Skip to content

Instantly share code, notes, and snippets.

@yamatt
Created March 4, 2014 17:00
Show Gist options
  • Select an option

  • Save yamatt/9350570 to your computer and use it in GitHub Desktop.

Select an option

Save yamatt/9350570 to your computer and use it in GitHub Desktop.
A quick app in Node that verifies md5 hashed and salted IDs over UDP

Server

This server is an example framework to test against and is not the final product. It is designed so that the id lookup is replaceable.

Usage

Run the server by using

node server.js <port number>

so for example this will run the UDP listener on port 3000.

node server.js 3000

Request

UDP packets sent to that port will be used to verify the hashed id. The id is a concatenation of a salt and the id and md5 sum, hex encoded. In pseudo-code:

md5sum("salt"+"id")

Therefore:

md5sum("foobar")

Will be: 3858f62230ac3c915f300c664312c63f

This is concatenated with a source number as a string and a colon. For doorbot this should be 1. So the whole packet contents will be:

1:3858f62230ac3c915f300c664312c63f

Response

The server does it's checks and then will send a packet back on the same port that it received the request from.

The response comes in a string that contains the id of the server (0) a colon, the hash that was requested, another colon and an allow value (1) or disallow value (0).

So the two likely responses you will get are disallow:

0:3858f62230ac3c915f300c664312c63f:0

And allow:

0:3858f62230ac3c915f300c664312c63f:1

Test Client

This test client allows you to quickly verify if the values you are sending will work. It takes a port as the first argument and the message as a second argument. For simplicity it runs in broadcast mode so you don't have to worry about hooking it up to the server although you may have to worry about what you're sending across your network.

Usage

Bear in mind that the client is not smart enough to listen once it has sent a message, but you will get visual indicator on your server.

An example:

node test-client.js <port number> <message>

A working example:

node test-client.js 3000 "hello world"

A verifiable example. We use 0 as the source here as it is coming from the server.

node test-client.js 3000 "0:3858f62230ac3c915f300c664312c63f"
01:02:03:04:05:06
06:05:04:03:02:01
var dgram = require("dgram");
var fs = require("fs");
var crypto = require('crypto');
function get_port() {
return parseInt(process.argv[2])
}
var server = dgram.createSocket("udp4");
server.on("message", function (msg, rinfo) {
//console.log("GOT:", msg.toString());
console.log("FROM:", rinfo.address + ":" + rinfo.port);
var message_parts = msg.toString().split(":");
var source = message_parts[0];
var hashed_card_id = message_parts[1];
lookup.verify_hashed_card_id(hashed_card_id, function (verified) {
if (verified) {
console.log(hashed_card_id, "verified");
message = new Buffer("0:" + hashed_card_id + ":1") // verified
}
else {
console.log(hashed_card_id, "could not be verified");
message = new Buffer("0:" + hashed_card_id + ":0") // not verified
}
var response = dgram.createSocket("udp4");
response.send(message, 0, message.length, rinfo.port, rinfo.address, function(err, bytes) {
response.close();
});
});
});
server.on("listening", function () {
var address = server.address();
console.log("server listening", address.address + ":" + address.port);
});
server.bind(get_port());
var lookup = {
"file_path": "samplecardids.txt",
"salt": "Peeyai7BdohfeSh6",
"hash": function (value, cb) {
var hash = crypto.createHash('md5');
hash.update(this.salt, 'ascii')
hash.update(value, 'ascii');
hex_hash = hash.digest('hex');
if (cb) {
cb(hex_hash);
}
else {
return hex_hash
}
},
"verify_card_id": function (card_id, cb) {
this.hash(card_id, function (hash) {
var verification = this.verify_hashed_card_id(hash);
if (cb) {
cb(verification);
}
else {
return verification;
}
});
},
"verify_hashed_card_id": function (hashed_card_id, cb) {
var contents = fs.readFileSync(this.file_path, 'ascii');
var verified = false;
var lines = contents.split("\n")
for (var line in lines) {
if (!verified) {
card_id = lines[line].trim()
if (card_id) {
hash = this.hash(card_id);
if (hashed_card_id == hash) {
cb(true);
verified = true;
}
}
}
}
if (!verified) {
cb(false);
}
}
}
var dgram = require('dgram');
var message = get_msg()
var client = dgram.createSocket("udp4");
client.send(message, 0, message.length, get_port(), "0.0.0.0", function(err, bytes) {
client.close();
});
function get_port() {
return parseInt(process.argv[2])
}
function get_msg() {
return new Buffer(process.argv[3])
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment