cisco_decrypt 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/bin/cisco_decrypt +11 -0
  2. data/ext/cisco_decrypt/cisco-decrypt.c +158 -0
  3. data/ext/cisco_decrypt/extconf.rb +7 -0
  4. data/lib/cisco_decrypt.rb +20 -0
  5. metadata +82 -0
data/bin/cisco_decrypt ADDED
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'cisco_decrypt'
4
+
5
+ ARGV.each do |command|
6
+ if File.exists?(File.expand_path(command))
7
+ CiscoDecrypt.from_pcf command
8
+ else
9
+ puts CiscoDecrypt.decrypt_string command
10
+ end
11
+ end
data/ext/cisco_decrypt/cisco-decrypt.c ADDED
@@ -0,0 +1,158 @@
1
+ /* Decoder for password encoding of Cisco VPN client.
2
+ Copyright (C) 2005 Maurice Massar
3
+ Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!
4
+
5
+ This program is free software; you can redistribute it and/or modify
6
+ it under the terms of the GNU General Public License as published by
7
+ the Free Software Foundation; either version 2 of the License, or
8
+ (at your option) any later version.
9
+
10
+ This program is distributed in the hope that it will be useful,
11
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ GNU General Public License for more details.
14
+
15
+ You should have received a copy of the GNU General Public License
16
+ along with this program; if not, write to the Free Software
17
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
+ */
19
+
20
+ /*
21
+ Requires libgcrypt version 1.1.90 or newer
22
+ Compile with:
23
+ gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
24
+ Usage:
25
+ ./cisco-decrypt DEADBEEF...012345678 424242...7261
26
+ */
27
+
28
+ #include <stdio.h>
29
+ #include <stdlib.h>
30
+ #include <gcrypt.h>
31
+ #include <errno.h>
32
+ #include <ruby.h>
33
+
34
+ int hex2bin_c(unsigned int c)
35
+ {
36
+ if ((c >= '0')&&(c <= '9'))
37
+ return c - '0';
38
+ if ((c >= 'A')&&(c <= 'F'))
39
+ return c - 'A' + 10;
40
+ if ((c >= 'a')&&(c <= 'f'))
41
+ return c - 'a' + 10;
42
+ return -1;
43
+ }
44
+
45
+ int hex2bin(const char *str, char **bin, int *len)
46
+ {
47
+ char *p;
48
+ int i, l;
49
+
50
+ if (!bin)
51
+ return EINVAL;
52
+
53
+ for (i = 0; str[i] != '\0'; i++)
54
+ if (hex2bin_c(str[i]) == -1)
55
+ return EINVAL;
56
+
57
+ l = i;
58
+ if ((l & 1) != 0)
59
+ return EINVAL;
60
+ l /= 2;
61
+
62
+ p = malloc(l);
63
+ if (p == NULL)
64
+ return ENOMEM;
65
+
66
+ for (i = 0; i < l; i++)
67
+ p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);
68
+
69
+ *bin = p;
70
+ if (len)
71
+ *len = l;
72
+
73
+ return 0;
74
+ }
75
+
76
+ int c_decrypt(char *ct, int len, char **resp, char *reslenp)
77
+ {
78
+ const char *h1 = ct;
79
+ const char *h4 = ct + 20;
80
+ const char *enc = ct + 40;
81
+
82
+ char ht[20], h2[20], h3[20], key[24];
83
+ const char *iv = h1;
84
+ char *res;
85
+ gcry_cipher_hd_t ctx;
86
+ int reslen;
87
+
88
+ if (len < 48)
89
+ return 0;
90
+ len -= 40;
91
+
92
+ memcpy(ht, h1, 20);
93
+
94
+ ht[19]++;
95
+ gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
96
+
97
+ ht[19] += 2;
98
+ gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
99
+
100
+ memcpy(key, h2, 20);
101
+ memcpy(key+20, h3, 4);
102
+ /* who cares about parity anyway? */
103
+
104
+ gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
105
+
106
+ if (memcmp(h4, ht, 20) != 0)
107
+ return -1;
108
+
109
+ res = malloc(len);
110
+ if (res == NULL)
111
+ return -1;
112
+
113
+ gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
114
+ gcry_cipher_setkey(ctx, key, 24);
115
+ gcry_cipher_setiv(ctx, iv, 8);
116
+ gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
117
+ gcry_cipher_close(ctx);
118
+
119
+ reslen = len - res[len-1];
120
+ res[reslen] = '\0';
121
+
122
+ if (resp)
123
+ *resp = res;
124
+ if (reslenp)
125
+ *reslenp = reslen;
126
+ return 0;
127
+ }
128
+
129
+ char *decrypt(char *shared)
130
+ {
131
+ int len, ret = 0;
132
+ char *bin, *pw;
133
+
134
+ ret = hex2bin(shared, &bin, &len);
135
+ if (ret != 0) {
136
+ rb_raise(rb_eStandardError, "Error decoding string");
137
+ }
138
+ ret = c_decrypt(bin, len, &pw, NULL);
139
+ free(bin);
140
+ if (ret != 0) {
141
+ rb_raise(rb_eStandardError, "Error decrypting string");
142
+ }
143
+ return pw;
144
+ free(pw);
145
+ }
146
+
147
+ static VALUE decrypt_string(VALUE klass, VALUE string)
148
+ {
149
+ Check_Type(string, T_STRING);
150
+ char *str = StringValueCStr(string);
151
+ return rb_str_new2(decrypt(str));
152
+ }
153
+
154
+ void Init_cisco_decrypt()
155
+ {
156
+ VALUE mCisco = rb_define_module("CiscoDecrypt");
157
+ rb_define_singleton_method(mCisco, "decrypt_string", decrypt_string, 1);
158
+ }
data/ext/cisco_decrypt/extconf.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'mkmf'
2
+
3
+ dir_config('libgcrypt')
4
+ have_library("gcrypt")
5
+ have_header('gcrypt.h')
6
+
7
+ create_makefile('cisco_decrypt/cisco_decrypt')
data/lib/cisco_decrypt.rb ADDED
@@ -0,0 +1,20 @@
1
+ require 'cisco_decrypt/cisco_decrypt'
2
+ require 'inifile'
3
+
4
+ module CiscoDecrypt
5
+ def self.from_pcf(file)
6
+ config_file = IniFile.new(File.expand_path(file))
7
+ main_config = config_file['main']
8
+ encrypted_password = main_config['enc_GroupPwd']
9
+ group_name = main_config['GroupName']
10
+ host = main_config['Host']
11
+ description = main_config['Description']
12
+ puts <<-OUT
13
+ Description: #{description}
14
+ Host: #{host}
15
+ Group Name: #{group_name}
16
+ Encrypted: \033[031m#{encrypted_password}\033[0m
17
+ Decrypted: \033[032m#{self.decrypt_string(encrypted_password)}\033[0m
18
+ OUT
19
+ end
20
+ end
metadata ADDED
@@ -0,0 +1,82 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cisco_decrypt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - elcuervo
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-05-11 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: inifile
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: cutest
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ description: Decrypt cisco passwords to use the shared secret
47
+ email: elcuervo@elcuervo.co
48
+ executables:
49
+ - cisco_decrypt
50
+ extensions:
51
+ - ext/cisco_decrypt/extconf.rb
52
+ extra_rdoc_files: []
53
+ files:
54
+ - lib/cisco_decrypt.rb
55
+ - ext/cisco_decrypt/cisco-decrypt.c
56
+ - ext/cisco_decrypt/extconf.rb
57
+ - bin/cisco_decrypt
58
+ homepage: http://github.com/elcuervo/cisco_decrypt
59
+ licenses: []
60
+ post_install_message:
61
+ rdoc_options: []
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ! '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ requirements: []
77
+ rubyforge_project:
78
+ rubygems_version: 1.8.22
79
+ signing_key:
80
+ specification_version: 3
81
+ summary: Decrypt cisco passwords
82
+ test_files: []