Known Plaintext
In order to crack DES you need enough information to verify if the key you’re trying is correct. In the case of MSCHAPv2 we have full known plaintext because it’s sent across the wire in the clear as the challenge. In other cases we may only know some bits of a header that’s being encrypted or that it’s all ascii numbers, etc. To keep the FPGA design running fast we implement a simple mask and compare operation to the plaintext and return any keys that cause a match. The candidate keys can then be further examined with software (through fully decrypting, checking CRCs, etc).
Test Vectors
You can use our des_kpt test vector calculator to verify that the values you submit are in the correct format. Here’s a couple of examples of encryption and decryption using des_kpt:
$ ./des_kpt.py encrypt -p 0000000000000000 -k 1044ca254cddc4 -i 0123456789abcdef
PT = 0000000000000000
IV = 0123456789abcdef
PT+IV = 0123456789abcdef
CT = 825f48ccfd6829f0
K = 1044ca254cddc4
KP = 1023324554677689
E = 1
$ ./des_kpt.py decrypt -c 837c0dab74c3e41f -k 1044ca254cddc4 -i 0123456789abcdef
PT = 0123456789abcdef
IV = 0123456789abcdef
CT = 837c0dab74c3e41f
CT+IV = 825f48ccfd6829f0
K = 1044ca254cddc4
KP = 1023324554677689
E = 0
Generating a Token
Once you’re satisfied that you’ve found the right plaintext, ciphertext, and mask that you’d like to submit, then use des_kpt to generate your token:
$ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0
PT = 0123456789ab0000
M = ffffffffffff0000
CT = 825f48ccfd6829f0
E = 0
crack.sh Submission = $98$ASNFZ4mrze////////8AAIJfSMz9aCnw
$ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0 -e
PT = 0123456789abcdef
M = ffffffffffff0000
CT = 825f48ccfd680000
E = 1
crack.sh Submission = $97$ASNFZ4mrze////////8AAIJfSMz9aAAA
The token can then be submitted to the Get Cracking page to get added to the queue.
Rules
To prevent bandwidth issues and reduce the result file size, we require that the mask in your submitted token have at most 24 zero bits.