router_crypt 0.3.0

data/.gitignore

@@ -0,0 +1 @@
+gems/*

data/.rspec

@@ -0,0 +1 @@
+--colour

data/Gemfile

@@ -0,0 +1,3 @@
+group :test do
+  gem 'rspec'
+end

data/Gemfile.lock

@@ -0,0 +1,17 @@
+GEM
+  specs:
+    diff-lcs (1.2.1)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.0)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rspec

data/README.md

@@ -0,0 +1,36 @@
+router_crypt
+============
+
+About
+-----
+Ruby library and executable to (de)crypt various router vendors (JunOS, IOS, NXOS) password. As of now, only decrypt is implemented
+
+
+Installation
+------------
+gem install router_crypt
+
+
+CLI usage
+---------
+rtrcrypt [encrypted password]
+
+
+Library usage
+-------------
+require 'router_crypt'
+
+RouterCrypt::IOS.decrypt ios_pw
+RouterCrypt::NXOS.decrypt nxos_pw
+RouterCrypt::JunOS.decrypt junos_pw
+
+
+Thanks
+------
+I've ripped the JunOS algo from CPAN Crypt::Juniper by Kevin Brintnall. IOS algo
+source is unknown I've ported it long time ago from anonymous perl source.
+
+
+License
+-------
+Public domain, copyleft, whatnot

data/bin/rtrcrypt

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby20
+
+require 'router_crypt'
+
+begin
+  p RouterCrypt::CLI.run
+rescue => e
+  warn "ERROR: #{e}"
+end

data/lib/cli/cli.rb

@@ -0,0 +1,16 @@
+class RouterCrypt::CLI
+  class << self
+    def run
+      pw = ARGV[0].dup or raise ArgumentError, 'no password given'
+      case pw
+      when /^\$9\$/
+        RouterCrypt::JunOS.decrypt pw
+      when /^[\dA-F]+$/
+        RouterCrypt::IOS.decrypt pw
+      else
+        #presume it's NXOS, no clear way to separate garbage and NXOS PW
+        RouterCrypt::NXOS.decrypt pw
+      end
+    end
+  end
+end

data/lib/ios/common.rb

@@ -0,0 +1,3 @@
+class RouterCrypt::IOS
+  KEY = 'dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87'.unpack("C*")
+end

data/lib/ios/decrypt.rb

@@ -0,0 +1,15 @@
+class RouterCrypt::IOS
+  class << self
+    # Decrypts IOS type 7 passwords. Original is from unknown perl source
+    # 
+    # @param [String] the encrypted string
+    # @return [String] the unencrypted string
+    def decrypt e_pw
+      index = e_pw.slice!(0..1).to_i-1
+      e_pw.scan(/../).inject("") do |d_pw, byte|
+        index += 1 % KEY.size
+        d_pw + (byte.hex ^ KEY[index]).chr
+      end
+    end
+  end
+end

data/lib/junos/common.rb

@@ -0,0 +1,40 @@
+class RouterCrypt::JunOS
+  class InvalidPW < StandardError; end
+  
+  ENCODE = [
+      [ 1,  4, 32 ],
+      [ 1, 16, 32 ],
+      [ 1,  8, 32 ],
+      [ 1, 64     ],
+      [ 1, 32     ],
+      [ 1, 4, 16, 128 ],
+      [ 1, 32, 64 ],
+  ]
+  EXTRA   = {}
+  KEY     = %w( QzF3n6/9CAtpu0O B1IREhcSyrleKvMW8LXx 7N-dVbwsY2g4oaJZGUDj iHkq.mPf5T )
+  KEYCHAR = KEY.join.each_char.to_a
+  KEY.each_with_index do |key, index|
+    key.each_char { |c| EXTRA[c] = 3-index }
+  end
+  
+  class << self
+  
+    private 
+ 
+    def nibble str, len
+      nib, str[0..len-1] = str[0..len-1], ''
+      nib.size == len or raise InvalidPW, 'Insufficent amont of characters'
+      nib
+    end
+  
+    def gap c1, c2
+      (KEYCHAR.index(c1) - KEYCHAR.index(c2)) % KEYCHAR.size - 1 
+    end
+  
+    def gap_decode gaps, dec
+      gaps.size == dec.size or raise InvalidPW, 'gaps and dec are unequal size'
+      (gaps.each_with_index.inject(0) { |num, (e, index)| num + e * dec[index] } % 256).chr
+    end
+  
+  end
+end

data/lib/junos/decrypt.rb

@@ -0,0 +1,27 @@
+class RouterCrypt::JunOS
+  class << self
+    # Decrypts JunOS $9$ style passwords. This is reimplementation of CPAN 
+    # Crypt::Juniper (by Kevin Brintnall, <kbrint at rufus.net>)  ''juniper_decrypt' function
+    #
+    # @param [String] the encrypted string, with or without $9$ in front of it
+    # @return [String] the unencrypted string
+    def decrypt e_pw
+      e_pw  = e_pw[3..-1] if e_pw['$9$']
+      d_pw  = ''
+      prev  = nibble e_pw, 1
+      nibble e_pw, EXTRA[prev]
+  
+      while e_pw.size > 0
+        decode = ENCODE[d_pw.size % ENCODE.size]
+        gaps   = nibble(e_pw, decode.size).each_char.map do |e|
+          g    = gap e, prev
+          prev = e
+          g
+        end
+        d_pw += gap_decode gaps, decode
+      end
+
+      d_pw
+    end
+  end
+end

data/lib/nxos/common.rb

@@ -0,0 +1,4 @@
+class RouterCrypt::NXOS
+  KEY   = 'dwefsavfsdkfqweqyrmfvsfwthdwefsavfsdkfqweqyrmfvsfwthdwefsavfsdk'.unpack('C*')
+  ALPHA = ('a'..'z').to_a
+end

data/lib/nxos/decrypt.rb

@@ -0,0 +1,15 @@
+class RouterCrypt::NXOS
+  class << self
+    # Decrypts NXOS type 7 passwords, original research
+    #
+    # @param [String] the unencrypted string
+    # @return [String] the decrypted string
+    def decrypt e_pw
+      index = -1
+      e_pw.each_char.inject("") do |d_pw, chr|
+        index += 1
+        d_pw + (ALPHA.include?(chr) ? ALPHA[chr.ord - KEY[index]] : chr)
+      end
+    end
+  end
+end

data/lib/router_crypt.rb

@@ -0,0 +1,10 @@
+class RouterCrypt
+end
+
+require 'junos/common'
+require 'junos/decrypt'
+require 'ios/common'
+require 'ios/decrypt'
+require 'nxos/common'
+require 'nxos/decrypt'
+require 'cli/cli'

data/rakefile

@@ -0,0 +1,36 @@
+begin
+  require 'bundler'
+  require 'rspec/core/rake_task'
+  Bundler.setup
+rescue LoadError
+  warn 'missing dependencies'
+  exit 42
+end
+
+
+gemspec = eval(File.read(Dir['*.gemspec'].first))
+
+desc 'Validate the gemspec'
+task :gemspec do
+  gemspec.validate
+end
+
+RSpec::Core::RakeTask.new(:spec)
+
+
+desc "Build gem locally"
+task :build => %i(spec gemspec) do
+  system "gem build #{gemspec.name}.gemspec"
+  FileUtils.mkdir_p "gems"
+  FileUtils.mv "#{gemspec.name}-#{gemspec.version}.gem", "gems"
+end
+
+desc "Install gem locally"
+task :install => :build do
+  system "sudo sh -c \'umask 022; gem20 install gems/#{gemspec.name}-#{gemspec.version}\'"
+end
+
+desc "Clean automatically generated files"
+task :clean do
+  FileUtils.rm_rf "gems"
+end

data/router_crypt.gemspec

@@ -0,0 +1,15 @@
+Gem::Specification.new do |s|
+  s.name              = 'router_crypt'
+  s.version           = '0.3.0'
+  s.platform          = Gem::Platform::RUBY
+  s.authors           = [ 'Saku Ytti' ]
+  s.email             = %w( saku@ytti.fi )
+  s.homepage          = 'http://github.com/ytti/router_crypt'
+  s.summary           = 'Crypt library for JunOS/IOS/NX-OS passwords'
+  s.description       = 'Library and binary which decrypt (crypt unimplemented) Juniper JunOS $9$, Cisco IOS type 7 and Cisco NX-OS passwords'
+  s.rubyforge_project = s.name
+  s.files             = `git ls-files`.split("\n")
+  s.executables       = %w( rtrcrypt )
+  s.require_path      = 'lib'
+  s.required_rubygems_version = '>= 1.3.6'
+end

data/spec/ios/decrypt_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+require 'router_crypt'
+
+describe RouterCrypt::IOS, '#decrypt' do
+  it 'returns correct decrypted password' do
+    clear = RouterCrypt::IOS.decrypt CRYPT_IOS
+    clear.should eq CLEAR
+  end
+end

data/spec/junos/common_spec.rb

@@ -0,0 +1,39 @@
+require 'router_crypt'
+
+
+describe RouterCrypt::JunOS, '#nibble' do
+  it 'returns k for 1 char out of "kakka"' do
+    str = 'kakka'
+    nib = RouterCrypt::JunOS.send :nibble, str, 1
+    nib.should eq 'k'
+    str.should eq 'akka'
+  end
+  it 'returns kak for 3 char out of "kakka"' do
+    str = 'kakka'
+    nib = RouterCrypt::JunOS.send :nibble, str, 3
+    nib.should eq 'kak'
+    str.should eq 'ka'
+  end
+end
+
+describe RouterCrypt::JunOS, '#gap' do
+  it 'returns 7 for gap between k and J' do
+    gap = RouterCrypt::JunOS.send :gap, 'k', 'J'
+    gap.should eq 7
+  end
+  it 'returns 56 for gap between J and k' do
+    gap = RouterCrypt::JunOS.send :gap, 'J', 'k'
+    gap.should eq 56 
+  end
+end
+
+describe RouterCrypt::JunOS, "#gaps" do
+  it 'returns ) for [gaps], [dec]' do 
+    chr = RouterCrypt::JunOS.send :gap_decode, RouterCrypt::JunOS::ENCODE[1], [9, 42, 12]
+    chr.should eq ')'
+  end
+  it 'returns n for [gaps2], [dec2]' do 
+    chr = RouterCrypt::JunOS.send :gap_decode, RouterCrypt::JunOS::ENCODE[5], [42, 69, 99, 4]
+    chr.should eq 'n'
+  end
+end

data/spec/junos/decrypt_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+require 'router_crypt'
+
+describe RouterCrypt::JunOS, '#decrypt' do
+  it 'returns correct decrypted password' do
+    clear = RouterCrypt::JunOS.decrypt CRYPT_JUNOS
+    clear.should eq CLEAR
+  end
+end

data/spec/nxos/decrypt_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+require 'router_crypt'
+
+describe RouterCrypt::NXOS, '#decrypt' do
+  it 'returns correct decrypted password' do
+    clear = RouterCrypt::NXOS.decrypt CRYPT_NXOS
+    clear.should eq CLEAR
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+CLEAR       = '99problemsbutpwaintone'
+CRYPT_JUNOS = '$9$40aikFn/9tOQFRSleXxoJGDi.CA0Ihr.PRSylXxGDi.Qn/9p0BEz3rvLNY2.P5QF/'
+CRYPT_IOS   = '12405C0700040E082F26372A26213204061F0D1559575D'
+CRYPT_NXOS  = '99twgbgjevlzjlaqgeftiw'
+
+RSpec.configure do |config|
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: router_crypt
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+  prerelease: 
+platform: ruby
+authors:
+- Saku Ytti
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-07 00:00:00.000000000 Z
+dependencies: []
+description: Library and binary which decrypt (crypt unimplemented) Juniper JunOS
+  $9$, Cisco IOS type 7 and Cisco NX-OS passwords
+email:
+- saku@ytti.fi
+executables:
+- rtrcrypt
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- README.md
+- bin/rtrcrypt
+- lib/cli/cli.rb
+- lib/ios/common.rb
+- lib/ios/decrypt.rb
+- lib/junos/common.rb
+- lib/junos/decrypt.rb
+- lib/nxos/common.rb
+- lib/nxos/decrypt.rb
+- lib/router_crypt.rb
+- rakefile
+- router_crypt.gemspec
+- spec/ios/decrypt_spec.rb
+- spec/junos/common_spec.rb
+- spec/junos/decrypt_spec.rb
+- spec/nxos/decrypt_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/ytti/router_crypt
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 322463051478397895
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: router_crypt
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Crypt library for JunOS/IOS/NX-OS passwords
+test_files: []