cisco_decrypt 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
data/bin/cisco_decrypt ADDED
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'cisco_decrypt'
4
+
5
+ ARGV.each do |command|
6
+ if File.exists?(File.expand_path(command))
7
+ CiscoDecrypt.from_pcf command
8
+ else
9
+ puts CiscoDecrypt.decrypt_string command
10
+ end
11
+ end
@@ -0,0 +1,158 @@
1
+ /* Decoder for password encoding of Cisco VPN client.
2
+ Copyright (C) 2005 Maurice Massar
3
+ Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!
4
+
5
+ This program is free software; you can redistribute it and/or modify
6
+ it under the terms of the GNU General Public License as published by
7
+ the Free Software Foundation; either version 2 of the License, or
8
+ (at your option) any later version.
9
+
10
+ This program is distributed in the hope that it will be useful,
11
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ GNU General Public License for more details.
14
+
15
+ You should have received a copy of the GNU General Public License
16
+ along with this program; if not, write to the Free Software
17
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
+ */
19
+
20
+ /*
21
+ Requires libgcrypt version 1.1.90 or newer
22
+ Compile with:
23
+ gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
24
+ Usage:
25
+ ./cisco-decrypt DEADBEEF...012345678 424242...7261
26
+ */
27
+
28
+ #include <stdio.h>
29
+ #include <stdlib.h>
30
+ #include <gcrypt.h>
31
+ #include <errno.h>
32
+ #include <ruby.h>
33
+
34
+ int hex2bin_c(unsigned int c)
35
+ {
36
+ if ((c >= '0')&&(c <= '9'))
37
+ return c - '0';
38
+ if ((c >= 'A')&&(c <= 'F'))
39
+ return c - 'A' + 10;
40
+ if ((c >= 'a')&&(c <= 'f'))
41
+ return c - 'a' + 10;
42
+ return -1;
43
+ }
44
+
45
+ int hex2bin(const char *str, char **bin, int *len)
46
+ {
47
+ char *p;
48
+ int i, l;
49
+
50
+ if (!bin)
51
+ return EINVAL;
52
+
53
+ for (i = 0; str[i] != '\0'; i++)
54
+ if (hex2bin_c(str[i]) == -1)
55
+ return EINVAL;
56
+
57
+ l = i;
58
+ if ((l & 1) != 0)
59
+ return EINVAL;
60
+ l /= 2;
61
+
62
+ p = malloc(l);
63
+ if (p == NULL)
64
+ return ENOMEM;
65
+
66
+ for (i = 0; i < l; i++)
67
+ p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);
68
+
69
+ *bin = p;
70
+ if (len)
71
+ *len = l;
72
+
73
+ return 0;
74
+ }
75
+
76
+ int c_decrypt(char *ct, int len, char **resp, char *reslenp)
77
+ {
78
+ const char *h1 = ct;
79
+ const char *h4 = ct + 20;
80
+ const char *enc = ct + 40;
81
+
82
+ char ht[20], h2[20], h3[20], key[24];
83
+ const char *iv = h1;
84
+ char *res;
85
+ gcry_cipher_hd_t ctx;
86
+ int reslen;
87
+
88
+ if (len < 48)
89
+ return 0;
90
+ len -= 40;
91
+
92
+ memcpy(ht, h1, 20);
93
+
94
+ ht[19]++;
95
+ gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
96
+
97
+ ht[19] += 2;
98
+ gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
99
+
100
+ memcpy(key, h2, 20);
101
+ memcpy(key+20, h3, 4);
102
+ /* who cares about parity anyway? */
103
+
104
+ gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
105
+
106
+ if (memcmp(h4, ht, 20) != 0)
107
+ return -1;
108
+
109
+ res = malloc(len);
110
+ if (res == NULL)
111
+ return -1;
112
+
113
+ gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
114
+ gcry_cipher_setkey(ctx, key, 24);
115
+ gcry_cipher_setiv(ctx, iv, 8);
116
+ gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
117
+ gcry_cipher_close(ctx);
118
+
119
+ reslen = len - res[len-1];
120
+ res[reslen] = '\0';
121
+
122
+ if (resp)
123
+ *resp = res;
124
+ if (reslenp)
125
+ *reslenp = reslen;
126
+ return 0;
127
+ }
128
+
129
+ char *decrypt(char *shared)
130
+ {
131
+ int len, ret = 0;
132
+ char *bin, *pw;
133
+
134
+ ret = hex2bin(shared, &bin, &len);
135
+ if (ret != 0) {
136
+ rb_raise(rb_eStandardError, "Error decoding string");
137
+ }
138
+ ret = c_decrypt(bin, len, &pw, NULL);
139
+ free(bin);
140
+ if (ret != 0) {
141
+ rb_raise(rb_eStandardError, "Error decrypting string");
142
+ }
143
+ return pw;
144
+ free(pw);
145
+ }
146
+
147
+ static VALUE decrypt_string(VALUE klass, VALUE string)
148
+ {
149
+ Check_Type(string, T_STRING);
150
+ char *str = StringValueCStr(string);
151
+ return rb_str_new2(decrypt(str));
152
+ }
153
+
154
+ void Init_cisco_decrypt()
155
+ {
156
+ VALUE mCisco = rb_define_module("CiscoDecrypt");
157
+ rb_define_singleton_method(mCisco, "decrypt_string", decrypt_string, 1);
158
+ }
@@ -0,0 +1,7 @@
1
+ require 'mkmf'
2
+
3
+ dir_config('libgcrypt')
4
+ have_library("gcrypt")
5
+ have_header('gcrypt.h')
6
+
7
+ create_makefile('cisco_decrypt/cisco_decrypt')
@@ -0,0 +1,20 @@
1
+ require 'cisco_decrypt/cisco_decrypt'
2
+ require 'inifile'
3
+
4
+ module CiscoDecrypt
5
+ def self.from_pcf(file)
6
+ config_file = IniFile.new(File.expand_path(file))
7
+ main_config = config_file['main']
8
+ encrypted_password = main_config['enc_GroupPwd']
9
+ group_name = main_config['GroupName']
10
+ host = main_config['Host']
11
+ description = main_config['Description']
12
+ puts <<-OUT
13
+ Description: #{description}
14
+ Host: #{host}
15
+ Group Name: #{group_name}
16
+ Encrypted: \033[031m#{encrypted_password}\033[0m
17
+ Decrypted: \033[032m#{self.decrypt_string(encrypted_password)}\033[0m
18
+ OUT
19
+ end
20
+ end
metadata ADDED
@@ -0,0 +1,82 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cisco_decrypt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - elcuervo
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-05-11 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: inifile
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: cutest
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ description: Decrypt cisco passwords to use the shared secret
47
+ email: elcuervo@elcuervo.co
48
+ executables:
49
+ - cisco_decrypt
50
+ extensions:
51
+ - ext/cisco_decrypt/extconf.rb
52
+ extra_rdoc_files: []
53
+ files:
54
+ - lib/cisco_decrypt.rb
55
+ - ext/cisco_decrypt/cisco-decrypt.c
56
+ - ext/cisco_decrypt/extconf.rb
57
+ - bin/cisco_decrypt
58
+ homepage: http://github.com/elcuervo/cisco_decrypt
59
+ licenses: []
60
+ post_install_message:
61
+ rdoc_options: []
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ! '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ requirements: []
77
+ rubyforge_project:
78
+ rubygems_version: 1.8.22
79
+ signing_key:
80
+ specification_version: 3
81
+ summary: Decrypt cisco passwords
82
+ test_files: []