def decoder(self, pkt, keyText): """Take a packet with [Dot11WEP] and apply RC4 to get the [LLC]""" ## Re-use the IV for comparative purposes # <class 'bytes'> # b'z\x00\x00\x124Vx\x90' # print('DECODING') # print([pkt[Dot11WEP].iv]) # print(str([pkt[Dot11WEP].iv])) # print(type(pkt[Dot11WEP].iv)) iVal = pkt[Dot11WEP].iv # print(iVal) # print(keyText) seed = self.seedGen(iVal, keyText) ## Remove the FCS so that we maintain packet size pload = self.pt.byteRip(pkt[Dot11WEP], order='last', qty=4, chop=True, output='str') ## Return the stream, iv and seed # print('\n\n\n') # print(type(pload)) # print('\n') # print(pload) # print('\n\n\n') # print(type(seed)) # print(seed) return rc4(Dot11WEP(pload).wepdata, seed), iVal, seed
def decoder(self, pkt, keyText): """Take a packet with [Dot11WEP] and apply RC4 to get the [LLC]""" ## Re-use the IV for comparative purposes iVal = pkt[Dot11WEP].iv seed = self.seedGen(iVal, keyText) ## Remove the FCS so that we maintain packet size pload = self.pt.byteRip(pkt[Dot11WEP], order='last', qty=4, chop=True, output='str') ## Return the stream, iv and seed return rc4(Dot11WEP(pload).wepdata, seed), iVal, seed
def enBuilder(self, pkt, stream, iVal): ## Remove the LLC layer del pkt[LLC] ## Add the Dot11WEP layer encodedPacket = pkt / Dot11WEP(iv=iVal, keyid=0, wepdata=stream) ## Flip FCField bits accordingly if encodedPacket[Dot11].FCfield == 1: encodedPacket[Dot11].FCfield = 65 elif encodedPacket[Dot11].FCfield == 2: encodedPacket[Dot11].FCfield = 66 ## Add the ICV #encodedPacket[Dot11WEP].icv = int(self.pt.endSwap(hex(crc32(str(encodedPacket[Dot11])[0:-4]) & 0xffffffff)), 16) encodedPacket[Dot11WEP].icv = int( self.pt.fcsGen(encodedPacket[Dot11], end=-4), 16) return encodedPacket
for i in range(3): # Warning : afin de tester, message non divisible par 3 peut avoir des pertes d'informations fragmentSize = int(len(message) / 3) # Découpe le message en fragments fragmentMessage = message[fragmentSize * i:fragmentSize * (i + 1)] # Calcul de l'ICV du fragment actuel icv = zlib.crc32(fragmentMessage).to_bytes(4, byteorder='little') # On chiffre le fragment + icv. seed = iv + key cipher = RC4(seed, streaming=False) encrypted_message = cipher.crypt(fragmentMessage + icv) # On crée un nouveau packet avec les bonnes valeurs. wepdata = encrypted_message[:-4] encrypted_icv = int.from_bytes(encrypted_message[-4:], byteorder='big') # Si ce n'est pas le dernier fragment (!= 2) l'on rajout MF (More Fragments) à notre frame Dot11 if i != 2: pck = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected+MF') / Dot11WEP( iv=iv, wepdata=wepdata, icv=encrypted_icv) else: pck = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected') / Dot11WEP( iv=iv, wepdata=wepdata, icv=encrypted_icv) pck.SC = i # On ajoute le fragment dans une capture pcap. wrpcap('ex3.cap', pck, append=True) print(pck.show())
from zlib import crc32 # Cle wep AA:AA:AA:AA:AA key = b'\xaa\xaa\xaa\xaa\xaa' iv = get_random_bytes(3) # Meme message que ex1 pour tester message = bytes.fromhex( "aaaa03000000080600010800060400019027e4ea61f2c0a80166000000000000c0a801c8") # rc4 seed est composé de IV+clé seed = iv + key # Calcul de l'ICV du message icv = crc32(message).to_bytes(4, byteorder='little') # Les données a chiffrer c'est le message et l'ICV message_to_encrypt = message + icv # chiffrement rc4 cipher = RC4(seed, streaming=False) encrypted_data = cipher.crypt(message_to_encrypt) # On extrait l'ICV chiffré (4 dernier byte) encrypted_icv = int.from_bytes(encrypted_data[-4:], byteorder='big') # On creer notre paquet WEP packet = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected') / Dot11WEP( iv=iv, wepdata=encrypted_data[:-4], icv=encrypted_icv) wrpcap('task2.cap', packet, append=True)
# Calcul de l'ICV du message count = 0 for i, message in enumerate(messages): # Creation de l'ICV a l'aide d'un CRC32 icv = crc32(message).to_bytes(4, byteorder='little') # Les données a chiffrer sont le message et l'ICV message_to_encrypt = message + icv # chiffrement rc4 cipher = RC4(seed, streaming=False) encrypted_data = cipher.crypt(message_to_encrypt) # On extrait l'ICV chiffré (4 dernier byte) encrypted_icv = int.from_bytes(encrypted_data[-4:], byteorder='big') # On regarde si c'est notre dernier paquet, si c'est le cas on ne met pas le flag MF (more fragment) flags = "" if i != len(messages) - 1: flags = "to-DS+protected+MF" else: flags = "to-DS+protected" # On creer notre paquet WEP packet = RadioTap() / Dot11(type='Data', FCfield=flags) / Dot11WEP( iv=iv, wepdata=encrypted_data[:-4], icv=encrypted_icv) # On donne le numéro de paquet packet.SC = i wrpcap('task3.cap', packet, append=True)
from rc4 import RC4 from scapy.all import * from scapy.layers.dot11 import RadioTap, Dot11, Dot11WEP """ Manually encrypt a WEP message using a given WEP key and IV. The packet is created from scratch with scapy, it is not read from the arp.cap file. """ # Clé WEP : AA:AA:AA:AA:AA iv = b'\x0cM\\' # IV du packet ARP fourni key = b'\xaa\xaa\xaa\xaa\xaa' # On crée un nouveau message et on calcule son ICV. message = b'hello_world!' icv = zlib.crc32(message).to_bytes(4, byteorder='little') # On chiffre le message + icv. seed = iv + key cipher = RC4(seed, streaming=False) encrypted_message = cipher.crypt(message + icv) # On crée un nouveau packet avec les bonnes valeurs. wepdata = encrypted_message[:-4] encrypted_icv = int.from_bytes(encrypted_message[-4:], byteorder='big') pck = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected') / Dot11WEP( iv=iv, wepdata=wepdata, icv=encrypted_icv) # On écrit le packet dans une nouvelle capture pcap. wrpcap('ex2.cap', pck, append=False) print(pck.show())