v0.7.0

 - Async support
 - Added RMF content-type
 - Better file extension detection
 - Clarify installation instructions
 - Update README.md
 - Remove encryption keys from wtv-home:/home
 - Decode URI for support for files with urlencoded elements
 - Fixed MSTV Sim compatiblity
 - Fix a typo
 - Add nobind feature to configure external services
 - Add url accessor to wtv-home:/home for non-internal builds
 - Add wtv-tricks:/access?url=
 - Very initial HTTP Proxy work (won't work yet)

.gitignore

@@ -362,3 +362,4 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 /hacktv_updsrv/ServiceLogPost/1626307222_warning_812bf30600b002bb
+/hacktv_updsrv/ServiceVault/wtv-music/midi

README.md

@@ -8,9 +8,12 @@ This open source server is in alpha status. Use at your own risk.
 - Can encrypt and decrypt SECURE ON and arbitrary encrypted data
 - Can handle psuedo encryption (box sends SECURE ON but does not encrypt)
 - Can handle client "relogin" and "reconnect" events
+- Can now use `.async.js` files with asynchronous requests
+- Can handle more than one box at a time
 
 ### Current issues:
-- Probably can't handle more than one box at a time
+- May not run on non-development Windows machines (VS2019 with node and python)
+- Breaks when two different boxes have the same SSID (spoofing, won't fix (production did it too))
 - Power cycling box and re-connecting via ConnectSetup may invalidate encryption until server is restarted
 - wtv-update:/update does not yet function as intended
 
@@ -23,10 +26,12 @@ This open source server is in alpha status. Use at your own risk.
 - (probably not) url tokenizer
 
 ### How To Use:
-- Install [node.js](https://nodejs.org/en/download/)
+- Install [node.js](https://nodejs.org/en/download/). Be sure to say `Yes` when asked about `Chocolatey`.
+- If you have trouble running it on Windows, try a Linux machine, Windows may need a full development enviroment or extra steps.
 - Download a snapshot (either of master, or of any commit/branch/relase/tag etc)
 - Extract zip somewhere and enter that directory with a command prompt
-- Run `npm install`
+- Enter `hacktv_updsrv` subdirectory
+- Verify you are in the same directory as `app.js`, then tun `npm install`
 - Check any configuration (services.json)
 - Run `node app.js`
 - Test with a WebTV Viewer or connect with a real box

hacktv_updsrv/ServiceVault/wtv-1800/finish-prereg.js

@@ -1,7 +1,10 @@
-if (socket_session_data[socket.id].ssid != null && !sec_session[socket_session_data[socket.id].ssid]) {
-	sec_session[socket_session_data[socket.id].ssid] = new WTVSec();
-	sec_session[socket_session_data[socket.id].ssid].IssueChallenge();
-	sec_session[socket_session_data[socket.id].ssid].set_incarnation(request_headers['wtv-incarnation']);
+if (socket_session_data[socket.id].ssid != null && !getSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login')) {
+	var wtvsec_login = new WTVSec();
+	wtvsec_login.IssueChallenge();
+	wtvsec_login.set_incarnation(request_headers['wtv-incarnation']);
+	setSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login', wtvsec_login)
+} else {
+	var wtvsec_login = getSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login')
 }
 
 var contype = "text/tellyscript";
@@ -11,12 +14,12 @@ var skip_tellyscript = false;
 // if relogin, skip tellyscript
 if (query['relogin']) {
 	contype = "text/html"; // skip tellyscript
-	sec_session[socket_session_data[socket.id].ssid].ticket_b64 = null; // clear old ticket
+	wtvsec_login.ticket_b64 = null; // clear old ticket
 }
 
 headers = `200 OK
 Connection: Keep-Alive
-wtv-initial-key: ` + issueWTVInitialKey(socket) + `
+wtv-initial-key: ` + wtvsec_login.challenge_key.toString(CryptoJS.enc.Base64) + `
 Content-Type: `+ contype + `
 wtv-service: reset
 ` + getServiceString('wtv-1800') + `

hacktv_updsrv/ServiceVault/wtv-flashrom/willie.async.js

@@ -0,0 +1,35 @@
+// willie is just a graphical frontend to a list of ROMs
+// the rest of the scripts should work if you manually link to a ROM, and actually have it.
+
+
+var proxy_query = '';
+if (query['flash']) delete query['flash'];
+if (query['vflash']) delete query['vflash'];
+
+for (const [key, value] of Object.entries(query)) {
+	proxy_query += "&" + key + "=" + value;
+}
+
+console.log(proxy_query);
+
+var options = {
+	host: "wtv.zefie.com",
+	path: "/willie.php?pflash=" + getSessionData(socket_session_data[socket.id].ssid, 'wtv-client-rom-type') + proxy_query,
+	method: 'GET'
+}
+
+
+headers = "200 OK\nContent-type: text/html";
+const req = http.request(options, function (res) {
+	data = '';
+	console.log(` * Upstream HTTP StatusCode: ${res.statusCode}`)
+
+	res.on('data', d => {
+		data += d;
+	})
+
+	res.on('end', function () {
+		sendToClient(socket, headers, data);
+	});
+});
+req.end();

hacktv_updsrv/ServiceVault/wtv-head-waiter/finalize-security.js

@@ -5,18 +5,18 @@ if (socket_session_data[socket.id].ssid !== null) {
 	if (request_headers['wtv-ticket']) {
 		if (request_headers['wtv-ticket'].length > 8) {
 			DecodeTicket(request_headers['wtv-ticket']);
-			sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
+			socket_session_data[socket.id].wtvsec.ticket_b64 = request_headers['wtv-ticket'];
 			//socket_session_data[socket.id].secure == true;
 		}
-	} else if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
+	} else if (socket_session_data[socket.id].wtvsec.ticket_b64 == null) {
 		// TODO: client should have a ticket and send it back by now, if not we should handle this correctly
 	}
 }
 
 headers = `200 OK
 Connection: Keep-Alive
 wtv-encrypted: true
-wtv-ticket: `+sec_session[socket_session_data[socket.id].ssid].ticket_b64+`
+wtv-ticket: `+socket_session_data[socket.id].wtvsec.ticket_b64+`
 wtv-expire-all: htv-
 wtv-home-url: wtv-home:/home?
 wtv-visit: wtv-home:/splash?

hacktv_updsrv/ServiceVault/wtv-head-waiter/login-stage-two.js

@@ -1,22 +1,32 @@
 var challenge_response, challenge_header = '';
 var gourl;
 
+if (socket_session_data[socket.id].ssid != null && !getSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login')) {
+	var wtvsec_login = new WTVSec();
+	wtvsec_login = new WTVSec();
+	wtvsec_login.IssueChallenge();
+	wtvsec_login.set_incarnation(request_headers['wtv-incarnation']);
+	setSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login', wtvsec_login)
+} else {
+	var wtvsec_login = getSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login')
+}
+
 if (socket_session_data[socket.id].ssid !== null) {
-	if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
+	if (wtvsec_login.ticket_b64 == null) {
 		if (request_headers['wtv-ticket']) {
 			if (request_headers['wtv-ticket'].length > 8) {
-				sec_session[socket_session_data[socket.id].ssid].DecodeTicket(request_headers['wtv-ticket']);
-				sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
+				wtvsec_login.DecodeTicket(request_headers['wtv-ticket']);
+				wtvsec_login.ticket_b64 = request_headers['wtv-ticket'];
 				//socket_session_data[socket.id].secure = true;
 			}
 		} else {
-			challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
+			challenge_response = wtvsec_login.challenge_response;
 			var client_challenge_response = request_headers['wtv-challenge-response'] || null;
 			if (challenge_response && client_challenge_response) {		
 				//if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
 				if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) {
 					console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
-					sec_session[socket_session_data[socket.id].ssid].PrepareTicket();
+					wtvsec_login.PrepareTicket();
 					//socket_session_data[socket.id].secure = true;
 				} else {
 					console.log(" * wtv-challenge-response FAILED for " + socket_session_data[socket.id].ssid);
@@ -56,7 +66,7 @@ wtv-visit: client:closeallpanels
 wtv-expire-all: client:closeallpanels
 wtv-offline-user-list: `+offline_user_list+`
 wtv-bypass-proxy: true
-wtv-ticket: `+ sec_session[socket_session_data[socket.id].ssid].ticket_b64 + `
+wtv-ticket: `+ wtvsec_login.ticket_b64 + `
 wtv-messagewatch-checktimeoffset: off
 wtv-input-timeout: 14400
 wtv-connection-timeout: 90
@@ -71,6 +81,8 @@ wtv-noback-all: wtv-
 wtv-service: reset
 `+ getServiceString('all') + `
 wtv-boot-url: wtv-1800:/preregister?relogin=true
+wtv-ssl-certs-download-url: wtv-head-waiter:/ssl-cert.der
+wtv-ssl-certs-checksum: 473926DC1B11F635A6B920953FDCDE6A
 wtv-user-name: `+ nickname + `
 wtv-human-name: `+ nickname + `
 wtv-irc-nick: `+ nickname + `

hacktv_updsrv/ServiceVault/wtv-head-waiter/login.js

@@ -1,26 +1,32 @@
 var challenge_response, challenge_header = '';
 
 if (socket_session_data[socket.id].ssid !== null) {
+	var wtvsec_login = getSessionData(socket_session_data[socket.id].ssid, 'wtvsec_login');
 	if (request_headers['wtv-ticket']) {
-		if (sec_session[socket_session_data[socket.id].ssid].ticket_b64 == null) {
+		if (wtvsec_login.ticket_b64 == null) {
 			if (request_headers['wtv-ticket'].length > 8) {
-				sec_session[socket_session_data[socket.id].ssid].DecodeTicket(request_headers['wtv-ticket']);
-				sec_session[socket_session_data[socket.id].ssid].ticket_b64 = request_headers['wtv-ticket'];
+				wtvsec_login.DecodeTicket(request_headers['wtv-ticket']);
+				wtvsec_login.ticket_b64 = request_headers['wtv-ticket'];
 			}
 		}
 	} else {
-		challenge_response = sec_session[socket_session_data[socket.id].ssid].challenge_response;
-		var client_challenge_response = request_headers['wtv-challenge-response'] || null;
-		if (challenge_response && client_challenge_response) {		
-			if (challenge_response.toString(CryptoJS.enc.Base64).substring(0,85) == client_challenge_response.substring(0,85)) {
-				console.log(" * wtv-challenge-response success for "+socket_session_data[socket.id].ssid);
-				sec_session[socket_session_data[socket.id].ssid].PrepareTicket();				
+		if (wtvsec_login) {
+			challenge_response = wtvsec_login.challenge_response;
+			var client_challenge_response = request_headers['wtv-challenge-response'] || null;
+			if (challenge_response && client_challenge_response) {
+				if (challenge_response.toString(CryptoJS.enc.Base64).substring(0, 85) == client_challenge_response.substring(0, 85)) {
+					console.log(" * wtv-challenge-response success for " + socket_session_data[socket.id].ssid);
+					wtvsec_login.PrepareTicket();
+				} else {
+					challenge_header = "wtv-challenge: " + wtvsec_login.IssueChallenge();
+				}
 			} else {
-				challenge_header = "wtv-challenge: "+issueWTVChallenge(socket);
+				challenge_header = "wtv-challenge: " + wtvsec_login.IssueChallenge();
 			}
 		} else {
-			challenge_header = "wtv-challenge: "+issueWTVChallenge(socket);
-		}
+			wtvsec_login = new WTVSec();
+
+        }
 	}
 }
 
@@ -42,15 +48,27 @@ if (request_headers) {
 	});
 }
 */
-headers = `200 OK
+
+if (challenge_header != '') {
+	headers = `200 OK
 Connection: Keep-Alive
 Expires: Wed, 09 Oct 1991 22:00:00 GMT
 wtv-expire-all: wtv-head-waiter:
-`+getServiceString('wtv-log')+`
+`+ getServiceString('wtv-log') + `
 wtv-log-url: wtv-log:/log
-`+challenge_header+`
+`+ challenge_header + `
 wtv-relogin-url: wtv-1800:/preregister?relogin=true
 wtv-reconnect-url: wtv-1800:/preregister?reconnect=true
 wtv-visit: wtv-head-waiter:/login-stage-two?
 Content-type: text/html`;
-data = '';
+	data = '';
+} else {
+	headers = `200 OK
+Connection: Keep-Alive
+Expires: Wed, 09 Oct 1991 22:00:00 GMT
+wtv-expire-all: wtv-head-waiter:
+wtv-expire-all: wtv-1800:
+wtv-visit: wtv-1800:/preregister?relogin=true
+Content-type: text/html`;
+
+}

hacktv_updsrv/ServiceVault/wtv-home/home.js

@@ -12,32 +12,37 @@ if (getSessionData(socket_session_data[socket.id].ssid, 'box-does-psuedo-encrypt
 
 data =`<html>
 <head>
-<title>Home for minsrv</title>
+<title>Home for minisrv</title>
 <DISPLAY showwhencomplete options showoptions noscroll>
 </head>
 <body bgcolor="black" link="gold" vlink="gold" alink="gold" text="gold">
 <script>
-function ax(a) {
-		document.open("text/url");
-		document.write(a);
-		document.close();
+function go() {
+	location.href=document.access.url.value;
 }
 </script>
-<h1>Welcome to `+ z_title + `</h1>
+<h2>Welcome to `+ z_title + `</h2>
 <h3>Encryption Status: `+cryptstatus+`</h3>`
-if (socket_session_data[socket.id].secure) {
-	data += '<span size="-1">Encryption Key (Server): ' + sec_session[socket.id].session_key2.toString(CryptoJS.enc.Hex)+'<br>';
-	data += 'Encryption Key (Client): ' + sec_session[socket.id].session_key1.toString(CryptoJS.enc.Hex)+'</span><br><br>';
-}
 data += `<h4>Working stuff</h4>
 <a href="client:relog">client:relog (direct)</a><br>
-<a href="wtv-tricks:/blastcache?">Clear Cache</a><br>
+<a href="wtv-tricks:/blastcache?return_to=wtv-home:/home">Clear Cache</a><br>
+<form name=access onsubmit="go()">
+<input name=url `;
+
+if (query['url']) {
+	data += "value='"+unescape(query['url'])+"'";
+}
+
+data += `width=250 bgcolor=#444444 text=#ffdd33 cursor=#cc9933 selected>
+<input type=submit value="Access URL" borderstyle="ButtonBorder2.bif">
+</form>
 
 <h4>zefie's server only</h4>
 <a href="wtv-music:/content/index.html">Music Collection</a><br>
+<a href="wtv-music:/midi/index.html">Matt Test</a><br>
 
 <h4>Test Stuff (probably broken)</h4>
-<a href="wtv-update:/update?" selected>HackTV Updater Test</a><br>
+<a href="wtv-update:/update?">HackTV Updater Test</a><br>
 <a href="wtv-flashrom:/willie">Ultra Willies</a><br>
 <a href="client:showalert?message=If%20you%20choose%20to%20disconnect%20and%20return%20to%20HackTV%20home%2C%20you%20may%20not%20be%20able%20to%20reconnect%20to%20the%20update%20server%20until%20you%20power%20cycle%20your%20box.%3Cbr%3E%3Cbr%3EAre%20you%20sure%20you%20would%20like%20to%20go%20offline%3F&buttonlabel1=No&buttonaction1=client:donothing&buttonlabel2=Yes&buttonaction2=wtv-tricks%3A%2Fgo-offline%3Ftitle%3DHackTV%2520Home">Disconnect and go to HackTV Home</a><br>
 <!-- <a href="buttonaction2=wtv-home:/unlock">Unlock Full Client (Options, Goto, etc)</a><br> -->

hacktv_updsrv/ServiceVault/wtv-home/splash.txt

@@ -1,6 +1,6 @@
 200 OK
 Connection: Keep-Alive
-wtv-expire-all: htv-
+wtv-expire-all: wtv-
 Content-type: text/html
 
 <html>

hacktv_updsrv/ServiceVault/wtv-home/test.ram

@@ -0,0 +1 @@
+pnm://192.168.11.188:7070/clients/zefie/wtvrom/Daybreak.ra

hacktv_updsrv/ServiceVault/wtv-tricks/access.js

@@ -0,0 +1,11 @@
+// Allow URL access outside our trusted minisrv
+
+if (query['url']) var url = unescape(query['url']);
+else var url = "client:showalert?message=Please%20provide%20a%20%3Furl%3D%20with%20the%20url%20you%20would%20like%20to%20access.&buttonlabel1=Okay&buttonacction1=client:donothing"
+
+headers = `200 OK
+wtv-visit: `+url+`
+Content-type: text/html`
+
+
+data = '';

hacktv_updsrv/ServiceVault/wtv-tricks/blastcache.js

@@ -0,0 +1,23 @@
+headers = `200 OK
+wtv-expire-all: wtv-
+wtv-expire-all: http
+Content-type: text/html`
+
+var visit_url = null;
+
+if (request_headers['Referer']) visit_url = request_headers['Referer'];
+else if (query['return_to']) visit_url = query['return_to'];
+else visit_url = "client:goback";
+
+data = `<html>
+<head>
+    <meta
+        http-equiv=refresh
+        content="1; url=`+ visit_url +`"
+    >	
+<body bgcolor="black" text="gold" link="gold" vlink="gold" alink="gold">
+Successfully expired service URL cache<br>
+Any previously cached pages should be reloaded from the network.<br><br>
+<a href="`+visit_url+`">Not loading? Click here.</a>
+</body>
+</html>`;