Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Decode MS-MPPE-Send-Key / MS-MPPE-Recv-Key
from hashlib import md5
from binascii import unhexlify, hexlify
seq_xor = lambda c, b: ''.join(
chr(x) for x in map(lambda X: ord(X[0]) ^ ord(X[1]), zip(c, b))
)
#
# RFC-2548: 2.4.3. MS-MPPE-Recv-Key
#
# C: Cyphertext
# S: Secret
# R: Request Authenticator
# A: Salt field
# P: Plaintext - key-len + key + padding
#
def rad_tunnel_pwdecode(C, S, R, A):
c = [C[i:i+16] for i in range(0, len(C), 16)]
p = ['\0'] * len(c)
b = ['\0'] * len(c)
b[0] = md5(S + R + A).digest()
p[0] = seq_xor(c[0], b[0])
for i in range(1, len(p)):
b[i] = md5(S + c[i-1]).digest()
p[i] = seq_xor(c[i], b[i])
P = ''.join(p)
return P
Secret = "xxxxxx"
RequestAuthenticator = "182d8f5a54cbfe158ff6239f52dd2e30"
Cyphertext ="f1b310d0d0e66dcaba76135acdj90bc9d6k10b009b94a3eceb0dac583a3fed11518fe3818303b9ba31510aae37fa25e6bd7b"
print "Cypher:%s"%Cyphertext
Salt = Cyphertext[:4]
Plaintext = rad_tunnel_pwdecode(
unhexlify(Cyphertext[4:]),
Secret,
unhexlify(RequestAuthenticator),
unhexlify(Salt)
)
Plaintext = hexlify(Plaintext)
print "Plain: %s"%Plaintext
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.