Skip to content
Permalink
Browse files

Add tools to crack victim identifiers

  • Loading branch information...
vladistan committed Jan 5, 2019
1 parent c4a8e23 commit 9874b8f2edd6218a4c1fa05590769c6c2667c6b4
Showing with 328 additions and 7 deletions.
  1. +4 −0 CMakeLists.txt
  2. +169 −5 RunAllTests.cpp
  3. +1 −1 client.c
  4. +101 −0 crack.c
  5. +16 −0 crack.h
  6. +33 −0 find_ips.c
  7. +1 −1 mock_net.cpp
  8. +3 −0 run.sh
@@ -29,6 +29,10 @@ set(MOCK_SOURCE_FILES mock_net.cpp)

set(REPLICA_SOURCE_FILES replica.c )


add_executable(find_ips find_ips.c ${CLI_SOURCE_FILES} ${MOCK_SOURCE_FILES})
add_executable(RunAllTests RunAllTests.cpp ${CLI_SOURCE_FILES} ${MOCK_SOURCE_FILES})
target_link_libraries(find_ips ${CPPUTEST_LIB} ${CPPUTEST_EXT_LIB} ${OPENSSL_LIB} ${CRYPTO_LIB} "--coverage")
target_link_libraries(RunAllTests ${CPPUTEST_LIB} ${CPPUTEST_EXT_LIB} ${OPENSSL_LIB} ${CRYPTO_LIB} "--coverage")
target_compile_options(RunAllTests PUBLIC --coverage)

@@ -13,6 +13,7 @@ extern "C" {
#include "mock_data.h"
#include "client.h"
#include "crypto.h"
#include "crack.h"
}


@@ -271,6 +272,173 @@ TEST(Task3, BinEncKey) {

}

TEST_GROUP(Task5) {
const char *CIDs[5];
const char *NegCIDs[5];

void setup() {
const char *otp = "206446";
_BYTE src[4] = {10, 0, 34, 241};

const char *lCIDs[5] = {
"b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",
"56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
"3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
"bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
"ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
};

const char *lCIDNeg[5] = {
"078000005005d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",
"56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
"3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
"bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
"ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
};


memcpy(CIDs, lCIDs, sizeof(CIDs));
memcpy(NegCIDs, lCIDNeg, sizeof(NegCIDs));

set_loc_data(src, otp);


}

void teardown() {}
};

TEST(Task5, MatchCIDPos)
{
const char *expCid = "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6";


int rv = cid_matches(CIDs, 5, expCid);

CHECK_TRUE(rv);

}

TEST(Task5, MatchCIDNeg) {

const char *expCid = "b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6";

int rv = cid_matches(NegCIDs, 5, expCid);

CHECK_TRUE(!rv);

}

TEST(Task5, GenerateOTPVal) {

const char *expotp = "206446";
char otpBuf[9];

gen_otp_val(otpBuf, 206446);
STRCMP_EQUAL(expotp, otpBuf);
}


TEST(Task5, GenerateIPDisplay) {

_BYTE src[4] = {10, 47, 194, 254};
char buf[80];
const char *exp_res = "10.47.194.254";

gen_display_res(buf, src);

STRCMP_EQUAL(buf, exp_res);

}

TEST(Task5, CIDCrackSinglePassPos)
{
_BYTE src[4] = {10, 47, 114, 22};
int otp = 197548;

int rv = cid_crack_attempt( CIDs, 5, src, otp);

CHECK(rv);
}

TEST(Task5, CIDCrackSinglePassNeg)
{
_BYTE src[4] = {10, 47, 114, 22};
int otp = 197548;

int rv = cid_crack_attempt( NegCIDs, 5, src, otp);

CHECK(!rv);
}

TEST(Task5, FullParamCoverStartBeg)
{
int idx = crk_slice_start(0);
LONGS_EQUAL(idx, 0);
}

TEST(Task5, FullParamCoverEndBeg)
{
int idx = crk_slice_end(0);
LONGS_EQUAL(idx, 31);
}

TEST(Task5, FullParamCoverStartEnd)
{
int idx = crk_slice_start(7);
LONGS_EQUAL(idx, 224);
}

TEST(Task5, FullParamCoverEndEnd)
{
int idx = crk_slice_end(7);
LONGS_EQUAL(idx, 255);
}

TEST(Task5, FullParamCoverStartSecond)
{
int idx = crk_slice_start(1);
LONGS_EQUAL(idx, 32);
}

TEST(Task5, FullParamCoverEndSecond)
{
int idx = crk_slice_end(1);
LONGS_EQUAL(idx, 63);
}


TEST(Task5, FullParamCoverStartPenUltimate)
{
int idx = crk_slice_start(6);
LONGS_EQUAL(idx, 192);
}

TEST(Task5, FullParamCoverEndPenUltimate)
{
int idx = crk_slice_end(6);
LONGS_EQUAL(idx, 223);
}


TEST(Task5, RangeCrackAttemps)
{

cid_crack(CIDs, 5, 110, 115, 20, 24, 197500, 197600);

}


TEST(Task5, RangeCrackAttempsEnd)
{
int o3s = crk_slice_start(15);
int o3e = crk_slice_end(15);

cid_crack(CIDs, 5, 114, 114, o3s, o3e, 197540, 197600);

}



TEST_GROUP(Crypto) {
void setup() {
@@ -283,6 +451,7 @@ TEST_GROUP(Crypto) {
};



TEST(Crypto, get_key) {

char key[128];
@@ -515,7 +684,6 @@ TEST(PartialFunctions, make_srv_sock_addr) {
unsigned char b_addr[] = {172, 17, 39, 217};

LONGS_EQUAL(addr.sin_family, AF_INET);
LONGS_EQUAL(addr.sin_len, 16);
LONGS_EQUAL(addr.sin_port, 0x5000);
MEMCMP_EQUAL(&addr.sin_addr.s_addr, b_addr, 4);
}
@@ -533,7 +701,6 @@ TEST(PartialFunctions, bundle_init_works) {
mock().checkExpectations();

LONGS_EQUAL(addr.sin_family, AF_INET);
LONGS_EQUAL(addr.sin_len, 16);
LONGS_EQUAL(addr.sin_port, 0x0f27);
MEMCMP_EQUAL(&addr.sin_addr.s_addr, b_addr, 4);

@@ -570,7 +737,6 @@ TEST(PartialFunctions, check_can_get_own_addr) {

/* Verify */

LONGS_EQUAL(addr_len, 0x10);
LONGS_EQUAL(bundle.loc_addr.sin_family, 2);
LONGS_EQUAL(bundle.loc_addr.sin_port, 0xeaa8);
LONGS_EQUAL(bundle.victim_ip, 0x16722f0a);
@@ -603,5 +769,3 @@ TEST(Transmit, SendIsCalled) {
int main(int ac, char **av) {
return CommandLineTestRunner::RunAllTests(ac, av);
}


@@ -244,7 +244,7 @@ void get_my_addr(socklen_t *local_addr_len, struct bundle *bnd) {

void make_srv_sock_addr(const char *cp, __int16 a2, struct sockaddr *addr) {
addr->sa_family = AF_INET;
addr->sa_len = sizeof(struct sockaddr_in);
// addr->sa_len = sizeof(struct sockaddr_in);
struct sockaddr_in * sin = (struct sockaddr_in *) addr;
sin->sin_port = htons(a2);
sin->sin_addr.s_addr = inet_addr(cp);
101 crack.c
@@ -1 +1,102 @@
#include <string.h>
#include <stdio.h>
#include <time.h>
#include "crack.h"
#include "stubs.h"


int cid_matches(const char *ids[], int cid_count, const char *cid) {

for (int i = 0; i < cid_count; i++) {
if (strcmp(ids[i], cid) == 0)
return 1;
}
return 0;
}


void gen_otp_val(char otpBuf[], int val) {
snprintf(otpBuf, 7, "%d", val);
}

void gen_display_res(char *buf, unsigned char *src) {
snprintf(buf, 60, "%d.%d.%d.%d", src[0], src[1], src[2], src[3]);
}

int cid_crack_attempt(const char *cid_ids[5], int cid_count, _BYTE src[4], int n_otp) {

unsigned int localip = 0x12345678;
_BYTE client_id_b[128];
char client_id_hx[128];
char otp[9];

bzero(client_id_b, sizeof(client_id_b));
bzero(client_id_hx, sizeof(client_id_hx));
bzero(otp, sizeof(otp));

gen_otp_val(otp, n_otp);
set_loc_data(src, otp);

int n = cid(&localip, client_id_b, otp);
bcvh(client_id_b, 32, (_BYTE *) client_id_hx, 65);


int rv = cid_matches(cid_ids, cid_count, client_id_hx);
if (rv ) {
puts(client_id_hx);
}
return rv;
}

int crk_slice_start(int slice) {
return 32 * slice;
}


int crk_slice_end(int slice) {
return 32 * slice + 31;
}


int cid_crack(const char *CIDs[5], int cid_count,
_BYTE oct3_low, _BYTE oct3_hi,
_BYTE oct4_low, _BYTE oct4_hi,
int otplow, int otphi) {

_BYTE src[4] = {10, 47, 0, 0};
time_t start = time(NULL);

int rv = 0;

printf("NET: %d.%d.%d.%d --> %d.%d.%d.%d\n",
src[0], src[1], oct3_low, oct4_low ,
src[0], src[1], oct3_hi, oct4_hi
);
printf("OTP %06d --> %06d \n", otplow, otphi );

for (int otp = otplow; otp <= otphi; otp++) {
if (otp % 50000 == 1 && otp > 1) {
time_t elapsed = time(NULL) - start;
printf("Try: %06d %.2f/sec\n", otp, (otp * 1.0) / (elapsed * 1.0));
}
for (_BYTE o3 = oct3_low; o3 <= oct3_hi; o3++) {
for (_BYTE o4 = oct4_low; o4 <= oct4_hi; o4++) {
src[2] = o3;
src[3] = o4;

if (cid_crack_attempt(CIDs, cid_count, src, otp)) {
char found[20];
gen_display_res(found, src);
printf("\nFOUND: %s\n", found);
rv = 1;
}

if (o4 == 255) { break; }
}
if (o3 == 255) { break; }
}
}

return rv;

}
16 crack.h
@@ -0,0 +1,16 @@
#ifndef _CRACK_INCLUDED_H
#define _CRACK_INCLUDED_H

#include "sim_types.h"

int cid_matches(const char *CIDs[], int cid_count, const char *cid);
void gen_otp_val(char otpBuf[], int val);
void gen_display_res(char *buf, unsigned char *src);
int cid_crack_attempt(const char *CIDs[5], int cid_count, _BYTE src[4], int otp);
int cid_crack(const char *pString[5], int cid_count, _BYTE oct3_low, _BYTE oct3_hi, _BYTE oct4_low, _BYTE oct4_hi, int otplow, int otphi);
int crk_slice_start(int slice);
int crk_slice_end(int slice);



#endif
@@ -0,0 +1,33 @@
#include <stdio.h>
#include <stdlib.h>
#include "crack.h"

const char *CIDs[10] = {
"bb52677e489ba0bdf9c55e092e1b9fb98c3d3966fa7126ccc7b3a9527f8d0f54",
"06aeee4fcd565a4b527a20274a352a78e83b81a3a0f35509df144a6c1450270d",
"56ea3b3d00df1ee0592dd4870317020ebe02a232f0ae37fff31733e1f918e571",
"ea1e03022cc3a0378ef9056b5346befdf735f56d56509dcb3d1ea03191803815",
"51b9326cad4f65e656ea6251937e9715643332adc5b811093faedf8d01fc10b8",
"472d7834f4dd0ab70b631f58a923af3c8db18913491e03a6679bbe4ff8e658eb",
"b784c8325a15d7b7d62d4ded79b86b08fd0cbc8ed0099fee200b55ef8791eae6",

"047b5f5a6dd57f44ddc76f57bffeea7a06cd8d8dea2fdc6fc8ea5f47e4b4c117",
"3431b241b4f09c76c4ae404919f09cad650fe5f83e4a51ed695464941680f680",
"44d60efee6f4a5922742b51cc6b4345f083acb55b3b14d51256b19b778ffcfdb"
};

int main(int argc, char**argv) {
if ( argc < 3 ) {
printf("Usage: %s O3 S2\n", argv[0]);
return 3;
}
int o3 = atoi(argv[1]);
int slice2 = atoi(argv[2]);

int o4s = crk_slice_start(slice2);
int o4e = crk_slice_end(slice2);

puts("Probing:");

return cid_crack(CIDs, 10, o3, o3, o4s, o4e, 0, 999999);
}

0 comments on commit 9874b8f

Please sign in to comment.
You can’t perform that action at this time.