RADIUS authentication packet manipulation library
Problem this snippet solves: RADIUS authentication library that facilitates development of complex full proxy RADIUS auth solutions. Links a RADIUS request with a response and validates the RADIUS r...
Published Oct 26, 2018
Version 1.0
Sam_Hall
Nimbostratus
NimbostratusSam_HallNimbostratus
Nimbostratus
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
I suggest this code for encoding / decoding
proc pw_decrypt { KEY Q_AUTHENTICATOR ENCODED_PASSWORD } {
binary scan [md5 $KEY$Q_AUTHENTICATOR] WW bx_64bits_1 bx_64bits_2
binary scan $ENCODED_PASSWORD W* ENCODED_PASSWORD_W_LIST
set PASSWORD_LIST [list]
foreach {cx_64bits_1 cx_64bits_2} $ENCODED_PASSWORD_W_LIST {
lappend PASSWORD_LIST [expr { $cx_64bits_1 ^ $bx_64bits_1 }] [expr { $cx_64bits_2 ^ $bx_64bits_2 }]
binary scan [md5 $KEY[binary format WW $cx_64bits_1 $cx_64bits_2]] WW bx_64bits_1 bx_64bits_2
}
binary scan [binary format W* $PASSWORD_LIST] A* PASSWORD
return $PASSWORD
}
proc pw_encrypt { KEY Q_AUTHENTICATOR PASSWORD } {
binary scan [md5 $KEY$Q_AUTHENTICATOR] WW bx_64bits_1 bx_64bits_2
binary scan [binary format a[expr {[string length $PASSWORD] + 16 - [string length $PASSWORD]%16}] $PASSWORD ] W* PASSWORD_W_LIST
set ENCODED_PASSWORD_LIST [list]
foreach {px_64bits_1 px_64bits_2} $PASSWORD_W_LIST {
log local0. "$px_64bits_1 ^ $bx_64bits_1"
lappend ENCODED_PASSWORD_LIST [expr { $px_64bits_1 ^ $bx_64bits_1 }] [expr { $px_64bits_2 ^ $bx_64bits_2 }]
binary scan [md5 $KEY[binary format W2 [lrange $ENCODED_PASSWORD_LIST end-1 end]]] WW bx_64bits_1 bx_64bits_2
}
binary scan [binary format W* $ENCODED_PASSWORD_LIST] A* ENCODED_PASSWORD
return $ENCODED_PASSWORD
}
and to get AUTHENTICATOR , use this command: instead if string range...
binary scan [UDP::payload] @4a16 Q_AUTHENTICATOR