1 /* 2 * Copyright (c) 2007-2009 Erik Tews, Andrei Pychkine and Ralf-Philipp 3 * Weinmann. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 18 * 19 * 20 * In addition, as a special exception, the copyright holders give 21 * permission to link the code of portions of this program with the 22 * OpenSSL library under certain conditions as described in each 23 * individual source file, and distribute linked combinations 24 * including the two. 25 * You must obey the GNU General Public License in all respects 26 * for all of the code used other than OpenSSL. * If you modify 27 * file(s) with this exception, you may extend this exception to your 28 * version of the file(s), but you are not obligated to do so. * If you 29 * do not wish to do so, delete this exception statement from your 30 * version. * If you delete this exception statement from all source 31 * files in the program, then also delete it here. 32 */ 33 34 #ifndef _AIRCRACK_PTW_H_ 35 #define _AIRCRACK_PTW_H_ 36 37 #include <stdint.h> 38 39 // Number of bytes we use for our table of seen IVs, this is (2^24)/8 40 #define PTW_IVTABLELEN 2097152 41 42 // How many sessions do we use to check if a guessed key is correct 43 // 10 seems to be a reasonable choice 44 // Its now the number of sessions for selecting 10 at a random position 45 #define PTW_CONTROLSESSIONS 10000 46 47 // The maximum possible length of the main key, 13 is the maximum for a 104 bit 48 // key 49 #define PTW_KEYHSBYTES 29 50 51 // How long the IV is, 3 is the default value for WEP 52 #define PTW_IVBYTES 3 53 54 // How many bytes of a keystream we collect, 16 are needed for a 104 bit key 55 #define PTW_KSBYTES 32 56 57 // The MAGIC VALUE!! 58 #define PTW_n 256 59 60 // distinguish klein and ptw 61 #define NO_KLEIN 0x01 62 #define NO_PTW 0x02 63 64 // We use this to keep track of the outputs of A_i 65 typedef struct 66 { 67 // How often the value b appeared as an output of A_i 68 int votes; 69 70 uint8_t b; 71 } PTW_tableentry; 72 73 // A recovered session 74 typedef struct 75 { 76 // The IV used in this session 77 uint8_t iv[PTW_IVBYTES]; 78 // The keystream used in this session 79 uint8_t keystream[PTW_KSBYTES]; 80 // Weight for this session 81 int weight; 82 } PTW_session; 83 84 typedef int (*rc4test_func)(uint8_t * key, 85 int keylen, 86 uint8_t * iv, 87 uint8_t * keystream); 88 89 // The state of an attack 90 // You should usually never modify these values manually 91 typedef struct 92 { 93 // How many unique packets or IVs have been collected 94 int packets_collected; 95 // Table to check for duplicate IVs 96 uint8_t seen_iv[PTW_IVTABLELEN]; 97 // How many sessions for checking a guessed key have been collected 98 int sessions_collected; 99 // The actual recovered sessions 100 PTW_session sessions[PTW_CONTROLSESSIONS]; 101 // The table with votes for the keybytesums 102 PTW_tableentry table[PTW_KEYHSBYTES][PTW_n]; 103 // Sessions for the original klein attack 104 PTW_session * allsessions; 105 int allsessions_size; 106 // rc4test function, optimized if available 107 rc4test_func rc4test; 108 } PTW_attackstate; 109 110 PTW_attackstate * PTW_newattackstate(void); 111 void PTW_freeattackstate(PTW_attackstate *); 112 int PTW_addsession(PTW_attackstate *, uint8_t *, uint8_t *, int *, int); 113 int PTW_computeKey( 114 PTW_attackstate *, uint8_t *, int, int, int *, int[][PTW_n], int attacks); 115 116 #endif 117