Last active
August 29, 2015 14:16
-
-
Save martok/6f855c8887fd4f33454d to your computer and use it in GitHub Desktop.
IKEv1 Parser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('IND',' '); | |
function hex2bin( $str ) { | |
$sbin = ""; | |
$len = strlen( $str ); | |
for ( $i = 0; $i < $len; $i += 2 ) { | |
$sbin .= pack( "H*", substr( $str, $i, 2 ) ); | |
} | |
return $sbin; | |
} | |
function take(&$str, $num) { | |
$s = substr($str, 0, $num); | |
$str = substr($str, $num); | |
return $s; | |
} | |
function to_int8($bin) { | |
$r = unpack('C', $bin); | |
return $r[1]; | |
} | |
function to_int16($bin) { | |
$r = unpack('n', $bin); | |
return $r[1]; | |
} | |
function read_attributes($str) { | |
$res = array(); | |
while (strlen($str) > 0) { | |
$attrtype = to_int16(take($str, 2)); | |
if ($attrtype & 0x8000) { | |
$attrval = to_int16(take($str, 2)); | |
$attrtype &= ~0x8000; | |
} else { | |
$attrlen = to_int16(take($str, 2)); | |
$attrval = take($str, $attrlen); | |
} | |
$res[] = array($attrtype,$attrval); | |
} | |
return $res; | |
} | |
function def($a,$d) { | |
return (!$a)?$d:$a; | |
} | |
function attr2str($attr) { | |
return join("\n", array_map(function($a) { | |
list($k,$v) = $a; | |
$ks = def(array_search($k, array( | |
'SA Life Type' => 1, | |
'SA Life Duration' => 2, | |
'Group Description' => 3, | |
'Encapsulation Mode' => 4, | |
'Authentication Algorithm' => 5, | |
'Key Length' => 6, | |
'Key Rounds' => 7, | |
'Compress Dictionary Size' => 8, | |
'Compress Private Algorithm' => 9, | |
'ECN Tunnel' => 10, | |
'Extended (64-bit) Sequence Number' => 11, | |
'Authentication Key Length' => 12, | |
'Signature Encoding Algorithm' => 13, | |
'Address Preservation' => 14, | |
'SA Direction' => 15 | |
)), $k); | |
if (is_string($v)) { | |
return $ks.':'.bin2hex($v); | |
} else switch($k) { | |
case 5: | |
$v = def(array_search($v, array( | |
'Reserved' => 0, | |
'HMAC-MD5' => 1, | |
'HMAC-SHA' => 2, | |
'DES-MAC' => 3, | |
'KPDK' => 4, | |
'HMAC-SHA2-256' => 5, | |
'HMAC-SHA2-384' => 6, | |
'HMAC-SHA2-512' => 7, | |
'HMAC-RIPEMD' => 8, | |
'AES-XCBC-MAC' => 9, | |
'SIG-RSA' => 10, | |
'AES-128-GMAC' => 11, | |
'AES-192-GMAC' => 12, | |
'AES-256-GMAC' => 13 | |
)), $v); | |
break; | |
} | |
return $ks.':'.$v; | |
}, $attr)); | |
} | |
function read_transform(&$str) { | |
$last = to_int8(take($str, 1)); | |
$res = to_int8(take($str, 1)); | |
$size = to_int16(take($str, 2)); | |
$tnr = to_int8(take($str, 1)); | |
$tid = to_int8(take($str, 1)); | |
$res2 = to_int16(take($str, 2)); | |
$saattrib = take($str, $size - 8); | |
$attribs = read_attributes($saattrib); | |
$transform = def(array_search($tid,array( | |
'RESERVED' => 0, | |
'ESP_DES_IV64' => 1, | |
'ESP_DES' => 2, | |
'ESP_3DES' => 3, | |
'ESP_RC5' => 4, | |
'ESP_IDEA' => 5, | |
'ESP_CAST' => 6, | |
'ESP_BLOWFISH' => 7, | |
'ESP_3IDEA' => 8, | |
'ESP_DES_IV32' => 9, | |
'ESP_RC4' => 10, | |
'ESP_NULL' => 11, | |
'ESP_AES-CBC' => 12, | |
'ESP_AES-CTR' => 13, | |
'ESP_AES-CCM_8' => 14, | |
'ESP_AES-CCM_12' => 15, | |
'ESP_AES-CCM_16' => 16, | |
'Unassigned' => 17, | |
'ESP_AES-GCM_8' => 18, | |
'ESP_AES-GCM_12' => 19, | |
'ESP_AES-GCM_16' => 20, | |
'ESP_SEED_CBC' => 21, | |
'ESP_CAMELLIA' => 22, | |
'ESP_NULL_AUTH_AES-GMAC' => 23 | |
)),'###'); | |
echo IND."Transform #$tnr: $transform($tid)<br>"; | |
echo IND.IND.str_replace("\n",'<br>'.IND.IND, attr2str($attribs)).'<br>'; | |
return !$last; | |
} | |
function read_proposal(&$str) { | |
$last = to_int8(take($str, 1)); | |
$flag = to_int8(take($str, 1)); | |
$size = to_int16(take($str, 2)); | |
$pnr = to_int8(take($str, 1)); | |
$protoid = to_int8(take($str, 1)); | |
$spisize = to_int8(take($str, 1)); | |
$transforms = to_int8(take($str, 1)); | |
$spi = take($str, $spisize); | |
$protocol = '###'; | |
switch($protoid) { | |
case 0: $protocol='RESERVED'; break; | |
case 1: $protocol='IKE'; break; | |
case 2: $protocol='AH'; break; | |
case 3: $protocol='ESP'; break; | |
default: { | |
if ($protoid >= 4 && $protoid<=200) $protocol='IANA'; | |
if ($protoid >= 201 && $protoid<=255) $protocol='PRIVATE'; | |
} | |
} | |
echo "Proposal #$pnr ($size) $protocol($protoid) with $transforms transforms <br>"; | |
for ($t=0; $t<=$transforms; $t++) { | |
if (read_transform(&$str)) | |
break; | |
} | |
} | |
function run($hexstr) { | |
$hexstr = str_replace(array("\r","\n",' '),'', $hexstr); | |
$bin = hex2bin($hexstr); | |
while ($bin != '') { | |
read_proposal($bin); | |
} | |
} | |
$hex = <<<END | |
00000624 0103042d 22f5f130 03000024 010c0000 80040001 80060100 80050001 | |
80030001 80010001 00020004 00000e10 03000024 020c0000 80040001 80060100 | |
80050002 80030001 80010001 00020004 00000e10 03000024 030c0000 80040001 | |
80060100 80050005 80030001 80010001 00020004 00000e10 03000024 040c0000 | |
80040001 80060100 80050006 80030001 80010001 00020004 00000e10 03000024 | |
050c0000 80040001 80060100 80050007 80030001 80010001 00020004 00000e10 | |
03000024 060c0000 80040001 800600c0 80050001 80030001 80010001 00020004 | |
00000e10 03000024 070c0000 80040001 800600c0 80050002 80030001 80010001 | |
00020004 00000e10 03000024 080c0000 80040001 800600c0 80050005 80030001 | |
80010001 00020004 00000e10 03000024 090c0000 80040001 800600c0 80050006 | |
80030001 80010001 00020004 00000e10 03000024 0a0c0000 80040001 800600c0 | |
80050007 80030001 80010001 00020004 00000e10 03000024 0b0c0000 80040001 | |
80060080 80050001 80030001 80010001 00020004 00000e10 03000024 0c0c0000 | |
80040001 80060080 80050002 80030001 80010001 00020004 00000e10 03000024 | |
0d0c0000 80040001 80060080 80050005 80030001 80010001 00020004 00000e10 | |
03000024 0e0c0000 80040001 80060080 80050006 80030001 80010001 00020004 | |
00000e10 03000024 0f0c0000 80040001 80060080 80050007 80030001 80010001 | |
00020004 00000e10 03000024 10070000 80040001 80060100 80050001 80030001 | |
80010001 00020004 00000e10 03000024 11070000 80040001 80060100 80050002 | |
80030001 80010001 00020004 00000e10 03000024 12070000 80040001 80060100 | |
80050005 80030001 80010001 00020004 00000e10 03000024 13070000 80040001 | |
80060100 80050006 80030001 80010001 00020004 00000e10 03000024 14070000 | |
80040001 80060100 80050007 80030001 80010001 00020004 00000e10 03000024 | |
15070000 80040001 800600c0 80050001 80030001 80010001 00020004 00000e10 | |
03000024 16070000 80040001 800600c0 80050002 80030001 80010001 00020004 | |
00000e10 03000024 17070000 80040001 800600c0 80050005 80030001 80010001 | |
00020004 00000e10 03000024 18070000 80040001 800600c0 80050006 80030001 | |
80010001 00020004 00000e10 03000024 19070000 80040001 800600c0 80050007 | |
80030001 80010001 00020004 00000e10 03000024 1a070000 80040001 80060080 | |
80050001 80030001 80010001 00020004 00000e10 03000024 1b070000 80040001 | |
80060080 80050002 80030001 80010001 00020004 00000e10 03000024 1c070000 | |
80040001 80060080 80050005 80030001 80010001 00020004 00000e10 03000024 | |
1d070000 80040001 80060080 80050006 80030001 80010001 00020004 00000e10 | |
03000024 1e070000 80040001 80060080 80050007 80030001 80010001 00020004 | |
00000e10 03000020 1f030000 80040001 80050001 80030001 80010001 00020004 | |
00000e10 03000020 20030000 80040001 80050002 80030001 80010001 00020004 | |
00000e10 03000020 21030000 80040001 80050005 80030001 80010001 00020004 | |
00000e10 03000020 22030000 80040001 80050006 80030001 80010001 00020004 | |
00000e10 03000020 23030000 80040001 80050007 80030001 80010001 00020004 | |
00000e10 03000020 24060000 80040001 80050001 80030001 80010001 00020004 | |
00000e10 03000020 25060000 80040001 80050002 80030001 80010001 00020004 | |
00000e10 03000020 26060000 80040001 80050005 80030001 80010001 00020004 | |
00000e10 03000020 27060000 80040001 80050006 80030001 80010001 00020004 | |
00000e10 03000020 28060000 80040001 80050007 80030001 80010001 00020004 | |
00000e10 03000020 29020000 80040001 80050001 80030001 80010001 00020004 | |
00000e10 03000020 2a020000 80040001 80050002 80030001 80010001 00020004 | |
00000e10 03000020 2b020000 80040001 80050005 80030001 80010001 00020004 | |
00000e10 03000020 2c020000 80040001 80050006 80030001 80010001 00020004 | |
00000e10 00000020 2d020000 80040001 80050007 80030001 80010001 00020004 | |
00000e10 04000018 d317a53b fdb1d7f0 2f1e5dfd 4429cb9f 83628212 05000064 | |
6859a101 8ad6cc9f f3ea74de 4d89fcd3 98683b82 10ae1878 8727f456 e6043a92 | |
2bafc513 e3c45836 c36dfc17 a4d3ad6e 9b3237bd 098c918c d3f05a5b df68ffce | |
972829d5 47a23f23 4fb605ad e22ed5ab bfd4f556 77390149 efe69dd4 1741b43c | |
0500000c 01000000 8d2ce13b 00000010 04000000 00000000 00000000 | |
END; | |
echo '<code>'; | |
run($hex); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment