IKECrack is an open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication. The open source version of this tool is to demonstrate proof-of-concept, and will work with RFC 2409 based aggressive mode PSK authentication.
Our SourceForge development area is at http://sourceforge.net/projects/ikecrack/
Presentation Materials and Additional Tools
My ToorCon 2K2 preso on IKE hacking can be downloaded here
The IKEProber tool mentioned in the preso can be downloaded here
IKE Agressive Mode BruteForce Summary
Aggressive Mode IKE authentication is composed of the following steps:
1 - Initiating client sends encryption options proposal, DH public key, random number [nonce_i], and an ID in an un-encrypted packet to the gateway/responder.
2 - Responder creates a DH public value, another random number [nonce_r], and calculates a HASH that is sent back to the initiator in an un-encrypted packet. This hash is used to authenticate the parties to each other, and is based on the exchange nonces, DH public values, the initiator ID, other values from the initiator packet, and the Pre-Shared-Key [PSK].
3 - The Initiating client sends a reply packet also containing a HASH, but this response is normally sent in an encrypted packet.
IKECrack utilizies the HASH sent in step 2, and attempts a realtime bruteforce of the PSK. This involves a HMAC-MD5 of the PSK with nonce values to determine the SKEYID, and a HMAC-MD5 of the SKEYID with DH pubkeys, cookies, ID, and SA proposal. In practice, SKEYID and HASH_R are calculated with the Hash cipher proposed by the initiator, so could actually be either SHA1 or MD5 in HMAC mode.
IKECrack utilizes components from the following OpenSource/PublicDomain programs
Ron Rivest's MD5
Simeon Pilgrim's Reverse MD5
MD5 and HMAC-MD5 PerlMods
Initial tesing with Perl based IKECrack shows numbers of 18,000 tests per second with a PIII 700, and can bruteforce 3 chars of ucase/lcase/0-9 in 13 seconds.
MDCrack [a MD5 bruteforce tool] can achieve 1.5 million keys per second with pure MD5 and a PIII 700. PSK bruteforcing consists of 4 MD5's, and 4 64 byte XORs....but should still be able to achieve 375,000 IKE keys per second. Preliminary tests in C have shown 26,000 keys per second with un-optimized routines. I'm hoping that Simeon Pilgrim's MD5 routines will speed this up a bit more.
Other projects we are considering integrating into IKECrack
dkbf - An open source distributed NT LANMan/Hash cracker using MPI - An IKECrack cluster!
HiFn Linux Drivers - HiFn makes one of the better commercial encryption/compression accelerators. I have access to 7751 based PCI cards, and plan one for offloading MD5, SHA1,DES, and 3DES
Author: Anton T. Rager : email@example.com