cisco_decrypt 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/cisco_decrypt +11 -0
- data/ext/cisco_decrypt/cisco-decrypt.c +158 -0
- data/ext/cisco_decrypt/extconf.rb +7 -0
- data/lib/cisco_decrypt.rb +20 -0
- metadata +82 -0
data/bin/cisco_decrypt
ADDED
@@ -0,0 +1,158 @@
|
|
1
|
+
/* Decoder for password encoding of Cisco VPN client.
|
2
|
+
Copyright (C) 2005 Maurice Massar
|
3
|
+
Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!
|
4
|
+
|
5
|
+
This program is free software; you can redistribute it and/or modify
|
6
|
+
it under the terms of the GNU General Public License as published by
|
7
|
+
the Free Software Foundation; either version 2 of the License, or
|
8
|
+
(at your option) any later version.
|
9
|
+
|
10
|
+
This program is distributed in the hope that it will be useful,
|
11
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13
|
+
GNU General Public License for more details.
|
14
|
+
|
15
|
+
You should have received a copy of the GNU General Public License
|
16
|
+
along with this program; if not, write to the Free Software
|
17
|
+
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
18
|
+
*/
|
19
|
+
|
20
|
+
/*
|
21
|
+
Requires libgcrypt version 1.1.90 or newer
|
22
|
+
Compile with:
|
23
|
+
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
|
24
|
+
Usage:
|
25
|
+
./cisco-decrypt DEADBEEF...012345678 424242...7261
|
26
|
+
*/
|
27
|
+
|
28
|
+
#include <stdio.h>
|
29
|
+
#include <stdlib.h>
|
30
|
+
#include <gcrypt.h>
|
31
|
+
#include <errno.h>
|
32
|
+
#include <ruby.h>
|
33
|
+
|
34
|
+
int hex2bin_c(unsigned int c)
|
35
|
+
{
|
36
|
+
if ((c >= '0')&&(c <= '9'))
|
37
|
+
return c - '0';
|
38
|
+
if ((c >= 'A')&&(c <= 'F'))
|
39
|
+
return c - 'A' + 10;
|
40
|
+
if ((c >= 'a')&&(c <= 'f'))
|
41
|
+
return c - 'a' + 10;
|
42
|
+
return -1;
|
43
|
+
}
|
44
|
+
|
45
|
+
int hex2bin(const char *str, char **bin, int *len)
|
46
|
+
{
|
47
|
+
char *p;
|
48
|
+
int i, l;
|
49
|
+
|
50
|
+
if (!bin)
|
51
|
+
return EINVAL;
|
52
|
+
|
53
|
+
for (i = 0; str[i] != '\0'; i++)
|
54
|
+
if (hex2bin_c(str[i]) == -1)
|
55
|
+
return EINVAL;
|
56
|
+
|
57
|
+
l = i;
|
58
|
+
if ((l & 1) != 0)
|
59
|
+
return EINVAL;
|
60
|
+
l /= 2;
|
61
|
+
|
62
|
+
p = malloc(l);
|
63
|
+
if (p == NULL)
|
64
|
+
return ENOMEM;
|
65
|
+
|
66
|
+
for (i = 0; i < l; i++)
|
67
|
+
p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);
|
68
|
+
|
69
|
+
*bin = p;
|
70
|
+
if (len)
|
71
|
+
*len = l;
|
72
|
+
|
73
|
+
return 0;
|
74
|
+
}
|
75
|
+
|
76
|
+
int c_decrypt(char *ct, int len, char **resp, char *reslenp)
|
77
|
+
{
|
78
|
+
const char *h1 = ct;
|
79
|
+
const char *h4 = ct + 20;
|
80
|
+
const char *enc = ct + 40;
|
81
|
+
|
82
|
+
char ht[20], h2[20], h3[20], key[24];
|
83
|
+
const char *iv = h1;
|
84
|
+
char *res;
|
85
|
+
gcry_cipher_hd_t ctx;
|
86
|
+
int reslen;
|
87
|
+
|
88
|
+
if (len < 48)
|
89
|
+
return 0;
|
90
|
+
len -= 40;
|
91
|
+
|
92
|
+
memcpy(ht, h1, 20);
|
93
|
+
|
94
|
+
ht[19]++;
|
95
|
+
gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
|
96
|
+
|
97
|
+
ht[19] += 2;
|
98
|
+
gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
|
99
|
+
|
100
|
+
memcpy(key, h2, 20);
|
101
|
+
memcpy(key+20, h3, 4);
|
102
|
+
/* who cares about parity anyway? */
|
103
|
+
|
104
|
+
gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
|
105
|
+
|
106
|
+
if (memcmp(h4, ht, 20) != 0)
|
107
|
+
return -1;
|
108
|
+
|
109
|
+
res = malloc(len);
|
110
|
+
if (res == NULL)
|
111
|
+
return -1;
|
112
|
+
|
113
|
+
gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
|
114
|
+
gcry_cipher_setkey(ctx, key, 24);
|
115
|
+
gcry_cipher_setiv(ctx, iv, 8);
|
116
|
+
gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
|
117
|
+
gcry_cipher_close(ctx);
|
118
|
+
|
119
|
+
reslen = len - res[len-1];
|
120
|
+
res[reslen] = '\0';
|
121
|
+
|
122
|
+
if (resp)
|
123
|
+
*resp = res;
|
124
|
+
if (reslenp)
|
125
|
+
*reslenp = reslen;
|
126
|
+
return 0;
|
127
|
+
}
|
128
|
+
|
129
|
+
char *decrypt(char *shared)
|
130
|
+
{
|
131
|
+
int len, ret = 0;
|
132
|
+
char *bin, *pw;
|
133
|
+
|
134
|
+
ret = hex2bin(shared, &bin, &len);
|
135
|
+
if (ret != 0) {
|
136
|
+
rb_raise(rb_eStandardError, "Error decoding string");
|
137
|
+
}
|
138
|
+
ret = c_decrypt(bin, len, &pw, NULL);
|
139
|
+
free(bin);
|
140
|
+
if (ret != 0) {
|
141
|
+
rb_raise(rb_eStandardError, "Error decrypting string");
|
142
|
+
}
|
143
|
+
return pw;
|
144
|
+
free(pw);
|
145
|
+
}
|
146
|
+
|
147
|
+
static VALUE decrypt_string(VALUE klass, VALUE string)
|
148
|
+
{
|
149
|
+
Check_Type(string, T_STRING);
|
150
|
+
char *str = StringValueCStr(string);
|
151
|
+
return rb_str_new2(decrypt(str));
|
152
|
+
}
|
153
|
+
|
154
|
+
void Init_cisco_decrypt()
|
155
|
+
{
|
156
|
+
VALUE mCisco = rb_define_module("CiscoDecrypt");
|
157
|
+
rb_define_singleton_method(mCisco, "decrypt_string", decrypt_string, 1);
|
158
|
+
}
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'cisco_decrypt/cisco_decrypt'
|
2
|
+
require 'inifile'
|
3
|
+
|
4
|
+
module CiscoDecrypt
|
5
|
+
def self.from_pcf(file)
|
6
|
+
config_file = IniFile.new(File.expand_path(file))
|
7
|
+
main_config = config_file['main']
|
8
|
+
encrypted_password = main_config['enc_GroupPwd']
|
9
|
+
group_name = main_config['GroupName']
|
10
|
+
host = main_config['Host']
|
11
|
+
description = main_config['Description']
|
12
|
+
puts <<-OUT
|
13
|
+
Description: #{description}
|
14
|
+
Host: #{host}
|
15
|
+
Group Name: #{group_name}
|
16
|
+
Encrypted: \033[031m#{encrypted_password}\033[0m
|
17
|
+
Decrypted: \033[032m#{self.decrypt_string(encrypted_password)}\033[0m
|
18
|
+
OUT
|
19
|
+
end
|
20
|
+
end
|
metadata
ADDED
@@ -0,0 +1,82 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cisco_decrypt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- elcuervo
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-05-11 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: inifile
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: cutest
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
description: Decrypt cisco passwords to use the shared secret
|
47
|
+
email: elcuervo@elcuervo.co
|
48
|
+
executables:
|
49
|
+
- cisco_decrypt
|
50
|
+
extensions:
|
51
|
+
- ext/cisco_decrypt/extconf.rb
|
52
|
+
extra_rdoc_files: []
|
53
|
+
files:
|
54
|
+
- lib/cisco_decrypt.rb
|
55
|
+
- ext/cisco_decrypt/cisco-decrypt.c
|
56
|
+
- ext/cisco_decrypt/extconf.rb
|
57
|
+
- bin/cisco_decrypt
|
58
|
+
homepage: http://github.com/elcuervo/cisco_decrypt
|
59
|
+
licenses: []
|
60
|
+
post_install_message:
|
61
|
+
rdoc_options: []
|
62
|
+
require_paths:
|
63
|
+
- lib
|
64
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ! '>='
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
71
|
+
none: false
|
72
|
+
requirements:
|
73
|
+
- - ! '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
requirements: []
|
77
|
+
rubyforge_project:
|
78
|
+
rubygems_version: 1.8.22
|
79
|
+
signing_key:
|
80
|
+
specification_version: 3
|
81
|
+
summary: Decrypt cisco passwords
|
82
|
+
test_files: []
|