我如何:在 Python 中生成 40/64 位 WEP 密钥? [英] How Can I: Generate 40/64 Bit WEP Key In Python?
问题描述
所以,几个月来我一直在努力解决这个问题,部分原因是它是副业,部分原因是我编程很烂.我已经在整个网络上进行了搜索和研究,但都没有运气(除了一点点成功;见下文),所以我想我可以尝试问问专家.
So, I've been beating my head against the wall of this issue for several months now, partly because it's a side interest and partly because I suck at programming. I've searched and researched all across the web, but have not had any luck (except one small bit of success; see below), so I thought I might try asking the experts.
我想做的是,正如标题所暗示的,根据事实上的"标准,从密码短语生成一个 40/64 位的 WEP 密钥.(诸如 http://www.powerdog.com/wepkey.cgi 之类的网站会生成预期的输出.)我已经编写了脚本的一部分,这些部分接受输入并将它们写入文件;输入之一是密码短语,已清理为小写.
What I am trying to do is, as the title suggests, generate a 40/64 bit WEP key from a passphrase, according to the "de facto" standard. (A site such as http://www.powerdog.com/wepkey.cgi produces the expected outputs.) I have already written portions of the script that take inputs and write them to a file; one of the inputs would be the passphrase, sanitized to lower case.
很长一段时间我都不知道事实上的标准是什么,更不用说如何去实施它了.我终于偶然发现了一篇论文(http://www.lava.net/~newsham/wlan/WEP_password_cracker.pdf),它阐明了我对这个问题的了解(第 18 页有相关位).显然,密码短语使用 XOR 映射到 32 位值",其结果然后用作线性同余 PRNG(Python 拥有的几个 PRNG 中的一个符合此描述,我不知道")的种子t 知道),然后从该结果中提取几位结果.我不知道如何实现这一点,因为描述相当模糊.
For the longest time I had no idea what the defacto standard was, much less how to even go about implementing it. I finally stumbled across a paper (http://www.lava.net/~newsham/wlan/WEP_password_cracker.pdf) that sheds as much light as I've had yet on the issue (page 18 has the relevant bits). Apparently, the passphrase is "mapped to a 32-bit value with XOR," the result of which is then used as the seed for a "linear congruential PRNG (which one of the several PRNGs Python has would fit this description, I don't know), and then from that result several bits of the result are taken. I have no idea how to go about implementing this, since the description is rather vague.
我需要的是在 Python 中编写生成器的帮助,以及了解密钥是如何生成的.换句话说,我需要代码将jackson"变成09F38AF593".(请不要告诉我 jackson = 09F38AF593; 打印(jackson))
What I need is help in writing the generator in Python, and also in understanding how exactly the key is generated. In other words, I need code to turn "jackson" into "09F38AF593". (And please don't tell me jackson = 09F38AF593; print (jackson))
我不是一个程序员,所以也很感激解释.
I'm not much of a programmer, so explanations are appreciated as well.
(是的,我知道 WEP 不安全.)
(Yes, I know that WEP isn't secure.)
推荐答案
将您链接到的 C 代码包含在问题中会非常有帮助 ;-) 无论如何,我继续将其翻译成 Python.在你阅读之前,让我说我强烈鼓励你自己尝试,并且只使用我的转录作为指导.当您想提高一种或两种语言的技能时,将算法从一种编程语言翻译成另一种通常是很好的做法.即使你不知道 C,只要你足够熟悉 Python 并用它编写程序,你应该能够得到 C 代码的要点,因为它们有很多相似之处.
That C code you linked to would have been awfully helpful to include in the question ;-) Anyway, I went ahead and translated it into Python. Before you read it, let me say that I highly encourage you to try it yourself and only use my transcription as a guide. Translating algorithms from one programming language to another is generally great practice when you want to boost your skills in one or both languages. Even if you don't know C, as long as you're familiar enough with Python to write programs in it, you should be able to get the gist of the C code, since there are many similarities.
无论如何,进入代码.
import itertools, operator
首先,伪随机数生成器,在演示文稿中被标识为线性同余生成器.这种类型的 PRNG 是一种通用算法,可以通过选择 a、c 和 m(提到的变量)的特定值来定制"在维基百科文章中).这是一个通用线性同余生成器的实现:
First, the pseudorandom number generator, which was identified in the presentation as a linear congruential generator. This type of PRNG is a general algorithm which can be "customized" by choosing specific values of a, c, and m (the variables mentioned in the Wikipedia article). Here is an implementation of a generic linear congruential generator:
def prng(x, a, c, m):
while True:
x = (a * x + c) % m
yield x
(希望你能自己想出这个)
(hopefully you could have come up with that on your own)
现在是实际功能:
def pass_to_key(passphrase):
该过程的第一步是将提供的密码散列(或映射")为 32 位数字.WEP 算法通过创建一组初始化为零的 4 个字节(因此 4*8=32 位)来实现这一点.
The first step in the process is to hash (or "map") the passphrase provided to a 32-bit number. The WEP algorithm does this by creating a set of 4 bytes (thus 4*8=32 bits) which are initialized to zero.
bits = [0,0,0,0]
它遍历字符串并将每个字符与其中一个字节进行异或;具体来说,字符 i 被异或到字节 i % 4.
It goes through the string and XORs each character with one of the bytes; specifically, character i is XOR'd into byte i % 4.
for i, c in enumerate(passphrase):
bits[i & 3] ^= ord(c)
然后将这四个字节按顺序连接在一起,形成一个 32 位值.(或者,我可以编写代码从一开始就将它们存储为 32 位数字)
These four bytes are then concatenated together, in order, to form a single 32-bit value. (Alternatively, I could have written the code to store them as a 32-bit number from the beginning)
val = reduce(operator.__or__, (b << 8*i for (i,b) in enumerate(bits)))
此 32 位值用作线性同余生成器的种子,其中具有您可以在代码中看到的某些特定值.最初的开发者是怎么算出这些数字的,我不知道.
This 32-bit value is used as the seed for a linear congruential generator with certain specific values which you can see in the code. How the original developer figured out these numbers, I have no idea.
keys = []
线性同余生成器一次最多可以产生 32 位的输出.(在 C 中,这是数据类型的限制;在 Python 中,我必须人为地强制执行它.)我需要 20 个字节来生成 4 个 40 位(5 字节)WEP 密钥,因此我将重复 PRNG 20 次,
The linear congruential generator can produce up to 32 bits of output at a time. (In C this is a limitation of the data type; in Python I had to artificially enforce it.) I need 20 bytes to generate 4 40-bit (5-byte) WEP keys, so I'll iterate the PRNG 20 times,
for i, b in enumerate(itertools.islice(prng(val, 0x343fd, 0x269ec3, 1<<32), 20)):
从每个数字中,只取右边的第三个字节(位 16-23):
and from each number, take only the 3rd byte from the right (bits 16-23):
keys.append((b >> 16) & 0xff)
为什么是第三个?好吧,高端(右起第 4 个)的位往往不会有太大变化,而低端的位对于 PRNG 常数的许多值是可以预测的.
Why the third? Well, the bits at the high end (4th from the right) tend not to change much, and those at the low end can be predictable for many values of the PRNG constants.
之后,剩下的就是将生成的字节以 5 个为一组打印出来.
Afterwards, all that's left is to print out the generated bytes in groups of 5.
print ('%02x:%02x:%02x:%02x:%02x\n'*4) % tuple(keys)
这篇关于我如何:在 Python 中生成 40/64 位 WEP 密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
