ra/odinsea-elixir
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
odinsea-elixir/test/find_iv.exs
Rooba 2c3d0ab580 fix login issue*
2026-02-25 12:26:26 -07:00

54 lines
2.0 KiB
Elixir
Raw Permalink Blame History

# Find the correct IV by trying all combinations from hello packet
# Hello packet: 0E 00 70 00 01 00 34 9A 0F 0C A8 BC 0D B3 E6 07
import Bitwise
# Raw packet from client
packet = <<0x7C, 0xA8, 0x7B, 0xA8, 0xBF, 0x0A, 0xCD, 0xDE, 0xC7, 0x71, 0xAC>>
<<raw_seq::little-16, _raw_len::little-16, _payload::binary>> = packet
IO.puts("Raw packet: #{Base.encode16(packet)}")
IO.puts("raw_seq: 0x#{Integer.to_string(raw_seq, 16)} (#{raw_seq})")
IO.puts("")
# For header validation to pass: raw_seq ^ seq_base == 112
target_seq_base = bxor(raw_seq, 112)
IO.puts("Need seq_base: 0x#{Integer.to_string(target_seq_base, 16)} (#{target_seq_base})")
IO.puts("")
# seq_base = (r2 & 0xFF) | ((r3 << 8) & 0xFF00)
# So: r2 = lower byte, r3 = upper byte
target_r2 = target_seq_base &&& 0xFF
target_r3 = (target_seq_base >>> 8) &&& 0xFF
IO.puts("Need recv_iv[2] = 0x#{Integer.to_string(target_r2, 16)} (#{target_r2})")
IO.puts("Need recv_iv[3] = 0x#{Integer.to_string(target_r3, 16)} (#{target_r3})")
IO.puts("")
# Bytes available in hello packet (positions 6-13):
# 34 9A 0F 0C A8 BC 0D B3
bytes = [0x34, 0x9A, 0x0F, 0x0C, 0xA8, 0xBC, 0x0D, 0xB3]
IO.puts("Available bytes from hello packet:")
Enum.each(Enum.with_index(bytes), fn {b, i} ->
IO.puts(" [#{i}]: 0x#{Integer.to_string(b, 16)}")
end)
IO.puts("")
# Find matching bytes
IO.puts("Looking for matches...")
Enum.each(Enum.with_index(bytes), fn {b2, i2} ->
Enum.each(Enum.with_index(bytes), fn {b3, i3} ->
if b2 == target_r2 and b3 == target_r3 do
IO.puts("Found match! recv_iv[2]=0x#{Integer.to_string(b2, 16)} at [#{i2}], recv_iv[3]=0x#{Integer.to_string(b3, 16)} at [#{i3}]")
# Construct full IV (need to determine r0 and r1 too)
# Try different combinations for r0 and r1
Enum.each(Enum.with_index(bytes), fn {b0, i0} ->
Enum.each(Enum.with_index(bytes), fn {b1, i1} ->
iv = <<b0, b1, b2, b3>>
IO.puts(" Possible IV: #{Base.encode16(iv)} (bytes[#{i0}][#{i1}][#{i2}][#{i3}])")
end)
end)
end
end)
end)
Reference in New Issue View Git Blame Copy Permalink