Browse Source

Mep

master
Simon Vikstrom 1 year ago
parent
commit
0e24fcbd4f
3 changed files with 152 additions and 19 deletions
  1. +27
    -0
      base32hex.php
  2. +53
    -19
      dns.php
  3. +72
    -0
      whitelies.php

+ 27
- 0
base32hex.php View File

@ -0,0 +1,27 @@
<?php
function base32hex_encode($input) {
// VERY MUCH STOLEN FROM INTERNET!!!!
$map = array(
'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q',
'R', 'S', 'T', 'U', 'V'
);
if(empty($input))
return;
$binaryString = "";
for($i = 0; $i < strlen($input); $i++) {
$binaryString .= str_pad(base_convert(ord($input[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
}
$fiveBitBinaryArray = str_split($binaryString, 5);
$base32 = "";
$i=0;
while($i < count($fiveBitBinaryArray)) {
$base32 .= $map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)];
$i++;
}
return $base32;
}

+ 53
- 19
dns.php View File

@ -17,8 +17,7 @@ define('DNS_FLAGS_CD', 1 << 4); // checking disabled
function unpackTake($msg, $offset, $length){
$s = substr($msg, $offset, $length);
return [$offset+=2, $s];
return [$offset+=$length, $s];
}
function unpackUint16($msg, $offset){
@ -39,19 +38,18 @@ class msgHeader {
public function parseFlags() {
$this->flagBits = [
'Id' => $this->id,
'Response' => $this->flags & DNS_FLAGS_QR != 0,
'Authoritative' => $this->flags & DNS_FLAGS_AA != 0,
'Truncated' => $this->flags & DNS_FLAGS_TC != 0,
'RecursionDesired' => $this->flags & DNS_FLAGS_RD != 0,
'RecursionAvailable' => $this->flags & DNS_FLAGS_RA != 0,
'Zero' => $this->flags & DNS_FLAGS_Z != 0,
'AuthenticatedData' => $this->flags & DNS_FLAGS_AD != 0,
'CheckingDisabled' => $this->flags & DNS_FLAGS_CD != 0,
'Response' => ($this->flags & DNS_FLAGS_QR) != 0,
'Authoritative' => ($this->flags & DNS_FLAGS_AA) != 0,
'Truncated' => ($this->flags & DNS_FLAGS_TC) != 0,
'RecursionDesired' => ($this->flags & DNS_FLAGS_RD) != 0,
'RecursionAvailable' => ($this->flags & DNS_FLAGS_RA) != 0,
'Zero' => ($this->flags & DNS_FLAGS_Z) != 0,
'AuthenticatedData' => ($this->flags & DNS_FLAGS_AD) != 0,
'CheckingDisabled' => ($this->flags & DNS_FLAGS_CD) != 0,
'Rcode' => floor($this->flags & 0xF),
'Opcode' => floor($this->flags>>11) & 0xF
];
}
}
@ -78,13 +76,49 @@ function unpackMsgHdr($msg, $offset){
return [$offset, $msgh];
}
list($offset, $header) = unpackMsgHdr(hex2bin($dnsMsg), 0);
function decompressLabel($msg, $offset){
$s = '';
while(true){
// Implement protection
$c = ord($msg[$offset]);
$offset++;
switch($c & 0xC0){ // 1100 0000 is used for compression, rest is normal type
case 0x00:
if($c == 0x00)
break 2; // End of label, break out of switch, loop
[$offset, $r] = unpackTake($msg, $offset, $c);
$s .= $r . '.';
break;
case 0xC0:
// Compressed part
break;
}
}
echo $header->id, "\n";
echo $header->flags, "\n";
echo $header->querys, "\n";
echo $header->answers, "\n";
echo $header->auth_rr, "\n";
echo $header->add_rr, "\n";
var_dump($header->flagBits);
return $s;
}
function unpackMsg($msg, $offset, $header){
// Parse querys
for($i = 0; $i < $header->querys; $i++){
$name = decompressLabel($msg, $offset);
list($offset, $type) = unpackUint16($msg, $offset);
list($offset, $qclass) = unpackUint16($msg, $offset);
echo $name;
}
// Parse responses
}
$msg = new msg();
list($offset, $header) = unpackMsgHdr(hex2bin($dnsMsg), 0);
$msg->msghdr = $header;
unpackMsg(hex2bin($dnsMsg), $offset, $header);

+ 72
- 0
whitelies.php View File

@ -0,0 +1,72 @@
<?php
include("base32hex.php");
function dnsname($str){
// Doesnt handle \\.... encoding
$out = '';
foreach(explode('.', trim($str, '.') . '.') as $pp){
$out .= chr(strlen($pp));
$out .= $pp;
}
return($out);
}
function calculate_hash($host, $salt, $iter){
$saltbin = pack("H*", $salt);
$wf = dnsname($host);
$nsec3 = sha1($wf . $saltbin, true);
for($i = 0; $i < $iter; $i++){
$nsec3 = sha1($nsec3 . $saltbin, true);
}
return $nsec3;
}
function increment_hash($hash){
for($i = strlen($hash) - 1; $i > 0; --$i){
$c = $hash[$i];
$c = chr(ord($c) + 1);
$hash[$i] = $c;
if($c)
break;
}
return $hash;
}
function decrement_hash($hash){
for($i = strlen($hash) - 1; $i > 0; --$i){
$c = $hash[$i];
$c = chr(ord($c) - 1);
$hash[$i] = $c;
if($c != 0xff)
break;
}
return $hash;
}
function hash_base32encode($hash){
return strtolower(base32hex_encode($hash));
}
$salt = "BC6222C640";
$iter = 5;
foreach(["simonvikstrom.se", "_assaas.simonvikstrom.se", "*.simonvikstrom.se"] as $domain){
$hash = calculate_hash($domain, $salt, $iter);
echo "$domain hash: ", hash_base32encode($hash), "\n";
echo "$domain hash before: ", hash_base32encode(decrement_hash($hash)), "\n";
echo "$domain hash after: ", hash_base32encode(increment_hash($hash)), "\n";
}
/*
No wildcard
Powerdns returns :
hash(appex (SOA)) -> increment_hash(hash(appex (SOA)))
decrement_hash(hash(query)) -> increment_hash(hash(query))
decrement_hash(hash(*.appex (SOA))) -> increment_hash(hash(*.appex (SOA)))
Wildcard
hash(appex (query)) -> increment_hash(hash(query))
*/

Loading…
Cancel
Save