[core] Generate and handle tgtgtKey correctly, fix #2418 (#2419)

* Generate and handle tgtgtKey correctly, fix #2418

* Optimize the code readability of WtLogin9

* Add utility method to write t106 with A1

mirai-core/src/commonMain/kotlin/network/components/AccountSecretsManager.kt

@@ -27,6 +27,7 @@ import net.mamoe.mirai.internal.utils.io.serialization.toByteArray
 import net.mamoe.mirai.utils.*
 import kotlin.jvm.Synchronized
 import kotlin.jvm.Volatile
+import kotlin.random.Random
 
 /**
  * For a [Bot].
@@ -138,7 +139,7 @@ internal fun AccountSecretsImpl(
         dpwd = get_mpasswd().toByteArray(),
         randSeed = EMPTY_BYTE_ARRAY,
         ksid = EMPTY_BYTE_ARRAY,
-        tgtgtKey = (account.passwordMd5 + ByteArray(4) + account.id.toInt().toByteArray()).md5(),
+        tgtgtKey = (Random.nextBytes(16) + device.guid).md5(),
         randomKey = getRandomByteArray(16),
         ecdhInitialPublicKey = QQEcdhInitialPublicKey.default
     )

mirai-core/src/commonMain/kotlin/network/protocol/packet/Tlv.kt

@@ -121,6 +121,15 @@ internal fun BytePacketBuilder.t106(
     )
 }
 
+internal fun BytePacketBuilder.t106(
+    encryptA1: ByteArray
+) {
+    writeShort(0x106)
+    writeShortLVPacket {
+        writeFully(encryptA1)
+    }
+}
+
 /**
  * A1
  */

mirai-core/src/commonMain/kotlin/network/protocol/packet/login/WtLogin.kt

@@ -371,7 +371,9 @@ internal class WtLogin {
                         tlvMap119.smartToString().printStructure("TlvMap119")
                     }
 
-                    tlvMap119[0x106]?.let { client.analyzeTlv106(it) }
+                    tlvMap119[0x10c]?.read {
+                        client.tgtgtKey = readBytes(16)
+                    }
 
                     // ???
                     tlvMap119[0x1c]?.read {

mirai-core/src/commonMain/kotlin/network/protocol/packet/login/wtlogin/WtLogin15.kt

@@ -13,7 +13,6 @@ import io.ktor.utils.io.core.*
 import net.mamoe.mirai.internal.network.*
 import net.mamoe.mirai.internal.network.protocol.packet.*
 import net.mamoe.mirai.internal.network.protocol.packet.login.WtLogin
-import net.mamoe.mirai.internal.utils.io.writeShortLVByteArray
 import kotlin.math.abs
 import kotlin.random.Random
 
@@ -56,9 +55,7 @@ internal object WtLogin15 : WtLoginExt {
             t1(client.uin, ByteArray(4))
 
             //  t106(client = client)
-            writeShort(0x106)
-            val encryptA1 = client.wLoginSigInfo.encryptA1!!
-            writeShortLVByteArray(encryptA1)
+            t106(client.wLoginSigInfo.encryptA1!!)
 //            kotlin.run {
 //                val key = (client.account.passwordMd5 + ByteArray(4) + client.uin.toInt().toByteArray()).md5()
 //                kotlin.runCatching {

mirai-core/src/commonMain/kotlin/network/protocol/packet/login/wtlogin/WtLogin9.kt

@@ -26,13 +26,25 @@ internal object WtLogin9 : WtLoginExt {
         writeSsoPacket(client, client.subAppId, WtLogin.Login.commandName, sequenceId = sequenceId) {
             writeOicqRequestPacket(client, commandId = 0x0810) {
                 writeShort(9) // subCommand
-                writeShort(if (allowSlider) 0x18 else 0x17) // count of TLVs, probably ignored by server?
+                var tlvCount = if (allowSlider) 0x18 else 0x17;
+                val useEncryptA1AndNoPicSig =
+                    client.wLoginSigInfoInitialized
+                            && client.wLoginSigInfo.noPicSig != null
+                            && client.wLoginSigInfo.encryptA1 != null
+                if (useEncryptA1AndNoPicSig) {
+                    tlvCount++;
+                }
+                writeShort(tlvCount.toShort()) // count of TLVs, probably ignored by server?
                 //writeShort(LoginType.PASSWORD.value.toShort())
 
                 t18(appId, client.appClientVersion, client.uin)
                 t1(client.uin, client.device.ipAddress)
 
-                t106(appId, client)
+                if (useEncryptA1AndNoPicSig) {
+                    t106(client.wLoginSigInfo.encryptA1!!)
+                } else {
+                    t106(appId, client)
+                }
 
                 /* // from GetStWithPasswd
                 int mMiscBitmap = this.mMiscBitmap;
@@ -66,8 +78,9 @@ internal object WtLogin9 : WtLoginExt {
                     t166(1)
                 }
                 */
-
-                // ignored t16a because array5 is null
+                if (useEncryptA1AndNoPicSig) {
+                    t16a(client.wLoginSigInfo.noPicSig!!)
+                }
 
                 t154(sequenceId)
                 t141(client.device.simInfo, client.networkType, client.device.apn)

mirai-core/src/commonMain/kotlin/network/protocol/packet/login/wtlogin/WtLoginExt.kt

@@ -17,7 +17,6 @@ import net.mamoe.mirai.internal.network.WLoginSigInfo
 import net.mamoe.mirai.internal.network.protocol.packet.Tlv
 import net.mamoe.mirai.internal.network.protocol.packet.login.WtLogin
 import net.mamoe.mirai.internal.network.protocol.packet.t145
-import net.mamoe.mirai.internal.utils.crypto.TEA
 import net.mamoe.mirai.internal.utils.io.writeShortLVByteArray
 import net.mamoe.mirai.utils.*
 
@@ -208,22 +207,9 @@ internal interface WtLoginExt { // so as not to register to global extension
         }
     }
 
-    fun QQAndroidClient.analyzeTlv106(t106: ByteArray) {
-        val tgtgtKey = decodeA1(t106) {
-            discardExact(51)
-            readBytes(16)
-        }
-        this.tgtgtKey = tgtgtKey
-    }
-
     fun Input.readUShortLVString(): String = String(this.readUShortLVByteArray())
 }
 
-internal inline fun <R> QQAndroidClient.decodeA1(a1: ByteArray, block: ByteReadPacket.() -> R): R {
-    val key = (account.passwordMd5 + ByteArray(4) + uin.toInt().toByteArray()).md5()
-    val v = TEA.decrypt(a1, key)
-    return v.toReadPacket().withUse(block)
-}
 
 internal fun ByteArray?.orEmpty(size: Int = 0): ByteArray {
     return this ?: if (size == 0) EMPTY_BYTE_ARRAY else ByteArray(size)