def decoder(self, pkt, keyText):
"""Take a packet with [Dot11WEP] and apply RC4 to get the [LLC]"""
## Re-use the IV for comparative purposes
# <class 'bytes'>
# b'z\x00\x00\x124Vx\x90'
# print('DECODING')
# print([pkt[Dot11WEP].iv])
# print(str([pkt[Dot11WEP].iv]))
# print(type(pkt[Dot11WEP].iv))
iVal = pkt[Dot11WEP].iv
# print(iVal)
# print(keyText)
seed = self.seedGen(iVal, keyText)
## Remove the FCS so that we maintain packet size
pload = self.pt.byteRip(pkt[Dot11WEP],
order='last',
qty=4,
chop=True,
output='str')
## Return the stream, iv and seed
# print('\n\n\n')
# print(type(pload))
# print('\n')
# print(pload)
# print('\n\n\n')
# print(type(seed))
# print(seed)
return rc4(Dot11WEP(pload).wepdata, seed), iVal, seed
def decoder(self, pkt, keyText):
"""Take a packet with [Dot11WEP] and apply RC4 to get the [LLC]"""
## Re-use the IV for comparative purposes
iVal = pkt[Dot11WEP].iv
seed = self.seedGen(iVal, keyText)
## Remove the FCS so that we maintain packet size
pload = self.pt.byteRip(pkt[Dot11WEP],
order='last',
qty=4,
chop=True,
output='str')
## Return the stream, iv and seed
return rc4(Dot11WEP(pload).wepdata, seed), iVal, seed
def enBuilder(self, pkt, stream, iVal):
## Remove the LLC layer
del pkt[LLC]
## Add the Dot11WEP layer
encodedPacket = pkt / Dot11WEP(iv=iVal, keyid=0, wepdata=stream)
## Flip FCField bits accordingly
if encodedPacket[Dot11].FCfield == 1:
encodedPacket[Dot11].FCfield = 65
elif encodedPacket[Dot11].FCfield == 2:
encodedPacket[Dot11].FCfield = 66
## Add the ICV
#encodedPacket[Dot11WEP].icv = int(self.pt.endSwap(hex(crc32(str(encodedPacket[Dot11])[0:-4]) & 0xffffffff)), 16)
encodedPacket[Dot11WEP].icv = int(
self.pt.fcsGen(encodedPacket[Dot11], end=-4), 16)
return encodedPacket
for i in range(3):
# Warning : afin de tester, message non divisible par 3 peut avoir des pertes d'informations
fragmentSize = int(len(message) / 3)
# Découpe le message en fragments
fragmentMessage = message[fragmentSize * i:fragmentSize * (i + 1)]
# Calcul de l'ICV du fragment actuel
icv = zlib.crc32(fragmentMessage).to_bytes(4, byteorder='little')
# On chiffre le fragment + icv.
seed = iv + key
cipher = RC4(seed, streaming=False)
encrypted_message = cipher.crypt(fragmentMessage + icv)
# On crée un nouveau packet avec les bonnes valeurs.
wepdata = encrypted_message[:-4]
encrypted_icv = int.from_bytes(encrypted_message[-4:], byteorder='big')
# Si ce n'est pas le dernier fragment (!= 2) l'on rajout MF (More Fragments) à notre frame Dot11
if i != 2:
pck = RadioTap() / Dot11(type='Data',
FCfield='to-DS+protected+MF') / Dot11WEP(
iv=iv, wepdata=wepdata, icv=encrypted_icv)
else:
pck = RadioTap() / Dot11(type='Data',
FCfield='to-DS+protected') / Dot11WEP(
iv=iv, wepdata=wepdata, icv=encrypted_icv)
pck.SC = i
# On ajoute le fragment dans une capture pcap.
wrpcap('ex3.cap', pck, append=True)
print(pck.show())
from zlib import crc32
# Cle wep AA:AA:AA:AA:AA
key = b'\xaa\xaa\xaa\xaa\xaa'
iv = get_random_bytes(3)
# Meme message que ex1 pour tester
message = bytes.fromhex(
"aaaa03000000080600010800060400019027e4ea61f2c0a80166000000000000c0a801c8")
# rc4 seed est composé de IV+clé
seed = iv + key
# Calcul de l'ICV du message
icv = crc32(message).to_bytes(4, byteorder='little')
# Les données a chiffrer c'est le message et l'ICV
message_to_encrypt = message + icv
# chiffrement rc4
cipher = RC4(seed, streaming=False)
encrypted_data = cipher.crypt(message_to_encrypt)
# On extrait l'ICV chiffré (4 dernier byte)
encrypted_icv = int.from_bytes(encrypted_data[-4:], byteorder='big')
# On creer notre paquet WEP
packet = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected') / Dot11WEP(
iv=iv, wepdata=encrypted_data[:-4], icv=encrypted_icv)
wrpcap('task2.cap', packet, append=True)
# Calcul de l'ICV du message
count = 0
for i, message in enumerate(messages):
# Creation de l'ICV a l'aide d'un CRC32
icv = crc32(message).to_bytes(4, byteorder='little')
# Les données a chiffrer sont le message et l'ICV
message_to_encrypt = message + icv
# chiffrement rc4
cipher = RC4(seed, streaming=False)
encrypted_data = cipher.crypt(message_to_encrypt)
# On extrait l'ICV chiffré (4 dernier byte)
encrypted_icv = int.from_bytes(encrypted_data[-4:], byteorder='big')
# On regarde si c'est notre dernier paquet, si c'est le cas on ne met pas le flag MF (more fragment)
flags = ""
if i != len(messages) - 1:
flags = "to-DS+protected+MF"
else:
flags = "to-DS+protected"
# On creer notre paquet WEP
packet = RadioTap() / Dot11(type='Data', FCfield=flags) / Dot11WEP(
iv=iv, wepdata=encrypted_data[:-4], icv=encrypted_icv)
# On donne le numéro de paquet
packet.SC = i
wrpcap('task3.cap', packet, append=True)
from rc4 import RC4
from scapy.all import *
from scapy.layers.dot11 import RadioTap, Dot11, Dot11WEP
"""
Manually encrypt a WEP message using a given WEP key and IV.
The packet is created from scratch with scapy, it is not read from the arp.cap file.
"""
# Clé WEP : AA:AA:AA:AA:AA
iv = b'\x0cM\\' # IV du packet ARP fourni
key = b'\xaa\xaa\xaa\xaa\xaa'
# On crée un nouveau message et on calcule son ICV.
message = b'hello_world!'
icv = zlib.crc32(message).to_bytes(4, byteorder='little')
# On chiffre le message + icv.
seed = iv + key
cipher = RC4(seed, streaming=False)
encrypted_message = cipher.crypt(message + icv)
# On crée un nouveau packet avec les bonnes valeurs.
wepdata = encrypted_message[:-4]
encrypted_icv = int.from_bytes(encrypted_message[-4:], byteorder='big')
pck = RadioTap() / Dot11(type='Data', FCfield='to-DS+protected') / Dot11WEP(
iv=iv, wepdata=wepdata, icv=encrypted_icv)
# On écrit le packet dans une nouvelle capture pcap.
wrpcap('ex2.cap', pck, append=False)
print(pck.show())