Add tools to crack victim identifiers

CMakeLists.txt

@@ -29,6 +29,10 @@ set(MOCK_SOURCE_FILES mock_net.cpp)

set(REPLICA_SOURCE_FILES replica.c )


add_executable(find_ips find_ips.c ${CLI_SOURCE_FILES} ${MOCK_SOURCE_FILES})
add_executable(RunAllTests RunAllTests.cpp ${CLI_SOURCE_FILES} ${MOCK_SOURCE_FILES})
target_link_libraries(find_ips  ${CPPUTEST_LIB} ${CPPUTEST_EXT_LIB} ${OPENSSL_LIB} ${CRYPTO_LIB} "--coverage")
target_link_libraries(RunAllTests  ${CPPUTEST_LIB} ${CPPUTEST_EXT_LIB} ${OPENSSL_LIB} ${CRYPTO_LIB} "--coverage")
target_compile_options(RunAllTests PUBLIC --coverage)

RunAllTests.cpp

@@ -13,6 +13,7 @@ extern "C" {
#include "mock_data.h"
#include "client.h"
#include "crypto.h"
#include "crack.h"
}


@@ -271,6 +272,173 @@ TEST(Task3, BinEncKey) {

}

TEST_GROUP(Task5) {
    const char *CIDs[5];
    const char *NegCIDs[5];

    void setup() {
        const char *otp = "206446";
        _BYTE src[4] = {10, 0, 34, 241};

        const char *lCIDs[5] = {
                "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",
                "56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
                "3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
                "bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
                "ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
        };

        const char *lCIDNeg[5] = {
                "078000005005d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",
                "56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
                "3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
                "bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
                "ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
        };


        memcpy(CIDs, lCIDs, sizeof(CIDs));
        memcpy(NegCIDs, lCIDNeg, sizeof(NegCIDs));

        set_loc_data(src, otp);


    }

    void teardown() {}
};

TEST(Task5, MatchCIDPos)
{
    const char *expCid = "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6";


    int rv = cid_matches(CIDs, 5, expCid);

    CHECK_TRUE(rv);

}

TEST(Task5, MatchCIDNeg) {

    const char *expCid = "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6";

    int rv = cid_matches(NegCIDs, 5, expCid);

    CHECK_TRUE(!rv);

}

TEST(Task5, GenerateOTPVal) {

    const char *expotp = "206446";
    char otpBuf[9];

    gen_otp_val(otpBuf, 206446);
    STRCMP_EQUAL(expotp, otpBuf);
}


TEST(Task5, GenerateIPDisplay) {

    _BYTE src[4] = {10, 47, 194, 254};
    char buf[80];
    const char *exp_res = "10.47.194.254";

    gen_display_res(buf, src);

    STRCMP_EQUAL(buf, exp_res);

}

TEST(Task5, CIDCrackSinglePassPos)
{
    _BYTE src[4] = {10, 47, 114, 22};
    int otp = 197548;

    int rv = cid_crack_attempt( CIDs, 5, src, otp);

    CHECK(rv);
}

TEST(Task5, CIDCrackSinglePassNeg)
{
    _BYTE src[4] = {10, 47, 114, 22};
    int otp = 197548;

    int rv = cid_crack_attempt( NegCIDs, 5, src, otp);

    CHECK(!rv);
}

TEST(Task5, FullParamCoverStartBeg)
{
    int idx = crk_slice_start(0);
    LONGS_EQUAL(idx, 0);
}

TEST(Task5, FullParamCoverEndBeg)
{
    int idx = crk_slice_end(0);
    LONGS_EQUAL(idx, 31);
}

TEST(Task5, FullParamCoverStartEnd)
{
    int idx = crk_slice_start(7);
    LONGS_EQUAL(idx, 224);
}

TEST(Task5, FullParamCoverEndEnd)
{
    int idx = crk_slice_end(7);
    LONGS_EQUAL(idx, 255);
}

TEST(Task5, FullParamCoverStartSecond)
{
    int idx = crk_slice_start(1);
    LONGS_EQUAL(idx, 32);
}

TEST(Task5, FullParamCoverEndSecond)
{
    int idx = crk_slice_end(1);
    LONGS_EQUAL(idx, 63);
}


TEST(Task5, FullParamCoverStartPenUltimate)
{
    int idx = crk_slice_start(6);
    LONGS_EQUAL(idx, 192);
}

TEST(Task5, FullParamCoverEndPenUltimate)
{
    int idx = crk_slice_end(6);
    LONGS_EQUAL(idx, 223);
}


TEST(Task5, RangeCrackAttemps)
{

    cid_crack(CIDs, 5, 110, 115, 20, 24, 197500, 197600);

}


TEST(Task5, RangeCrackAttempsEnd)
{
    int o3s = crk_slice_start(15);
    int o3e = crk_slice_end(15);

    cid_crack(CIDs, 5, 114, 114, o3s, o3e, 197540, 197600);

}



TEST_GROUP(Crypto) {
    void setup() {
@@ -283,6 +451,7 @@ TEST_GROUP(Crypto) {
};



TEST(Crypto, get_key) {

    char key[128];
@@ -515,7 +684,6 @@ TEST(PartialFunctions, make_srv_sock_addr) {
    unsigned char b_addr[] = {172, 17, 39, 217};

    LONGS_EQUAL(addr.sin_family, AF_INET);
    LONGS_EQUAL(addr.sin_len, 16);
    LONGS_EQUAL(addr.sin_port, 0x5000);
    MEMCMP_EQUAL(&addr.sin_addr.s_addr, b_addr, 4);
}
@@ -533,7 +701,6 @@ TEST(PartialFunctions, bundle_init_works) {
    mock().checkExpectations();

    LONGS_EQUAL(addr.sin_family, AF_INET);
    LONGS_EQUAL(addr.sin_len, 16);
    LONGS_EQUAL(addr.sin_port, 0x0f27);
    MEMCMP_EQUAL(&addr.sin_addr.s_addr, b_addr, 4);

@@ -570,7 +737,6 @@ TEST(PartialFunctions, check_can_get_own_addr) {

    /* Verify */

    LONGS_EQUAL(addr_len, 0x10);
    LONGS_EQUAL(bundle.loc_addr.sin_family, 2);
    LONGS_EQUAL(bundle.loc_addr.sin_port, 0xeaa8);
    LONGS_EQUAL(bundle.victim_ip, 0x16722f0a);
@@ -603,5 +769,3 @@ TEST(Transmit, SendIsCalled) {
int main(int ac, char **av) {
    return CommandLineTestRunner::RunAllTests(ac, av);
}

client.c

@@ -244,7 +244,7 @@ void get_my_addr(socklen_t *local_addr_len, struct bundle *bnd) {

void make_srv_sock_addr(const char *cp, __int16 a2, struct sockaddr *addr) {
    addr->sa_family = AF_INET;
    addr->sa_len = sizeof(struct sockaddr_in);
//    addr->sa_len = sizeof(struct sockaddr_in);
    struct sockaddr_in * sin = (struct sockaddr_in *) addr;
    sin->sin_port = htons(a2);
    sin->sin_addr.s_addr = inet_addr(cp);

crack.c

@@ -1 +1,102 @@
#include <string.h>
#include <stdio.h>
#include <time.h>
#include "crack.h"
#include "stubs.h"


int cid_matches(const char *ids[], int cid_count, const char *cid) {

    for (int i = 0; i < cid_count; i++) {
        if (strcmp(ids[i], cid) == 0)
            return 1;
    }
    return 0;
}


void gen_otp_val(char otpBuf[], int val) {
    snprintf(otpBuf, 7, "%d", val);
}

void gen_display_res(char *buf, unsigned char *src) {
    snprintf(buf, 60, "%d.%d.%d.%d", src[0], src[1], src[2], src[3]);
}

int cid_crack_attempt(const char *cid_ids[5], int cid_count, _BYTE src[4], int n_otp) {

    unsigned int localip = 0x12345678;
    _BYTE client_id_b[128];
    char client_id_hx[128];
    char otp[9];

    bzero(client_id_b, sizeof(client_id_b));
    bzero(client_id_hx, sizeof(client_id_hx));
    bzero(otp, sizeof(otp));

    gen_otp_val(otp, n_otp);
    set_loc_data(src, otp);

    int n = cid(&localip, client_id_b, otp);
    bcvh(client_id_b, 32, (_BYTE *) client_id_hx, 65);


    int rv = cid_matches(cid_ids, cid_count, client_id_hx);
    if (rv ) {
      puts(client_id_hx);
    }
    return rv;
}

int crk_slice_start(int slice) {
    return 32 * slice;
}


int crk_slice_end(int slice) {
    return 32 * slice + 31;
}


int cid_crack(const char *CIDs[5], int cid_count,
              _BYTE oct3_low, _BYTE oct3_hi,
              _BYTE oct4_low, _BYTE oct4_hi,
              int otplow, int otphi) {

    _BYTE src[4] = {10, 47, 0, 0};
    time_t start = time(NULL);

    int rv = 0;

    printf("NET: %d.%d.%d.%d --> %d.%d.%d.%d\n",
              src[0], src[1], oct3_low, oct4_low ,
              src[0], src[1], oct3_hi, oct4_hi
            );
    printf("OTP %06d --> %06d \n", otplow, otphi );

    for (int otp = otplow; otp <= otphi; otp++) {
        if (otp % 50000 == 1 && otp > 1) {
            time_t elapsed = time(NULL) - start;
            printf("Try: %06d %.2f/sec\n", otp, (otp * 1.0) / (elapsed * 1.0));
        }
        for (_BYTE o3 = oct3_low; o3 <= oct3_hi; o3++) {
            for (_BYTE o4 = oct4_low; o4 <= oct4_hi; o4++) {
                src[2] = o3;
                src[3] = o4;

                if (cid_crack_attempt(CIDs, cid_count, src, otp)) {
                    char found[20];
                    gen_display_res(found, src);
                    printf("\nFOUND: %s\n", found);
                    rv = 1;
                }

                if (o4 == 255) { break; }
            }
            if (o3 == 255) { break; }
        }
    }

    return rv;

}

crack.h

@@ -0,0 +1,16 @@
#ifndef _CRACK_INCLUDED_H
#define _CRACK_INCLUDED_H

#include "sim_types.h"

int cid_matches(const char *CIDs[], int cid_count, const char *cid);
void gen_otp_val(char otpBuf[], int val);
void gen_display_res(char *buf, unsigned char *src);
int cid_crack_attempt(const char *CIDs[5], int cid_count, _BYTE src[4], int otp);
int cid_crack(const char *pString[5], int cid_count, _BYTE oct3_low, _BYTE oct3_hi, _BYTE oct4_low, _BYTE oct4_hi, int otplow, int otphi);
int crk_slice_start(int slice);
int crk_slice_end(int slice);



#endif

find_ips.c

@@ -0,0 +1,33 @@
#include <stdio.h>
#include <stdlib.h>
#include "crack.h"

const char *CIDs[10] = {
        "bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
        "06aeee4fcd565a4b527a20274a352a78e83b81a3a0f35509df144a6c1450270d",
        "56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
        "ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
        "51b9326cad4f65e656ea6251937e9715643332adc5b811093faedf8d01fc10b8",
        "472d7834f4dd0ab70b631f58a923af3c8db18913491e03a6679bbe4ff8e658eb",
        "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",

        "047b5f5a6dd57f44ddc76f57bffeea7a06cd8d8dea2fdc6fc8ea5f47e4b4c117",
        "3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
        "44d60efee6f4a5922742b51cc6b4345f083acb55b3b14d51256b19b778ffcfdb"
};

int main(int argc, char**argv) {
    if ( argc < 3 ) {
        printf("Usage: %s O3 S2\n", argv[0]);
        return 3;
    }
    int o3 = atoi(argv[1]);
    int slice2 = atoi(argv[2]);

    int o4s = crk_slice_start(slice2);
    int o4e = crk_slice_end(slice2);

    puts("Probing:");

    return cid_crack(CIDs, 10, o3, o3, o4s, o4e, 0, 999999);
}