From d8a277e76996f244c82a01c9fa2e20d8366b66ec Mon Sep 17 00:00:00 2001
From: Andrew Rioux <rioux.d.andrew@gmail.com>
Date: Sun, 2 Feb 2025 12:21:35 -0500
Subject: [PATCH] feat: added randomization and XOR encoding

---
 sparse-server/src/webserver.rs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/sparse-server/src/webserver.rs b/sparse-server/src/webserver.rs
index 9ce9447..f61c7f8 100644
--- a/sparse-server/src/webserver.rs
+++ b/sparse-server/src/webserver.rs
@@ -48,10 +48,10 @@ pub async fn download_beacon_installer(
     State(db): State<AppState>
 ) -> Result<impl IntoResponse, crate::error::Error> {
     use rand::{rngs::OsRng, TryRngCore};
-    use sparse_actions::payload_types::Parameters_t;
+    use sparse_actions::payload_types::{Parameters_t, XOR_KEY};
 
     let mut parameters_buffer = vec![0u8; std::mem::size_of::<Parameters_t>()];
-    //let _ = OsRng.try_fill_bytes(&mut parameters_buffer);
+    let _ = OsRng.try_fill_bytes(&mut parameters_buffer);
 
     let parameters: &mut Parameters_t = unsafe { std::mem::transmute(parameters_buffer.as_mut_ptr()) };
 
@@ -135,6 +135,11 @@ pub async fn download_beacon_installer(
 
     let installer_bytes = get_installer(&template.operating_system).await?;
 
+    let parameters_bytes = parameters_buffer
+        .iter()
+        .map(|b| b ^ (XOR_KEY as u8))
+        .collect::<Vec<_>>();
+
     use axum::http::header;
 
     Ok((
@@ -157,7 +162,7 @@ pub async fn download_beacon_installer(
         ],
         [
             &installer_bytes[..],
-            &parameters_buffer[..]
+            &parameters_bytes[..]
         ].concat()
     ))
 }