Hi, I am trying to decode SSH encrypted packets in Wireshark using libssh (eventually). For this, I have written a sample program following the tutorials to connect to my localhost, authenticate myself, and run commands. I have captured these packet exchanges using tcpdump. I went through the code and found that I require several pieces of runtime information (which the libssh library can generate with some tweaking) - the cipher name, decrypt key, decrypt IV, if compression was used etc. Out of all these, I found that decrypt IV kept on changing with each packet Rx. On my system (Ubuntu 14.04.2 LTS), I found AES 256 (CTR) was used to encrypt/decrypt the packets.
My question is: If I modify libssh library to store decrypt key, decrypt IV, chipher name etc in a file when they are first generated (modify generate_session_keys) and later use them to decrypt packets offline (by invoking ssh_packet_socket_callback with a dummy session having decrypt key, decrypt IV etc previously generated), is there a way to calculate the value of decrypt IV before decrypting the nth packet? Consider the following scenario: Libssh generated the keys, and I wrote them in a file. Then some data exchange happened. During this time, the decrypt IV has changed. Now I run tcpdump for some time and capture the subsequent packets. Now I want to decrypt these packets offline using the information that I had stored in the file. Out of all these, the initial decrypt IV that was generated is no longer valid. Is there a way to calculate the correct decrypt IV from the initial decrypt IV so that the packets captured by tcpdump could be decrypted properly. I'm guessing the algorithm to calculate the final decrypt IV from the initial decrypt IV will vary from one cipher to the next. Could you please provide some links about the algorithms that each cipher employ (that libssh supports)? Thanks, Dibyendu
