Vault7: CIA Hacking Tools Revealed
Navigation: » Directory » Embedded Development Branch (EDB) » EDB Home » Projects » HarpyEagle
Owner: User #524297
Airport Utility Analysis
Running from client port to TCP 5009 on Airport Extreme
Captured key exchange (possibly Diffie-Hellman) before channel encryption.
CLIENT
SERVER
Fixed Length: 128 bytes | |||
---|---|---|---|
0-3 |
4-7 |
8-11 |
12-15 |
"acpp" |
0x0003 0x0001 |
(unknown 8 bytes - cksum?) |
|
(length of next CFB0 packet) |
0x0000 0x0004 |
0x0000 0x0000 |
0x0000 0x001a |
(16 zero bytes) | |||
(unknown 16 bytes data – fixed for client comms) | |||
(unknown 16 bytes data – fixed for client comms) | |||
(16 zero bytes) |
Variable Length | ||||
---|---|---|---|---|
0-4 |
4-7 |
... |
... |
|
"CFB0" 0xd0 |
|
|
||
| ||||
0x00 "END!" |
Fixed Length: 128 bytes | |||
---|---|---|---|
0-3 |
4-7 |
8-11 |
12-15 |
"acpp" |
0x0003 0x0001 |
(unknown 8 bytes - cksum?) |
|
(length of next CFB0 packet) |
0x0000 0x0004 |
0x0000 0x0000 |
0x0000 0x001a |
(16 zero bytes) | |||
(unknown 16 bytes data – nulls for server comms) | |||
(unknown 16 bytes data – nulls for server comms) | |||
(16 zero bytes) |
Variable Length | ||||
---|---|---|---|---|
0-4 |
4-7 |
... |
... |
|
"CFB0" 0xd0 |
|
|
||
| ||||
0x00 "END!"
|
Fixed Length: 128 bytes | |||
---|---|---|---|
0-3 |
4-7 |
8-11 |
12-15 |
"acpp" |
0x0003 0x0001 |
(unknown 8 bytes - cksum?) |
|
(length of next CFB0 packet) |
0x0000 0x0004 |
0x0000 0x0000 |
0x0000 0x001a |
(16 zero bytes) | |||
(unknown 16 bytes data – fixed for client comms) | |||
(unknown 16 bytes data – fixed for client comms) | |||
(16 zero bytes) |
Variable Length | ||||
---|---|---|---|---|
0-4 |
4-7 |
... |
... |
|
"CFB0" 0xd0 |
|
|
||
| ||||
0x00 "END!"
|
Fixed Length: 128 bytes | |||
---|---|---|---|
0-3 |
4-7 |
8-11 |
12-15 |
"acpp" |
0x0003 0x0001 |
(unknown 8 bytes - cksum?) |
|
(length of next CFB0 packet) |
0x0000 0x0004 |
0x0000 0x0000 |
0x0000 0x001a |
(16 zero bytes) | |||
(unknown 16 bytes data – nulls for server comms) | |||
(unknown 16 bytes data – nulls for server comms) | |||
(16 zero bytes) |
Variable Length | ||||
---|---|---|---|---|
0-4 |
4-7 |
... |
... |
|
"CFB0" 0xd0 |
|
|
||
| ||||
0x00 "END!"
|
ENCRYPTED SESSION BEGINS |
---|
ENCRYPTED SESSION BEGINS |
---|