def chiffrement(message, i, nb_frag):
arp = rdpcap(CAPFILE_CLAIR)[0]
# On extrait l iv du message et on le concatene avec notre cle pour creer notre seed (pour l algo RC4)
seed = arp.iv + key
#Calcul CRC
crc_msg = binascii.crc32(message)
# on concatene le message et l icv pour avoir le message a chiffrer
message_a_chiffrer = message + struct.pack('<i', crc_msg)
# on chiffre le message avec rc4
message_chiffre = rc4.rc4crypt(message_a_chiffrer, seed)
# "le ICV est les derniers 4 octets - je le passe en format Long big endian"
icv_chiffre = message_chiffre[-4:]
(icv_numerique, ) = struct.unpack('!L', icv_chiffre)
# le message chiffre sans le ICV
text_chiffre = message_chiffre[:-4]
#Ajout des champs avec texte chiffré, ICV et numéro de fragment
arp.wepdata = text_chiffre
arp.icv = icv_numerique
arp.SC = i
#Repérer dernier fragment
if i != nb_frag - 1:
arp.FCfield = arp.FCfield | 0x4
return arp
def crypt(data, cap):
# Calcul de l'icv
icv = struct.pack('<i', binascii.crc32(data))
# fragment + icv
data_bloc = data + icv
# seed
seed = cap.iv + key
# encryption
return rc4.rc4crypt(data_bloc, seed)
def encryption(fragment, arp ,key = '\xaa\xaa\xaa\xaa\xaa'):
# on calcule le icv (A.K.A CRC 32) et on le converti en unsigned int little-endian
# To generate the same numeric value across all Python versions and platforms use crc32(data) & 0xffffffff.
icv = binascii.crc32(fragment) & 0xffffffff
icv_clair = struct.pack('<I', icv)
# on ajoute l'icv au fragment pour le donner en input de RC4
fragment_clair = fragment+icv_clair
# on garde la meme seed
seed = arp.iv + key
# chiffrement rc4
return rc4.rc4crypt(fragment_clair,seed)
def encrypt(arp, data, key):
seed = arp.iv + key
arp.icv = crc32(data)
# The crypt process works on data and icv concatenated
plain_message = data + arp.icv
# Crypt the data and icv
cipher = rc4.rc4crypt(plain_message, seed)
# Gather the for last bytes containg the cryped icv and converts it to an integer
arp.icv = struct.unpack('!L', cipher[-4:])[0]
# Wep data is all the cryped datas without the last four bytes(icv)
arp.wepdata = cipher[:-4]
import binascii
import rc4
#Cle wep AA:AA:AA:AA:AA
key = '\xaa\xaa\xaa\xaa\xaa'
arp = rdpcap('arp.cap')[0]
# rc4 seed est composé de IV+clé
seed = arp.iv + key
#message with 36 chars
message = "A new message ! A new message ! A nr"
# create the ICV
icv = struct.pack('<l', binascii.crc32(message))
# concat message and icv
plaintext = message + icv
print(plaintext)
# encrypt the plaintext
message_crypted = rc4.rc4crypt(plaintext, seed)
# set the data
arp.wepdata = message_crypted[:-4]
# set the icv
icv = struct.unpack('!L', message_crypted[-4:])[0]
arp.icv = icv
arp.show()
# store new request
wrpcap("encrypt.cap", arp)
# Création de l'icv
icv=(binascii.crc32(plaintxt) & 0xFFFFFFFF)
print "Base ICV: " + str(icv)
# Converstion de l'icv en littleEndian
icv_LittleEndian=struct.pack('<L', icv)
print "ICV littleEndian: " + icv_LittleEndian.encode("hex")
# Le flux à chiffrer composé de l'icv du bloc et du message en clair
streamClearTxt = plaintxt + icv_LittleEndian
# Chiffrement à l'aide de rc4
encryptedTxt=rc4.rc4crypt(streamClearTxt,seed)
print "Encrypted Text Msg: " + encryptedTxt.encode("hex")
# MAJ contenu msg chiffré (msg + icv)
arp.wepdata = encryptedTxt[:-4]
# MAJ contenu ICV (icv chiffré)
icv_chiff = encryptedTxt[-4:]
# Construit valeur numérique de l'ICV chiffrée
(arp.icv,) = struct.unpack('!L', icv_chiff)
wrpcap('exo2.pcap',arp, append=False)
print "Output created : exo2.pcap"
arp = rdpcap('arp.cap')[0]
# creation du message a chiffre
message = "Salut Adaaaaaaaaaaaaaaaaaaaaaaaaaaam"
# on calcule le icv (A.K.A CRC 32) et on le converti en unsigned int little-endian
# To generate the same numeric value across all Python versions and platforms use crc32(data) & 0xffffffff.
icv = binascii.crc32(message) & 0xffffffff
icv_clair = struct.pack('<I', icv)
# on ajoute l'icv au message pour le donner en input de RC4
message_clair = message + icv_clair
# on garde la meme seed
seed = arp.iv + key
# chiffrement rc4
ciphertext = rc4.rc4crypt(message_clair, seed)
print "ciphertext : " + ciphertext.encode("hex")
print "icv_encrypted : " + ciphertext[-4:].encode("hex")
# on recupere le icv chiffre (4 derniers bytes) et le convertit en Long big endian
(icv_num, ) = struct.unpack('!L', ciphertext[-4:])
# on met a jour le icv ainsi que le message chiffre
arp.icv = icv_num
arp.wepdata = ciphertext[:-4]
wrpcap('arpv2.cap', arp)
def hex0rcrypt(data, key):
crypt = rc4.rc4crypt(data, key)
return "z" + binascii.hexlify(crypt)
#Cle wep AA:AA:AA:AA:AA
key = '\xaa\xaa\xaa\xaa\xaa'
#Fichier de sortie .cap
output = "output.cap"
#Message secret
plaintext = "Hello World !"
#lecture de message chiffré - rdpcap retourne toujours un array, même si la capture contient un seul paquet
arp = rdpcap('arp.cap')[0]
# rc4 seed est composé de IV+clé
seed = arp.iv + key
#Calcule l'ICV sur 4 bytes et l'ajoute au texte
icv_enclair = struct.pack('<i', binascii.crc32(plaintext))
plaintext = plaintext + icv_enclair
#Chiffre le message
ciphertext = rc4.rc4crypt(plaintext, seed)
#Recupère et stock l'ICV chiffré
(arp.icv, ) = struct.unpack('!L', ciphertext[-4:])
#Envoie le message sans l'ICV
arp.wepdata = ciphertext[:-4]
#Genère le fichier
wrpcap(output, arp)
key = '\xaa\xaa\xaa\xaa\xaa'
# setting plain text with 36 chars
quotation = "How strange that all you have to do sometimes to meet somebody is walk up to their house and ring a doorbell, and magically they appear as if from nowhere."
fragments = [quotation[0:36], quotation[36:72], quotation[72:108]]
arps = []
for index in range(0, len(fragments)):
arp = rdpcap('arp.cap')[0]
##1. compute ICV of fragment
icv = binascii.crc32(fragments[index])
icv = struct.pack("<i", icv)
##2. seed -> (RC4) = keystream
##3. keystream XOR (fragment + ICV) = cipher
cipher = rc4.rc4crypt(fragments[index] + icv, arp.iv + key)
##4. add fields
arp.wepdata = cipher[:-4]
(arp.icv, ) = struct.unpack("!L", cipher[-4:])
# setting fragment counter
arp.SC = index
# if last fragment, no more fragments after
if (index != len(fragments) - 1):
# setting more fragments flag to 1
arp.FCfield = arp.FCfield | 0x04
arps.append(arp)
###5. forge cap file
wrpcap("fragmentsForged.cap", arps)
#fragmentation du message en 3
wep_data_fragmented = [plain_wep_data[i:i+len(plain_wep_data)/3] for i in range(0, len(plain_wep_data), len(plain_wep_data)/3)]
ICV_list = []
#seed pour le chiffrement
seed = IV + key
# on effectue toute les opération nécessaire pour chaque fragment
for i in range (0, len(wep_data_fragmented)) :
ICV = binascii.crc32(wep_data_fragmented[i])
ICV = struct.pack('<i', ICV)
#chiffrement du fragment
wep_data_fragmented[i] = wep_data_fragmented[i] + ICV
wep_data_fragmented[i] = rc4.rc4crypt(wep_data_fragmented[i], seed)
#exctraction de l'ICV
icv_encrypted=wep_data_fragmented[i][-4:]
(numerical_icv,)=struct.unpack('!L', icv_encrypted)
ICV_list.insert(len(ICV), numerical_icv)
#exctraction du message sans ICV
wep_data_fragmented[i] = wep_data_fragmented[i][:-4]
print 'Generating the pcap...'
#modification du paquet pris en template
#writer afin de générer le pcap
pktdump = PcapWriter("fragmented.pcap", append=True, sync=True)
# wep key AA:AA:AA:AA:AA
key='\xaa\xaa\xaa\xaa\xaa'
# We read the original encrypted message from the wireshark file - rdpcap always returns an array, even if the pcap only contains one frame
arp = rdpcap('arp.cap')[0]
# Construct the seed
seed = arp.iv+key
# Set the message
message = 'Hello sadness'
# Compute the ICV
icv = crc32(message) & 0xffffffff
icv = struct.pack('<L', icv)
#Encrypt the data
message_encrpyted = rc4.rc4crypt(message+str(icv), seed)
# Edit the packet
arp.icv = struct.unpack('!L', message_encrpyted[-4:])[0]
arp.wepdata = message_encrpyted[:-4]
#Write the pdacket
wrpcap('newarp.pcap', arp)
print 'Encrypted Message: ' + arp.wepdata.encode("hex")
# The message that I want to encrypt
message = "SU 2019".ljust(36, '\0')[:36]
# ICV
icv = binascii.crc32(message) & 0xffffffff
to_enc_icv = struct.pack('<L', icv)
# msg + icv
to_encrypt = message + to_enc_icv
# IV
iv = arp.iv
# The rc4 seed is composed by the IV+key
seed = iv + key
#to_encrypt = message+icv
encrypted = rc4.rc4crypt(to_encrypt, seed)
#restructuring the ICV
icv_num = encrypted[-4:]
icv_num, = struct.unpack('!L', icv_num)
#forging the packet
arp.wepdata = encrypted[:-4]
arp.icv = icv_num
#writing the pcap file
wrpcap('su19.cap', arp)
# Take the data to send from the user input
data = raw_input("Please enter a message of length below 37 bytes:\n").ljust(
36, '\0')[:36]
# Define the icv by computing the crc32 of the data and keeping only the last 4 bytes
icv = crc32(data) & 0xffffffff
# Encrypt the icv as little-endian long
icv_enc = struct.pack('<L', icv)
# Construct the message (cleartext)
message = data + icv_enc
# Encrypt this message with rc4 with the seed being iv|wepkey
message_enc = rc4.rc4crypt(message, seed)
# Get the encrypted icv from the (encrypted) message
icv_enc = message_enc[-4:]
# Unpack it as big-endian long
icv_numerique, = struct.unpack('!L', icv_enc)
# Get the encrypted data from the (encrypted) message
text_encrypted = message_enc[:-4]
# Complete the packet
arp.wepdata = text_encrypted
arp.icv = icv_numeriqu
# Saving it in a pcap file
wrpcap('arp_custom.cap', arp)
arp = rdpcap('arp.cap')[0]
# rc4 seed est composé de IV+clé
seed = arp.iv + key
# Calcul du nouvel ICV en effectuant un CRC du message
# l'instruction & 0xffffffff permet de toujours retourner un icv positif
icv = binascii.crc32(message) & 0xffffffff
# Conversion de l'ICV au format int
icv_int = struct.pack('I', icv)
# Concaténation du message et de l'ICV
message_clear = message + icv_int
# Calcul du frame body en faisant keystream xor message_clear
cryptedText = rc4.rc4crypt(message_clear, seed)
# Récupération de l'ICV crypté
icv_crypted = cryptedText[-4:]
(icv_numerique, ) = struct.unpack('!L', icv_crypted)
# Récupération du message crypté
text_crypte = cryptedText[:-4]
# Remplacement du wepData par le message crypté
arp.wepdata = text_crypte
# Remplacement de l'icv par l'icv crypté
arp.icv = icv_numerique
# Affichage de quelques information
import rc4
#Cle wep AA:AA:AA:AA:AA
key='\xaa\xaa\xaa\xaa\xaa'
#lecture de message chiffré - rdpcap retourne toujours un array, même si la capture contient un seul paquet
arp = rdpcap('arp.cap')[0]
# rc4 seed est composé de IV+clé
seed = arp.iv+key
# recuperation de icv dans le message (arp.icv) (en chiffre) -- je passe au format "text". Il y a d'autres manières de faire ceci...
icv_encrypted='{:x}'.format(arp.icv).decode("hex")
# text chiffré y-compris l'icv
message_encrypted=arp.wepdata+icv_encrypted
# déchiffrement avec rc4
cleartext=rc4.rc4crypt(message_encrypted,seed)
# le ICV est les derniers 4 octets - je le passe en format Long big endian
icv_enclair=cleartext[-4:]
(icv_numerique,)=struct.unpack('!L', icv_enclair)
# le message sans le ICV
text_enclair=cleartext[:-4]
print 'Text: ' + text_enclair.encode("hex")
print 'icv: ' + icv_enclair.encode("hex")
print 'icv(num): ' + str(icv_numerique)
#Cle wep AA:AA:AA:AA:AA
key = '\xaa\xaa\xaa\xaa\xaa'
# On recupere un message qui va nous servir de base
arp = rdpcap(CAPFILE_CLAIR)[0]
# On extrait l iv du message et on le concatene avec notre cle pour creer notre seed (pour l algo RC4)
seed = arp.iv + key
crc_msg = binascii.crc32(MESSAGE)
# on concatene le message et l icv pour avoir le message a chiffrer
message_a_chiffrer = MESSAGE + struct.pack('<i', crc_msg)
# on chiffre le message avec rc4
message_chiffre = rc4.rc4crypt(message_a_chiffrer, seed)
# "le ICV est les derniers 4 octets - je le passe en format Long big endian"
icv_chiffre = message_chiffre[-4:]
(icv_numerique, ) = struct.unpack('!L', icv_chiffre)
# le message chiffre sans le ICV
text_chiffre = message_chiffre[:-4]
#Vérification des entrées et sorties
print("Message clair = " + message_a_chiffrer.encode("hex"))
print("Texte clair = " + MESSAGE.encode("hex"))
print("Message chiffré = " + message_chiffre.encode("hex"))
print("Texte chiffré = " + text_chiffre.encode("hex"))
arp.wepdata = text_chiffre
# rc4 seed est composé de IV+clé
seed = arp.iv + key
# le texte en clair
text_en_clair = 'Suspendisse quis neque a risus amet.'
# calcul de l'icv
icv = binascii.crc32(text_en_clair)
# Ivc en big endian
icv_big_endian = struct.pack('<i', icv)
# Chiffrement avec rc4
text_rc4 = text_en_clair + icv_big_endian
encrypted_text = rc4.rc4crypt(text_rc4, seed)
# extraction du message sans icv
arp.wepdata = encrypted_text[:-4]
# le ICV est les derniers 4 octets - je le passe en format Long big endian
icv_encrypted = encrypted_text[-4:]
# Ivc en big endian
(icv_numerique, ) = struct.unpack('!L', icv_encrypted)
# le message sans le ICV
text_enclair = text_en_clair[:-4]
#modification du champ icv
arp.icv = icv_numerique
from base64 import b32encode
from string import translate, maketrans
from rc4 import rc4crypt
import sys
key = "abcd"
msg = ""
for line in sys.stdin:
msg += line
# remove final newlines
msg = msg.strip()
# pad msg with spaces to 5 byte boundary to avoid '==='
if len(msg) % 5:
msg += ' ' * (5 - len(msg) % 5)
crypt = rc4crypt(msg, key)
b32crypt = b32encode(crypt)
remapped = translate(b32crypt,
maketrans("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",
"3:5[9&2^]{7}*<-8@=4(6#!>|)0+;1$%"))
print "msg: %s (size=%d)" % (msg, len(msg))
print "crypt: %s" % [ord(i) for i in crypt]
print "b32crypt: %s" % b32crypt
print "remapped: %s (size %d)" % (remapped, len(remapped))
print
print 'q*s = "%s";' % remapped
Sender_ip = '\xc0\xa8\x01\xc8'
Target_mac = '\x90\x27\xe4\xea\x61\xf2'
Target_ip = '\xc0\xa8\x01\x64'
plain_wep_data = LLC_header + Hardware_type + Prot + Hardware_size + Prot_size + Opcode + Sender_mac + Sender_ip + Target_mac + Target_ip
seed = IV + key
# calcul de l'ICV du message et concatenation de celui-ci avec le message en clair
ICV = binascii.crc32(plain_wep_data)
ICV = struct.pack('<i', ICV)
plain_wep_data_with_ICV = plain_wep_data + ICV
#chiffrement du texte
cipher_wep_data_with_ICV = rc4.rc4crypt(plain_wep_data_with_ICV, seed)
# le ICV correspond aux 4 derniers octets - on le passe en format Long big endian
icv_encrypted=cipher_wep_data_with_ICV[-4:]
(numerical_icv,)=struct.unpack('!L', icv_encrypted)
# le message sans le ICV
cipher_wep_data=cipher_wep_data_with_ICV[:-4]
print 'Generating the ARP packet...'
#modification du paquet pris en template
forged_arp = arp
forged_arp.icv = numerical_icv
forged_arp.wepdata = cipher_wep_data
# We read the original encrypted message from the wireshark file - rdpcap always returns an array,
# even if the pcap only contains one frame
arp = rdpcap('arp.cap')[0]
# We create a new message.
message = "Encrypt me please"
# We use CRC-32 to calculate the ICV and we cast it in unsigned long
# Thank to Filipe Fortunato to show us that the result of the crc32 function was too long.
icvMessage = zlib.crc32(message) & 0xffffffff
# We generate the full "Payload"
payload = message + struct.pack('<L', icvMessage)
# We kept the old way to calculate the seed.
seed = arp.iv + key
# Now we need to encrypt the payload, the cipherText contains crypted Data + icv
cipherText = rc4.rc4crypt(payload, seed)
# We kept the hex format.
print 'Message to encrypt :' + message + ' with the ICV ' + '{:x}'.format(
icvMessage)
print 'Encrypted message : ' + cipherText[:
-4] + ' and the encrypted ICV is ' + cipherText[
-4:]
# We change the data in the frame so it contains our new ciphered data.
arp.wepdata = cipherText[:-4]
# We change the ICV too.
arp.icv = struct.unpack('!L', cipherText[-4:])[0]
# We are writing the pcap file name openme.pcap
# This file contains the data "Encrypt me please" and can be opened with wireshark if
seed = arp.iv + key
# I recover the ICV from the message (arp.icv). This is a long integer
# Wireshark likes to show this number in hex. And even if Wireshark knows the correct key and
# can decrypt the ICV, it will show the encrypted version only.
# I convert the icv to hex using '{:x}.format and then to it's ascii representation using decode("hex")
# This conversion is requiered by the rc4 implementation we are using.
icv_encrypted = '{:x}'.format(arp.icv).decode("hex")
print 'icv as shown by Wireshark (encrypted): ' + '{:x}'.format(arp.icv)
# Encrypted text including the icv. You need to produce this if you want to decrypt the ICV
message_encrypted = arp.wepdata + icv_encrypted
# Decryption using rc4
cleartext = rc4.rc4crypt(message_encrypted, seed)
# The ICV the last 4 bytes - I convert it to Long big endian using unpack
icv_unencrypted = cleartext[-4:]
(icv_numerique, ) = struct.unpack('!L', icv_unencrypted)
# The payload is the messge minus the 4 last bytes
text_unencrypted = cleartext[:-4]
print 'Unencrypted Message: ' + text_unencrypted.encode("hex")
print 'Unencrypte icv (hex): ' + icv_unencrypted.encode("hex")
print 'Numerical value of icv: ' + str(icv_numerique)
# We read the original encrypted message from the wireshark file - rdpcap always returns an array, even if the pcap only contains one frame
# We will use the arp frame as a template for our own frame
templateFrame = rdpcap('arp.cap')[0]
# Same data as the arp frame
data = "\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x90'\xe4\xeaa\xf2\xc0\xa8\x01d\x00\x00\x00\x00\x00\x00\xc0\xa8\x01\xc8"
# ICV calculated with CRC 32
icv = binascii.crc32(data)
icv = struct.pack('<l', icv)
# Same IV as the arp frame
iv = templateFrame.iv
# Data and ICV to crypt
toCrypt = data + icv
# Seed formed by IV and key
seed = iv + key
# Crypt the data and ICV using RC4
crypted = rc4.rc4crypt(toCrypt, seed)
# We get back the encrypted ICV and unpack it to have a Long int
(intIcv, ) = struct.unpack('!L', crypted[-4:])
# We change the fields' value in the template frame to replace them with our own
templateFrame.wepdata = crypted[:-4]
templateFrame.icv = intIcv
# Write a new pcap file
wrpcap("crypted.cap", templateFrame)
# Calcul du nouvel ICV en effectuant un CRC du message
icv1 = binascii.crc32(message1) & 0xffffffff
icv2 = binascii.crc32(message2) & 0xffffffff
icv3 = binascii.crc32(message3) & 0xffffffff
a1 = struct.pack('I', icv1)
a2 = struct.pack('I', icv2)
a3 = struct.pack('I', icv3)
#texte en clair (message + ICV)
message_clear1=message1 + a1
message_clear2=message2 + a2
message_clear3=message3 + a3
#Calcul du keystream
cryptedText1 = rc4.rc4crypt(message_clear1, seed1)
cryptedText2 = rc4.rc4crypt(message_clear2, seed2)
cryptedText3 = rc4.rc4crypt(message_clear3, seed3)
#récupération del'ICV crypté
icv_crypted1=cryptedText1[-4:]
icv_crypted2=cryptedText2[-4:]
icv_crypted3=cryptedText3[-4:]
(icv_numerique1,)=struct.unpack('!L', icv_crypted1)
(icv_numerique2,)=struct.unpack('!L', icv_crypted2)
(icv_numerique3,)=struct.unpack('!L', icv_crypted3)
#calcul du frame body en faisant keystream xor (data + ICV)
text_crypte1=cryptedText1[:-4]
text_crypte2=cryptedText2[:-4]
# Initialization (generate IV and payload)
iv = trame_template.iv # Get the same IV from the original cap file.
payload = "\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x90'\xe4\xeaa\xf2\xc0\xa8\x01d\x00\x00\x00\x00\x00\x00\xc0\xa8\x01\xc8"
# Calculate the CRC (A.K.A ICV) over the data payload
crc = binascii.crc32(payload)
# Concatenate the ICV to the end of the data
crc_little_endian = struct.pack("<l",crc) # pack as little endian
data = payload + crc_little_endian
# Concatenate the 24 bits IV with shared key (40 bits or 104 bits)
# to create the RC4 seed.
seed = iv+key
# Calculate the XOR of the keystream with the (payload + ICV)
data_encrypt = rc4.rc4crypt(data, seed)
# Extract crc encrypted and unpack using big endian network
crc_big_endian_unpack = struct.unpack("!L",data_encrypt[-4:])
trame_template.wepdata = data_encrypt[:-4] #store encrypted data in the wepdata field
trame_template.icv = crc_big_endian_unpack[0] #store the extracted icv in the frame
# Add frame in a new cap file
wrpcap("arp_rebuild.cap",trame_template)
print "Frame has been rebuilt."
#!/usr/bin/env python import binascii, rc4 data = "db43194d8b49fd48af606868d6e142b483d0b98a443ca9c910071f259b8383d0991b9c9a5fb157cdfcc08bd87fe4baba37e06f9eab6e909b4e9c0c80c94be1dbbd007369b7cbd6daaf983b61e408869c1d1d6e863aa2bc0dfe91f71d30946532c12a8db9bcc6498e493350c6e9ea9a1421a12233d89d6f25c62e798c25aa610558c7c47a1dea7841b41946c905e7" data = "8c1418158048f548ab363b6b8cb013ec83d0b98a443ca9c910071f259b8383d0991b9c9a5fb157cdfcc08bd87fe4baba37e06f9eab6e909b4e9c0c80c94be1dbbd007369b7cbd6daaf983b61e408869c1d1d6e863aa2bc0dfe91f71d30946532c12a8db9bcc6498e493350c6e9ea9a1421a12233d89d6f25c62e798c25aa610558c7c47a1dea7841b41946c905e7" datagoed = "8b101147dc49fc12ab606f6fd7b54cb383d0b98a443ca9c910071f259b8383d0991b9c9a5fb157cdfcc08bd87fe4baba37e06f9eab6e909b4e9c0c80c94be1dbbd007369b7cbd6daaf983b61e408869c1d1d6e863aa2bc0dfe91f71d30946532c12a8db9bcc6498e493350c6e9ea9a1421a12233d89d6f25c62e798c25aa610558c7c47a1dea7841b41946c905e7" # datagoed = '8b154b178b1ff41fff636c3fd9e316e683d0b98a443ca9c910071f259b8383d0991b9c9a5fb157cdfcc08bd87fe4baba37e06f9eab6e909b4e9c0c80c94be1dbbd007369b7cbd6daaf983b61e408869c1d1d6e863aa2bc0dfe91f71d30946532c12a8db9bcc6498e493350c6e9ea9a1421a12233d89d6f25c62e798c25aa610558c7c47a1dea7841b41946c905e7' # datagoed = '8f1318468949a919a8663a68dcb613b683d0b98a443ca9c910071f259b8383d0991b9c9a5fb157cdfcc08bd87fe4baba37e06f9eab6e909b4e9c0c80c94be1dbbd007369b7cbd6daaf983b61e408869c1d1d6e863aa2bc0dfe91f71d30946532c12a8db9bcc6498e493350c6e9ea9a1421a12233d89d6f25c62e798c25aa610558c7c47a1dea7841b41946c905e7' datanepp = "db43194d8b49fd48af606868d6e142b483dfb68b4d6aa8cf4200152092858380cf1b9e905fbb0eeffcc08bd172ebbcac28e460d5b0218c9f00c31996d25ce4c5bc1e7275b2d4d7dba9912369e70c8f9f1d1c73873bb8b40eff98f418308b6432d9228ebfb2c5488d543251dce1e99c1a23a0202dd99d772dc528778f25a80e045cc7b4280efd4114af5d5cdc07bb59" key = "wodrocks" ding = binascii.unhexlify(datagoed) dong = binascii.unhexlify(datanepp) print rc4.rc4crypt(ding, key) print rc4.rc4crypt(dong, key)
arp = rdpcap('arp.cap')[0]
#rc4 seed is the result of IV+key
seed = arp.iv + key
#the message in clear
message = 'Bienvenu au cours Teaching-SWI-2019'
#calculate icv
icv = binascii.crc32(message) & 0xffffffff
icv_bigedian_hex = struct.pack('<L', icv)
message_Rc4 = message + icv_bigedian_hex
# encrypt message + icv with rc4
message_encrypted = rc4.rc4crypt(message_Rc4, seed)
# extract message without icv
arp.wepdata = message_encrypted[:-4]
# the 4th last octects represents icv
icv_crypte = message_encrypted[-4:]
# icv in Long big endian format
(icv_numerique,)=struct.unpack('!L', icv_crypte )
# icv's packet
arp.icv = icv_numerique
#save pcap file
wrpcap('arp-encrypted.pcap',arp)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from scapy.all import *
import binascii
import rc4
#Cle wep AA:AA:AA:AA:AA
key = '\xaa\xaa\xaa\xaa\xaa'
arp = rdpcap('arp.cap')[0]
# setting plain text with 36 chars
plain = "hello-world hello-world hello-world "
##1. compute ICV of plain
icv = binascii.crc32(plain)
icv = struct.pack("<i", icv)
##2. seed -> (RC4) = keystream
##3. keystream XOR (plain + ICV) = cipher
cipher = rc4.rc4crypt(plain + icv, arp.iv + key)
##4. add fields
arp.wepdata = cipher[:-4]
(arp.icv, ) = struct.unpack("!L", cipher[-4:])
###5. forge cap file
wrpcap('arpForged.cap', arp)
from scapy.all import *
import binascii
import rc4
#Cle wep AA:AA:AA:AA:AA
key = '\xaa\xaa\xaa\xaa\xaa'
#lecture de message chiffré - rdpcap retourne toujours un array, même si la capture contient un seul paquet
arp = rdpcap('arp.cap')[0]
# rc4 seed est composé de IV+clé
seed = arp.iv + key
# message à envoyer
msg = "123456789012345678901234567890123456"
# calculer l'icv en utilisant crc32
icv_enclair = crc32(msg)
# chiffrer le cleartext
cleartext = msg + struct.pack('<l', icv_enclair)
ciphertext = rc4.rc4crypt(cleartext, seed)
# mettre les données dans le packet
arp.wepdata = ciphertext[:-4]
arp.icv = struct.unpack('!L', ciphertext[-4:])[0]
# écrire le packet
wrpcap('arp2.cap', arp)
# Trame de départ pour avoir le template
arp = rdpcap('arp.cap')[0]
for fragment in fragments:
# La seed est composé de IV + clé
seed = arp.iv + key
# Calcul de l'ICV
icv = zlib.crc32(fragment)
icv_clair = struct.pack('<i', icv)
# on concatene l'icv et le plaintext
fragment = fragment + icv_clair
# Chiffrement par RC4
ciphertext = rc4.rc4crypt(fragment, seed)
# Prepare les datas
arp.wepdata = ciphertext[:-4]
(arp.icv, ) = struct.unpack('!L', ciphertext[-4:])
arp.SC = frameIndex
frameIndex += 1
if frameIndex == (len(fragments) - 1):
# FC Field pour le dernier bit - Lors du dernier fragment, bit à 0
arp.FCfield = arp.FCfield and 0x4
# Write packet to a pcap file
wrpcap('fragmentsWepEncrypted.cap', arp, append=True)
