sec_tube_packet_crack2

1. #include <stdio.h>
2. #include <string.h>
3. #include <stdlib.h>
4. #include <sys/types.h>
5. #include <sys/stat.h>
6. #include <fcntl.h>
7.  
8. unsigned char iv[]="\xc9\xb1\x5f";
9. unsigned int old_icv;
10. unsigned int new_icv;
11. unsigned char encrypted_packet[]=
12. "\x85\x8a\x22\x52\x02\xfb\x44\xf2\xbf\x6d\x16\xf0\x15\x69\x05\x88\xac"
13. "\xc8\xe5\xa9\x89\x2c\x28\x71\xa0\xd3\x10\x31\x2a\xbd\x83\x09\x04\xce"
14. "\xaa\xa4\x3e\x01\xc9\x8a\xd4\xf7\xd4\x1a\xe2\xf8\x52\xc9\x28\x1b\x60"
15. "\xd5\x94\xe1\xd5\x15\x1a\x8b\x93\xa6\x9c\x55\xbf\x09\x27\x3a\xb9\x16"
16. "\xae\x94\xc9\xc0\x97\xed\xf0\xed\xe5\xd8\x87\x4a\x7e\xf9\x29\xac\x71"
17. "\x05\x4c\xa1\xbc\x16\x4d\x74\xb2\x2f\x33\x6f\x13\x4c\x50\x7a\x32\x34"
18. "\x8c\x90\xa2\x0e\x37\x7d\x90\x67\xd8\x56\x3a\x40\xb0\xbb\x3b\x8f\xf7"
19. "\x47\x01\xfd\xd9\x74\xa8\xaf\xf7\x41\x2c\x50\x5e\x03\x05\xaa\x28\x82"
20. "\xbb\x9b\x6a\x70\x27\xf2\xd9\x09\x36\xe0\x9d\x87\xe4\x02\x5d\x12\xb3"
21. "\x43\xb0\xf5\x94\x77\x81\xcf\x72\x43\x15\x89\xf6\x79\x4d\xad\x68\x84"
22. "\xcd\xae\x45\xb3\xb7\x5c\x4f\x6d\xa0\x40\xa1\xa3\x60\xdc\xfe\xd2\xb1"
23. "\xdc\xbb\xfb\x23\x8d\x1a\xcf\x4a\xf9\x78\x39\x51\xbd\xd9\x50\xe7\x9b"
24. "\x26\xd9\x58\xba\x8a\x74\x1d\xae\x14\xc9\x2f\x2c\x1e\x95\xea\x42\xa2"
25. "\xc5\x2b\x11\x41\x50\x34\x97\xf7\x59\xf0\xeb\x44\x03\x35\xdc\x59\x01"
26. "\xfc\x52\x2f\x80\x58\xb6\xab\xf3\x14\x30\xd3\x24\x43\xa5\x44\xf9\x8b"
27. "\x27\x04\xd2\x67\x6a\xe4\x16\xc0\xa8\xe1\x1a\xa3\x29\xce\x20\x2c\x2e"
28. "\xcc\x73\xc9\x1e\xe2\xb2\x91\x10\x9d\xb6\x20\x2b\xdb\x00\xa5\xcd\x7a"
29. "\x82\x36\x85\x26\x8c\xcc\x97\x61\xd7\x57\x25\x88\x66\xcc\x50\x94\x97"
30. "\x47\x56\xcd\x1b\x46\xe1\xe5\x80\x57\xd7\xf2\xff\xbc\x7c\x45\x75\xf5"
31. "\xd7\x70\x3b\x2b\x02\xc5\xb6\x90\xd8\x94\xf1\x40\x67";
32. unsigned char *decrypted_packet;
33.  
34. unsigned int decrypt(unsigned char *keystream);
35. unsigned char *create_keystream(unsigned char *pass);
36. unsigned char *rc4(unsigned char *password);
37. unsigned int crc32(unsigned char *packet, unsigned int len);
38. unsigned int chksum_crc32 (unsigned char *block, unsigned int length);
39. void chksum_crc32gentab ();
40. unsigned int crc_tab[256];
41.  
42. int main(int argc, char *argv[])
43. {
44.     unsigned char   *keystream;
45.     char        pass[6];
46.     FILE        *fs;
47.  
48.     if ( argc == 1 )
49.     {
50.         fprintf(stderr, "Usage: %s passlist.txt\n", argv[0]);
51.         return -1;
52.     }
53.     if (( fs = fopen(argv[1], "rb")) == NULL )
54.         return -1;
55.  
56.     for ( ; ; )
57.     {
58.         memset(pass, '\0', 6);
59.         if (fgets(pass, 6, fs) == NULL )
60.             break;
61.        
62.         printf("trying\"%s\"\n", pass);
63.         keystream = create_keystream(pass);
64.         for ( i = 0; i < 336;  i++ )
65.         {
66.             printf("%x", (unsigned int )keystream);
67.         }
68.         old_icv = decrypt(keystream);
69.         new_icv = crc32(decrypted_packet, 336);
70.         free(decrypted_packet);
71.         if ( old_icv == new_icv )
72.             printf("password: %s\n", pass);    
73.     }
74.     fclose(fs);
75.     return 0;
76. }
77. unsigned int decrypt(unsigned char *keystream)
78. {
79.     unsigned int    icv;
80.     register int    i;
81.    
82.     decrypted_packet = malloc(337 * sizeof(char));
83.     memset(decrypted_packet, '\0', 337);
84.  
85.     for ( i = 0; i < 336; i++ )
86.     {
87.         decrypted_packet[i] = encrypted_packet[i] ^ keystream[i];
88.     }
89.     memcpy((char *)&icv, &decrypted_packet+332, 4);
90.    
91.     return icv;
92. }
93. unsigned char *create_keystream(unsigned char *pass)
94. {
95.     //unsigned char *password = "\xc9\xb1\x5f\x74\x75\x64\x65\x73";
96.     unsigned char   *password; 
97.     unsigned char   *new_ks;
98.  
99.     password = (unsigned char *)malloc(9 * sizeof(char));
100.     memset(password, '\0', 9);
101.     memcpy(password, iv, 3);
102.     memcpy(password+3, pass, 5);
103.    
104.     new_ks = rc4(password);
105.     free(password);
106.    
107.     return new_ks;
108. }
109.  
110. unsigned char *rc4(unsigned char *password)
111. {
112.     register int    i, j, k;
113.     unsigned char       s[256];
114.     unsigned char           *new_ks;
115.     unsigned char       temp;
116.    
117.     new_ks = (unsigned char *)malloc(337*sizeof(char));
118.     memset(new_ks, '\0', 337);
119.     //KSA
120.     j = 0;
121.     for ( i = 0; i < 256; i++ )
122.     {
123.         s[i] = i;
124.     }
125.    
126.     for ( i = 0; i < 256; i++ )
127.     {
128.         j = (j + s[i] + password[ i % 8])%256;
129.         temp = s[i];
130.         s[i] = s[j];
131.         s[j] = temp;
132.     }
133.     //PRGA
134.     i = 0;
135.     j = 0;
136.     for ( k = 0; k < 336; k++ )
137.     {
138.         i = (i + 1)%256;
139.         j = (j+s[i])%256;
140.         temp = s[i];
141.         s[i] = s[j];
142.         s[j] = temp;
143.         new_ks[k] = s[(s[i]+s[j])%256];
144.     }
145.     return new_ks;
146. }
147.  
148. unsigned int crc32(unsigned char *packet, unsigned int len)
149. {
150.     chksum_crc32gentab();
151.    
152.     return chksum_crc32(packet, len);
153. }
154.  
155. unsigned int chksum_crc32 (unsigned char *block, unsigned int length)
156. {
157.    register unsigned long crc;
158.    unsigned long i;
159.  
160.    crc = 0xFFFFFFFF;
161.    for (i = 0; i < length; i++)
162.    {
163.       crc = ((crc >> 8) & 0x00FFFFFF) ^ crc_tab[(crc ^ *block++) & 0xFF];
164.    }
165.    return (crc ^ 0xFFFFFFFF);
166. }
167.  
168. void chksum_crc32gentab ()
169. {
170.    unsigned long crc, poly;
171.    int i, j;
172.  
173.    poly = 0xEDB88320L;
174.    for (i = 0; i < 256; i++)
175.    {
176.       crc = i;
177.       for (j = 8; j > 0; j--)
178.       {
179.      if (crc & 1)
180.      {
181.         crc = (crc >> 1) ^ poly;
182.      }
183.      else
184.      {
185.         crc >>= 1;
186.      }
187.       }
188.       crc_tab[i] = crc;
189.    }
190. }