From cf97e182df4d89b758c9c2bea752e59c05c8f0e0 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Tue, 5 Apr 2022 00:53:32 +1000
Subject: [PATCH] Trying my hand at implementing desktop voice, magic packets
 courtesy of that one reverse engineering discord medium post

---
 util/src/entities/Member.ts          |   6 +-
 webrtc/package-lock.json             | Bin 38390 -> 35084 bytes
 webrtc/package.json                  |   3 +
 webrtc/src/Server.ts                 |  62 +++++++++++---
 webrtc/src/opcodes/Identify.ts       |  16 ++--
 webrtc/src/opcodes/SelectProtocol.ts | 116 ++++++++++++++++-----------
 6 files changed, 136 insertions(+), 67 deletions(-)

diff --git a/util/src/entities/Member.ts b/util/src/entities/Member.ts
index 928a25d7..a246b891 100644
--- a/util/src/entities/Member.ts
+++ b/util/src/entities/Member.ts
@@ -85,8 +85,8 @@ export class Member extends BaseClassWithoutId {
 	@Column()
 	joined_at: Date;
 
-	@Column()
-	premium_since?: Date;
+	@Column({ type: "bigint", nullable: true })
+	premium_since?: number;
 
 	@Column()
 	deaf: boolean;
@@ -245,7 +245,7 @@ export class Member extends BaseClassWithoutId {
 			nick: undefined,
 			roles: [guild_id], // @everyone role
 			joined_at: new Date(),
-			premium_since: new Date(),
+			premium_since: (new Date()).getTime(),
 			deaf: false,
 			mute: false,
 			pending: false,
diff --git a/webrtc/package-lock.json b/webrtc/package-lock.json
index d09123eea0bcc24d808ededce6a4dff0cdda282c..e6b10d69a1aae4278b9a6a5162cccbefadfba3ec 100644
GIT binary patch
delta 1224
zcmeyinyF_J(}V+){f*h>ax#;O^HVZQb9Kv$5(^4ai;9)36qMo&^vv}vm2@WVlDCAb
zfJ+z}DCux<0)Y}-4pX<G!N!Y+IVSJt+AoNqYVySdQD&eOlRvZ?On$)0u8pChSYKBk
zQ&1PA$FWT@+$Xa*-P<Q8GBDfFGAS{zJS*ENDk>ty%g4YwDK(@Z#Wk<UF|EopBhb+~
zDLcnG(jYy|Ew9)+v@$ErFWk*AG_cq?IIG;!I5^8RD>y0B-y$d=Ev4Lcay+;E<Sui`
z&D}gAOq-|k-(%f8SM0yw=3SaQSvg<<H93(@gcTG%hLax(=u5+0iQ;02d}E11cxt3}
zm3f9sk&AalwxhRppm$W5Uzw$mqp5dfc12p5XK_Y}lUH_bx@kyorgL6oVN`%|rlr5X
zWqF3Hxn)3kdag;9dt$yvdbY1gV!nQorE_JeNmU@osS?-&7U4EsxZB{-gW^b7jDvy|
z=o_GGLks+k-3$XQ{Q`WP^nJrUGg31$b4`qr^xevnj19c}f|H&7GAu%p1NE~#leG)o
zeFBp+EE3Z#%99MTQ@xE{15C4%+!M324LvNv%k$04w2jS*`~oNEaVZGH-2zWW29p(8
zWi}V-+pumHu;N#oY#Fl&yN@VIDq*xqDx3GmsxfW8kRZgm`C^(U?`GywHWo5dNIi{G
zh^-PZkJf@RD)wwz4a&kwWvP?zCU8=cX2NKaX3{4=ESAQWXg2?>2xi@Uq{&Da0H0N%
ALjV8(

delta 2716
zcmd6p+lw1j9LLFS*X?d?b=`K|wp(_Swzf28ZkfqUs=Z8-$vr!{O>WxiB$G@g*O|;E
zo4{JZS1H||2SM;J@I}ar;)7MF4}xG{MGE^Mh}DO_DEOexWSh27p(;ci80OqK=X-wV
z`}>@E_vXwmAI{vkwR7+2h_QXTA6zOQpG6@OEFC14g=$$BVHZ69x^T#9zjJgw=cT(H
zZaBy`3WYku@<^bg$itH4$%R`=ETQ&A-pdpka-q{vw)$~RFp^2F#ZpzH7a;=PjE7f)
zX@AONIQz21#marB5mN>txCO26+?t<ntB&&<j&opl_5}EC;kK;}zF9nKa|8Mc3=n<(
zU|TgMwN)1ak&qjt&Tep$#EG$?DNE;>W=UzX@j%3ArKGs0rRgQXtA#3gx7e3E1u9zB
zCA}VOF`;%lSYQgxO#<;73dyPz6)9o{A~XX^p_tE!;B))2(YFWi8E`qWX2Y$3Ea|!=
zn2TE<7X`T?+zJO*fg@BYT_(_mQ!a*Ro$&X9iS(9I!kSflfQdcE#}YKx5Hrn8)2U=J
zhIg_;o@otXR!Y=}#HQTA$|%{?bH08lo{AQRQXSkUj*aFIeLuIz_jyTE^r~J3ym!S6
z#O@M$>|vWJ=g|NcW=2GQ&CaFE!<6XBX-Q5SFugWGNO~%s?fIgZF4YHwFXm&J=D^oC
zJmglJ2zIb8+;IAaPM+|!Yng5p>y`+iGW3?*HD)VA$#G{qUI*y<Y4Fu)`{<|TKbH2_
zdDT^G@glHSSHVYZczM!bDw-6*A*UTAXZPipK{J|#Q)sM_%~v#879+G+%dm(R%jqSq
zQ5O?EbN@<KZzozFx@NeUNTyZgNTtLLyM;h7ONX-oKfcL!LvU$}b2COOkxYTR7f#tI
z(<p1Bd#68{8~x~dW$u7W6=YYrCkbK|(5ovp4@lxi1X0qQs#-q}!)EES`PTI^ROz;1
zquNt>O{(y4yDCV$+STR9W`N9*C(9_0BV{jH!^pC`CSWM#cH=c1!EuWBpaO~D6iIps
zZ0EXnX`CvSf3I5ULO5OqceKN_<0^_nh*e!&FdxTdZ6H_Gv5&@MDYFxqbUr%HaUW*R
zgMtr~bwF!pR;|rxJ-(yXy1n+K-<%s<(~d8Z=Fo@JSSAJ6Uqxq71iX*6z?W+);JdSn
zfU!NlkAP6Z3L98+FFgC$c46@K0oOC8a>`tiCaiorJik}P##UGGMk|sg(K;vRvz<`A
zkgxDfv018ydAHx+sH7?#eaKM>%8UBwJdHKN(omA}Op<8|8A1-KLo)0QN2LMf>%~aT
zm)`6ZNh{NyRPyUZc$S1PKwm^b>C*aM*<t4t*-snkmRHquHf&U5YKIJWD$%rI5D2P7
z_)2V;YO%00-ruTtorr?<;{yW^)C`S6;6Sp2$qMUJqe4LHiiJ?x>tv078hi$AyfAU?
zgX1%g1Sr^<2L@YnuiF0(9J#5$5$wLc27b0#@UzsNb67sw2B)%LJROg@so;?w{lLBS
zR5li;!p8oE3y#t6dB?wEV{s~M97}rfO8VeG;$m?+T(rXTX5+biqxWS0-11*w4eZVz
zzV=@ragS+^TCY2X)#FPRriEc}U)}isad-uMyuD)n-hjK>@d;9I>VZiS#B}=`Q=uzu
zx?z0lY=gJ8RdD0l+_HHCS=XM_?N~4|Aqyclbp#YIZR}C@t&>-#LRl+GtQ!#QzH{V+
SDdI`s?kQc^9^KYM%YOp3$7wkL

diff --git a/webrtc/package.json b/webrtc/package.json
index b9bac356..82651b7c 100644
--- a/webrtc/package.json
+++ b/webrtc/package.json
@@ -19,7 +19,10 @@
 		"typescript": "^4.3.2"
 	},
 	"dependencies": {
+		"@types/libsodium-wrappers": "^0.7.9",
 		"dotenv": "^12.0.4",
+		"libsodium": "^0.7.10",
+		"libsodium-wrappers": "^0.7.10",
 		"mediasoup": "^3.9.5",
 		"node-turn": "^0.0.6",
 		"sdp-transform": "^2.14.1",
diff --git a/webrtc/src/Server.ts b/webrtc/src/Server.ts
index 5b76759a..67f60f9f 100644
--- a/webrtc/src/Server.ts
+++ b/webrtc/src/Server.ts
@@ -5,8 +5,8 @@ import OPCodeHandlers, { Payload } from "./opcodes";
 import { setHeartbeat } from "./util";
 import * as mediasoup from "mediasoup";
 import { types as MediasoupTypes } from "mediasoup";
-
 import udp from "dgram";
+import sodium from "libsodium-wrappers";
 
 var port = Number(process.env.PORT);
 if (isNaN(port)) port = 3004;
@@ -47,19 +47,59 @@ export class Server {
 			});
 		});
 
-		// this.testUdp.bind(50001);
-		// this.testUdp.on("message", (msg, rinfo) => {
-		// 	if (msg[0] === 0 && msg[1] === 1 && msg[2] === 0) { //idk stun?
+		this.testUdp.bind(50001);
+		this.testUdp.on("message", (msg, rinfo) => {
+			//random key from like, the libsodium examples on npm lol
+			const decryptKey = sodium.from_hex("724b092810ec86d7e35c9d067702b31ef90bc43a7b598626749914d6a3e033ed");
 
-		// 	}
-		// })
+			//give me my remote port?
+			if (sodium.to_hex(msg) == "0001004600000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") {
+				this.testUdp.send(Buffer.from([rinfo.port, 0]), rinfo.port, rinfo.address);
+				console.log(`got magic packet to send remote port? ${rinfo.address}:${rinfo.port}`);
+				return;
+			}
+
+			//Hello
+			if (sodium.to_hex(msg) == "0100000000000000") {
+				console.log(`[UDP] client helloed`);
+				return;
+			}
+
+			const nonce = Buffer.concat([msg.slice(-4), Buffer.from("\x00".repeat(20))]);
+			console.log(`[UDP] nonce for this message: ${nonce}`);
+
+			console.log(sodium.to_hex(msg));
+			if (sodium.to_hex(msg).indexOf("80c8000600000001") == 0) {
+				//call status
+				const encrypted = msg.slice(8, -4);
+				const currentPacket = msg.slice(-4);
+				console.log(`[UDP] Current packet: ${currentPacket}`);
+				try {
+					console.log(`[UDP] Encrypted bytes: ${encrypted.toString("base64")}`);
+					const decrypted = sodium.crypto_secretbox_open_easy(encrypted, nonce, decryptKey);
+					console.log("[UDP] [ call status ]" + decrypted);
+				}
+				catch (e) {
+					console.error(`[UDP] decrypt failure\n${e}\n${encrypted.toString("base64")}`);
+				}
+				return;
+			}
+
+			try {
+				const decrypted = sodium.crypto_secretbox_open_easy(msg, nonce, decryptKey);
+				console.log("[UDP] " + decrypted);
+			}
+			catch (e) {
+				console.error(`[UDP] decrypt failure\n${e}\n${msg.toString("base64")}`);
+			}
+		});
 	}
 
 	async listen(): Promise<void> {
 		// @ts-ignore
 		await initDatabase();
 		await Config.init();
-		await this.createWorkers();
+		//await this.createWorkers();
 		console.log("[DB] connected");
 		console.log(`[WebRTC] online on 0.0.0.0:${port}`);
 	}
@@ -86,17 +126,17 @@ export class Server {
 
 					transport.on('dtlsstatechange', (dtlsstate) => {
 						console.log(dtlsstate);
-					})
+					});
 
 					transport.on("sctpstatechange", (sctpstate) => {
-						console.log(sctpstate)
-					})
+						console.log(sctpstate);
+					});
 
 					router.observer.on("newrtpobserver", (rtpObserver: MediasoupTypes.RtpObserver) => {
 						console.log("new RTP observer created [id:%s]", rtpObserver.id);
 
 						// rtpObserver.observer.on("")
-					})
+					});
 
 					transport.on("connect", () => {
 						console.log("transport connect");
diff --git a/webrtc/src/opcodes/Identify.ts b/webrtc/src/opcodes/Identify.ts
index 82a82dc1..68452d4f 100644
--- a/webrtc/src/opcodes/Identify.ts
+++ b/webrtc/src/opcodes/Identify.ts
@@ -33,18 +33,18 @@ export async function onIdentify(this: Server, socket: WebSocket, data: Identify
 	if (!guild.members.find(x => x.id === user.id))
 		return socket.close(CLOSECODES.Invalid_intent);
 
-	var transport = this.mediasoupTransports[0] || await this.mediasoupRouters[0].createWebRtcTransport({
-		listenIps: [{ ip: "10.22.64.63" }],
-		enableUdp: true,
-	});
-
+	// var transport = this.mediasoupTransports[0] || await this.mediasoupRouters[0].createWebRtcTransport({
+	// 	listenIps: [{ ip: "10.22.64.56" }],
+	// 	enableUdp: true,
+	// });
+7
 	socket.send(JSON.stringify({
 		op: VoiceOPCodes.READY,
 		d: {
-			streams: [...data.d.streams.map(x => ({ ...x, rtx_ssrc: Math.floor(Math.random() * 10000), ssrc: Math.floor(Math.random() * 10000), active: false, }))],
+			streams: data.d.streams ? [...data.d.streams.map(x => ({ ...x, rtx_ssrc: Math.floor(Math.random() * 10000), ssrc: Math.floor(Math.random() * 10000), active: false, }))] : undefined,
 			ssrc: Math.floor(Math.random() * 10000),
-			ip: transport.iceCandidates[0].ip,
-			port: transport.iceCandidates[0].port,
+			ip: "127.0.0.1",//transport.iceCandidates[0].ip,
+			port: 50001,//transport.iceCandidates[0].port,
 			modes: [
 				"aead_aes256_gcm_rtpsize",
 				"aead_aes256_gcm",
diff --git a/webrtc/src/opcodes/SelectProtocol.ts b/webrtc/src/opcodes/SelectProtocol.ts
index 98899caf..29b9c1f9 100644
--- a/webrtc/src/opcodes/SelectProtocol.ts
+++ b/webrtc/src/opcodes/SelectProtocol.ts
@@ -5,6 +5,7 @@ import { Server } from "../Server";
 import * as mediasoup from "mediasoup";
 import { RtpCodecCapability } from "mediasoup/node/lib/RtpParameters";
 import * as sdpTransform from 'sdp-transform';
+import sodium from "libsodium-wrappers";
 
 /*
 
@@ -70,42 +71,66 @@ import * as sdpTransform from 'sdp-transform';
 */
 
 export async function onSelectProtocol(this: Server, socket: WebSocket, data: Payload) {
-	const rtpCapabilities = this.mediasoupRouters[0].rtpCapabilities;
-	const codecs = rtpCapabilities.codecs as RtpCodecCapability[];
+	// const rtpCapabilities = this.mediasoupRouters[0].rtpCapabilities;
+	// const codecs = rtpCapabilities.codecs as RtpCodecCapability[];
 
-	const transport = this.mediasoupTransports[0];	//whatever
+	if (data.d.sdp) {
+		// const transport = this.mediasoupTransports[0];	//whatever
 
-	const res = sdpTransform.parse(data.d.sdp);
+		// const res = sdpTransform.parse(data.d.sdp);
 
-	const videoCodec = this.mediasoupRouters[0].rtpCapabilities.codecs!.find((x: any) => x.kind === "video");
-	const audioCodec = this.mediasoupRouters[0].rtpCapabilities.codecs!.find((x: any) => x.kind === "audio");
+		// const videoCodec = this.mediasoupRouters[0].rtpCapabilities.codecs!.find((x: any) => x.kind === "video");
+		// const audioCodec = this.mediasoupRouters[0].rtpCapabilities.codecs!.find((x: any) => x.kind === "audio");
 
-	const producer = this.mediasoupProducers[0] || await transport.produce({
-		kind: "audio",
-		rtpParameters: {
-			mid: "audio",
-			codecs: [{
-				clockRate: audioCodec!.clockRate,
-				payloadType: audioCodec!.preferredPayloadType as number,
-				mimeType: audioCodec!.mimeType,
-				channels: audioCodec?.channels,
-			}],
-			headerExtensions: res.ext?.map(x => ({
-				id: x.value,
-				uri: x.uri,
-			})),
-		},
-		paused: false,
-	});
+		// const producer = this.mediasoupProducers[0] || await transport.produce({
+		// 	kind: "audio",
+		// 	rtpParameters: {
+		// 		mid: "audio",
+		// 		codecs: [{
+		// 			clockRate: audioCodec!.clockRate,
+		// 			payloadType: audioCodec!.preferredPayloadType as number,
+		// 			mimeType: audioCodec!.mimeType,
+		// 			channels: audioCodec?.channels,
+		// 		}],
+		// 		headerExtensions: res.ext?.map(x => ({
+		// 			id: x.value,
+		// 			uri: x.uri,
+		// 		})),
+		// 	},
+		// 	paused: false,
+		// });
 
-	console.log("can consume: " + this.mediasoupRouters[0].canConsume({ producerId: producer.id, rtpCapabilities: rtpCapabilities }));
+		// console.log("can consume: " + this.mediasoupRouters[0].canConsume({ producerId: producer.id, rtpCapabilities: rtpCapabilities }));
 
-	// const consumer = this.mediasoupConsumers[0] || await transport.consume({
-	// 	producerId: producer.id,
-	// 	paused: false,
-	// 	rtpCapabilities,
-	// });
+		// // const consumer = this.mediasoupConsumers[0] || await transport.consume({
+		// // 	producerId: producer.id,
+		// // 	paused: false,
+		// // 	rtpCapabilities,
+		// // });
 
+		// socket.send(JSON.stringify({
+		// 	op: VoiceOPCodes.SESSION_DESCRIPTION,
+		// 	d: {
+		// 		video_codec: videoCodec?.mimeType?.substring(6) || undefined,
+		// 		// mode: "xsalsa20_poly1305_lite",
+		// 		media_session_id: transport.id,
+		// 		audio_codec: audioCodec?.mimeType.substring(6),
+		// 		secret_key: sodium.from_hex("724b092810ec86d7e35c9d067702b31ef90bc43a7b598626749914d6a3e033ed").buffer,
+		// 		sdp: `m=audio ${50001} ICE/SDP\n`
+		// 			+ `a=fingerprint:sha-256 ${transport.dtlsParameters.fingerprints.find(x => x.algorithm === "sha-256")?.value}\n`
+		// 			+ `c=IN IP4 ${transport.iceCandidates[0].ip}\n`
+		// 			+ `t=0 0\n`
+		// 			+ `a=ice-lite\n`
+		// 			+ `a=rtcp-mux\n`
+		// 			+ `a=rtcp:${50001}\n`
+		// 			+ `a=ice-ufrag:${transport.iceParameters.usernameFragment}\n`
+		// 			+ `a=ice-pwd:${transport.iceParameters.password}\n`
+		// 			+ `a=fingerprint:sha-256 ${transport.dtlsParameters.fingerprints.find(x => x.algorithm === "sha-256")?.value}\n`
+		// 			+ `a=candidate:1 1 ${transport.iceCandidates[0].protocol.toUpperCase()} ${transport.iceCandidates[0].priority} ${transport.iceCandidates[0].ip} ${50001} typ ${transport.iceCandidates[0].type}`
+		// 	}
+		// }));
+		return;
+	}
 	/*
 		{
 			"video_codec":"H264",
@@ -125,24 +150,25 @@ export async function onSelectProtocol(this: Server, socket: WebSocket, data: Pa
 		}
 	*/
 
+
+	/*
+		{
+			"video_codec": "H264",
+			"secret_key": [36, 80, 96, 53, 95, 149, 253, 16, 137, 186, 238, 222, 251, 180, 94, 150, 112, 137, 192, 109, 69, 79, 218, 111, 217, 197, 56, 74, 18, 41, 51, 140],
+			"mode": "aead_aes256_gcm_rtpsize",
+			"media_session_id": "797575a97a87b63e81e2399348b97ad1",
+			"audio_codec": "opus"
+		};
+	*/
+
 	socket.send(JSON.stringify({
-		op: VoiceOPCodes.SESSION_DESCRIPTION,
+		op:VoiceOPCodes.SESSION_DESCRIPTION,
 		d: {
-			video_codec: videoCodec?.mimeType?.substring(6) || undefined,
-			// mode: "xsalsa20_poly1305_lite",
-			media_session_id: transport.id,
-			audio_codec: audioCodec?.mimeType.substring(6),
-			sdp: `m=audio ${transport.iceCandidates[0].port} ICE/SDP\n`
-				+ `a=fingerprint:sha-256 ${transport.dtlsParameters.fingerprints.find(x => x.algorithm === "sha-256")?.value}\n`
-				+ `c=IN IP4 ${transport.iceCandidates[0].ip}\n`
-				+ `t=0 0\n`
-				+ `a=ice-lite\n`
-				+ `a=rtcp-mux\n`
-				+ `a=rtcp:${transport.iceCandidates[0].port}\n`
-				+ `a=ice-ufrag:${transport.iceParameters.usernameFragment}\n`
-				+ `a=ice-pwd:${transport.iceParameters.password}\n`
-				+ `a=fingerprint:sha-256 ${transport.dtlsParameters.fingerprints.find(x => x.algorithm === "sha-256")?.value}\n`
-				+ `a=candidate:1 1 ${transport.iceCandidates[0].protocol.toUpperCase()} ${transport.iceCandidates[0].priority} ${transport.iceCandidates[0].ip} ${transport.iceCandidates[0].port} typ ${transport.iceCandidates[0].type}`
+			video_codec: "H264",
+			secret_key: [...sodium.from_hex("724b092810ec86d7e35c9d067702b31ef90bc43a7b598626749914d6a3e033ed")],
+			mode: "aead_aes256_gcm_rtpsize",
+			media_session_id: "blah blah blah",
+			audio_codec: "opus",
 		}
 	}));
 }
\ No newline at end of file