From 143e7a5080b0fd2f7f5f6139f1a5f621052928c2 Mon Sep 17 00:00:00 2001
From: Boris LONJON <boris.lonjon@limos.fr>
Date: Wed, 24 Jan 2024 18:28:33 +0100
Subject: [PATCH] qsd
---
wireguard-attacker/attack-mac-anonymity | 1 +
wireguard-attacker/attack-precomutation | 89 ++++++++++++++++++++++---
wireguard-attacker/requirements.txt | 4 +-
3 files changed, 84 insertions(+), 10 deletions(-)
diff --git a/wireguard-attacker/attack-mac-anonymity b/wireguard-attacker/attack-mac-anonymity
index 6690478..2aa1dc0 100755
--- a/wireguard-attacker/attack-mac-anonymity
+++ b/wireguard-attacker/attack-mac-anonymity
@@ -10,6 +10,7 @@ from binascii import hexlify
MAC_LABEL_CONST = 'mac1----'.encode('utf-8')
CLIENT_1_PUBKEY = '85Ey6fLDcFadWd+MRPHAuBEAHJ6MIUbl2jNsCZJXmRI='
CLIENT_2_PUBKEY = 'gtPyxcaZzC7LkLq/QGzvVLEHaIOfdJ6nb79wx8C7YT8='
+SERVER_PUBKEY = '+O7mAJK0m7Ts62WuP1Et1/RanAq5yFPAgDxuyR9TtD4='
def signal_handler(sig, frame):
diff --git a/wireguard-attacker/attack-precomutation b/wireguard-attacker/attack-precomutation
index 53e73d4..39385b4 100755
--- a/wireguard-attacker/attack-precomutation
+++ b/wireguard-attacker/attack-precomutation
@@ -1,15 +1,86 @@
#!/usr/bin/env python
-from io import BytesIO
+import signal
+import sys
+from base64 import b64decode
+from binascii import hexlify
+from scapy.all import sniff, IP, UDP, Raw
+from hashlib import blake2s
+from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
+from Crypto.PublicKey import ECC
-# Creating an in-memory byte stream
-in_memory_stream = BytesIO()
+CONSTRUCTION = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s".encode('utf-8')
+IDENTIFIER = "WireGuard v1 zx2c4 Jason@zx2c4.com".encode('utf-8')
-# Writing to the in-memory stream
-in_memory_stream.write(b"Hello, World!")
+CLIENT_1_PUBKEY = b64decode('85Ey6fLDcFadWd+MRPHAuBEAHJ6MIUbl2jNsCZJXmRI=')
+CLIENT_2_PUBKEY = b64decode('gtPyxcaZzC7LkLq/QGzvVLEHaIOfdJ6nb79wx8C7YT8=')
+SERVER_PUBKEY = b64decode('+O7mAJK0m7Ts62WuP1Et1/RanAq5yFPAgDxuyR9TtD4=')
-# Reading from the in-memory stream
-in_memory_stream.seek(0)
-data = in_memory_stream.read()
-print("Data from in-memory stream:", data)
\ No newline at end of file
+def kdf(n, key, input):
+ t0 = hmac(key, input)
+ t1 = hmac(t0, b'0x01')
+ t2 = hmac(t0, t1 + b'0x02')
+
+ if n == 1:
+ return t1
+ if n == 2:
+ returns (t1, t2)
+
+def hmac(input, key):
+ return blake2s(input, key=key, digest_size=16).digest()
+
+def hash(input):
+ return blake2s(input, digest_size=32).digest()
+# Diffie Helmann
+def dh():
+ pass
+
+# server_pubkey = decode_pubkey(SERVER_PUBKEY)
+# client1_pubkey = decode_pubkey(CLIENT_1_PUBKEY)
+
+print("CONSTRUCTION : ", hexlify(CONSTRUCTION))
+
+Ci = hash(CONSTRUCTION)
+print("Ci : ", hexlify(Ci))
+
+Hi = hash(Ci + IDENTIFIER)
+print("Hi : ", hexlify(Hi))
+
+Hi = hash(Hi + SERVER_PUBKEY)
+print("SERVER_PUBKEY : ", hexlify(SERVER_PUBKEY))
+print("Hi : ", hexlify(Hi))
+
+ephemeral_privkey = ECC.generate(curve='Ed25519')
+ephemeral_pubkey = ephemeral_privkey.public_key()
+ephemeral = ephemeral_pubkey.export_key(format='raw')
+
+# print(ephemeral_privkey.export_key(format='PEM'))
+# print(ephemeral_pubkey.export_key(format='PEM'))
+
+# print(hexlify(ephemeral_privkey.export_key(format='raw')))
+print("PUBKEY : ", hexlify(ephemeral))
+
+print('\nPoints de la courbe et Seed')
+print(ephemeral_privkey)
+print(ephemeral_pubkey)
+
+Ci = kdf(1, ephemeral, Ci)
+print("Ci : ", hexlify(Ci))
+
+# ephemeral = ephemeral
+
+Hi = hash(Hi + ephemeral)
+print("Hi : ", hexlify(Hi))
+
+(Ci, k) = kdf(2, dh(ephemeral_privkey, SERVER_PUBKEY), Ci)
+
+# msg_static = aead(k, 0, , Hi)
+
+# Hi = hash(Hi + msg_static)
+
+# (Ci, k) = kdf(2, dh(CLIENT_1_PUBKEY, SERVER_PUBKEY), Ci)
+
+# msg_timestamp = aead(k, 0, timestamp(TAI64N), Hi)
+
+# Hi = hash(Hi + msg_timestamp)
\ No newline at end of file
diff --git a/wireguard-attacker/requirements.txt b/wireguard-attacker/requirements.txt
index 93b351f..7594a13 100644
--- a/wireguard-attacker/requirements.txt
+++ b/wireguard-attacker/requirements.txt
@@ -1 +1,3 @@
-scapy
\ No newline at end of file
+scapy
+aead
+pycryptodome
\ No newline at end of file
--
GitLab