dsniff  2.4b2
About: A collection of tools for network auditing
  Fossies Dox: dsniff-2.4b2.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

decode_mmxp.c
Go to the documentation of this file.
1 /*
2  * decode_mmxp.c
3  *
4  * Meeting Maker.
5  *
6  * Thanks for Matt Power <mhpower@MIT.EDU> for his BUGTRAQ post
7  * on Meeting Maker encryption, and for providing me with traffic traces.
8  *
9  * The encryption algorithm seems to be much simpler than what Matt
10  * reversed - see below...
11  *
12  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
13  *
14  * $Id: decode_mmxp.c,v 1.8 2001/03/15 08:33:01 dugsong Exp $
15  */
16 
17 #include "config.h"
18 
19 #include <sys/types.h>
20 #include <arpa/nameser.h>
21 
22 #include <stdio.h>
23 #include <string.h>
24 
25 #include "buf.h"
26 #include "decode.h"
27 
28 #define MM_SECRET "Thisisastupidwasteoftimeandspace"
29 
30 static u_char *mm_xor = MM_SECRET;
31 
32 int
33 decode_mmxp(u_char *buf, int len, u_char *obuf, int olen)
34 {
35  struct buf inbuf, outbuf;
36  u_char *p, c;
37  u_int32_t i;
38  int encrypt;
39 
40  buf_init(&inbuf, buf, len);
41  buf_init(&outbuf, obuf, len);
42 
43  while ((i = buf_index(&inbuf, "\x00\x00\x24\x55", 4)) != -1) {
44  buf_skip(&inbuf, i + 4);
45 
46  if (buf_cmp(&inbuf, "\x7f\xff", 2) == 0)
47  encrypt = 1;
48  else if (buf_cmp(&inbuf, "\xff\xff", 2) == 0)
49  encrypt = 0;
50  else continue;
51 
52  buf_skip(&inbuf, 4);
53 
54  /* LPPPg? */
55  if (buf_get(&inbuf, &i, sizeof(i)) < 0)
56  break;
57 
58  i = ntohl(i);
59  if (buf_skip(&inbuf, i + 4 + 4) < 0)
60  continue;
61 
62  /* Server. */
63  if (buf_get(&inbuf, &c, 1) != 1) break;
64  if (buf_len(&inbuf) < c) break;
65 
66  buf_put(&outbuf, buf_ptr(&inbuf), c);
67  buf_put(&outbuf, "\n", 1);
68  buf_skip(&inbuf, c + 4);
69 
70  /* Username. */
71  if (buf_get(&inbuf, &c, 1) != 1) break;
72  if (buf_len(&inbuf) < c) break;
73 
74  buf_put(&outbuf, buf_ptr(&inbuf), c);
75  buf_put(&outbuf, "\n", 1);
76  buf_skip(&inbuf, c + 4);
77 
78  /* Password. */
79  if (buf_get(&inbuf, &c, 1) != 1) break;
80  if (buf_len(&inbuf) < c) break;
81 
82  p = buf_ptr(&inbuf);
83 
84  if (encrypt) {
85  for (i = 0; i < c; i++)
86  p[i] ^= mm_xor[i % (sizeof(MM_SECRET) - 1)];
87  }
88  buf_put(&outbuf, p, c);
89  buf_put(&outbuf, "\n", 1);
90  }
91  buf_end(&outbuf);
92 
93  return (buf_len(&outbuf));
94 }
95 
mm_xor
static u_char * mm_xor
Definition: decode_mmxp.c:30
decode_mmxp
int decode_mmxp(u_char *buf, int len, u_char *obuf, int olen)
Definition: decode_mmxp.c:33
buf_init
void buf_init(buf_t buf, u_char *data, int len)
Definition: buf.c:24
buf_end
void buf_end(buf_t buf)
Definition: buf.c:121
buf_put
int buf_put(buf_t buf, void *src, int len)
Definition: buf.c:93
decode.h
buf.h
buf
Definition: buf.h:14
buf_get
int buf_get(buf_t buf, void *dst, int len)
Definition: buf.c:74
buf_ptr
#define buf_ptr(b)
Definition: buf.h:31
MM_SECRET
#define MM_SECRET
Definition: decode_mmxp.c:28
buf_cmp
int buf_cmp(buf_t buf, void *ptr, int len)
Definition: buf.c:158
buf_skip
#define buf_skip(b, l)
Definition: buf.h:47
config.h
obuf
static char obuf[4096]
Definition: trigger.c:43
buf_len
#define buf_len(b)
Definition: buf.h:34
buf_index
int buf_index(buf_t buf, void *ptr, int len)
Definition: buf.c:128