-eslint/parser": "^4.6.1",
+    "@vercel/ncc": "^0.25.1",
+    "axios": "^0.21.0",
+    "cli-progress": "^3.8.2",
+    "eslint": "^7.13.0",
+    "eslint-config-prettier": "^6.15.0",
+    "fast-xml-parser": "^3.17.4",
+    "prettier": "^2.1.2",
+    "ts-node-dev": "^1.0.0",
+    "typescript": "^4.0.5",
+    "unzip-stream": "^0.3.1",
+    "yargs": "^16.1.0"
+  }
+}

package.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "esnext",
+    "moduleResolution": "node",
+    "module": "commonjs",
+    "strict": true,
+    "isolatedModules": true,
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "useDefineForClassFields": true
+  },
+  "exclude": ["node_modules"]
+}

tsconfig.json

@@ -0,0 +1,35 @@
+export interface FUSMsg {
+  FUSMsg: {
+    FUSHdr: {
+      ProtoVer: string;
+    };
+    FUSBody: {
+      Put: {
+        ACCESS_MODE?: {
+          Data: number;
+        };
+        BINARY_FILE_NAME?: {
+          Data: string;
+        };
+        BINARY_NATURE?: {
+          Data: number;
+        };
+        CLIENT_PRODUCT?: {
+          Data: string;
+        };
+        DEVICE_FW_VERSION?: {
+          Data: string;
+        };
+        DEVICE_LOCAL_CODE?: {
+          Data: string;
+        };
+        DEVICE_MODEL_NAME?: {
+          Data: string;
+        };
+        LOGIC_CHECK?: {
+          Data: string;
+        };
+      };
+    };
+  };
+}

types/FUSMsg.ts

@@ -0,0 +1,56 @@
+import crypto from "crypto";
+
+const NONCE_KEY = "hqzdurufm2c8mf6bsjezu1qgveouv7c7";
+const AUTH_KEY = "w13r4cvf4hctaujv";
+
+export const decryptNonce = (nonceEncrypted: string): string => {
+  const nonceDecipher = crypto.createDecipheriv(
+    "aes-256-cbc",
+    NONCE_KEY,
+    NONCE_KEY.slice(0, 16)
+  );
+
+  return Buffer.concat([
+    nonceDecipher.update(nonceEncrypted, "base64"),
+    nonceDecipher.final(),
+  ]).toString("utf-8");
+};
+
+export const getAuthorization = (nonceDecrypted: string): string => {
+  let key = "";
+  for (let i = 0; i < 16; i += 1) {
+    const nonceChar = nonceDecrypted.charCodeAt(i);
+    key += NONCE_KEY[nonceChar % 16];
+  }
+  key += AUTH_KEY;
+
+  const authCipher = crypto.createCipheriv(
+    "aes-256-cbc",
+    key,
+    key.slice(0, 16)
+  );
+
+  return Buffer.concat([
+    authCipher.update(nonceDecrypted, "utf8"),
+    authCipher.final(),
+  ]).toString("base64");
+};
+
+export const handleAuthRotation = (
+  responseHeaders: Record<string, string>
+): {
+  Authorization: string;
+  nonce: { decrypted: string; encrypted: string };
+} => {
+  const { nonce } = responseHeaders;
+  const nonceDecrypted = decryptNonce(nonce);
+  const authorization = getAuthorization(nonceDecrypted);
+
+  return {
+    Authorization: `FUS nonce="${nonce}", signature="${authorization}", nc="", type="", realm="", newauth="1"`,
+    nonce: {
+      decrypted: nonceDecrypted,
+      encrypted: nonce,
+    },
+  };
+};

utils/authUtils.ts

@@ -0,0 +1,91 @@
+import crypto from "crypto";
+import { j2xParser } from "fast-xml-parser";
+
+import type { FUSMsg } from "../types/FUSMsg";
+
+const parser = new j2xParser({});
+
+const getLogicCheck = (input: string, nonce: string) => {
+  let out = "";
+
+  for (let i = 0; i < nonce.length; i++) {
+    const char: number = nonce.charCodeAt(i);
+    out += input[char & 0xf];
+  }
+
+  return out;
+};
+
+export const getBinaryInformMsg = (
+  version: string,
+  region: string,
+  model: string,
+  nonce: string
+): string => {
+  const msg: FUSMsg = {
+    FUSMsg: {
+      FUSHdr: {
+        ProtoVer: "1.0",
+      },
+      FUSBody: {
+        Put: {
+          ACCESS_MODE: {
+            Data: 2,
+          },
+          BINARY_NATURE: {
+            Data: 1,
+          },
+          CLIENT_PRODUCT: {
+            Data: "Smart Switch",
+          },
+          DEVICE_FW_VERSION: {
+            Data: version,
+          },
+          DEVICE_LOCAL_CODE: {
+            Data: region,
+          },
+          DEVICE_MODEL_NAME: {
+            Data: model,
+          },
+          LOGIC_CHECK: {
+            Data: getLogicCheck(version, nonce),
+          },
+        },
+      },
+    },
+  };
+
+  return parser.parse(msg);
+};
+
+export const getBinaryInitMsg = (filename: string, nonce: string): string => {
+  const msg: FUSMsg = {
+    FUSMsg: {
+      FUSHdr: {
+        ProtoVer: "1.0",
+      },
+      FUSBody: {
+        Put: {
+          BINARY_FILE_NAME: {
+            Data: filename,
+          },
+          LOGIC_CHECK: {
+            Data: getLogicCheck(filename.split(".")[0].slice(-16), nonce),
+          },
+        },
+      },
+    },
+  };
+
+  return parser.parse(msg);
+};
+
+export const getDecryptionKey = (
+  version: string,
+  logicalValue: string
+): Buffer => {
+  return crypto
+    .createHash("md5")
+    .update(getLogicCheck(version, logicalValue))
+    .digest();
+};