コード例 #1
0
ファイル: pcapTCP.py プロジェクト: ypwang314/OpenSkype
def incoming(pktlen, pkt, timestamp):
    eth = Ethernet(pkt)
    ip = IP(str(eth.data))
    tcp = TCP(str(ip.data))
    print str(len(tcp.data)).zfill(2) + ' bytes <- ',

    global first_in
    global seed_in
    global rc4_in
    if first_in:
        s = tcp.data[:4]
        seed_in = ord(s[0]) * 0x01000000 + ord(s[1]) * 0x010000 + ord(
            s[2]) * 0x0100 + ord(s[3]) * 0x01
        Skype_RC4_Expand_IV(seed_in, rc4_in)
        plaintext = RC4_crypt(tcp.data[4:14], rc4_in)
        print '\t' + str2hex(plaintext)
        rc4_in = RC4_Context()
        if len(tcp.data) > 14:
            Skype_RC4_Expand_IV(seed_in, rc4_in)
            plaintext = RC4_crypt(str(tcp.data[14:]), rc4_in)
            print '\t' + str2hex(plaintext)
        first_in = False
    else:
        Skype_RC4_Expand_IV(seed_in, rc4_in)
        plaintext = RC4_crypt(str(tcp.data), rc4_in)
        print '\t' + str2hex(plaintext)
コード例 #2
0
    def crack(self, start=0x00000000, stop=0xFFFFFFFF):
        finalseed = start

        last_write = 0
        crc_correct = False
        give_up = False

        while (not crc_correct) and (not give_up):
            rc4context = RC4_Context()
            Skype_RC4_Expand_IV(finalseed, rc4context)
            plaintext = RC4_crypt(self.cipher, rc4context)
            crc = long2hex(skype_crc(plaintext))
            crc_correct = crc == self.crc
            if not crc_correct:
                if finalseed < stop:
                    finalseed += 1
                    if finalseed - last_write > 10000:
                        open('currentfinalseed',
                             'w').write(long2hex(finalseed))
                        print long2hex(finalseed)
                        last_write = finalseed
                else:
                    open('currentfinalseed', 'w').write(long2hex(finalseed))
                    print 'tried all keys without success. giving up ...'
                    give_up = True

        if not give_up:
            print long2hex(finalseed) + ' - cracked'
            #			print '\tcrc:\t'+crc
            #			print '\tplaintext:\n\t\t'+str2hex(plaintext)
            #			open('finalseed','w').write(long2hex(finalseed))
            return plaintext
コード例 #3
0
ファイル: rc4bruteforce.py プロジェクト: ypwang314/OpenSkype
    def crack(self, start=0x00000000, stop=0xFFFFFFFF, exit=True):
        shortkey = start

        last_key_written = 0
        crc_correct = False

        while (not crc_correct):
            rc4context = RC4_Context()
            Skype_RC4_Expand_IV(shortkey, rc4context)
            plaintext = RC4_crypt(self.cipher, rc4context)
            crc = long2hex(skype_crc(plaintext))
            crc_correct = crc == self.crc
            if not crc_correct:
                if shortkey < stop:
                    shortkey += 1
                    if shortkey - last_key_written > 50000:
                        f = open(
                            'rc4bf-' + self.crc + '-' + sys.argv[1] +
                            '.current', 'w')
                        f.write(long2hex(shortkey))
                        f.close()
                        last_key_written = shortkey
                        print long2hex(shortkey)
                else:
                    f = open(
                        'rc4bf-' + self.crc + '-' + sys.argv[1] + '.current',
                        'w')
                    f.write(long2hex(shortkey))
                    f.close()
                    print 'tried all keys without success. giving up ...'
                    break

        if crc_correct:  # cracked
            f = open('rc4bf-' + self.crc + '-' + sys.argv[1] + '.cracked', 'w')
            f.write('shortkey: ' + long2hex(shortkey) + '\n')
            f.write('plaintext: ' + str2hex(plaintext) + '\n')
            f.write('crc: ' + crc)
            f.close()
            print long2hex(shortkey) + ' - cracked'
            print '\tcrc:\t' + crc
            print '\tplaintext:\n\t\t' + str2hex(plaintext)
            if exit:
                sys.exit()
            return plaintext
コード例 #4
0
    def decrypt(self, cipher, src, dst, objectid, iv, crc):
        if self.print_cipher:
            print '\tcipher:\n\t\t' + str2hex(cipher)

        test_sources = [
            src,
            self.ExternalIP,
            '\x00\x00\x00\x00',
        ]

        #		for j in range(2):
        #			for i in range(255):
        #				test_sources.append(chr(192)+chr(168)+chr(j+1)+chr(i+1))

        test_dests = [
            dst,
            self.ExternalIP,
            '\x00\x00\x00\x00',
        ]

        #		for j in range(2):
        #			for i in range(255):
        #				test_dests.append(chr(192)+chr(168)+chr(j+1)+chr(i+1))

        correct = False

        for src in test_sources:
            for dst in test_dests:
                if self.print_seeding:
                    print '\tsrc ip: ' + print_address(
                        src) + '\tdst ip: ' + print_address(dst),

                seed = Seed(src, dst, objectid)
                if self.print_seeding:
                    print '\tseed: ' + long2hex(seed),
                seed = seed ^ str2long(iv)  # XOR
                if self.print_seeding:
                    print '\t\tseed ^ iv: ' + long2hex(seed)

                rc4context = RC4_Context()
                Skype_RC4_Expand_IV(seed, rc4context)
                plaintext = RC4_crypt(cipher, rc4context)
                calc_crc = long2hex(skype_crc(plaintext))  # long
                pkt_crc = str2hex(crc)  # string

                correct = calc_crc == pkt_crc
                if correct:
                    if self.print_plaintext:
                        print '\tcrc correct'
                    break
            if correct:
                break

        if self.print_plaintext and calc_crc == pkt_crc:
            print '\tdecryption succeed with src=' + print_address(
                src) + ', dst=' + print_address(dst)
#			print '\tplaintext:\n\t\t'+str2hex(plaintext)

        if not correct:
            if self.print_plaintext:
                print '\tdecryption failed'
            return None
        return plaintext
コード例 #5
0
ファイル: pcapTCP.py プロジェクト: ypwang314/OpenSkype
    fname = sys.argv[1]
except:
    fname = 'SkypeIRC.cap'

#p = pcapObject()
#p.open_offline(fname)
streams = TCPStreams(fname).filter(dport=57322)  #40022)
print str(len(streams)) + ' streams filtered.'
s = streams[0]
stream = FollowTCPStream(fname, s)
print 'Following the chat between ' + print_address(s['src']) + ':' + str(
    s['sport']) + ' and ' + print_address(s['dst']) + ':' + str(s['dport'])

first_out = True
seed_out = None
rc4_out = RC4_Context()


def outgoing(pktlen, pkt, timestamp):
    eth = Ethernet(pkt)
    ip = IP(str(eth.data))
    tcp = TCP(str(ip.data))
    print str(len(tcp.data)).zfill(2) + ' bytes -> ',

    global first_out
    global seed_out
    global rc4_out
    if first_out:
        s = tcp.data[:4]
        seed_out = ord(s[0]) * 0x01000000 + ord(s[1]) * 0x010000 + ord(
            s[2]) * 0x0100 + ord(s[3]) * 0x01
コード例 #6
0
ファイル: expandkey.py プロジェクト: ypwang314/OpenSkype
#!/usr/bin/python
# -*- coding: iso-8859-15 -*-

from FluxCapacitor import Seed, Skype_RC4_Expand_IV, skype_crc, RC4_Context, RC4_crypt
from utils import *

shortkey = 0x10325434L

rc4context = RC4_Context()
Skype_RC4_Expand_IV(shortkey, rc4context)
#plaintext = RC4_crypt(self.cipher, rc4context)

longkey = str2hex(str(rc4context.s))
print str(len(longkey))
print longkey