Update Telegram's RSA keys

2025-11-01 00:17:47 +03:00 · 2019-10-03 20:51:45 +02:00 · 2019-10-03 20:51:45 +02:00 · 09f27f0dd7
commit 09f27f0dd7
parent 72dd36bc17
2 changed files with 59 additions and 8 deletions
--- a/telethon/crypto/rsa.py
+++ b/telethon/crypto/rsa.py
@ -14,7 +14,7 @@ except ImportError:
 from ..tl import TLObject


-# {fingerprint: Crypto.PublicKey.RSA._RSAobj} dictionary
+# {fingerprint: (Crypto.PublicKey.RSA._RSAobj, old)} dictionary
 _server_keys = {}


@ -47,26 +47,27 @@ def _compute_fingerprint(key):
    return struct.unpack('<q', sha1(n + e).digest()[-8:])[0]


-def add_key(pub):
+def add_key(pub, *, old):
    """Adds a new public key to be used when encrypting new data is needed"""
    global _server_keys
    key = rsa.PublicKey.load_pkcs1(pub)
-    _server_keys[_compute_fingerprint(key)] = key
+    _server_keys[_compute_fingerprint(key)] = (key, old)


-def encrypt(fingerprint, data):
+def encrypt(fingerprint, data, *, use_old=False):
    """
    Encrypts the given data known the fingerprint to be used
    in the way Telegram requires us to do so (sha1(data) + data + padding)

    :param fingerprint: the fingerprint of the RSA key.
    :param data: the data to be encrypted.
+    :param use_old: whether old keys should be used.
    :return:
        the cipher text, or None if no key matching this fingerprint is found.
    """
    global _server_keys
-    key = _server_keys.get(fingerprint, None)
-    if not key:
+    key, old = _server_keys.get(fingerprint, None)
+    if (not key) or (old and not use_old):
        return None

    # len(sha1.digest) is always 20, so we're left with 255 - 20 - x padding
@ -82,6 +83,48 @@ def encrypt(fingerprint, data):


 # Add default keys
+# https://github.com/DrKLO/Telegram/blob/a724d96e9c008b609fe188d122aa2922e40de5fc/TMessagesProj/jni/tgnet/Handshake.cpp#L356-L436
+for pub in (
+        '''-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAruw2yP/BCcsJliRoW5eBVBVle9dtjJw+OYED160Wybum9SXtBBLX
+riwt4rROd9csv0t0OHCaTmRqBcQ0J8fxhN6/cpR1GWgOZRUAiQxoMnlt0R93LCX/
+j1dnVa/gVbCjdSxpbrfY2g2L4frzjJvdl84Kd9ORYjDEAyFnEA7dD556OptgLQQ2
+e2iVNq8NZLYTzLp5YpOdO1doK+ttrltggTCy5SrKeLoCPPbOgGsdxJxyz5KKcZnS
+Lj16yE5HvJQn0CNpRdENvRUXe6tBP78O39oJ8BTHp9oIjd6XWXAsp2CvK45Ol8wF
+XGF710w9lwCGNbmNxNYhtIkdqfsEcwR5JwIDAQAB
+-----END RSA PUBLIC KEY-----''',
+
+        '''-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvfLHfYH2r9R70w8prHblWt/nDkh+XkgpflqQVcnAfSuTtO05lNPs
+pQmL8Y2XjVT4t8cT6xAkdgfmmvnvRPOOKPi0OfJXoRVylFzAQG/j83u5K3kRLbae
+7fLccVhKZhY46lvsueI1hQdLgNV9n1cQ3TDS2pQOCtovG4eDl9wacrXOJTG2990V
+jgnIKNA0UMoP+KF03qzryqIt3oTvZq03DyWdGK+AZjgBLaDKSnC6qD2cFY81UryR
+WOab8zKkWAnhw2kFpcqhI0jdV5QaSCExvnsjVaX0Y1N0870931/5Jb9ICe4nweZ9
+kSDF/gip3kWLG0o8XQpChDfyvsqB9OLV/wIDAQAB
+-----END RSA PUBLIC KEY-----''',
+
+        '''-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAs/ditzm+mPND6xkhzwFIz6J/968CtkcSE/7Z2qAJiXbmZ3UDJPGr
+zqTDHkO30R8VeRM/Kz2f4nR05GIFiITl4bEjvpy7xqRDspJcCFIOcyXm8abVDhF+
+th6knSU0yLtNKuQVP6voMrnt9MV1X92LGZQLgdHZbPQz0Z5qIpaKhdyA8DEvWWvS
+Uwwc+yi1/gGaybwlzZwqXYoPOhwMebzKUk0xW14htcJrRrq+PXXQbRzTMynseCoP
+Ioke0dtCodbA3qQxQovE16q9zz4Otv2k4j63cz53J+mhkVWAeWxVGI0lltJmWtEY
+K6er8VqqWot3nqmWMXogrgRLggv/NbbooQIDAQAB
+-----END RSA PUBLIC KEY-----''',
+
+        '''-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvmpxVY7ld/8DAjz6F6q05shjg8/4p6047bn6/m8yPy1RBsvIyvuD
+uGnP/RzPEhzXQ9UJ5Ynmh2XJZgHoE9xbnfxL5BXHplJhMtADXKM9bWB11PU1Eioc
+3+AXBB8QiNFBn2XI5UkO5hPhbb9mJpjA9Uhw8EdfqJP8QetVsI/xrCEbwEXe0xvi
+fRLJbY08/Gp66KpQvy7g8w7VB8wlgePexW3pT13Ap6vuC+mQuJPyiHvSxjEKHgqe
+Pji9NP3tJUFQjcECqcm0yV7/2d0t/pbCm+ZH1sadZspQCEPPrtbkQBlvHb4OLiIW
+PGHKSMeRFvp3IWcmdJqXahxLCUS1Eh6MAQIDAQAB
+-----END RSA PUBLIC KEY-----''',
+
+):
+    add_key(pub, old=False)
+
+
 for pub in (
        '''-----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAwVACPi9w23mF3tBkdZz+zwrzKOaaQdr01vAbU4E1pvkfj4sqDsm6
@ -117,6 +160,6 @@ qAqBdmI1iBGdQv/OQCBcbXIWCGDY2AsiqLhlGQfPOI7/vvKc188rTriocgUtoTUc
 /n/sIUzkgwTqRyvWYynWARWzQg0I9olLBBC2q5RQJJlnYXZwyTL3y9tdb7zOHkks
 WV9IMQmZmyZh/N7sMbGWQpt4NMchGpPGeJ2e5gHBjDnlIf2p1yZOYeUYrdbwcS0t
 UiggS4UeE8TzIuXFQxw7fzEIlmhIaq3FnwIDAQAB
-----END RSA PUBLIC KEY-----'''
+-----END RSA PUBLIC KEY-----''',
 ):
-    add_key(pub)
+    add_key(pub, old=True)
--- a/telethon/network/authenticator.py
+++ b/telethon/network/authenticator.py
@ -56,6 +56,14 @@ async def do_authentication(sender):
            target_fingerprint = fingerprint
            break

+    if cipher_text is None:
+        # Second attempt, but now we're allowed to use old keys
+        for fingerprint in res_pq.server_public_key_fingerprints:
+            cipher_text = rsa.encrypt(fingerprint, pq_inner_data, use_old=True)
+            if cipher_text is not None:
+                target_fingerprint = fingerprint
+                break
+
    if cipher_text is None:
        raise SecurityError(
            'Step 2 could not find a valid key for fingerprints: {}'