Announcement

Collapse

Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less

WPA key calculation From passphrase to hexadecimal key

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • WPA key calculation From passphrase to hexadecimal key

    This is a PB code implementartion of Joris van Rantwijk
    javascript code which takes the WPA Passphrase & Network SSID
    and generates the 64-digit hexadecimal key.

    More info on the javascript at
    http://www.xs4all.nl/~rjoris/wpapsk.html

    Code:
    #COMPILE EXE
    #REGISTER NONE
    #DIM ALL          '  This is helpful to prevent errors in coding
    #DEBUG ERROR ON   '  This is helpful to cause gentle crashes rather than GPF's at run time
    #INCLUDE "win32api.inc"   ' Must come first before other include files !
    '
    ' This is based on the javascript code written by Joris van Rantwijk
    ' at http://www.xs4all.nl/~rjoris/wpapsk.html
    '
    FUNCTION ShiftLeft(BYVAL InputVar AS LONG, Amount AS LONG) AS LONG
        ' Wrapper for the PB SHIFT LEFT function
        SHIFT LEFT InputVar, Amount
        FUNCTION = InputVar
    END FUNCTION
    
    FUNCTION ShiftRight(BYVAL InputVar AS LONG, Amount AS LONG) AS LONG
        ' Wrapper for the PB SHIFT RIGHT function
        SHIFT RIGHT InputVar, Amount
        FUNCTION = InputVar
    END FUNCTION
    
    SUB stringtowords(BYVAL InString AS STRING, BYVAL Pad AS LONG, z() AS LONG)
        '
        '   Pad InString string to 64 bytes and convert to 16 32-bit words
        '
        '   This returns the 80 element LONG array 'z' as output
        '   although this routine only fills the first 16 elements.
        '
        '
        LOCAL c AS DWORD
        LOCAL i AS LONG
        LOCAL j AS LONG
        LOCAL k AS LONG
        LOCAL n AS LONG
        ' Truncate string if greater than 63 charachters long
        IF LEN(InString)>63 THEN InString = LEFT$(InString, 63)
        n = LEN(InString)
        k=0
        j=-1
        FOR i = 0 TO 79    ' Zero out the entire array. Only the
            z(i)=0
        NEXT i
        FOR i = 0 TO 63
            c=0
            IF i<n THEN
                c = ASC(InString , i+1)   ' Note that javascript index starts at 0 & PB starts at 1
            ELSEIF (Pad<>0) THEN
                ' Add 4-byte PBKDF2 block index and
                '   standard padding for the final SHA1 input block */
                IF (i = n) THEN
                    c = ShiftRight(Pad, 24) AND &Hff
                ELSEIF (i = n + 1) THEN
                    c = ShiftRight(Pad, 16) AND &Hff
                ELSEIF (i = n + 2) THEN
                    c = ShiftRight(Pad, 8) AND &Hff
                ELSEIF (i = n + 3) THEN
                    c = Pad AND &Hff
                ELSEIF (i = n + 4) THEN
                    c = &H80
                END IF
            END IF
            IF k = 0 THEN
                j=j+1
                z(j)=0
                k = 32
            END IF
            k = k - 8
            z(j) = z(j) OR ShiftLeft(c,k)
        NEXT i
        IF (Pad<>0) THEN z(15) = 8 * (64 + n + 4)
    
    END SUB
    
    SUB initsha(w() AS LONG, BYVAL padbyte AS LONG, s() AS LONG)
        '   Compute the intermediate SHA1 state after processing just
        '   the 64-byte padded HMAC key
        '
        '  The 80 LONG array 'w' is part of the input of this routine
        '
        '  The 5 LONG (40 bit) array 's' is the output of this routine
        '
        LOCAL pw AS LONG
        LOCAL t AS LONG
        LOCAL k AS LONG
        LOCAL a AS LONG
        LOCAL b AS LONG
        LOCAL c AS LONG
        LOCAL d AS LONG
        LOCAL e AS LONG
    
        pw = ShiftLeft(padbyte , 24) OR ShiftLeft(padbyte , 16) OR ShiftLeft(padbyte , 8) OR padbyte
        
        FOR t= 0 TO 15
            w(t) = w(t) XOR pw
        NEXT t
        s(0)=  &H67452301
        s(1)=  &HEFCDAB89
        s(2)=  &H98BADCFE
        s(3)=  &H10325476
        s(4)=  &HC3D2E1F0
        a = s(0)
        b = s(1)
        c = s(2)
        d = s(3)
        e = s(4)
        t=0
        FOR k = 16 TO 79
            t = w(k-3) XOR w(k-8) XOR w(k-14) XOR w(k-16)
            w(k) = ShiftLeft(t, 1) OR ShiftRight(t, 31)
        NEXT k
        FOR k = 0 TO 19
            t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H5A827999 + ((b AND c) OR (((NOT b) AND d)))
            e = d
            d = c
            c = ShiftLeft(b, 30) OR ShiftRight(b,2)
            b = a
            a = t AND &Hffffffff
        NEXT k
        FOR k = 20 TO 39
            t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H6ED9EBA1 + (b XOR c XOR d)
            e = d
            d = c
            c = ShiftLeft(b, 30) OR ShiftRight(b,2)
            b = a
            a = t AND &Hffffffff
        NEXT k
        FOR k = 40 TO 59
            t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H8F1BBCDC + ((b AND c) OR (b AND d) OR (c AND d))
            e = d
            d = c
            c = ShiftLeft(b, 30) OR ShiftRight(b,2)
            b = a
            a = t AND &Hffffffff
        NEXT k
        FOR k = 60 TO 79
            t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &HCA62C1D6 + (b XOR c XOR d)
            e = d
            d = c
            c = ShiftLeft(b, 30) OR ShiftRight(b,2)
            b = a
            a = t AND &Hffffffff
        NEXT k
        s(0) = (s(0) + a) AND &Hffffffff
        s(1) = (s(1) + b) AND &Hffffffff
        s(2) = (s(2) + c) AND &Hffffffff
        s(3) = (s(3) + d) AND &Hffffffff
        s(4) = (s(4) + e) AND &Hffffffff
    
    END SUB
    
    FUNCTION getWpaPskKeyFromPassphrase(PassPhrase AS STRING, SSID AS STRING) AS STRING
    '
    '    PassPhrase is the Pass Phrase (or Password) for the WPA authenication
    '    SSID is the SSID of the wireless network
    '
    '    getWpaPskKeyFromPassphrase returns a string of 64 hex digits which is the
    '    hex authentication key for the WPA network.
    '
    '    For testing purposes, you can use
    '
    '    With PassPhrase = "radiustest"
    '         SSID = "linksys54gh"
    '
    '    and one should get:
    '    getWpaPskKeyFromPassphrase = "9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb"
    '
        LOCAL AA$
        LOCAL hash AS STRING
        LOCAL I AS LONG
        LOCAL J AS LONG
        LOCAL k AS LONG
        LOCAL t AS LONG
        LOCAL p AS LONG
        LOCAL q AS LONG
        LOCAL a AS LONG
        LOCAL b AS LONG
        LOCAL c AS LONG
        LOCAL d AS LONG
        LOCAL e AS LONG
        DIM hmac_istate(4) AS LONG
        DIM hmac_ostate(4) AS LONG
        DIM u(4) AS LONG
        DIM s(4) AS LONG
        DIM w(0 TO 79) AS LONG
        ' Compute the intermediate SHA1 state of the inner and outer parts
        '    of the HMAC algorithm after processing the padded HMAC key */
    
        CALL stringtowords(PassPhrase, 0, w()) ' output is w array
        CALL initsha(w(), &h36, hmac_istate()) ' input is in the w array, output is in hmac_istate array
    
        CALL stringtowords(PassPhrase, 0, w()) ' output is w array
        CALL initsha(w(), &h5c, hmac_ostate()) ' input is in the w array, output is in hmac_ostate array
        ' Output is created in blocks of 20 bytes at a time and collected
        '    in a string as hexadecimal digits
        I=0
        hash=""
        WHILE (LEN(hash) < 64)
            ' prepare 20-byte (5-word) output vector
            FOR q = 0 TO 4
                u(q)=0
            NEXT q
            ' prepare input vector for the first SHA1 update (salt + block number)
                I=I+1
            CALL stringtowords(SSID, I, w()) ' output is w array
    
            ' iterate 4096 times an inner and an outer SHA1 operation
            FOR J = 0 TO 8191 '(2 * 4096)-1
    
                ' alternate inner and outer SHA1 operations
                IF (J AND 1) THEN
                    FOR q = 0 TO 4               'odd case
                        s(q) = hmac_ostate(q)
                    NEXT q
                ELSE
                    FOR q = 0 TO 4               'even case
                        s(q) = hmac_istate(q)
                    NEXT q
                END IF
                'inline the SHA1 update operation
                    a = s(0)
                    b = s(1)
                    c = s(2)
                    d = s(3)
                    e = s(4)
                    t =0
                    FOR k = 16 TO 79
                        t = w(k-3) XOR w(k-8) XOR w(k-14) XOR w(k-16)
                        w(k) = ShiftLeft( t, 1) OR ShiftRight( t, 31)
                    NEXT k
                    FOR k = 0 TO 19
                        t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H5A827999 + ((b AND c) OR (((NOT b) AND d)))
                        e = d
                        d = c
                        c = ShiftLeft(b, 30) OR ShiftRight(b,2)
                        b = a
                        a = t AND &Hffffffff
                    NEXT k
                    FOR k = 20 TO 39
                        t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H6ED9EBA1 + (b XOR c XOR d)
                        e = d
                        d = c
                        c = ShiftLeft(b, 30) OR ShiftRight(b,2)
                        b = a
                        a = t AND &Hffffffff
                    NEXT k
                    FOR k = 40 TO 59
                        t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H8F1BBCDC + ((b AND c) OR (b AND d) OR (c AND d))
                        e = d
                        d = c
                        c = ShiftLeft(b, 30) OR ShiftRight(b,2)
                        b = a
                        a = t AND &Hffffffff
                    NEXT k
                    FOR k = 60 TO 79
                        t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &HCA62C1D6 + (b XOR c XOR d)
                        e = d
                        d = c
                        c = ShiftLeft(b, 30) OR ShiftRight(b,2)
                        b = a
                        a = t AND &Hffffffff
                    NEXT k
                    ' stuff the SHA1 output back into the input vector
                    w(0) = (s(0) + a) AND &Hffffffff
                    w(1) = (s(1) + b) AND &Hffffffff
                    w(2) = (s(2) + c) AND &Hffffffff
                    w(3) = (s(3) + d) AND &Hffffffff
                    w(4) = (s(4) + e) AND &Hffffffff
                    IF (j AND 1) THEN
                        ' XOR the result of each complete HMAC-SHA1 operation into u if j is odd
                        FOR q = 0 TO 4
                            u(q) = u(q) XOR w(q)
                        NEXT q
                    ELSE
                        IF j=0 THEN
                            ' pad the new 20-byte input vector for subsequent SHA1 operations
                            w(5) = &H80000000
                            FOR k=6 TO 14
                                w(k)=0
                            NEXT k
                            w(15) = 8 * (64 + 20)
                        END IF
                    END IF
            NEXT J
            ' convert output vector u to hex and append to output string
            FOR j=0 TO 4
                    FOR k=0 TO 7
                        t = (ShiftRight(u(j), (28 - 4 * k))) AND &H0f
                        hash=hash + HEX$(t)
                    NEXT k
            NEXT j
        WEND
        FUNCTION = LCASE$(LEFT$(hash,64))
    END FUNCTION
    
    FUNCTION PBMAIN
        LOCAL ssid$, passphrase$
    
        passphrase$="radiustest"
        ssid$="linksys54gh"
        MSGBOX "You got: "+getWpaPskKeyFromPassphrase(passphrase$, ssid$)+CHR$(13)+CHR$(13)+"Correct: 9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb"
    
    END FUNCTION
    Last edited by Michael Burns; 18 Mar 2008, 05:45 PM. Reason: clean up comments a tiny bit
    Michael Burns
Working...
X