1 /*- 2 * Copyright (c) 2007, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann 3 * <aircrack-ptw@cdc.informatik.tu-darmstadt.de> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 #include <stdint.h> 28 29 // Number of bytes we use for our table of seen IVs, this is (2^24)/8 30 #define PTW_IVTABLELEN 2097152 31 32 // How many sessions do we use to check if a guessed key is correct 33 // 10 seems to be a reasonable choice 34 #define PTW_CONTROLSESSIONS 10 35 36 // The maximum possible length of the main key, 13 is the maximum for a 104 bit key 37 #define PTW_KEYHSBYTES 13 38 39 // How long the IV is, 3 is the default value for WEP 40 #define PTW_IVBYTES 3 41 42 // How many bytes of a keystream we collect, 16 are needed for a 104 bit key 43 #define PTW_KSBYTES 16 44 45 // The MAGIC VALUE!! 46 #define PTW_n 256 47 48 // We use this to keep track of the outputs of A_i 49 typedef struct { 50 // How often the value b appeard as an output of A_i 51 int votes; 52 53 uint8_t b; 54 } PTW_tableentry; 55 56 // A recovered session 57 typedef struct { 58 // The IV used in this session 59 uint8_t iv[PTW_IVBYTES]; 60 // The keystream used in this session 61 uint8_t keystream[PTW_KSBYTES]; 62 } PTW_session; 63 64 // The state of an attack 65 // You should usually never modify these values manually 66 typedef struct { 67 // How many unique packets or IVs have been collected 68 int packets_collected; 69 // Table to check for duplicate IVs 70 uint8_t seen_iv[PTW_IVTABLELEN]; 71 // How many sessions for checking a guessed key have been collected 72 int sessions_collected; 73 // The actual recovered sessions 74 PTW_session sessions[PTW_CONTROLSESSIONS]; 75 // The table with votes for the keybytesums 76 PTW_tableentry table[PTW_KEYHSBYTES][PTW_n]; 77 } PTW_attackstate; 78 79 PTW_attackstate * PTW_newattackstate(); 80 void PTW_freeattackstate(PTW_attackstate *); 81 int PTW_addsession(PTW_attackstate *, uint8_t *, uint8_t *); 82 int PTW_computeKey(PTW_attackstate *, uint8_t *, int, int); 83