def addMSChapMPPEkeys(self, password, encryption_policy="\x01", encryption_types="\x06"): """ add mppe keys to packet. use for mschap-v1 authentications password(string): clear text password encryption_policy(string): 1 Encryption-Allowed 2 Encryption-Required encryption_types(string): """ lm_hash = mschap.lm_password_hash(password) nt_hash = mschap.hash_nt_password_hash(mschap.nt_password_hash(password, False)) self["MS-CHAP-MPPE-Keys"] = self.PwCrypt(lm_hash[:8] + nt_hash + "\000" * 8) self["MS-MPPE-Encryption-Policy"] = "\000" * 3 + encryption_policy self["MS-MPPE-Encryption-Types"] = "\000" * 3 + encryption_types
def addMSChapMPPEkeys(self,password,encryption_policy="\x01",encryption_types="\x06"): """ add mppe keys to packet. use for mschap-v1 authentications password(string): clear text password encryption_policy(string): 1 Encryption-Allowed 2 Encryption-Required encryption_types(string): """ lm_hash=mschap.lm_password_hash(password) nt_hash=mschap.hash_nt_password_hash(mschap.nt_password_hash(password,False)) self["MS-CHAP-MPPE-Keys"]=self.PwCrypt(lm_hash[:8]+nt_hash+"\000"*8) self["MS-MPPE-Encryption-Policy"]="\000"*3+encryption_policy self["MS-MPPE-Encryption-Types"]="\000"*3+encryption_types
def mppe_chap2_gen_keys(password,nt_response): """ 3.3. Generating 128-bit Session Keys When used in conjunction with MS-CHAP-2 authentication, the initial MPPE session keys are derived from the peer's Windows NT password. The first step is to obfuscate the peer's password using NtPasswordHash() function as described in [8]. NtPasswordHash(Password, PasswordHash) The first 16 octets of the result are then hashed again using the MD4 algorithm. PasswordHashHash = md4(PasswordHash) The first 16 octets of this second hash are used together with the NT-Response field from the MS-CHAP-2 Response packet [8] as the basis for the master session key: GetMasterKey(PasswordHashHash, NtResponse, MasterKey) Once the master key has been generated, it is used to derive two 128-bit master session keys, one for sending and one for receiving: GetAsymmetricStartKey(MasterKey, MasterSendKey, 16, TRUE, TRUE) GetAsymmetricStartKey(MasterKey, MasterReceiveKey, 16, FALSE, TRUE) The master session keys are never used to encrypt or decrypt data; they are only used in the derivation of transient session keys. The initial transient session keys are obtained by calling the function GetNewKeyFromSHA() (described in [3]): GetNewKeyFromSHA(MasterSendKey, MasterSendKey, 16, SendSessionKey) GetNewKeyFromSHA(MasterReceiveKey, MasterReceiveKey, 16, ReceiveSessionKey) Finally, the RC4 tables are initialized using the new session keys: rc4_key(SendRC4key, 16, SendSessionKey) rc4_key(ReceiveRC4key, 16, ReceiveSessionKey) """ password_hash=mschap.nt_password_hash(password,False) password_hash_hash=mschap.hash_nt_password_hash(password_hash) master_key=get_master_key(password_hash_hash,nt_response) master_send_key=get_asymetric_start_key(master_key,16,True,True) master_recv_key=get_asymetric_start_key(master_key,16,False,True) return (master_send_key,master_recv_key)