sec_tube_packet_crack

1. #include <stdio.h>
2. #include <string.h>
3. #include <stdlib.h>
4. #include <sys/types.h>
5. #include <sys/stat.h>
6. #include <fcntl.h>
7.  
8. unsigned char iv[]="\xc9\xb1\x5f";
9. unsigned int old_icv;
10. unsigned int new_icv;
11. unsigned char encrypted_packet[]=
12. "\x85\x8a\x22\x52\x02\xfb\x44\xf2\xbf\x6d\x16\xf0\x15\x69\x05\x88\xac"
13. "\xc8\xe5\xa9\x89\x2c\x28\x71\xa0\xd3\x10\x31\x2a\xbd\x83\x09\x04\xce"
14. "\xaa\xa4\x3e\x01\xc9\x8a\xd4\xf7\xd4\x1a\xe2\xf8\x52\xc9\x28\x1b\x60"
15. "\xd5\x94\xe1\xd5\x15\x1a\x8b\x93\xa6\x9c\x55\xbf\x09\x27\x3a\xb9\x16"
16. "\xae\x94\xc9\xc0\x97\xed\xf0\xed\xe5\xd8\x87\x4a\x7e\xf9\x29\xac\x71"
17. "\x05\x4c\xa1\xbc\x16\x4d\x74\xb2\x2f\x33\x6f\x13\x4c\x50\x7a\x32\x34"
18. "\x8c\x90\xa2\x0e\x37\x7d\x90\x67\xd8\x56\x3a\x40\xb0\xbb\x3b\x8f\xf7"
19. "\x47\x01\xfd\xd9\x74\xa8\xaf\xf7\x41\x2c\x50\x5e\x03\x05\xaa\x28\x82"
20. "\xbb\x9b\x6a\x70\x27\xf2\xd9\x09\x36\xe0\x9d\x87\xe4\x02\x5d\x12\xb3"
21. "\x43\xb0\xf5\x94\x77\x81\xcf\x72\x43\x15\x89\xf6\x79\x4d\xad\x68\x84"
22. "\xcd\xae\x45\xb3\xb7\x5c\x4f\x6d\xa0\x40\xa1\xa3\x60\xdc\xfe\xd2\xb1"
23. "\xdc\xbb\xfb\x23\x8d\x1a\xcf\x4a\xf9\x78\x39\x51\xbd\xd9\x50\xe7\x9b"
24. "\x26\xd9\x58\xba\x8a\x74\x1d\xae\x14\xc9\x2f\x2c\x1e\x95\xea\x42\xa2"
25. "\xc5\x2b\x11\x41\x50\x34\x97\xf7\x59\xf0\xeb\x44\x03\x35\xdc\x59\x01"
26. "\xfc\x52\x2f\x80\x58\xb6\xab\xf3\x14\x30\xd3\x24\x43\xa5\x44\xf9\x8b"
27. "\x27\x04\xd2\x67\x6a\xe4\x16\xc0\xa8\xe1\x1a\xa3\x29\xce\x20\x2c\x2e"
28. "\xcc\x73\xc9\x1e\xe2\xb2\x91\x10\x9d\xb6\x20\x2b\xdb\x00\xa5\xcd\x7a"
29. "\x82\x36\x85\x26\x8c\xcc\x97\x61\xd7\x57\x25\x88\x66\xcc\x50\x94\x97"
30. "\x47\x56\xcd\x1b\x46\xe1\xe5\x80\x57\xd7\xf2\xff\xbc\x7c\x45\x75\xf5"
31. "\xd7\x70\x3b\x2b\x02\xc5\xb6\x90\xd8\x94\xf1\x40\x67";
32. unsigned char *decrypted_packet;
33.  
34. unsigned int decrypt(unsigned char *keystream);
35. unsigned char *create_keystream(unsigned char *pass);
36. unsigned char *rc4(unsigned char *password);
37. unsigned int crc32(unsigned char *packet, unsigned int len);
38. unsigned int chksum_crc32 (unsigned char *block, unsigned int length);
39. void chksum_crc32gentab ();
40. unsigned int crc_tab[256];
41.  
42. int main(int argc, char *argv[])
43. {
44.     unsigned char   *keystream;
45.     char        pass[6];
46.     FILE        *fs;
47.  
48.     if ( argc == 1 )
49.     {
50.         fprintf(stderr, "Usage: %s passlist.txt\n", argv[0]);
51.         return -1;
52.     }
53.     if (( fs = fopen(argv[1], "rb")) == NULL )
54.         return -1;
55.  
56.     for ( ; ; )
57.     {
58.         memset(pass, '\0', 6);
59.         if (fgets(pass, 6, fs) == NULL )
60.             break;
61.        
62.         printf("trying\"%s\"\n", pass);
63.         keystream = create_keystream(pass);
64.         old_icv = decrypt(keystream);
65.         new_icv = crc32(decrypted_packet, 336);
66.         free(decrypted_packet);
67.         if ( old_icv == new_icv )
68.             printf("password: %s\n", pass);    
69.     }
70.     fclose(fs);
71.     return 0;
72. }
73. unsigned int decrypt(unsigned char *keystream)
74. {
75.     unsigned int    icv;
76.     register int    i;
77.    
78.     decrypted_packet = malloc(337 * sizeof(char));
79.     memset(decrypted_packet, '\0', 337);
80.  
81.     for ( i = 0; i < 336; i++ )
82.     {
83.         decrypted_packet[i] = encrypted_packet[i] ^ keystream[i];
84.     }
85.     memcpy((char *)&icv, &decrypted_packet+332, 4);
86.    
87.     return icv;
88. }
89. unsigned char *create_keystream(unsigned char *pass)
90. {
91.     unsigned char   *password = "\xc9\xb1\x5f\x74\x75\x64\x65\x73";
92.     unsigned char   *new_ks;
93. /*
94.     password = (unsigned char *)malloc(9 * sizeof(char));
95.     memset(password, '\0', 9);
96.     memcpy(password, iv, 3);
97.     memcpy(password+3, pass, 5);
98. */ 
99.     new_ks = rc4(password);
100. //  free(password);
101.    
102.     return new_ks;
103. }
104.  
105. unsigned char *rc4(unsigned char *password)
106. {
107.     register int    i, j, k;
108.     unsigned char       s[256];
109.     unsigned char           *new_ks;
110.     unsigned char       temp;
111.    
112.     new_ks = (unsigned char *)malloc(337*sizeof(char));
113.     memset(new_ks, '\0', 337);
114.     //KSA
115.     j = 0;
116.     for ( i = 0; i < 256; i++ )
117.     {
118.         s[i] = i;
119.     }
120.    
121.     for ( i = 0; i < 256; i++ )
122.     {
123.         j = (j + s[i] + password[ i % 8])%256;
124.         temp = s[i];
125.         s[i] = s[j];
126.         s[j] = temp;
127.     }
128.     //PRGA
129.     i = 0;
130.     j = 0;
131.     for ( k = 0; k < 336; k++ )
132.     {
133.         i = (i + 1)%256;
134.         j = (j+s[i])%256;
135.         temp = s[i];
136.         s[i] = s[j];
137.         s[j] = temp;
138.         new_ks[k] = s[(s[i]+s[j])%256];
139.     }
140.     return new_ks;
141. }
142.  
143. unsigned int crc32(unsigned char *packet, unsigned int len)
144. {
145.     chksum_crc32gentab();
146.    
147.     return chksum_crc32(packet, len);
148. }
149.  
150. unsigned int chksum_crc32 (unsigned char *block, unsigned int length)
151. {
152.    register unsigned long crc;
153.    unsigned long i;
154.  
155.    crc = 0xFFFFFFFF;
156.    for (i = 0; i < length; i++)
157.    {
158.       crc = ((crc >> 8) & 0x00FFFFFF) ^ crc_tab[(crc ^ *block++) & 0xFF];
159.    }
160.    return (crc ^ 0xFFFFFFFF);
161. }
162.  
163. void chksum_crc32gentab ()
164. {
165.    unsigned long crc, poly;
166.    int i, j;
167.  
168.    poly = 0xEDB88320L;
169.    for (i = 0; i < 256; i++)
170.    {
171.       crc = i;
172.       for (j = 8; j > 0; j--)
173.       {
174.      if (crc & 1)
175.      {
176.         crc = (crc >> 1) ^ poly;
177.      }
178.      else
179.      {
180.         crc >>= 1;
181.      }
182.       }
183.       crc_tab[i] = crc;
184.    }
185. }