/*
* Guess a single keybyte
*/
static int doRound(PTW_tableentry sortedtable[][n], int keybyte, int fixat, uint8_t fixvalue, int * searchborders, uint8_t * key, int keylen, PTW_attackstate * state, uint8_t sum, int * strongbytes) {
int i;
uint8_t tmp;
if (keybyte == keylen) {
return correct(state, key, keylen);
} else if (strongbytes[keybyte] == 1) {
// printf("assuming byte %d to be strong\n", keybyte);
tmp = 3 + keybyte;
for (i = keybyte-1; i >= 1; i--) {
tmp += 3 + key[i] + i;
key[keybyte] = 256-tmp;
if(doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, (256-tmp+sum)%256, strongbytes) == 1) {
printf("hit with strongbyte for keybyte %d\n", keybyte);
return 1;
}
}
return 0;
} else if (keybyte == fixat) {
key[keybyte] = fixvalue-sum;
return doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, fixvalue, strongbytes);
} else {
for (i = 0; i < searchborders[keybyte]; i++) {
key[keybyte] = sortedtable[keybyte][i].b - sum;
if (doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, sortedtable[keybyte][i].b, strongbytes) == 1) {
return 1;
}
}
return 0;
}
}
/*
* Guess a single keybyte
*/
static int doRound(PTW_tableentry sortedtable[][n], int keybyte, int fixat, unsigned char fixvalue, int * searchborders, unsigned char * key, int keylen, PTW_attackstate * state, unsigned char sum, int * strongbytes, int * bf, int validchars[][n]) {
int i;
unsigned char tmp;
//if(!opt.is_quiet && keybyte < 4)
// show_wep_stats( keylen -1, 0, keytable, searchborders, depth, tried );
if (keybyte > 0) {
if (!validchars[keybyte-1][key[keybyte-1]]) {
return 0;
}
}
if (keybyte == keylen) {
return correct(state, key, keylen);
} else if (bf[keybyte] == 1) {
for (i = 0; i < n; i++) {
key[keybyte] = i;
if (doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, sum+i%n, strongbytes, bf, validchars)) {
return 1;
}
}
return 0;
} else if (keybyte == fixat) {
key[keybyte] = fixvalue-sum;
return doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, fixvalue, strongbytes, bf, validchars);
} else if (strongbytes[keybyte] == 1) {
// printf("assuming byte %d to be strong\n", keybyte);
tmp = 3 + keybyte;
for (i = keybyte-1; i >= 1; i--) {
tmp += 3 + key[i] + i;
key[keybyte] = n-tmp;
if(doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, (n-tmp+sum)%n, strongbytes, bf, validchars) == 1) {
printf("hit with strongbyte for keybyte %d\n", keybyte);
return 1;
}
}
return 0;
} else {
for (i = 0; i < searchborders[keybyte]; i++) {
key[keybyte] = sortedtable[keybyte][i].b - sum;
//if(!opt.is_quiet)
//{
// depth[keybyte] = i;
// keytable[keybyte][i].b = key[keybyte];
//}
if (doRound(sortedtable, keybyte+1, fixat, fixvalue, searchborders, key, keylen, state, sortedtable[keybyte][i].b, strongbytes, bf, validchars)) {
return 1;
}
}
return 0;
}
}
const CMTSumCheckResults CMTSumCheckVerifier::
run()
{
MPZVector expected(trueSums);
MPZVector poly(conf.batchSize() * polySize);
CMTSumCheckResults results(numRounds(), conf.batchSize());
results.success = true;
for (int i = 0; i < numRounds(); i++)
{
results.success = results.success &&
doRound(expected,
results,
i, poly, expected);
}
results.success = results.success &&
doFinalCheck(results, expected);
return results;
}
/*
* Do the actual computation of the key
*/
static int doComputation(PTW_attackstate * state, uint8_t * key, int keylen, PTW_tableentry table[][n], sorthelper * sh2, int * strongbytes, int keylimit) {
int i,j;
int choices[KEYHSBYTES];
int prod;
int fixat;
int fixvalue;
for (i = 0; i < keylen; i++) {
if (strongbytes[i] == 1) {
choices[i] = i;
} else {
choices[i] = 1;
}
}
i = 0;
prod = 0;
fixat = -1;
fixvalue = 0;
while(prod < keylimit) {
if (doRound(table, 0, fixat, fixvalue, choices, key, keylen, state, 0, strongbytes) == 1) {
// printf("hit with %d choices\n", prod);
return 1;
}
choices[sh2[i].keybyte]++;
fixat = sh2[i].keybyte;
// printf("choices[%d] is now %d\n", sh2[i].keybyte, choices[sh2[i].keybyte]);
fixvalue = sh2[i].value;
prod = 1;
for (j = 0; j < keylen; j++) {
prod *= choices[j];
}
do {
i++;
} while (strongbytes[sh2[i].keybyte] == 1);
}
return 0;
}
/*
* Do the actual computation of the key
*/
static int doComputation(PTW_attackstate * state, unsigned char * key, int keylen, PTW_tableentry table[][n], sorthelper * sh2, int * strongbytes, int keylimit, int * bf, int validchars[][n]) {
int i,j;
int choices[PTW_KEYHSBYTES];
int prod;
int fixat;
int fixvalue;
//if(!opt.is_quiet)
memcpy(keytable, table, sizeof(PTW_tableentry) * n * keylen);
for (i = 0; i < keylen; i++) {
if (strongbytes[i] == 1) {
choices[i] = i;
} else {
choices[i] = 1;
}
}
i = 0;
prod = 0;
fixat = -1;
fixvalue = 0;
max_tries = keylimit;
while(prod < keylimit) {
if (doRound(table, 0, fixat, fixvalue, choices, key, keylen, state, 0, strongbytes, bf, validchars) == 1) {
// printf("hit with %d choices\n", prod);
//if(!opt.is_quiet)
// show_wep_stats( keylen -1, 1, keytable, choices, depth, tried );
return 1;
}
while( (i < keylen * (n-1)) && ((strongbytes[sh2[i].keybyte] == 1) || (bf[sh2[i].keybyte] == 1) ) ) {
i++;
}
if(i >= (keylen * (n-1)))
{
break;
}
choices[sh2[i].keybyte]++;
fixat = sh2[i].keybyte;
// printf("choices[%d] is now %d\n", sh2[i].keybyte, choices[sh2[i].keybyte]);
fixvalue = sh2[i].value;
prod = 1;
for (j = 0; j < keylen; j++) {
prod *= choices[j];
if (bf[j] == 1) {
prod *= n;
}
}
/*
do {
i++;
} while (strongbytes[sh2[i].keybyte] == 1);
*/
i++;
//if(!opt.is_quiet)
// show_wep_stats( keylen -1, 0, keytable, choices, depth, tried );
}
//if(!opt.is_quiet)
// show_wep_stats( keylen -1, 1, keytable, choices, depth, tried );
return 0;
}
