Firewalls: SNK checksum generation

Firewalls
(May 1994)

Indexed By Thread: [Previous] [Next]

Subject:	SNK checksum generation
From:	lacoursj @ uprc . com (Jeffrey D. LaCoursiere)
Date:	Fri, 27 May 1994 11:07:42 +0600
To:	firewalls @ greatcircle . com

 
At long last, an snkkey that will spit out checksum info
when loading your keys...
 
Sorry took so long to get this posted - had to wait for
permission from the Digital Pathways folks.  Many thanks 
to mjr and Steve Bellovin for putting up with my constant
queries.  Thanks also to jayb @
 qsun .
 att .
 com for the observations
that eventually led to cracking the algorithm used :->
 
Jeff LaCoursiere
Network Admin
UPRC
Ft. Worth, TX
/**********************************************************************

              THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE

**********************************************************************/

 
/*-
 * Copyright (c) 1993, Trusted Information Systems, Incorporated
 * All rights reserved.
 *
 * Redistribution and use are governed by the terms detailed in the
 * license document ("LICENSE") included with the toolkit.
 */
 
/*
 *      Author: Marcus J. Ranum, Trusted Information Systems, Inc.
 */
static  char    RcsId[] = "$Header: snkkey.c,v 1.1 93/10/20 11:14:40 mjr rel $";
#include <stdio.h>
#include <time.h>
 
extern  long    random();
 
#include        "des.h"
 
/*
        This is a simple hack to produce pretty random shared
        secrets for Digital Pathways SNK units.
 
        mjr.
*/
 
main()
{
        char                    buf[BUFSIZ];
        des_key_schedule        keysched;
        des_cblock              cblock;
        char                    cbuf[12];
        int                     seed,i,j;
        long                    now;
        long                    quad1;
        long                    quad2;
        unsigned char           *p1,*p2;
        unsigned long           kval=0;
 
        /* generate a seed from user typomatic */
        fprintf(stderr,"Enter a line of text as a seed: ");
        fgets(buf,sizeof(buf),stdin);
        des_string_to_key(buf,cblock);
        des_set_key(cblock,keysched);
        des_ecb_encrypt(buf,cbuf,keysched,DES_ENCRYPT);
 
        /* stuff raw cipherstuff into the seed */
        bcopy(cbuf,&seed,sizeof(int));
        time(&now);
        srandom(seed ^ (int)now);
 
        /* that should satisfy casual users */
        quad1 = random();
        quad2 = random();
 
        p1 = (unsigned char *)&quad1;
        p2 = (unsigned char *)&quad2;
 
        /*
         *  set up key using generated octals
         */
 
        for (i=0; i<4; i++) {
                cblock[i]=p1[i];
                cblock[i+4]=p2[i];
        }
 
        des_set_key(cblock,keysched);
 
        /*
         *  encrypt string of nulls for checksum
         */
 
        /* zeroize the entire buffer */
        for(i = 0; i < 9; i++)
                buf[i] = '\0';
 
        des_ecb_encrypt(buf,cbuf,keysched,DES_ENCRYPT);
 
        /* pull some bits out of the ciphertext into a long */
 
        for(i=0; i<4; i++)
                for(j = 0; j < 8; j++)
                        kval = (kval << 1) | ((cbuf[i] >> (7 - j)) & 1);
 
        /*
         * make a hex string - strip off last two chars
         */
 
        sprintf(buf,"%08x",kval);
        buf[6]='\0';  /* ugly but effective :-> */
 
        printf("Enter into snk:");
        printf("%3.3o %3.3o %3.3o %3.3o ",p1[0],p1[1],p1[2],p1[3]);
        printf("%3.3o %3.3o %3.3o %3.3o\n",p2[0],p2[1],p2[2],p2[3]);
        printf("Checksum: %s\n",buf);
 
 
        exit(0);
}

Indexed By Date	Previous:	Re: TIS gateways not observing timeout From: Frederick M Avolio <avolio @ tis . com>
Indexed By Date	Next:	Firewalls and internet security book available From: jluu @ mainsoft . com (Jose Luu)
Indexed By Thread	Previous:	Re: TIS gateways not observing timeout From: Frederick M Avolio <avolio @ tis . com>
Indexed By Thread	Next:	Firewalls and internet security book available From: jluu @ mainsoft . com (Jose Luu)