FMS在C ++中对WEP的攻击

时间:2014-09-11 15:11:50

标签: c++ security encryption rc4-cipher wep

我试图在WEP上实施FMS attack。据我所知,这次攻击利用了RC4 sbox部分未改变的概率来创造"已知" sbox声明对密钥进行逆向工程。对于许多样本,正确的密钥八位字节应该比噪声更频繁出现。

应添加到频率计数的值为:

enter image description here

其中(我认为;符号没有正确定义)

  • B从0开始
  • P.out是输出的密钥流字节
  • S是Sbox
  • j是"指针"用于RC4密钥调度算法

在我的代码中,我生成了600万个数据包:一个常量根密钥和常量明文来模拟常量头,然后用RC4(IV + root_key).encrypt(plaintext)加密,而不丢弃前256个八位字节)。 (IV, encrypted_data)对通过get_key函数运行:

uint8_t RC4_ksa(const std::string & k, std::array <uint8_t, 256> & s, const uint16_t octets = 256){
    for(uint16_t i = 0; i < 256; i++){
        s[i] = i;
    }

    uint8_t j = 0;
    for(uint16_t i = 0; i < octets; i++){
        j = (j + s[i] + k[i % k.size()]);
        std::swap(s[i], s[j]);
    }

    return j;
}

std::string get_key(const uint8_t keylen, const std::vector <std::pair <std::string, std::string> > & captured){
    std::string rkey = "";               // root key to build
    const std::string & pt = header;     // "plaintext" with constant header

    // recreate root key one octet at a time
    for(uint8_t i = 3; i < keylen; i++){
        // vote counter for current octet
        std::array <unsigned int, 256> votes;
        votes.fill(0);

        uint8_t most = 0;                // most probable index/octet value

        // get vote from each "captured" ciphertext
        for(std::pair <std::string, std::string> const & c : captured){
            const std::string & IV = c.first;

            // IV should be of form (i = root key index + 3, 255, some value)
            if ((static_cast<uint8_t> (IV[0]) != i) ||
                (static_cast<uint8_t> (IV[1]) != 0xff)){
                continue; // skip this data
            }

            const std::string & ct = c.second;
            const std::string key = IV + rkey;

            // find current packet's vote
            std::array <uint8_t, 256> sbox;           // SBox after simulating; fill with RC4_ksa
            uint8_t j = RC4_ksa(key, sbox, i);        // simulate using key in KSA, up to known octets only

            uint8_t keybytestream = pt[i - 3] ^ ct[i - 3];

            // S^-1[keybytestream]
            uint16_t sinv;
            for(sinv = 0; sinv < 256; sinv++){
                if (sbox[sinv] == keybytestream){
                    break;
                }
            }

            // get mapping
            uint8_t ki = sinv - j - sbox[i];

            // add to tally and keep track of which tally is highest
            votes[ki]++;
            if (votes[ki] > votes[most]){
                most = ki;
            }
        }

        // select highest voted value as next key octet
        rkey += std::string(1, most);
    }

    return rkey;
}

我得到的密钥完全不正确。我觉得这个错误可能是一次性的错误或类似的傻事,但我已经让两个人看看这个,而且没有人设法弄清楚出了什么问题。

有什么明显错误吗?如果没有,那么什么不是那么明显错误?

0 个答案:

没有答案
相关问题
最新问题