Esempio n. 1
0
    def main(self,hexPacket,encType,hashType,*args):
	if len(args) != 0 and len(args) !=3:
		print "ikeHandler needs either packet, encryption type, hash type, or all of those with encryption Key, initial IV, last Current IV arguments. Exiting..."
		exit()
	elif len(args) == 3:
		encKey,initIV,curIV = args
	else:
		pass

	#Run IKE handler class
	ikeHandling = IKEv1Handler(self.debug)
	#Process IKE Header
	ikeHDR = ikeHandling.parseHeader(hexPacket)
	#Returns payNext,iCookie,rCookie,version,msgID,payLen,flags,finByte
	finByte = ikeHDR[-1]
	nextPay = ikeHDR[0]
	iCookie = ikeHDR[1]
	rCookie = ikeHDR[2]
	version = ikeHDR[3]
	xType = ikeHDR[4]
	msgID = ikeHDR[5]
	payLen = ikeHDR[6]
	flags = ikeHDR[7]
	if encType == "AES" or int(encType) == 7 or encType == "07":
		IVlen = 32
	else:
		IVlen = 16

	#Check we are talking IKE version 1
	if version != "10":
		print "Not IKEv1"
		print "IKEv2 is not supported yet\nExiting..."
		exit()

        #Check for encrypted payload
        if flags == "01":
                encPayload = hexPacket[56:int(payLen)*2]
		rawencPayload = encPayload.decode('hex')

                if self.debug > 0:
                        print "Encrypted payload received."
                        print "Encrypted Payload: %s"%encPayload
		if msgID == "00000000":
			#If the message ID is null then initial IV is used
			ikeCrypto = crypto.ikeCrypto()
			ikeDecrypt = ikeCrypto.ikeCipher(encKey, initIV.decode('hex'), encType)
        		ikePlain = ikeDecrypt.decrypt(rawencPayload).encode('hex')		
			if self.debug > 0:
				print "Decrypted payload: %s"%ikePlain
			ikeHandling.parsePayload(ikePlain,nextPay,flags,0)
			p2IV = encPayload[len(encPayload)-IVlen:]
			if self.debug > 0:
				print "Phase 2 IV: %s"%p2IV
			dicCrypto["p2IV"] = p2IV
			#need to return the phase 2 IV if proceeding to phase 2 later?
			return dicCrypto, listVIDs


		elif msgID != "00000000":
                	ikeCrypto = crypto.ikeCrypto()
                	try:
                        	if self.debug > 0:
                        	        print "Current IV: %s"%curIV.encode('hex')
                        	ikeDecrypt = ikeCrypto.ikeCipher(encKey, curIV, encType)
                        	ikePlain = ikeDecrypt.decrypt(rawencPayload).encode('hex')
				if self.debug > 0:
	                        	print "Decrypted payload: %s"%ikePlain
				ikePlain = ikeCrypto.stripPadding(encType, ikePlain)
				if self.debug > 0:
					print "Stripped decrypted payload: %s"%ikePlain
				#Parse the plaintext payloads
				if xType == "04" or xType ==4:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto,listVIDs


				elif xType == "05" or xType == 5:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto,listVIDs

                        	elif xType == "06" or xType == 6:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto

                        	else:
                                	print "This exchange type %s is not included yet. Exiting..."%xType
                                	exit()

			except Exception,e:
				print "Decryption Failed with error: %s"%e
				traceback.print_exc()
				exit()
Esempio n. 2
0
    def main(self,hexPacket,encType,hashType,*args):
	if len(args) != 0 and len(args) !=3:
		print "ikeHandler needs either packet, encryption type, hash type, or all of those with encryption Key, initial IV, last Current IV arguments. Exiting..."
		exit()
	elif len(args) == 3:
		encKey,initIV,curIV = args
	else:
		pass

	#Run IKE handler class
	ikeHandling = IKEv1Handler(self.debug)
	#Process IKE Header
	ikeHDR = ikeHandling.parseHeader(hexPacket)
	#Returns payNext,iCookie,rCookie,version,msgID,payLen,flags,finByte
	finByte = ikeHDR[-1]
	nextPay = ikeHDR[0]
	iCookie = ikeHDR[1]
	rCookie = ikeHDR[2]
	version = ikeHDR[3]
	xType = ikeHDR[4]
	msgID = ikeHDR[5]
	payLen = ikeHDR[6]
	flags = ikeHDR[7]
	if xType == 32:
		phase = 2
	else:
		phase = 1

	if encType == "AES" or int(encType) == 7 or encType == "07":
		IVlen = 32
	else:
		IVlen = 16

	#Check we are talking IKE version 1
	if version != "10":
		print "Not IKEv1"
		print "IKEv2 is not supported yet\nExiting..."
		exit()

        #Check for encrypted payload
        if flags == "01":
                encPayload = hexPacket[56:int(payLen)*2]
		rawencPayload = encPayload.decode('hex')

                if self.debug > 0:
                        print "Encrypted payload received."
                        print "Encrypted Payload: %s"%encPayload
		if msgID == "00000000":
			#If the message ID is null then initial IV is used
			ikeCrypto = crypto.ikeCrypto()
			ikeDecrypt = ikeCrypto.ikeCipher(encKey, initIV.decode('hex'), encType)
        		ikePlain = ikeDecrypt.decrypt(rawencPayload).encode('hex')		
			if self.debug > 0:
				print "Decrypted payload: %s"%ikePlain
			ikeHandling.parsePayload(ikePlain,nextPay,flags,0,phase)
			p2IV = encPayload[len(encPayload)-IVlen:]
			if self.debug > 0:
				print "Phase 2 IV: %s"%p2IV
			dicCrypto["p2IV"] = p2IV
			#need to return the phase 2 IV if proceeding to phase 2 later?
			return dicCrypto, listVIDs


		elif msgID != "00000000":
                	ikeCrypto = crypto.ikeCrypto()
                	try:
                        	if self.debug > 0:
                        	        print "Current IV: %s"%curIV.encode('hex')
                        	ikeDecrypt = ikeCrypto.ikeCipher(encKey, curIV, encType)
                        	ikePlain = ikeDecrypt.decrypt(rawencPayload).encode('hex')
				if self.debug > 0:
	                        	print "Decrypted payload: %s"%ikePlain
				ikePlain = ikeCrypto.stripPadding(encType, ikePlain)
				if self.debug > 0:
					print "Stripped decrypted payload: %s"%ikePlain
				#Parse the plaintext payloads
				if xType == "04" or xType ==4:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0,phase)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto,listVIDs


				elif xType == "05" or xType == 5:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0,phase)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto,listVIDs

                        	elif xType == "06" or xType == 6:
                                	ikeHandling.parsePayload(ikePlain,nextPay,flags,0,phase)
                                	dicCrypto["rCookie"] = rCookie
                                	dicCrypto["xType"] = xType
                                	dicCrypto["iCookie"] = iCookie
                                	dicCrypto["msgID"] = msgID
                                	return dicCrypto

                                elif xType == "32" or xType == 32:
					ikeHandling.parsePayload(ikePlain,nextPay,flags,0,phase)
                                        dicCrypto["rCookie"] = rCookie
                                        dicCrypto["xType"] = xType
                                        dicCrypto["iCookie"] = iCookie
                                        dicCrypto["msgID"] = msgID
                                        return dicCrypto


                        	else:
                                	print "This exchange type %s is not included yet. Exiting..."%xType
                                	exit()

			except Exception,e:
				print "Decryption Failed with error: %s"%e
				###***added debug output here for bug fix
				traceback.print_exc()
				###***brute mode breaks here when incorrect IV is used
				###EDIT
				exit()
###############################
"""

"""
###############################
#details for cookie_i 04e58ee88fa81529 md5 3des
encKey = "5a3b5f488b3d0cae5f82fbe8e3df3a78723f1c23d3a6b2b2"
#p2IV = "bf3b72c878c8032d"
p2IV = "12ed57758e4b41ad"
###############################
"""


#lastBlock for QM should be the last block of the 3rd aggressive mode handshake packet
msgID = rawPacket[40:48]
ikeCrypto = crypto.ikeCrypto()

#initIV = "c4069fa5a55aae3c".decode('hex')
initIV = p2IV.decode('hex')
#curIV = "c4069fa5a55aae3c".decode('hex')
#initIV = "6139be47fccb962a".decode('hex')
#initIV = "cea46a34198827badf97eecbc3288ffb".decode('hex')

ikeHandler = ikehandler.IKEv1Handler(debug)
ikeCrypto = crypto.ikeCrypto()

#curIV = ikeCrypto.calcIV(lastBlock.decode('hex'),msgID.decode('hex'), IVlen, hashType)

#curIV = curIV[8:]
#curIV = "310b9f65dfb2542b".decode('hex')