def crack(self, start=0x00000000, stop=0xFFFFFFFF):
finalseed = start
last_write = 0
crc_correct = False
give_up = False
while (not crc_correct) and (not give_up):
rc4context = RC4_Context()
Skype_RC4_Expand_IV(finalseed, rc4context)
plaintext = RC4_crypt(self.cipher, rc4context)
crc = long2hex(skype_crc(plaintext))
crc_correct = crc == self.crc
if not crc_correct:
if finalseed < stop:
finalseed += 1
if finalseed - last_write > 10000:
open('currentfinalseed',
'w').write(long2hex(finalseed))
print long2hex(finalseed)
last_write = finalseed
else:
open('currentfinalseed', 'w').write(long2hex(finalseed))
print 'tried all keys without success. giving up ...'
give_up = True
if not give_up:
print long2hex(finalseed) + ' - cracked'
# print '\tcrc:\t'+crc
# print '\tplaintext:\n\t\t'+str2hex(plaintext)
# open('finalseed','w').write(long2hex(finalseed))
return plaintext
def crack(self, start=0x00000000, stop=0xFFFFFFFF):
finalseed = start
last_write = 0
crc_correct = False
give_up = False
while (not crc_correct) and (not give_up):
rc4context = RC4_Context()
Skype_RC4_Expand_IV(finalseed, rc4context)
plaintext = RC4_crypt(self.cipher, rc4context)
crc = long2hex(skype_crc(plaintext))
crc_correct = crc == self.crc
if not crc_correct:
if finalseed < stop:
finalseed += 1
if finalseed-last_write > 10000:
open('currentfinalseed','w').write(long2hex(finalseed))
print long2hex(finalseed)
last_write = finalseed
else:
open('currentfinalseed','w').write(long2hex(finalseed))
print 'tried all keys without success. giving up ...'
give_up = True
if not give_up:
print long2hex(finalseed)+' - cracked'
# print '\tcrc:\t'+crc
# print '\tplaintext:\n\t\t'+str2hex(plaintext)
# open('finalseed','w').write(long2hex(finalseed))
return plaintext
def crack(self, start=0x00000000, stop=0xFFFFFFFF, exit=True):
shortkey = start
last_key_written = 0
crc_correct = False
while (not crc_correct):
rc4context = RC4_Context()
Skype_RC4_Expand_IV(shortkey, rc4context)
plaintext = RC4_crypt(self.cipher, rc4context)
crc = long2hex(skype_crc(plaintext))
crc_correct = crc == self.crc
if not crc_correct:
if shortkey < stop:
shortkey += 1
if shortkey - last_key_written > 50000:
f = open(
'rc4bf-' + self.crc + '-' + sys.argv[1] +
'.current', 'w')
f.write(long2hex(shortkey))
f.close()
last_key_written = shortkey
print long2hex(shortkey)
else:
f = open(
'rc4bf-' + self.crc + '-' + sys.argv[1] + '.current',
'w')
f.write(long2hex(shortkey))
f.close()
print 'tried all keys without success. giving up ...'
break
if crc_correct: # cracked
f = open('rc4bf-' + self.crc + '-' + sys.argv[1] + '.cracked', 'w')
f.write('shortkey: ' + long2hex(shortkey) + '\n')
f.write('plaintext: ' + str2hex(plaintext) + '\n')
f.write('crc: ' + crc)
f.close()
print long2hex(shortkey) + ' - cracked'
print '\tcrc:\t' + crc
print '\tplaintext:\n\t\t' + str2hex(plaintext)
if exit:
sys.exit()
return plaintext
def crack(self, start=0x00000000, stop=0xFFFFFFFF, exit=True):
shortkey = start
last_key_written = 0
crc_correct = False
while (not crc_correct):
rc4context = RC4_Context()
Skype_RC4_Expand_IV(shortkey, rc4context)
plaintext = RC4_crypt(self.cipher, rc4context)
crc = long2hex(skype_crc(plaintext))
crc_correct = crc == self.crc
if not crc_correct:
if shortkey < stop:
shortkey += 1
if shortkey-last_key_written > 50000:
f = open('rc4bf-'+self.crc+'-'+sys.argv[1]+'.current','w')
f.write(long2hex(shortkey))
f.close()
last_key_written = shortkey
print long2hex(shortkey)
else:
f = open('rc4bf-'+self.crc+'-'+sys.argv[1]+'.current','w')
f.write(long2hex(shortkey))
f.close()
print 'tried all keys without success. giving up ...'
break
if crc_correct: # cracked
f = open('rc4bf-'+self.crc+'-'+sys.argv[1]+'.cracked','w')
f.write('shortkey: '+long2hex(shortkey)+'\n')
f.write('plaintext: '+str2hex(plaintext)+'\n')
f.write('crc: '+crc)
f.close()
print long2hex(shortkey)+' - cracked'
print '\tcrc:\t'+crc
print '\tplaintext:\n\t\t'+str2hex(plaintext)
if exit:
sys.exit()
return plaintext
def decrypt(self, cipher, src, dst, objectid, iv, crc):
if self.print_cipher:
print '\tcipher:\n\t\t' + str2hex(cipher)
test_sources = [
src,
self.ExternalIP,
'\x00\x00\x00\x00',
]
# for j in range(2):
# for i in range(255):
# test_sources.append(chr(192)+chr(168)+chr(j+1)+chr(i+1))
test_dests = [
dst,
self.ExternalIP,
'\x00\x00\x00\x00',
]
# for j in range(2):
# for i in range(255):
# test_dests.append(chr(192)+chr(168)+chr(j+1)+chr(i+1))
correct = False
for src in test_sources:
for dst in test_dests:
if self.print_seeding:
print '\tsrc ip: ' + print_address(
src) + '\tdst ip: ' + print_address(dst),
seed = Seed(src, dst, objectid)
if self.print_seeding:
print '\tseed: ' + long2hex(seed),
seed = seed ^ str2long(iv) # XOR
if self.print_seeding:
print '\t\tseed ^ iv: ' + long2hex(seed)
rc4context = RC4_Context()
Skype_RC4_Expand_IV(seed, rc4context)
plaintext = RC4_crypt(cipher, rc4context)
calc_crc = long2hex(skype_crc(plaintext)) # long
pkt_crc = str2hex(crc) # string
correct = calc_crc == pkt_crc
if correct:
if self.print_plaintext:
print '\tcrc correct'
break
if correct:
break
if self.print_plaintext and calc_crc == pkt_crc:
print '\tdecryption succeed with src=' + print_address(
src) + ', dst=' + print_address(dst)
# print '\tplaintext:\n\t\t'+str2hex(plaintext)
if not correct:
if self.print_plaintext:
print '\tdecryption failed'
return None
return plaintext
def decrypt(self, cipher, src, dst, objectid, iv, crc): if self.print_cipher: print '\tcipher:\n\t\t'+str2hex(cipher) test_sources = [ src, self.ExternalIP, '\x00\x00\x00\x00', ] # for j in range(2): # for i in range(255): # test_sources.append(chr(192)+chr(168)+chr(j+1)+chr(i+1)) test_dests = [ dst, self.ExternalIP, '\x00\x00\x00\x00', ] # for j in range(2): # for i in range(255): # test_dests.append(chr(192)+chr(168)+chr(j+1)+chr(i+1)) correct = False for src in test_sources: for dst in test_dests: if self.print_seeding: print '\tsrc ip: '+print_address(src)+'\tdst ip: '+print_address(dst), seed = Seed(src, dst, objectid) if self.print_seeding: print '\tseed: '+long2hex(seed), seed = seed ^ str2long(iv) # XOR if self.print_seeding: print '\t\tseed ^ iv: '+long2hex(seed) rc4context = RC4_Context() Skype_RC4_Expand_IV(seed, rc4context) plaintext = RC4_crypt(cipher, rc4context) calc_crc = long2hex(skype_crc(plaintext)) # long pkt_crc = str2hex(crc) # string correct = calc_crc == pkt_crc if correct: if self.print_plaintext: print '\tcrc correct' break if correct: break if self.print_plaintext and calc_crc == pkt_crc: print '\tdecryption succeed with src='+print_address(src)+', dst='+print_address(dst) # print '\tplaintext:\n\t\t'+str2hex(plaintext) if not correct: if self.print_plaintext: print '\tdecryption failed' return None return plaintext
