Tweet
This is a PB code implementartion of Joris van Rantwijk
javascript code which takes the WPA Passphrase & Network SSID
and generates the 64-digit hexadecimal key.
More info on the javascript at
http://www.xs4all.nl/~rjoris/wpapsk.html
javascript code which takes the WPA Passphrase & Network SSID
and generates the 64-digit hexadecimal key.
More info on the javascript at
http://www.xs4all.nl/~rjoris/wpapsk.html
Code:
#COMPILE EXE
#REGISTER NONE
#DIM ALL ' This is helpful to prevent errors in coding
#DEBUG ERROR ON ' This is helpful to cause gentle crashes rather than GPF's at run time
#INCLUDE "win32api.inc" ' Must come first before other include files !
'
' This is based on the javascript code written by Joris van Rantwijk
' at http://www.xs4all.nl/~rjoris/wpapsk.html
'
FUNCTION ShiftLeft(BYVAL InputVar AS LONG, Amount AS LONG) AS LONG
' Wrapper for the PB SHIFT LEFT function
SHIFT LEFT InputVar, Amount
FUNCTION = InputVar
END FUNCTION
FUNCTION ShiftRight(BYVAL InputVar AS LONG, Amount AS LONG) AS LONG
' Wrapper for the PB SHIFT RIGHT function
SHIFT RIGHT InputVar, Amount
FUNCTION = InputVar
END FUNCTION
SUB stringtowords(BYVAL InString AS STRING, BYVAL Pad AS LONG, z() AS LONG)
'
' Pad InString string to 64 bytes and convert to 16 32-bit words
'
' This returns the 80 element LONG array 'z' as output
' although this routine only fills the first 16 elements.
'
'
LOCAL c AS DWORD
LOCAL i AS LONG
LOCAL j AS LONG
LOCAL k AS LONG
LOCAL n AS LONG
' Truncate string if greater than 63 charachters long
IF LEN(InString)>63 THEN InString = LEFT$(InString, 63)
n = LEN(InString)
k=0
j=-1
FOR i = 0 TO 79 ' Zero out the entire array. Only the
z(i)=0
NEXT i
FOR i = 0 TO 63
c=0
IF i<n THEN
c = ASC(InString , i+1) ' Note that javascript index starts at 0 & PB starts at 1
ELSEIF (Pad<>0) THEN
' Add 4-byte PBKDF2 block index and
' standard padding for the final SHA1 input block */
IF (i = n) THEN
c = ShiftRight(Pad, 24) AND &Hff
ELSEIF (i = n + 1) THEN
c = ShiftRight(Pad, 16) AND &Hff
ELSEIF (i = n + 2) THEN
c = ShiftRight(Pad, 8) AND &Hff
ELSEIF (i = n + 3) THEN
c = Pad AND &Hff
ELSEIF (i = n + 4) THEN
c = &H80
END IF
END IF
IF k = 0 THEN
j=j+1
z(j)=0
k = 32
END IF
k = k - 8
z(j) = z(j) OR ShiftLeft(c,k)
NEXT i
IF (Pad<>0) THEN z(15) = 8 * (64 + n + 4)
END SUB
SUB initsha(w() AS LONG, BYVAL padbyte AS LONG, s() AS LONG)
' Compute the intermediate SHA1 state after processing just
' the 64-byte padded HMAC key
'
' The 80 LONG array 'w' is part of the input of this routine
'
' The 5 LONG (40 bit) array 's' is the output of this routine
'
LOCAL pw AS LONG
LOCAL t AS LONG
LOCAL k AS LONG
LOCAL a AS LONG
LOCAL b AS LONG
LOCAL c AS LONG
LOCAL d AS LONG
LOCAL e AS LONG
pw = ShiftLeft(padbyte , 24) OR ShiftLeft(padbyte , 16) OR ShiftLeft(padbyte , 8) OR padbyte
FOR t= 0 TO 15
w(t) = w(t) XOR pw
NEXT t
s(0)= &H67452301
s(1)= &HEFCDAB89
s(2)= &H98BADCFE
s(3)= &H10325476
s(4)= &HC3D2E1F0
a = s(0)
b = s(1)
c = s(2)
d = s(3)
e = s(4)
t=0
FOR k = 16 TO 79
t = w(k-3) XOR w(k-8) XOR w(k-14) XOR w(k-16)
w(k) = ShiftLeft(t, 1) OR ShiftRight(t, 31)
NEXT k
FOR k = 0 TO 19
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H5A827999 + ((b AND c) OR (((NOT b) AND d)))
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 20 TO 39
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H6ED9EBA1 + (b XOR c XOR d)
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 40 TO 59
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H8F1BBCDC + ((b AND c) OR (b AND d) OR (c AND d))
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 60 TO 79
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &HCA62C1D6 + (b XOR c XOR d)
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
s(0) = (s(0) + a) AND &Hffffffff
s(1) = (s(1) + b) AND &Hffffffff
s(2) = (s(2) + c) AND &Hffffffff
s(3) = (s(3) + d) AND &Hffffffff
s(4) = (s(4) + e) AND &Hffffffff
END SUB
FUNCTION getWpaPskKeyFromPassphrase(PassPhrase AS STRING, SSID AS STRING) AS STRING
'
' PassPhrase is the Pass Phrase (or Password) for the WPA authenication
' SSID is the SSID of the wireless network
'
' getWpaPskKeyFromPassphrase returns a string of 64 hex digits which is the
' hex authentication key for the WPA network.
'
' For testing purposes, you can use
'
' With PassPhrase = "radiustest"
' SSID = "linksys54gh"
'
' and one should get:
' getWpaPskKeyFromPassphrase = "9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb"
'
LOCAL AA$
LOCAL hash AS STRING
LOCAL I AS LONG
LOCAL J AS LONG
LOCAL k AS LONG
LOCAL t AS LONG
LOCAL p AS LONG
LOCAL q AS LONG
LOCAL a AS LONG
LOCAL b AS LONG
LOCAL c AS LONG
LOCAL d AS LONG
LOCAL e AS LONG
DIM hmac_istate(4) AS LONG
DIM hmac_ostate(4) AS LONG
DIM u(4) AS LONG
DIM s(4) AS LONG
DIM w(0 TO 79) AS LONG
' Compute the intermediate SHA1 state of the inner and outer parts
' of the HMAC algorithm after processing the padded HMAC key */
CALL stringtowords(PassPhrase, 0, w()) ' output is w array
CALL initsha(w(), &h36, hmac_istate()) ' input is in the w array, output is in hmac_istate array
CALL stringtowords(PassPhrase, 0, w()) ' output is w array
CALL initsha(w(), &h5c, hmac_ostate()) ' input is in the w array, output is in hmac_ostate array
' Output is created in blocks of 20 bytes at a time and collected
' in a string as hexadecimal digits
I=0
hash=""
WHILE (LEN(hash) < 64)
' prepare 20-byte (5-word) output vector
FOR q = 0 TO 4
u(q)=0
NEXT q
' prepare input vector for the first SHA1 update (salt + block number)
I=I+1
CALL stringtowords(SSID, I, w()) ' output is w array
' iterate 4096 times an inner and an outer SHA1 operation
FOR J = 0 TO 8191 '(2 * 4096)-1
' alternate inner and outer SHA1 operations
IF (J AND 1) THEN
FOR q = 0 TO 4 'odd case
s(q) = hmac_ostate(q)
NEXT q
ELSE
FOR q = 0 TO 4 'even case
s(q) = hmac_istate(q)
NEXT q
END IF
'inline the SHA1 update operation
a = s(0)
b = s(1)
c = s(2)
d = s(3)
e = s(4)
t =0
FOR k = 16 TO 79
t = w(k-3) XOR w(k-8) XOR w(k-14) XOR w(k-16)
w(k) = ShiftLeft( t, 1) OR ShiftRight( t, 31)
NEXT k
FOR k = 0 TO 19
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H5A827999 + ((b AND c) OR (((NOT b) AND d)))
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 20 TO 39
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H6ED9EBA1 + (b XOR c XOR d)
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 40 TO 59
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &H8F1BBCDC + ((b AND c) OR (b AND d) OR (c AND d))
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
FOR k = 60 TO 79
t = (ShiftLeft(a,5) OR ShiftRight(a, 27))+ e + w(k) + &HCA62C1D6 + (b XOR c XOR d)
e = d
d = c
c = ShiftLeft(b, 30) OR ShiftRight(b,2)
b = a
a = t AND &Hffffffff
NEXT k
' stuff the SHA1 output back into the input vector
w(0) = (s(0) + a) AND &Hffffffff
w(1) = (s(1) + b) AND &Hffffffff
w(2) = (s(2) + c) AND &Hffffffff
w(3) = (s(3) + d) AND &Hffffffff
w(4) = (s(4) + e) AND &Hffffffff
IF (j AND 1) THEN
' XOR the result of each complete HMAC-SHA1 operation into u if j is odd
FOR q = 0 TO 4
u(q) = u(q) XOR w(q)
NEXT q
ELSE
IF j=0 THEN
' pad the new 20-byte input vector for subsequent SHA1 operations
w(5) = &H80000000
FOR k=6 TO 14
w(k)=0
NEXT k
w(15) = 8 * (64 + 20)
END IF
END IF
NEXT J
' convert output vector u to hex and append to output string
FOR j=0 TO 4
FOR k=0 TO 7
t = (ShiftRight(u(j), (28 - 4 * k))) AND &H0f
hash=hash + HEX$(t)
NEXT k
NEXT j
WEND
FUNCTION = LCASE$(LEFT$(hash,64))
END FUNCTION
FUNCTION PBMAIN
LOCAL ssid$, passphrase$
passphrase$="radiustest"
ssid$="linksys54gh"
MSGBOX "You got: "+getWpaPskKeyFromPassphrase(passphrase$, ssid$)+CHR$(13)+CHR$(13)+"Correct: 9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb"
END FUNCTION