Varun Bahl
UpdatedDecryp
Dependencies: BahlDecrypModified CyaSSL mbed nRF51822
Fork of
Decryptulator
by 
Mobius IoT
Revision 13:8b706583610a, committed 2017-05-09
- Comitter:
- vbahl2
- Date:
- Tue May 09 03:06:55 2017 +0000
- Parent:
- 12:dbbf0ddc9b12
- Commit message:
- UpdatedDecryp
Changed in this revision
diff -r dbbf0ddc9b12 -r 8b706583610a BLE_API.lib --- a/BLE_API.lib Sat May 28 22:07:19 2016 +0000 +++ b/BLE_API.lib Tue May 09 03:06:55 2017 +0000 @@ -1,1 +1,1 @@ -http://mbed.org/teams/Bluetooth-Low-Energy/code/BLE_API/#bfc5b9b6ecf5 +https://developer.mbed.org/users/vbahl2/code/BahlDecrypModified/#1f56dc951637
diff -r dbbf0ddc9b12 -r 8b706583610a CyaSSL.lib --- a/CyaSSL.lib Sat May 28 22:07:19 2016 +0000 +++ b/CyaSSL.lib Tue May 09 03:06:55 2017 +0000 @@ -1,1 +1,1 @@ -https://developer.mbed.org/teams/Mobius-IoT/code/CyaSSL-forIoT/#96490dca6eb5 +https://developer.mbed.org/users/vbahl2/code/CyaSSL/#608587952dab
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/LookupTable.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Hashes/LookupTable.cpp Tue May 09 03:06:55 2017 +0000
@@ -0,0 +1,46 @@
+#include "LookupTable.h"
+#include "sfh_mbed.h"
+
+#include <iostream>
+#define LOOKUP_TABLE_SIZE 30000
+
+LookupTable::LookupTable(void){
+ //uint32_t * lookupTable = new int[INITIAL_LOOKUP_TABLE_SIZE];
+ LookupTableStruct = new (nothrow) pair<BLEProtocol::AddressBytes_t, unsigned char *> * [LOOKUP_TABLE_SIZE];
+
+ if(this->LookupTableStruct == NULL){
+ printf("Exception ignored, uncomment 'nothrow' for more efficient code\n\n");
+ }
+
+}
+
+void LookupTable::clearLookupTable(void){
+ for(uint32_t i = 0; i < LOOKUP_TABLE_SIZE; i++){
+ delete LookupTableStruct[i];
+ }
+ delete [] LookupTableStruct;
+}
+
+LookupTable::~LookupTable(void){
+ clearLookupTable();
+}
+
+
+int LookupTable::insertValue(BLEProtocol::AddressBytes_t scanned_ble_address, unsigned char * encryptedCounter){
+
+ if(scanned_ble_address == NULL || encryptedCounter == NULL)
+ return -1; //Error
+
+ // map<const char * data,
+ uint32_t hasehdBLEAddress = hash((const char *) scanned_ble_address, 6);
+ //uint32_t hashedCounter = hash(encryptedCounter,sizeof(encryptedCounter));
+
+ //map<BLEProtocol::AddressBytes_t, unsigned char *> indirectMap;
+ uint32_t index = hasehdBLEAddress % LOOKUP_TABLE_SIZE;
+ pair<BLEProtocol::AddressBytes_t, unsigned char *> tableValue;// = make_pair (scanned_ble_address,encryptedCounter); // (scanned_ble_address, encryptedCounter);
+ //tableValue = make_pair(scanned_ble_address,encryptedCounter);
+ tableValue = pair<BLEProtocol::AddressBytes_t, unsigned char *>(scanned_ble_address,encryptedCounter);
+ LookupTableStruct[index] = &tableValue;
+
+ return 0; //Success
+}
\ No newline at end of file
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/LookupTable.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Hashes/LookupTable.h Tue May 09 03:06:55 2017 +0000
@@ -0,0 +1,21 @@
+#pragma once
+
+#include <stdio.h>
+#include "mbed.h"
+#include "ble/BLE.h"
+#include "ble/BLEProtocol.h"
+#include <map>
+
+using namespace std;
+
+class LookupTable{
+ private:
+ pair<BLEProtocol::AddressBytes_t, unsigned char *> ** LookupTableStruct;
+ void buildInitialLookupTable();
+ void lookupValue();
+ void clearLookupTable(void);
+ public:
+ LookupTable(void);
+ ~LookupTable(void);
+ int insertValue(BLEProtocol::AddressBytes_t scanned_ble_address, unsigned char * encryptedCounter);
+};
\ No newline at end of file
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/SlidingWindow.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Hashes/SlidingWindow.cpp Tue May 09 03:06:55 2017 +0000
@@ -0,0 +1,34 @@
+#include "SlidingWindow.h"
+
+
+
+/**Sliding Window Constructor**/
+SlidingWindow::SlidingWindow(void){
+ pair<BLEProtocol::AddressBytes_t, unsigned char *> * sliding_window = new pair<BLEProtocol::AddressBytes_t, unsigned char *>[SLIDING_WINDOW_SIZE];
+}
+
+
+
+void SlidingWindow::populateSlidingWindow(void){
+
+ for(int i = 0; i < SLIDING_WINDOW_SIZE; i++){
+ sliding_window[i] = lookupTable[(sliding_window_index + i) % LOOKUP_TABLE_SIZE];
+ }
+}
+
+void SlidingWindow::moveSlidingWindow(uint32_t offset){
+ sliding_window+= offset;
+}
+
+
+
+SlidingWindow::~SlidingWindow(void){
+ clearSlidingWindow();
+}
+
+void SlidingWindow::clearSlidingWindow(void){
+ for(int i = 0; i < SLIDING_WINDOW_SIZE; i++){
+ delete sliding_window[i];
+ }
+ delete sliding_window[];
+}
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/SlidingWindow.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Hashes/SlidingWindow.h Tue May 09 03:06:55 2017 +0000
@@ -0,0 +1,22 @@
+#pragma once
+
+#include <stdio.h>
+#include "mbed.h"
+#include "ble/BLE.h"
+#include "ble/BLEProtocol.h"
+#include <map>
+
+using namespace std;
+
+class SlidingWindow {
+ private:
+ void clearSlidingWindow(void);
+ void buildSlidingWindowTable();
+ void populateSlidingWindow(void);
+ public:
+ SlidingWindow(void);
+ ~SlidingWindow(void);
+ void moveSlidingWindow(uint32_t offset);
+
+
+};
\ No newline at end of file
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/sfh_mbed.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Hashes/sfh_mbed.cpp Tue May 09 03:06:55 2017 +0000
@@ -0,0 +1,73 @@
+#include "sfh_mbed.h"
+#include "SlidingWindow.h"
+#include "LookupTable.h"
+
+#define LOOKUP_TABLE_SIZE 3000
+#define SLIDING_WINDOW_SIZE 300
+
+//static uint32_t sliding_window_index = 0;
+
+
+uint32_t hash (const char *data, uint16_t len) {
+ // This is mostly Paul Hsieh's original code
+ uint32_t hash, tmp;
+ int rem;
+
+ if (len <= 0 || data == 0) {
+ return 0;
+ }
+
+ hash = len;
+ rem = len & 3;
+ len >>= 2;
+
+ /* Main loop */
+ while (len > 0) {
+ hash += *((uint16_t *) data);
+
+ /* To make a long story short, the C standard states that the
+ * shift operator's operands must be promoted to (unsigned) int,
+ * which is (usually) 32 bits wide on PC and 16 on Arduino. This
+ * results in different behaviour, since part of the result gets
+ * truncated on Arduino, so we cast the result to make sure all
+ * bits are kept.
+ */
+ tmp = ((uint32_t) (*((uint16_t *) (data + 2))) << 11) ^ hash;
+
+ hash = (hash << 16) ^ tmp;
+ data += 2 * sizeof (uint16_t);
+ hash += hash >> 11;
+ len--;
+ }
+
+ /* Handle end cases */
+ switch (rem) {
+ case 3:
+ hash += * ((uint16_t *) data);
+ hash ^= hash << 16;
+ hash ^= ((signed char) data[2]) << 18;
+ hash += hash >> 11;
+ break;
+
+ case 2:
+ hash += * ((uint16_t *) data);
+ hash ^= hash << 11;
+ hash += hash >> 17;
+ break;
+
+ case 1:
+ hash += (signed char) * data;
+ hash ^= hash << 10;
+ hash += hash >> 1;
+ }
+
+ /* Force "avalanching" of final 127 bits */
+ hash ^= hash << 3;
+ hash += hash >> 5;
+ hash ^= hash << 4;
+ hash += hash >> 17;
+ hash ^= hash << 25;
+ hash += hash >> 6;
+
+ return hash;
+}
\ No newline at end of file
diff -r dbbf0ddc9b12 -r 8b706583610a Hashes/sfh_mbed.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Hashes/sfh_mbed.h Tue May 09 03:06:55 2017 +0000 @@ -0,0 +1,16 @@ +#pragma once + +#include <stdio.h> +#include "mbed.h" +#include "ble/BLE.h" +#include "ble/BLEProtocol.h" +#include <map> + +using namespace std; + + + +uint32_t hash (const char *data, uint16_t len); + + +
diff -r dbbf0ddc9b12 -r 8b706583610a main.cpp
--- a/main.cpp Sat May 28 22:07:19 2016 +0000
+++ b/main.cpp Tue May 09 03:06:55 2017 +0000
@@ -1,11 +1,13 @@
-
+#include <stdio.h>
#include "mbed.h"
//#include "toolchain.h"
#include "ble/BLE.h"
+#include "ble/BLEProtocol.h"
#include "TMP_nrf51/TMP_nrf51.h"
+#include "newSha256.h"
+#include "UARTService.h"
-
-#include "UARTService.h"
+#include "Hashes/sfh_mbed.h"
#include "ctc_aes.h"
@@ -14,6 +16,12 @@
#define LOG(...) { pc.printf(__VA_ARGS__); }
+//#define DEBUG 1
+
+
+#define TABLE_SIZE 3000
+#define SLIDING_WINDOW_SIZE 300
+
DigitalOut alivenessLED(LED1, 1);
Ticker ticker;
@@ -35,6 +43,60 @@
unsigned char iv[BLOCK_SIZE];//not used for ctr mode but required by setKey
Aes ctx;
+#define DECRYP_HASH_SIZE 6
+#define HASH_CTR_SIZE 255
+
+bool isSameMAC(const Gap::AdvertisementCallbackParams_t *params){
+
+ for(int i=(params->advertisingDataLen)-counter_tx_len; i < params->advertisingDataLen; i++){
+ nonce_counter[BLOCK_SIZE-3+(i-((params->advertisingDataLen)-counter_tx_len))] = params->advertisingData[i];
+ printf("params->advertisingData[%d]: %02x\n", i,params->advertisingData[i]);
+ }
+ printf("\n");
+ printf("nonce_counter done\n");
+#ifdef DEBUG
+ printf("\n\n");
+#endif
+
+ /*Dummy MAC address with NoOPS*/
+ BLEProtocol::AddressBytes_t alpha = {0x90,0x90,0x90,0x90,0x90,0x90};
+
+ for(int k = 0; k< DECRYP_HASH_SIZE; k ++){
+ alpha[k] = params->peerAddr[k];
+#ifdef DEBUG
+ printf("alpha[%d]: %02x peerAddr[%d]: %02x",k,alpha[k],k,params->peerAddr[k]);
+#endif
+ }
+
+ bool encryptedMac = true;
+
+ unsigned char pre_out[32];
+ unsigned char out[32];
+
+ do{
+ mbedtls_sha256(nonce_counter, sizeof(nonce_counter), out, 0);
+ /*rehash*/
+
+ for(int idx = 0; idx < DECRYP_HASH_SIZE; idx++){
+//#ifdef DEBUG
+ printf("out[%d]: %02x - alpha[%d]: %02x\n",idx,out[idx],idx,alpha[idx]);
+//#endif
+ if(out[idx] == alpha[idx]){
+ /*check all bytes*/
+ continue;
+ }
+ else{
+ printf("NOT ENCRYPTULATOR! EXITING DECRYPTION\n\n");
+ encryptedMac = false;
+ break;
+ }
+ }
+ }while(0);
+
+
+ return encryptedMac;
+
+}
void periodicCallback(void)
{
@@ -51,36 +113,60 @@
AesSetKey(&ctx, key, KEYLEN/8, iv, AES_ENCRYPTION);
}
+
+
+
+
+/*
+void buildLookupTable(unsigned char * nonce){
+ unsigned char nonce_ctr_cpy[BLOCK_SIZE];
+ unsigned char ctr_cpy = nonce_ctr_cpy + BLOCK_SIZE
+ for(int i = 0; i < BLOCK_SIZE; i++)
+ nonce_ctr_cpy = i;
+ int ** hashLookup = new int[HASH_CTR_SIZE];
+ mbedtls_sha256(nonce_counter, sizeof(nonce_counter), out, 0);
+
+ for(int i = 0; i < HASH_CTR_SIZE; i++){
+ hashLookup[i] = out[i % 32];
+ }
+}*/
+
void decrypt(const Gap::AdvertisementCallbackParams_t *params)
{
//puts decrypted data into GLOBAL plain variable.
-
+ // pair<uint32_t, uint32_t> * lookupTable = new pair<uint32_t,uint32_t> [300000];
+ pair<BLEProtocol::AddressBytes_t,unsigned char *>;
//get coutner
- for(int i=(params->advertisingDataLen)-counter_tx_len; i < params->advertisingDataLen; i++)
+ /*for(int i=(params->advertisingDataLen)-counter_tx_len; i < params->advertisingDataLen; i++)
nonce_counter[BLOCK_SIZE-3+(i-((params->advertisingDataLen)-counter_tx_len))] = params->advertisingData[i];
+ */
//print nonce_counter
- LOG("\nNonceCtr: ");
+ printf("\nNonceCtr: ");
for(int i=0;i<BLOCK_SIZE;i++)
- LOG("%02x ", nonce_counter[i]);
+ printf("%02x ", nonce_counter[i]);
//get cipher text
for(int i=0; i < (params->advertisingDataLen) - (counter_tx_len + 2); i++)
cipher[i] = params->advertisingData[i+2];
+
+ //AddressBytes ble_mac = params->peerAddr;
+
+
//print cipher
- LOG("\nCiphertxt: ");
+ printf("\nCiphertxt: ");
for(int i=0; i < BLOCK_SIZE; i++)
- LOG("%02x ", cipher[i]);
+ printf("%02x ", cipher[i]);
//build key stream
AesEncrypt(&ctx, nonce_counter, plain);
//print key
- LOG("\nKey: ");
+ printf("\nKey: ");
for(int i=0; i<BLOCK_SIZE; i++)
- LOG("%02x ", plain[i]);
+ printf("%02x ", plain[i]);
//decrypt into plain (destroying key)
for(int i=0;i<BLOCK_SIZE;i++)
@@ -95,38 +181,65 @@
/* Search for the manufacturer specific data with matching application-ID */
int addr_length = 6;
-
+ //int * cachedMAC = new int[3];
//print from addr
//if(params->peerAddr[addr_length-1] == 0xfc)
//{
- LOG("\nFrom: ");
+ BLEDevice ble;
+ unsigned char address[addr_length];
+ Gap::addr_type_t gap_type = Gap::ADDR_TYPE_PUBLIC;
+ ble.getAddress(&gap_type,address);
+ printf("\nDecryptor MAC: ");
+ for(int jj = 0; jj < addr_length; jj++)
+ printf("%02x:",address[jj]);
+
+
+
+
+ printf("\nFrom: ");
for(int i=0; i<addr_length; i++)
- LOG("%02x:", params->peerAddr[addr_length-i-1]);
+ printf("%02x:", params->peerAddr[addr_length-i-1]);
//print payload
- LOG("\nPayload: ");
+ printf("\nPayload: ");
for(int i=0; i < params->advertisingDataLen; i++)
- LOG(" %02x", params->advertisingData[i]);
+ printf(" %02x", params->advertisingData[i]);
-
- decrypt(params);
+ //cache the beginning MAC address
+
+ /*
+ for(int c = 0; c < 3; c++){
+ cachedMAC[c] = params->peerAddr[addr_length-c-1];
+ }
+ */
+
+
+ if(isSameMAC(params)){
+ printf("MAC ADDRESS IDENTIFIED!!!!\n");
+ exit(0);
+ decrypt(params);
+ }
+
+
//print plaintext
- LOG("\nPlaintext: ");
+ printf("\nPlaintext: ");
for(int i=0; i<BLOCK_SIZE; i++)
- LOG("%02x ", plain[i]);
+ printf("%02x ", plain[i]);
//print close of round
- LOG("\n\n");
+ printf("\n\n");
//}
}
+
+
/**
* This function is called when the ble initialization process has failed
*/
void onBleInitError(BLE &ble, ble_error_t error)
{
/* Initialization error handling should go here */
- LOG("Crap, the BLE radio is broken\n");
+ printf("Crap, the BLE radio is broken\n");
}
/**
@@ -149,21 +262,24 @@
}
/* Setup and start scanning */
- ble.gap().setScanParams(500 /* scan interval */, 500 /* scan window */);
+ ble.gap().setScanParams(50 /* scan interval */, 50 /* scan window */);
ble.gap().startScan(advertisementCallback);
}
int main(void)
{
+
//use 115200 for term 4M for energy
- pc.baud(115200);
+ //pc.baud(115200);
- LOG("---- DECRYPTULATOR ACTIVIZE ----\n");
+
+
+ printf("---- DECRYPTULATOR ACTIVIZE ----\n");
initAES();
ticker.attach(periodicCallback, 1); /* flash the LED because reasons */
- LOG("Bring up the BLE radio\n");
+ printf("Bring up the BLE radio\n");
BLE &ble = BLE::Instance();
ble.init(bleInitComplete);