hw_partner
/
urmic_digital_encoder_decoder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

This commit is contained in:
devdatt 2026-02-09 17:23:51 +05:30
parent 6c2d947871
commit 426a350a73
3 changed files with 113 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
encoder/firmware.php
View File

@ -347,13 +347,17 @@ EwIDAQAB
'firmware.json', 'firmware.json',
]; ];
/* 1. Remove existing config files */
foreach ($jsonFiles as $json) { foreach ($jsonFiles as $json) {
if (file_exists($json)) { if (file_exists($json)) {
unlink($json); unlink($json);
} }
} }
$tmpZip = sys_get_temp_dir() . '/restore.zip'; /* 2. Validate upload */
if (!isset($_FILES['shree_bhattji_encoder'])) {
die('No file uploaded');
}
$upload = $_FILES['shree_bhattji_encoder']; $upload = $_FILES['shree_bhattji_encoder'];
@ -361,42 +365,71 @@ EwIDAQAB
die('Upload failed'); die('Upload failed');
} }
if (pathinfo($upload['name'], PATHINFO_EXTENSION) !== 'bin') { if (strtolower(pathinfo($upload['name'], PATHINFO_EXTENSION)) !== 'bin') {
die('Invalid file type'); die('Invalid file type');
} }
/* 3. Load private key */
$privateKeyPem = file_get_contents('/var/www/backup_private.pem'); $privateKeyPem = file_get_contents('/var/www/backup_private.pem');
if (!$privateKeyPem) { if ($privateKeyPem === false) {
die('Private key not found'); die('Private key not found');
} }
$privateKey = openssl_pkey_get_private($privateKeyPem); $privateKey = openssl_pkey_get_private($privateKeyPem);
if (!$privateKey) { if ($privateKey === false) {
die('Invalid private key'); die('Invalid private key');
} }
/* 4. Read binary backup */
$payloadRaw = file_get_contents($upload['tmp_name']); $payloadRaw = file_get_contents($upload['tmp_name']);
$payload = json_decode($payloadRaw, true); if ($payloadRaw === false) {
die('Failed to read backup file');
if (
!is_array($payload)
|| !isset($payload['key'], $payload['iv'], $payload['data'])
) {
die('Invalid backup file format');
} }
$encryptedKey = base64_decode($payload['key'], true); $offset = 0;
$iv = base64_decode($payload['iv'], true);
$encryptedData = base64_decode($payload['data'], true);
if ($encryptedKey === false || $iv === false || $encryptedData === false) { /* 5. Read RSA key length (4 bytes, big-endian) */
die('Corrupt backup data'); if (strlen($payloadRaw) < 4) {
die('Corrupt backup file');
} }
$keyLen = unpack('N', substr($payloadRaw, 0, 4))[1];
$offset += 4;
if ($keyLen <= 0 || $keyLen > 512) {
die('Invalid encrypted key length');
}
/* 6. Read RSA-encrypted AES key */
$encryptedKey = substr($payloadRaw, $offset, $keyLen);
if (strlen($encryptedKey) !== $keyLen) {
die('Corrupt encrypted key');
}
$offset += $keyLen;
/* 7. Read IV */
$iv = substr($payloadRaw, $offset, 16);
if (strlen($iv) !== 16) {
die('Invalid IV');
}
$offset += 16;
/* 8. Remaining data = AES-encrypted ZIP */
$encryptedData = substr($payloadRaw, $offset);
if ($encryptedData === '') {
die('Missing encrypted payload');
}
/* 9. Decrypt AES key */
if (!openssl_private_decrypt($encryptedKey, $aesKey, $privateKey)) { if (!openssl_private_decrypt($encryptedKey, $aesKey, $privateKey)) {
die('Key mismatch or wrong private key'); die('Key mismatch or wrong private key');
} }
if (strlen($aesKey) !== 32) {
die('Invalid AES key length');
}
/* 10. Decrypt ZIP */
$zipBinary = openssl_decrypt( $zipBinary = openssl_decrypt(
$encryptedData, $encryptedData,
'AES-256-CBC', 'AES-256-CBC',
@ -408,18 +441,32 @@ EwIDAQAB
if ($zipBinary === false) { if ($zipBinary === false) {
die('Failed to decrypt data'); die('Failed to decrypt data');
} }
$tmpZip = sys_get_temp_dir() . '/restore_' . uniqid() . '.zip';
/* 11. Write ZIP to temp file */
$tmpZip = sys_get_temp_dir() . '/restore_' . uniqid('', true) . '.zip';
file_put_contents($tmpZip, $zipBinary); file_put_contents($tmpZip, $zipBinary);
/* 12. Extract ZIP safely */
$zip = new ZipArchive(); $zip = new ZipArchive();
if ($zip->open($tmpZip) !== true) { if ($zip->open($tmpZip) !== true) {
unlink($tmpZip); unlink($tmpZip);
die('Invalid ZIP archive'); die('Invalid ZIP archive');
} }
$zip->extractTo(__DIR__); // overwrites existing JSON $restoreDir = __DIR__ . '/restore_tmp';
@mkdir($restoreDir, 0700, true);
$zip->extractTo($restoreDir);
$zip->close(); $zip->close();
/* 13. Restore only expected JSON files */
foreach ($jsonFiles as $file) {
$src = $restoreDir . '/' . $file;
if (file_exists($src)) {
rename($src, __DIR__ . '/' . $file);
}
}
/* 14. Cleanup */
unlink($tmpZip); unlink($tmpZip);
update_service("display"); update_service("display");
update_service("rtmp0"); update_service("rtmp0");

48
install.sh
View File

@ -180,6 +180,52 @@ RestartSec=30
WantedBy=multi-user.target WantedBy=multi-user.target
EOL EOL
cat > /etc/systemd/system/drm-key.service<< 'EOL'
[Unit]
Description=HLS Key Generator and Poster
After=network-online.target
Wants=network-online.target
[Service]
Type=key genrator
User=root
Group=root
ExecStart=/var/www/key.sh
WorkingDirectory=/var/www
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
EOL
cat > /var/www/key.sh<< 'EOL'
#!/bin/bash
set -e
# ===== CONFIG =====
STREAM_ID="strem_id_strem_id_strem_id"
KEY_FILE="/var/www/scrambler.key"
# ==================
# Timestamp
TIMESTAMP=$(date +%s)
# Dynamic POST field name
KEY_FIELD="${STREAM_ID}_${TIMESTAMP}"
# Generate secure random 16-byte key (binary)
openssl rand 16 > "$KEY_FILE"
# Convert binary key to hex for HTTP transport
KEY_HEX=$(xxd -p "$KEY_FILE" | tr -d '\n')
curl --fail --silent --show-error \
-X POST "$post_url_post_url_post_url" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data "stream_id=${STREAM_ID}&${KEY_FIELD}=${KEY_HEX}"
EOL
# graph monitor setup # graph monitor setup
cat > /etc/systemd/system/system-monitor.service<< 'EOL' cat > /etc/systemd/system/system-monitor.service<< 'EOL'
[Unit] [Unit]
@ -408,8 +454,6 @@ sudo chown -R www-data:www-data /var/www
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo chmod 444 /sys/class/dmi/id/product_uuid sudo chmod 444 /sys/class/dmi/id/product_uuid
sudo systemctl disable systemd-networkd-wait-online.service
sudo systemctl mask systemd-networkd-wait-online.service
sudo ufw default allow outgoing sudo ufw default allow outgoing
sudo ufw default deny incoming sudo ufw default deny incoming

3
setup.sh
View File

@ -148,7 +148,8 @@ RestartSec=30
WantedBy=multi-user.target WantedBy=multi-user.target
EOL EOL
sudo systemctl unmask systemd-networkd-wait-online.service
sudo systemctl enable systemd-networkd-wait-online.service
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart nginx sudo systemctl restart nginx
sudo a2enmod ssl sudo a2enmod ssl