Created
November 5, 2018 08:55
-
-
Save tkjaer/78ae30343c011dbad62b883150b8d760 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Calculate the RADIUS Message-Authenticator from a raw RADIUS packet. | |
| The packet can be exported from Wireshark with "Export Packet Bytes". | |
| """ | |
| from sys import argv | |
| import re | |
| import hmac, hashlib | |
| import binascii | |
| radius_file = argv[1] | |
| radius_key = argv[2] | |
| # RADIUS packet format: | |
| # | |
| # 0-7: RADIUS Code | |
| # 8-15: Packet Identifier | |
| # 16-31: Packet Length | |
| # 32-47: Authenticator | |
| # 48-Packet Length: Attribute Value Pairs [AVP] | |
| # - AVP format: | |
| # 0-7: Attribute Type | |
| # 8-15: Attribute Length | |
| # 16-Attribute Length: Value | |
| try: | |
| with open(radius_file, "rb") as f: | |
| f_hex = f.read().hex() | |
| #print("5012 count: {}".format(f_hex.count("5012"))) | |
| # find the Message-Authenticator AVP | |
| ma_expr = "^(.*5012)(.{32})(.*$)" | |
| hex_parts = re.match(ma_expr, f_hex).groups() | |
| print("Original Message-Authenticator: {}".format(hex_parts[1])) | |
| # null the original message-authenticator | |
| f_hex_zero = hex_parts[0] + "0"*32 + hex_parts[2] | |
| # convert the hex back to binary | |
| b = binascii.unhexlify(f_hex_zero) | |
| # calculate the checksum of the now-zero packet | |
| print("Calculated Message-Authenticator: {}".format( | |
| hmac.new( | |
| bytes(radius_key, "utf8"), | |
| bytes.fromhex(f_hex_zero), | |
| hashlib.md5 | |
| ).hexdigest() | |
| )) | |
| except IOError as e: | |
| print("Error opening file: {}".format(e)) | |
| exit(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment