C114门户论坛百科APPEN| 举报 切换到宽版

亚星游戏官网

 找回密码
 注册

只需一步,快速开始

短信验证,便捷登录

搜索

军衔等级:

亚星游戏官网-yaxin222  上等兵

注册:2015-10-27
发表于 2022-7-12 18:04:02 |显示全部楼层
有同学使用scapy或者别的工具解析过UDP-encapsulated ESP messages没,就像下图这个wireshark消息,写了个测试程序,解析出来和wireshark里的不一样。
  1. import scapy
  2. from scapy.all import *
  3. from scapy.utils import PcapReader
  4. from Crypto.Cipher import AES

  5. packets=rdpcap(r"tcpdump_NTLog_V2_2022_0314_190713_start_1.cap")

  6. sa = SecurityAssociation(ESP,
  7.                          spi=0x8610c449)

  8. # C:\Users\[username]\AppData\Roaming\Wireshark\esp_sa
  9. # "IPv4","192.168.2.72","207.219.233.33","0x8610c449","AES-CBC [RFC3602]","0x0bca0574cba28f949390a552cfbd8605","HMAC-SHA-1-96 [RFC2404]","0x6f8f7a3044fdc68dfa50c70c91bcb306fa6e1952"
  10. res = CRYPT_ALGOS['AES-CBC'].decrypt(sa, packets[239][ESP], b'0bca0574cba28f949390a552cfbd8605', icv_size=12)
  11. print(f'res.iv lenght is {len(res.iv)}')
  12. for i in res.data:
  13.     print(hex(i))
  14.     break

  15. res.show()
复制代码


举报本楼

您需要登录后才可以回帖 登录 | 注册 |

手机版|C114 ( 沪ICP备12002291号-1 )|联系大家 |网站地图  

GMT+8, 2024-11-18 00:18 , Processed in 0.132954 second(s), 15 queries , Gzip On.

Copyright © 1999-2023 C114 All Rights Reserved

Discuz Licensed

回顶部
XML 地图 | Sitemap 地图