sec_tube_ks_crack

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

unsigned char text[] =
"\x8b\x12\xe8\x19\xa3\xcd\x91\x17\x76\xed\xf7\xc3\xcd\x5c\x5e\x0f"
"\x1c\xc1\x07\x42\xf2\xdc\x99\x8a\x35\x38\xe5\xa3\xb0\xb6\xaf\x3c"
"\x84\x12\xc3\xb2\xa8\xcd\xf7\x89\xfa\xe2\xe4\xf2\x44\x50\x40\x11"
"\xfd\xc4\x67\x02\x8a\xee\x51\x63\x2c\xd0\x47\x68\x27\xa7\xbb\x8b"
"\xcc\x2d\x0c\x41\xb6\x2b\x12\x13\x5f\x3c\xc2\x63\x06\x21\x6d\x11"
"\x84\xba\x1c\x97\x55\x3f\x79\x24\xdd\x15\x3a\xda\x3b\xc3\xc6\x9b"
"\xa8\xa2\x1c\x77\x93\x1f\xe9\x67\x7d\xbc\xb9\x16\x62\x5d\x58\xb5"
"\xee\x9a\xe9\x61\x5b\x01\xf7\x38\x11\x17\x8b\xfd\x8a\xb5\xb6\x9a";

unsigned char cipher[] =
"\x70\xca\xef\x5c\x0b\x09\x6c\x6d\x2e\x0b\xbe\xd6\xb1\xc5\x10\xfd\x25"
"\x36\xbd\x6d\xbb\x76\x5d\x27\x7e\x47\x1e\x9b\x0e\x89\x29\x88\x03\x8b"
"\xf6\x2b\x26\x6f\x3f\xbb\x09\x35\xf0\x50\xc7\xae\xc0\x46\xce\xdc\xce"
"\xa8\x52\x07\x3b\xca\x42\xb3\xb9\x71\xca\x68\x98\xc8\xec\x84\x5d\x24"
"\xb0\x9b\x71\x2b\x2b\x4f\x09\x1a\xbb\x43\xbc\xa4\x56\x28\x15\xd6\x85"
"\xe4\xc6\x00\x70\x7f\x13\xb8\xf2\xca\xa2\xc3\x3e\xf0\x7f\x78\x5e\xe1"
"\x2a\xc4\xa0\x6c\xd8\x8d\xc0\xd1\xc8\xbf\x15\xa7\x55\x18\xc3\xdb\x59"
"\x3d\x2b\x28\x69\xab\x6c\x86\xa5\xe8\x96\x4d\x6d\x1b\x1f\x67\xe4\x1c";

unsigned char iv[]="\x3a\x6f\x63";

unsigned char *find_ks(void);
unsigned char *wep(unsigned char *pass);
unsigned char *rc4(unsigned char *password);

int main(int argc, char *argv[])
{
    unsigned char   *keystream;
    unsigned char   *new_ks;
    unsigned char   pass[6];
    FILE        *fs;
    register int    i;

    if ( argc == 1 )
    {
        fprintf(stderr, "Usage: %s passlist.txt\n", argv[0]);
        return -1;
    }
    keystream = find_ks();

    if (( fs = fopen(argv[1], "rb")) == NULL )
    {
        fprintf(stderr, "fopen()\n");
        return -1;
    }

    for (;;)
    {

        memset(pass, '\0', 6);
        if ( fgets(pass, 6, fs) == NULL )
            break;

        printf("trying \"%s\"\n", pass);
        new_ks = wep(pass);
        if ( strncmp(new_ks, keystream, 128) == 0 )
        {
            printf("pass: %s\n", pass);
            free(new_ks);
            break;
        }
        free(new_ks);
    }
    fclose(fs);
    free(keystream);
    return 0;
}

unsigned char *find_ks(void)
{
    register int    i;
    unsigned char   *keystream = (unsigned char *)malloc(129 * sizeof(char));

    for ( i = 0; i < 128; i++ )
    {
        keystream[i] = text[i] ^ cipher[i];
    }

    return keystream;
}

unsigned char *wep(unsigned char *pass)
{
    //unsigned char   *password = "\x3a\x6f\x63\x74\x75\x64\x65\x73";
    unsigned char   *password;
    unsigned char   *new_ks;

    password = (unsigned char *)malloc(9 * sizeof(char));
    memset(password, '\0', 9);
    memcpy(password, iv, 3);
    memcpy(password+3, pass, 5);

    new_ks = rc4(password);
    free(password);

    return new_ks;
}

unsigned char *rc4(unsigned char *password)
{
    register int    i, j, k;
    unsigned char       s[256];
    unsigned char           *new_ks;
    unsigned char       temp;

    new_ks = (unsigned char *)malloc(129*sizeof(char));
    memset(new_ks, '\0', 129);
    printf("keystream: ");
    //KSA
    j = 0;
    for ( i = 0; i < 256; i++ )
    {
        s[i] = i;
    }

    for ( i = 0; i < 256; i++ )
    {
        j = (j + s[i] + password[ i % 8])%256;
        temp = s[i];
        s[i] = s[j];
        s[j] = temp;
    }
    //PRGA
    i = 0;
    j = 0;
    for ( k = 0; k < 128; k++ )
    {
        i = (i + 1)%256;
        j = (j+s[i])%256;
        temp = s[i];
        s[i] = s[j];
        s[j] = temp;
        new_ks[k] = s[(s[i]+s[j])%256];
    }
    return new_ks;
}