decode_mmxp.c - net/dsniff - Rivoreo Source Code Repositories

 /*
  * decode_mmxp.c
  *
  * Meeting Maker.
  *
  * Thanks for Matt Power <mhpower@MIT.EDU> for his BUGTRAQ post
  * on Meeting Maker encryption, and for providing me with traffic traces.
  *
  * The encryption algorithm seems to be much simpler than what Matt
  * reversed - see below...
  *
  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
  *
  * $Id: decode_mmxp.c,v 1.8 2001/03/15 08:33:01 dugsong Exp $
  */

 #include "config.h"

 #include <sys/types.h>
 #include <arpa/nameser.h>
 #include <netinet/in.h>
 #include <stdio.h>
 #include <string.h>

 #include "buf.h"
 #include "decode.h"

 #define MM_SECRET	"Thisisastupidwasteoftimeandspace"

 static u_char *mm_xor = (u_char *)MM_SECRET;

 int
 decode_mmxp(u_char *buf, int len, u_char *obuf, int olen)
 {
 	struct buf inbuf, outbuf;
 	u_char *p, c;
 	u_int32_t i;
 	int encrypt;

 	buf_init(&inbuf, buf, len);
 	buf_init(&outbuf, obuf, len);

 	while ((i = buf_index(&inbuf, "\x00\x00\x24\x55", 4)) != -1) {
 		buf_skip(&inbuf, i + 4);

 		if (buf_cmp(&inbuf, "\x7f\xff", 2) == 0)
 			encrypt = 1;
 		else if (buf_cmp(&inbuf, "\xff\xff", 2) == 0)
 			encrypt = 0;
 		else continue;

 		buf_skip(&inbuf, 4);

 		/* LPPPg? */
 		if (buf_get(&inbuf, &i, sizeof(i)) < 0)
 			break;

 		i = ntohl(i);
 		if (buf_skip(&inbuf, i + 4 + 4) < 0)
 			continue;

 		/* Server. */
 		if (buf_get(&inbuf, &c, 1) != 1) break;
 		if (buf_len(&inbuf) < c) break;

 		buf_put(&outbuf, buf_ptr(&inbuf), c);
 		buf_put(&outbuf, "\n", 1);
 		buf_skip(&inbuf, c + 4);

 		/* Username. */
 		if (buf_get(&inbuf, &c, 1) != 1) break;
 		if (buf_len(&inbuf) < c) break;

 		buf_put(&outbuf, buf_ptr(&inbuf), c);
 		buf_put(&outbuf, "\n", 1);
 		buf_skip(&inbuf, c + 4);

 		/* Password. */
 		if (buf_get(&inbuf, &c, 1) != 1) break;
 		if (buf_len(&inbuf) < c) break;

 		p = buf_ptr(&inbuf);

 		if (encrypt) {
 			for (i = 0; i < c; i++)
 				p[i] ^= mm_xor[i % (sizeof(MM_SECRET) - 1)];
 		}
 		buf_put(&outbuf, p, c);
 		buf_put(&outbuf, "\n", 1);
 	}
 	buf_end(&outbuf);

 	return (buf_len(&outbuf));
 }
	/*
	* decode_mmxp.c
	*
	* Meeting Maker.
	*
	* Thanks for Matt Power <mhpower@MIT.EDU> for his BUGTRAQ post
	* on Meeting Maker encryption, and for providing me with traffic traces.
	*
	* The encryption algorithm seems to be much simpler than what Matt
	* reversed - see below...
	*
	* Copyright (c) 2000 Dug Song <dugsong@monkey.org>
	*
	* $Id: decode_mmxp.c,v 1.8 2001/03/15 08:33:01 dugsong Exp $
	*/

	#include "config.h"

	#include <sys/types.h>
	#include <arpa/nameser.h>
	#include <netinet/in.h>
	#include <stdio.h>
	#include <string.h>

	#include "buf.h"
	#include "decode.h"

	#define MM_SECRET "Thisisastupidwasteoftimeandspace"

	static u_char mm_xor = (u_char )MM_SECRET;

	int
	decode_mmxp(u_char buf, int len, u_char obuf, int olen)
	{
	struct buf inbuf, outbuf;
	u_char *p, c;
	u_int32_t i;
	int encrypt;

	buf_init(&inbuf, buf, len);
	buf_init(&outbuf, obuf, len);

	while ((i = buf_index(&inbuf, "\x00\x00\x24\x55", 4)) != -1) {
	buf_skip(&inbuf, i + 4);

	if (buf_cmp(&inbuf, "\x7f\xff", 2) == 0)
	encrypt = 1;
	else if (buf_cmp(&inbuf, "\xff\xff", 2) == 0)
	encrypt = 0;
	else continue;

	buf_skip(&inbuf, 4);

	/* LPPPg? */
	if (buf_get(&inbuf, &i, sizeof(i)) < 0)
	break;

	i = ntohl(i);
	if (buf_skip(&inbuf, i + 4 + 4) < 0)
	continue;

	/* Server. */
	if (buf_get(&inbuf, &c, 1) != 1) break;
	if (buf_len(&inbuf) < c) break;

	buf_put(&outbuf, buf_ptr(&inbuf), c);
	buf_put(&outbuf, "\n", 1);
	buf_skip(&inbuf, c + 4);

	/* Username. */
	if (buf_get(&inbuf, &c, 1) != 1) break;
	if (buf_len(&inbuf) < c) break;

	buf_put(&outbuf, buf_ptr(&inbuf), c);
	buf_put(&outbuf, "\n", 1);
	buf_skip(&inbuf, c + 4);

	/* Password. */
	if (buf_get(&inbuf, &c, 1) != 1) break;
	if (buf_len(&inbuf) < c) break;

	p = buf_ptr(&inbuf);

	if (encrypt) {
	for (i = 0; i < c; i++)
	p[i] ^= mm_xor[i % (sizeof(MM_SECRET) - 1)];
	}
	buf_put(&outbuf, p, c);
	buf_put(&outbuf, "\n", 1);
	}
	buf_end(&outbuf);

	return (buf_len(&outbuf));
	}