In this experiment i use Ruby and OpenSSL to create secure crypted conversations over irc.
Those are viewable in the watch out for the "modules" variable. Note that note that not every OS/ssl version/installation has the same modul set
Yes, you need to modify the source to use it
| #!/usr/bin/env ruby | |
| require 'socket' | |
| require 'openssl' | |
| require "base64" | |
| server = "some-irc.tld" | |
| port = "6667" | |
| nick = "Nickname#{rand(5000)}" | |
| channel = "#channel" | |
| module Crypt | |
| def Crypt.ccc(m,k,t,o) | |
| (ccc = OpenSSL::Cipher::Cipher.new(o).send(m)).key = Digest::SHA256.digest(k) | |
| ccc.update(t) << ccc.final | |
| end | |
| def Crypt.encrypt(mode, key, text) | |
| Crypt.ccc(:encrypt, key, text, mode) | |
| end | |
| def Crypt.decrypt(mode, key, text) | |
| Crypt.ccc(:decrypt, key, text, mode) | |
| end | |
| end | |
| modules = ['aes-128-cbc','aes-128-ecb','aes-192-cbc','aes-192-ecb','aes-256-cbc','aes-256-ecb','bf','bf-cbc','bf-cfb','bf-ecb','bf-ofb','camellia-128-cbc','camellia-128-ecb','camellia-192-cbc','camellia-192-ecb','camellia-256-cbc','camellia-256-ecb','cast','cast-cbc','cast5-cbc','cast5-cfb','cast5-ecb','cast5-ofb','des','des-cbc','des-cfb','des-ecb','des-ede','des-ede-cbc','des-ede-cfb','des-ede-ofb','des-ede3','des-ede3-cbc','des-ede3-cfb','des-ede3-ofb','des-ofb','des3','desx','rc2','rc2-40-cbc','rc2-64-cbc','rc2-cbc','rc2-cfb','rc2-ecb','rc2-ofb','rc4','rc4-40','seed','seed-cbc','seed-cfb','seed-ecb','seed-ofb'] | |
| keyfile = File.open("mah.key").read | |
| circle = keyfile.split("CIRCLE:")[1].split("\n")[0].split(",") | |
| puts "Read Modes from keyfile..." | |
| circle.each do |c| | |
| puts " > #{c}" | |
| end | |
| $key = keyfile.split("KEY:")[1] | |
| puts "Read key..." | |
| puts $key | |
| puts "" | |
| $s = TCPSocket.open(server, port) | |
| print("addr: ", $s.addr.join(":"), "\n") | |
| print("peer: ", $s.peeraddr.join(":"), "\n") | |
| $s.puts "USER testing 0 * Testing" | |
| $s.puts "NICK #{nick}" | |
| $s.puts "JOIN #{channel}" | |
| $s.puts "PRIVMSG #{channel} :Hello from IRB Bot" | |
| Thread.new { | |
| until $s.eof? do | |
| msg = $s.gets | |
| msx = msg.split(" ") | |
| mse = msg.split("#{channel} :")[1] | |
| if msx[1] == "PRIVMSG" | |
| if mse.match(/^[~]/) | |
| mse = mse.gsub('[~]','').chomp() | |
| mse = [mse].pack('H*') | |
| puts mse | |
| circle.reverse.each do |co| | |
| mse = Crypt.decrypt(co,$key,mse) | |
| end | |
| end | |
| puts "> #{mse}" | |
| end | |
| if msx[1] == "396" | |
| $s.puts "JOIN #{channel}" | |
| end | |
| end | |
| } | |
| while true | |
| inp = gets.chomp() | |
| circle.each do |c| | |
| inp = Crypt.encrypt(c,$key,inp) | |
| end | |
| inp = inp.unpack('H*')[0] | |
| $s.puts "PRIVMSG #{channel} :[~]#{inp}" | |
| end |
| *------------------------------[ AES-IRC KeyFile 0.1 ]---------* | |
| # Example KeyFile order however you want :3 | |
| CIRCLE:aes-192-cbc,aes-128-ecb,rc2-ofb,seed,seed-cfb,cast5-cbc | |
| KEY:SomeSecureKey |
Yes its more a proof of concept than anything else.
I'm bashful i forgot ping... but have no idea why it should not decode right? I ment only row 7-10 to be edited.
But ey, the concept is proven. The rest is the creativity of your own ;)
(The Interface isnt very useful anyway)
No problem at all ;)
i will try to make something more usable out of this, may directly a local proxy, dunno.
But i still plan to make something awesome xD
Anyway, i encountered similar problems when i used not supported encryption types, which are very different on different machines (i think the SSL packages differ there) try to use only keys listen in:
puts OpenSSL::Cipher.ciphers
Hopefully this helps
Does not decode out of the box; a pointer towards what needs to be edited (besides server and nickname) would be nice.
The ciphertext is unsalted, that should not be the case except for testing.
Very sweet idea, though.