Feature Request: support ISAAC + RSA for 235 server compatibility

[Hubcapp]

rsc-client/src/packet-stream.js

Lines 35 to 39 in 2146ae2

	// TODO toggle ISAAC
	/*seedIsaac(seed) {
	//this.isaacIncoming = new ISAAC(seed);
	//this.isaacOutgoing = new ISAAC(seed);
	}*/

Not sure what else is needed here to enable ISAAC.

Also in

rsc-client/src/game-connection.js

Lines 58 to 150 in 2146ae2

	async login(u, p, reconnecting) {
	if (this.worldFullTimeout > 0) {
	this.showLoginScreenStatus('Please wait...', 'Connecting to server');
	await sleep(2000);
	this.showLoginScreenStatus('Sorry! The server is currently full.', 'Please try again later');
	return;
	}
	try {
	this.username = u;
	u = Utility.formatAuthString(u, 20);
	this.password = p;
	p = Utility.formatAuthString(p, 20);
	if (u.trim().length === 0) {
	this.showLoginScreenStatus('You must enter both a username', 'and a password - Please try again');
	return;
	}
	if (reconnecting) {
	this.drawTextBox('Connection lost! Please wait...', 'Attempting to re-establish');
	} else {
	this.showLoginScreenStatus('Please wait...', 'Connecting to server');
	}
	this.packetStream = new PacketStream(await this.createSocket(this.server, this.port), this);
	this.packetStream.maxReadTries = GameConnection.maxReadTries;
	let l = Utility.usernameToHash(u);
	this.packetStream.newPacket(clientOpcodes.SESSION);
	this.packetStream.putByte(l.shiftRight(16).and(31).toInt());
	this.packetStream.flushPacket();
	let sessId = await this.packetStream.getLong();
	this.sessionID = sessId;
	if (sessId.equals(0)) {
	this.showLoginScreenStatus('Login server offline.', 'Please try again in a few mins');
	return;
	}
	console.log('Verb: Session id: ' + sessId);
	let ai = new Int32Array(4);
	ai[0] = (Math.random() * 99999999) | 0;
	ai[1] = (Math.random() * 99999999) | 0;
	ai[2] = sessId.shiftRight(32).toInt();
	ai[3] = sessId.toInt();
	this.packetStream.newPacket(clientOpcodes.LOGIN);
	if (reconnecting) {
	this.packetStream.putByte(1);
	} else {
	this.packetStream.putByte(0);
	}
	this.packetStream.putShort(GameConnection.clientVersion);
	this.packetStream.putByte(0); // limit30
	this.packetStream.putByte(10);
	this.packetStream.putInt(ai[0]);
	this.packetStream.putInt(ai[1]);
	this.packetStream.putInt(ai[2]);
	this.packetStream.putInt(ai[3]);
	this.packetStream.putInt(0); // uuid
	this.packetStream.putString(u);
	this.packetStream.putString(p);
	this.packetStream.flushPacket();
	//this.packetStream.seedIsaac(ai);
	let resp = await this.packetStream.readStream();
	console.log('login response:' + resp);
	if (resp === 25) {
	this.moderatorLevel = 1;
	this.autoLoginTimeout = 0;
	this.resetGame();
	return;
	}
	if (resp === 0) {
	this.moderatorLevel = 0;
	this.autoLoginTimeout = 0;
	this.resetGame();
	return;
	}
	if (resp === 1) {
	this.autoLoginTimeout = 0;

, the login packet isn't encapsulated in RSA, so it won't work for a 235 server. Might be correct for a 204 server, haven't looked into that.

[misterhat]

Yeah I explicitly disabled those to make it easier to test my server. JS has native BigInt support now so the RSA can be identical the the regular 204, and the ISAAC class just needs to be ported over or I can just use an ISAAC module instead.

To support 235, some of the chat encoding, friends list, and login packet structures would need to be modified slightly, as well as some of the opcodes. I think a branch of this repository with 235 support would make sense.

[spkaeros]

My fork contains an RSA implementation in both JS and one in Rust. The JS one maybe got removed in master; might have to look to commit history to locate it.

I have ISAAC code in my local copy, however I have stalled dev work lately as 2020 really smacked me in the face recently. Maybe I can put some patches together for you in a little while.

EDIT: A note on my Rust implementation, some form of memory bug might occur where the block of Wasm memory shared with JS apparently contains bad data. I am not sure if it is fixed in that revision or not. In any event, it usually worked fine even when it had this issue.

[Hubcapp]

Found this note in your fork & didn't look too much further; seems like you went for an updated approach with "room in the future for maybe non-TLS client support".

                // I deprecated the security of the traditional Jagex protocol (rsa+isaac) in favor of traditional TLS mechanisms
                // which are inherently more secure and also we gain the support for it through built-in standardized libraries automatically
                // Even though we no longer need to, I still encrypt the login block for the reason that one may wish to provide non-TLS
                // client support and this will protect the user login credentials in this case.

I've been updating Open RSC & now am able to log into it with RSC+. So in the future, there will actually be a running fully-featured server that supports the RSC235 protocol. Could possibly support 204 client protocol too, I understand it's not that different (haven't looked very closely at 204 client dev personally), but it would be neat if that was not necessary to support 204 & there were a javascript client that supported RSC235.

[spkaeros]

No, the TLS crypto is all automagically taken care of transparently, in the websocket code. The RSA being used in my client is plain jane identical to Jagex. I even made a program in Go to generate exponents and mods.

204 vs 235 is a thing i know a thing or two about. They are incredibly similar, can basically count differences on 2 hands. Biggest hurdle is going to be chat charset encoding. Can discuss further on discord if you like.

Edit: js code here https://github.com/spkaeros/rsc-client/blob/master/src/gamelib/rsa.js
I dont see rust version, chance i never committed it. Be at PC soon and will commit latest probably

[misterhat]

JS supports BigInt natively now, so the big-int module isn't required: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#BigInt_type

[spkaeros]

Indeed. Explored that option brother, found its API sincerely lacking. The from/toArray calls were my hickup to be specific, had wrote a workaround using a conversion function I hand wrote but ran into some form of issue and reverted to the library.

[Jameskmonger]

Hey @Hubcapp hope you don't mind me getting involved here

I am the author of this https://www.npmjs.com/package/isaac-crypto

It's tested, written in TypeScript (if that's your thing) and is used by a few RS2 projects.

I'd love to help get it set up here if you think it would be useful!

Let me know if you have any questions about it

[Hubcapp]

Well, I think you @'d the wrong person. I have a lot of projects I'm already working on without getting directly involved in javascript client dev. I'm hoping @spkaeros or @misterhat will get around to it.

Thanks for your input though, it does look like a useful library.

P.S. RSC235 support is now part of the Open RSC code base, and the feature goes live tomorrow.

[misterhat]

Yeah @Jameskmonger the ISAAC library looks useful, great work. Makes sense to implement it in rsc-server and rsc-client at some point.

[spkaeros]

Implementation underway here, will keep you posted, hopefully just a few days just looking for time to write the code.

[spkaeros]

Sorry forgot all about this I have redone the networking code in what I view as an improvement, with 235 compliance. Will post soon as am at pc

[Hubcapp]

Definitely something we're still interested in...!

[spkaeros]

Definitely something we're still interested in...!

So making a cogent PR here will be a task of its own as our code bases have changed too dramatically just to diff&push. That said I'm working on getting it to you.

[spkaeros]

Am I to assume your preference is to use your network API with my crypto code Frankensteined onto it?

Cos i been perfecting my networking API and truly suhgest its use. Ill do a push to my webclient master shortly as an update for yall

[spkaeros]

Am I to assume your preference is to use your network API with my crypto code Frankensteined onto it?

Cos i been perfecting my networking API and truly suhgest its use. Ill do a push to my webclient master shortly as an update for yall

Alsi pretty sure frankensteIm patchery is how ORSC gets born. no disrespect intended but seriously isnt it