IKE-Crack (HMAC_MD5 an d HMAC_SHA1)

Forum for developers to discuss development
  • Ads

IKE-Crack (HMAC_MD5 an d HMAC_SHA1)

Postby sti » Thu Dec 15, 2011 10:47 am

Hi Bitweasil, hi all,

While cheap GPU crackers are evolving, a lot of promising projects and tools have been started.
What I am sadly missing in all those tools is the possibility to brute force RFC 2409 based IKE aggressive mode PSK authentication.

This is still a common and whitespread VPN flaw - as our penetration tests reveal regularly (more info here: http://www.nta-monitor.com/posts/2005/0 ... epaper.pdf).
Tools like psk-crack address this issue with traditional CPU based brute-forcing or dictionary attacks: http://www.nta-monitor.com/wiki/index.p ... o_ike-scan

A always liked the idea of a GPU accelerated IKE-Crack, but never found a suitable project to avoid starting from scratch, until I stumbled over your Multiforcers.
To make it short: I am really interested in implementing the psk-crack part of the above mentioned ike-scan into your Multiforcers. Basically we need HMAC_MD5 and HMAC_SHA1 and another fIletype to deal with the PSK hash data.

The HMAC_SHA1 and HMAC_MD5 transforms basically look like this:

MD5(K XOR opad, MD5(K XOR ipad, cleartext))
SHA1(K XOR opad, SHA1(K XOR ipad, cleartext))

* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times

For IKE-cracking you first need to calculate an SKEYID with either HMAC_MD5 or HMAC_SHA1 using some of the PSK parameters and the password and then calculate HASH_R using SKEYID and the other PSK parameters using the same transform as before.

Since I am not an experienced developer (and never designed any parallel GPU code), it would take me a lot of effort to learn from your existing CUDA HashType implementations to add the two new HashTypes, even though it might be a lot of copy and paste. Hence I'd like to know if you are interested in extending your project and implementing the needed HashTypes. If you can imagine any kind of cooperation, just let me know. If you like to dig into the topic a little deeper just grab a copy of IKE-Scan: http://www.nta-monitor.com/tools/ike-scan/index.html and look at psk-crack.c and hash_functions.h

Best regards,
-marek
sti
 
Posts: 1
Joined: Thu Dec 15, 2011 9:15 am

Re: IKE-Crack (HMAC_MD5 an d HMAC_SHA1)

Postby Bitweasil » Fri Dec 16, 2011 1:23 am

Very interesting proposal. I have emailed you for more information, but I believe I can plan to add this in the next month or two.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Re: IKE-Crack (HMAC_MD5 an d HMAC_SHA1)

Postby f0cker » Tue Aug 07, 2012 9:39 pm

I would love to see psk cracking get some proper cuda/openCL attention, this would be a great feature. Unfortunately my C++ fu is non-existent, I'll pick up a book when I get the time hehe.
f0cker
 
Posts: 1
Joined: Sun Jul 29, 2012 2:08 am

Re: IKE-Crack (HMAC_MD5 an d HMAC_SHA1)

Postby Bitweasil » Thu Aug 09, 2012 11:11 pm

If you'd like some simple stuff to work on, let me know.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm


Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest

cron