blackrock randomization improvements

b1tninja · Jan 2, 2014 · 5777ce3 · 5777ce3
1 parent 65bee63
commit 5777ce3
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 22 deletions.
diff --git a/src/main-conf.c b/src/main-conf.c
@@ -1189,6 +1189,12 @@ masscan_set_parameter(struct Masscan *masscan,
     } else if (EQUALS("traceroute", name)) {
         fprintf(stderr, "nmap(%s): unsupported\n", name);
         exit(1);
+    } else if (EQUALS("test", name)) {
+        if (EQUALS("csv", value))
+            masscan->is_test_csv = 1;
+    } else if (EQUALS("notest", name)) {
+        if (EQUALS("csv", value))
+            masscan->is_test_csv = 0;
     } else if (EQUALS("ttl", name)) {
         unsigned x = strtoul(value, 0, 0);
         if (x >= 256) {

diff --git a/src/main-listscan.c b/src/main-listscan.c
@@ -54,11 +54,21 @@ main_listscan(struct Masscan *masscan)
         ip = rangelist_pick(&masscan->targets, xXx % count_ips);
         port = rangelist_pick(&masscan->ports, xXx / count_ips);
 
-        if (count_ports == 1)
-            printf("%u.%u.%u.%u\n",
-                   (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF
-                   );
-        else
+        if (count_ports == 1) {
+            if (masscan->is_test_csv) {
+                /* [KLUDGE] [TEST]
+                 * For testing randomness output, prints last two bytes of
+                 * IP address as CSV format for import into spreadsheet
+                 */
+                printf("%u,%u\n",
+                       (ip>>8)&0xFF, (ip>>0)&0xFF
+                       );
+            } else {
+                printf("%u.%u.%u.%u\n",
+                       (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF
+                       );
+            }
+        } else
             printf("%u.%u.%u.%u:%u\n",
                    (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF,
                    port

diff --git a/src/masscan.h b/src/masscan.h
@@ -97,6 +97,7 @@ struct Masscan
     unsigned is_gmt:1;          /* --gmt, all times in GMT */
     unsigned is_capture_cert:1; /* --capture cert */
     unsigned is_capture_html:1; /* --capture html */
+    unsigned is_test_csv:1;     /* (temporary testing feature) */
 
     /**
      * Wait forever for responses, instead of the default 10 seconds

diff --git a/src/proto-ssl.c b/src/proto-ssl.c
@@ -4,7 +4,9 @@
     This parses out the SSL "certificate" and "ephemeral keys", and
     any other information we want from SSL.
 
-    BIZARRE CODE ALERT: This module uses "state-machines" to parse
+    !!!!!!!!!!!!  BIZARRE CODE ALERT !!!!!!!!!!!!!!!
+    
+    This module uses "state-machines" to parse
     SSL. This has a number of advantages, such as handling TCP
     segmentation and SSL record fragmentation without having to
     buffer any packets. But it's quite weird if you aren't used to
@@ -25,13 +27,9 @@
 
 
 /***************************************************************************
-       struct {
-           ProtocolVersion server_version;
-           Random random;
-           SessionID session_id;
-           CipherSuite cipher_suite;
-           CompressionMethod compression_method;
-       } ServerHello;
+ * This parses the "Server Hello" packet, the packet that comes before 
+ * certificates. What we want from this are the SSL version info and the
+ * "cipher-suite" (which encryption protocol the server uses).
  ***************************************************************************/
 static void
 server_hello(
@@ -60,6 +58,17 @@ server_hello(
     UNUSEDPARM(banner1_private);
     UNUSEDPARM(banner1);
 
+    /* What this structure looks like
+       struct {
+           ProtocolVersion server_version;
+           Random random;
+           SessionID session_id;
+           CipherSuite cipher_suite;
+           CompressionMethod compression_method;
+       } ServerHello;
+    */
+
+    /* 'for all bytes in the packet...' */
     for (i=0; i<length; i++)
     switch (state) {
     case VERSION_MAJOR:

diff --git a/src/rand-blackrock.c b/src/rand-blackrock.c
@@ -156,20 +156,26 @@ blackrock_init(struct BlackRock *br, uint64_t range, uint64_t seed)
 
 
 /***************************************************************************
- * This is a random meaningless function. Well, if we actually wanted
- * crypto-strength, we'd have to improve it, but for now, we just want
- * some random properties.
+ * The inner round/mixer function. In DES, it's a series of S-box lookups,
+ * which 
  ***************************************************************************/
 static inline uint64_t
-F(uint64_t j, uint64_t R, uint64_t seed)
+F(uint64_t r, uint64_t R, uint64_t seed)
 {
-    static const uint64_t primes[] = {
-        961752031, 982324657, 15485843, 961752031,  };
+    uint64_t r0, r1, r2, r3;
 
-    R = ((R << (R&0x4)) + R + seed);
-    R ^= sbox[R&0xF];
+#define GETBYTE(R,n) ((((R)>>(n*8))^seed^r)&0xFF)
 
-    return (((primes[j] * R + 25ULL) ^ R) + j);
+    R ^= seed;
+
+    r0 = sbox[GETBYTE(R,0)]<< 0 | sbox[GETBYTE(R,1)]<< 8;
+    r1 = (sbox[GETBYTE(R,2)]<<16UL | sbox[GETBYTE(R,3)]<<24UL)&0x0ffffFFFFUL;
+    r2 = sbox[GETBYTE(R,4)]<< 0 | sbox[GETBYTE(R,5)]<< 8;
+    r3 = (sbox[GETBYTE(R,6)]<<16UL | sbox[GETBYTE(R,7)]<<24UL)&0x0ffffFFFFUL;
+
+    R = r0 ^ r1 ^ r2<<23UL ^ r3<<33UL;
+
+    return R;
 }