In order to crack DES you need enough information to verify if the key you’re trying is correct. In the case of MSCHAPv2 we have full known plaintext because it’s sent across the wire in the clear as the challenge. In other cases we may only know some bits of a header that’s being encrypted or that it’s all ascii numbers, etc. To keep the FPGA design running fast we implement a simple mask and compare operation to the plaintext and return any keys that cause a match. The candidate keys can then be further examined with software (through fully decrypting, checking CRCs, etc).
$ ./des_kpt.py encrypt -p 0000000000000000 -k 1044ca254cddc4 -i 0123456789abcdef PT = 0000000000000000 IV = 0123456789abcdef PT+IV = 0123456789abcdef CT = 825f48ccfd6829f0 K = 1044ca254cddc4 KP = 1023324554677689 E = 1 $ ./des_kpt.py decrypt -c 837c0dab74c3e41f -k 1044ca254cddc4 -i 0123456789abcdef PT = 0123456789abcdef IV = 0123456789abcdef CT = 837c0dab74c3e41f CT+IV = 825f48ccfd6829f0 K = 1044ca254cddc4 KP = 1023324554677689 E = 0
Generating a Token
Once you’re satisfied that you’ve found the right plaintext, ciphertext, and mask that you’d like to submit, then use des_kpt to generate your token:
$ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0 PT = 0123456789ab0000 M = ffffffffffff0000 CT = 825f48ccfd6829f0 E = 0 crack.sh Submission = $98$ASNFZ4mrze////////8AAIJfSMz9aCnw $ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0 -e PT = 0123456789abcdef M = ffffffffffff0000 CT = 825f48ccfd680000 E = 1 crack.sh Submission = $97$ASNFZ4mrze////////8AAIJfSMz9aAAA
The token can then be submitted to the Get Cracking page to get added to the queue.
To prevent bandwidth issues and reduce the result file size, we require that the mask in your submitted token have at most 24 zero bits.