mirror of https://github.com/hashcat/hashcat.git
parent
6a39617949
commit
06a5e736b9
@ -0,0 +1,850 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
#include "types.h"
|
||||
#include "modules.h"
|
||||
#include "bitops.h"
|
||||
#include "convert.h"
|
||||
#include "shared.h"
|
||||
#include "memory.h"
|
||||
#include "cpu_md5.h"
|
||||
|
||||
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
static const u32 DGST_POS0 = 0;
|
||||
static const u32 DGST_POS1 = 1;
|
||||
static const u32 DGST_POS2 = 2;
|
||||
static const u32 DGST_POS3 = 3;
|
||||
static const u32 DGST_SIZE = DGST_SIZE_4_4;
|
||||
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
|
||||
static const char *HASH_NAME = "WPA-EAPOL-PBKDF2";
|
||||
static const u32 HASH_TYPE = HASH_TYPE_GENERIC;
|
||||
static const u64 KERN_TYPE = 2500;
|
||||
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
|
||||
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
|
||||
| OPTS_TYPE_AUX1
|
||||
| OPTS_TYPE_AUX2
|
||||
| OPTS_TYPE_AUX3
|
||||
| OPTS_TYPE_DEEP_COMP_KERNEL
|
||||
| OPTS_TYPE_BINARY_HASHFILE;
|
||||
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
|
||||
static const char *ST_PASS = "hashcat!";
|
||||
static const char *ST_HASH = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
|
||||
|
||||
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
|
||||
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
|
||||
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
|
||||
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
|
||||
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
|
||||
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
|
||||
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
|
||||
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
|
||||
u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; }
|
||||
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
|
||||
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
|
||||
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
|
||||
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
|
||||
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
|
||||
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
|
||||
|
||||
static const u32 ROUNDS_WPA_PBKDF2 = 4096;
|
||||
|
||||
typedef struct wpa_eapol
|
||||
{
|
||||
u32 pke[32];
|
||||
u32 eapol[64 + 16];
|
||||
u16 eapol_len;
|
||||
u8 message_pair;
|
||||
int message_pair_chgd;
|
||||
u8 keyver;
|
||||
u8 orig_mac_ap[6];
|
||||
u8 orig_mac_sta[6];
|
||||
u8 orig_nonce_ap[32];
|
||||
u8 orig_nonce_sta[32];
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u32 keymic[4];
|
||||
u32 hash[4];
|
||||
int nonce_compare;
|
||||
int nonce_error_corrections;
|
||||
int detected_le;
|
||||
int detected_be;
|
||||
|
||||
} wpa_eapol_t;
|
||||
|
||||
typedef struct wpa_pbkdf2_tmp
|
||||
{
|
||||
u32 ipad[5];
|
||||
u32 opad[5];
|
||||
|
||||
u32 dgst[10];
|
||||
u32 out[10];
|
||||
|
||||
} wpa_pbkdf2_tmp_t;
|
||||
|
||||
#define HCCAPX_VERSION 4
|
||||
#define HCCAPX_SIGNATURE 0x58504348 // HCPX
|
||||
|
||||
// this is required to force mingw to accept the packed attribute
|
||||
#pragma pack(push,1)
|
||||
|
||||
struct hccapx
|
||||
{
|
||||
u32 signature;
|
||||
u32 version;
|
||||
u8 message_pair;
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u8 keyver;
|
||||
u8 keymic[16];
|
||||
u8 mac_ap[6];
|
||||
u8 nonce_ap[32];
|
||||
u8 mac_sta[6];
|
||||
u8 nonce_sta[32];
|
||||
u16 eapol_len;
|
||||
u8 eapol[256];
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
typedef struct hccapx hccapx_t;
|
||||
|
||||
#pragma pack(pop)
|
||||
|
||||
static void to_hccapx_t (const hashes_t *hashes, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos)
|
||||
{
|
||||
const salt_t *salts_buf = hashes->salts_buf;
|
||||
const void *esalts_buf = hashes->esalts_buf;
|
||||
|
||||
memset (hccapx, 0, sizeof (hccapx_t));
|
||||
|
||||
hccapx->signature = HCCAPX_SIGNATURE;
|
||||
hccapx->version = HCCAPX_VERSION;
|
||||
|
||||
const salt_t *salt = &salts_buf[salt_pos];
|
||||
|
||||
const u32 digest_cur = salt->digests_offset + digest_pos;
|
||||
|
||||
hccapx->essid_len = salt->salt_len;
|
||||
|
||||
memcpy (hccapx->essid, salt->salt_buf, hccapx->essid_len);
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) esalts_buf;
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digest_cur];
|
||||
|
||||
hccapx->message_pair = wpa_eapol->message_pair;
|
||||
hccapx->keyver = wpa_eapol->keyver;
|
||||
|
||||
hccapx->eapol_len = wpa_eapol->eapol_len;
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 eapol_tmp[64] = { 0 };
|
||||
|
||||
for (u32 i = 0; i < 64; i++)
|
||||
{
|
||||
eapol_tmp[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
|
||||
memcpy (hccapx->eapol, eapol_tmp, wpa_eapol->eapol_len);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->eapol, wpa_eapol->eapol, wpa_eapol->eapol_len);
|
||||
}
|
||||
|
||||
memcpy (hccapx->mac_ap, wpa_eapol->orig_mac_ap, 6);
|
||||
memcpy (hccapx->mac_sta, wpa_eapol->orig_mac_sta, 6);
|
||||
memcpy (hccapx->nonce_ap, wpa_eapol->orig_nonce_ap, 32);
|
||||
memcpy (hccapx->nonce_sta, wpa_eapol->orig_nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 digest_tmp[4];
|
||||
|
||||
digest_tmp[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
digest_tmp[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
digest_tmp[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
digest_tmp[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
memcpy (hccapx->keymic, digest_tmp, 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->keymic, wpa_eapol->keymic, 16);
|
||||
}
|
||||
}
|
||||
|
||||
static int check_old_hccap (const char *hashfile)
|
||||
{
|
||||
FILE *fp = fopen (hashfile, "rb");
|
||||
|
||||
if (fp == NULL) return -1;
|
||||
|
||||
u32 signature;
|
||||
|
||||
const size_t nread = hc_fread (&signature, sizeof (u32), 1, fp);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
if (nread != 1) return -1;
|
||||
|
||||
if (signature == HCCAPX_SIGNATURE) return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const char *mask = "?a?a?a?a?a?a?a?a";
|
||||
|
||||
return mask;
|
||||
}
|
||||
|
||||
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 tmp_size = (const u64) sizeof (wpa_pbkdf2_tmp_t);
|
||||
|
||||
return tmp_size;
|
||||
}
|
||||
|
||||
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 esalt_size = (const u64) sizeof (wpa_eapol_t);
|
||||
|
||||
return esalt_size;
|
||||
}
|
||||
|
||||
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_min = 8;
|
||||
|
||||
return pw_min;
|
||||
}
|
||||
|
||||
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_max = 63;
|
||||
|
||||
return pw_max;
|
||||
}
|
||||
|
||||
int module_hash_decode_outfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
// here we have in line_hash_buf: hash:macap:macsta:essid:password
|
||||
|
||||
char *sep_pos = strrchr (line_buf, ':');
|
||||
|
||||
if (sep_pos == NULL) return (PARSER_HASH_ENCODING);
|
||||
|
||||
if ((line_buf + 32 + 1 + 12 + 1 + 12) != sep_pos) return (PARSER_HASH_LENGTH);
|
||||
|
||||
char *essid_pos = sep_pos + 1;
|
||||
|
||||
const int essid_len = strlen (essid_pos);
|
||||
|
||||
u8 tmp_buf[128] = { 0 };
|
||||
|
||||
int tmp_len = essid_len;
|
||||
|
||||
memcpy (tmp_buf, essid_pos, essid_len);
|
||||
|
||||
if (is_hexify (tmp_buf, tmp_len) == true)
|
||||
{
|
||||
tmp_len = exec_unhexify (tmp_buf, tmp_len, tmp_buf, sizeof (tmp_buf));
|
||||
}
|
||||
|
||||
if (tmp_len > 32) return (PARSER_HASH_VALUE);
|
||||
|
||||
memcpy (salt->salt_buf, tmp_buf, tmp_len);
|
||||
|
||||
salt->salt_len = tmp_len;
|
||||
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
digest[0] = hex_to_u32 ((const u8 *) &line_buf[ 0]);
|
||||
digest[1] = hex_to_u32 ((const u8 *) &line_buf[ 8]);
|
||||
digest[2] = hex_to_u32 ((const u8 *) &line_buf[16]);
|
||||
digest[3] = hex_to_u32 ((const u8 *) &line_buf[24]);
|
||||
|
||||
digest[0] = byte_swap_32 (digest[0]);
|
||||
digest[1] = byte_swap_32 (digest[1]);
|
||||
digest[2] = byte_swap_32 (digest[2]);
|
||||
digest[3] = byte_swap_32 (digest[3]);
|
||||
|
||||
return PARSER_OK;
|
||||
}
|
||||
|
||||
int module_hash_encode_status (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) esalt_buf;
|
||||
|
||||
const int line_len = snprintf (line_buf, line_size, "%s (AP:%02x:%02x:%02x:%02x:%02x:%02x STA:%02x:%02x:%02x:%02x:%02x:%02x)",
|
||||
(char *) salt->salt_buf,
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5]);
|
||||
|
||||
return line_len;
|
||||
}
|
||||
|
||||
int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash)
|
||||
{
|
||||
char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
const size_t st_hash_len = strlen (hashconfig->st_hash);
|
||||
|
||||
for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2)
|
||||
{
|
||||
const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j);
|
||||
|
||||
tmpdata[i] = c;
|
||||
}
|
||||
|
||||
int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hash_info, tmpdata, sizeof (hccapx_t));
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hash->esalt;
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 3;
|
||||
|
||||
hcfree (tmpdata);
|
||||
|
||||
return parser_status;
|
||||
}
|
||||
|
||||
int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf)
|
||||
{
|
||||
hccapx_t *hccapx = hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
to_hccapx_t (hashes, hccapx, salt_pos, digest_pos);
|
||||
|
||||
*buf = (char *) hccapx;
|
||||
|
||||
return sizeof (hccapx_t);
|
||||
}
|
||||
|
||||
int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes)
|
||||
{
|
||||
// hashes->hashlist_mode = HL_MODE_FILE; ???
|
||||
|
||||
hash_t *hashes_buf = hashes->hashes_buf;
|
||||
|
||||
int hashes_cnt = 0;
|
||||
|
||||
FILE *fp = fopen (hashes->hashfile, "rb");
|
||||
|
||||
if (fp == NULL) return -1;
|
||||
|
||||
char *in = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
while (!feof (fp))
|
||||
{
|
||||
const size_t nread = hc_fread (in, sizeof (hccapx_t), 1, fp);
|
||||
|
||||
if (nread == 0) break;
|
||||
|
||||
memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t));
|
||||
|
||||
memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_eapol_t));
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hashes_buf[hashes_cnt].esalt;
|
||||
|
||||
if (user_options->hccapx_message_pair_chgd == true)
|
||||
{
|
||||
wpa_eapol->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd;
|
||||
wpa_eapol->message_pair = (u8) user_options->hccapx_message_pair;
|
||||
}
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 4))
|
||||
{
|
||||
// ap-less attack detected, nc not needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (wpa_eapol->message_pair & (1 << 7))
|
||||
{
|
||||
// replaycount not checked, nc needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
// replaycount checked, nc not needed, but we allow user overwrites
|
||||
|
||||
if (user_options->nonce_error_corrections_chgd == true)
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// now some optimization related to replay counter endianess
|
||||
// hcxtools has techniques to detect them
|
||||
// since we can not guarantee to get our handshakes from hcxtools we enable both by default
|
||||
// this means that we check both even if both are not set!
|
||||
// however if one of them is set, we can assume that the endianess has been checked and the other one is not needed
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 1;
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 5))
|
||||
{
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
}
|
||||
else if (wpa_eapol->message_pair & (1 << 6))
|
||||
{
|
||||
wpa_eapol->detected_le = 0;
|
||||
wpa_eapol->detected_be = 1;
|
||||
}
|
||||
|
||||
hash_t *hash = &hashes_buf[hashes_cnt];
|
||||
|
||||
const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hash_info, in, sizeof (hccapx_t));
|
||||
|
||||
if (parser_status != PARSER_OK) continue;
|
||||
|
||||
hashes_cnt++;
|
||||
}
|
||||
|
||||
hcfree (in);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
return hashes_cnt;
|
||||
}
|
||||
|
||||
int module_hash_binary_count (MAYBE_UNUSED const hashes_t *hashes)
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (stat (hashes->hashfile, &st) == -1) return -1;
|
||||
|
||||
return st.st_size / sizeof (hccapx_t);
|
||||
}
|
||||
|
||||
u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos)
|
||||
{
|
||||
const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset;
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) hashes->esalts_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digests_offset + digest_pos];
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
return KERN_RUN_AUX1;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
return KERN_RUN_AUX2;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
return KERN_RUN_AUX3;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) esalt_buf;
|
||||
|
||||
// the *wpa was partially initialized beforehand, we can not simply memset it to zero
|
||||
|
||||
hccapx_t in;
|
||||
|
||||
memcpy (&in, line_buf, sizeof (hccapx_t));
|
||||
|
||||
if (in.signature != HCCAPX_SIGNATURE) return (PARSER_HCCAPX_SIGNATURE);
|
||||
|
||||
if (in.version != HCCAPX_VERSION) return (PARSER_HCCAPX_VERSION);
|
||||
|
||||
if (in.eapol_len < 1 || in.eapol_len > 255) return (PARSER_HCCAPX_EAPOL_LEN);
|
||||
|
||||
memcpy (wpa_eapol->keymic, in.keymic, 16);
|
||||
|
||||
/*
|
||||
http://www.one-net.eu/jsw/j_sec/m_ptype.html
|
||||
The phrase "Pairwise key expansion"
|
||||
Access Point Address (referred to as Authenticator Address AA)
|
||||
Supplicant Address (referred to as Supplicant Address SA)
|
||||
Access Point Nonce (referred to as Authenticator Anonce)
|
||||
Wireless Device Nonce (referred to as Supplicant Nonce Snonce)
|
||||
*/
|
||||
|
||||
u32 salt_len = in.essid_len;
|
||||
|
||||
if (salt_len > 32) return (PARSER_SALT_LENGTH);
|
||||
|
||||
memcpy (salt->salt_buf, in.essid, in.essid_len);
|
||||
|
||||
salt->salt_len = salt_len;
|
||||
|
||||
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
memcpy (wpa_eapol->essid, in.essid, in.essid_len);
|
||||
|
||||
wpa_eapol->essid_len = in.essid_len;
|
||||
|
||||
wpa_eapol->keyver = in.keyver;
|
||||
|
||||
if ((wpa_eapol->keyver != 1) && (wpa_eapol->keyver != 2) && (wpa_eapol->keyver != 3)) return (PARSER_SALT_VALUE);
|
||||
|
||||
u8 *pke_ptr = (u8 *) wpa_eapol->pke;
|
||||
|
||||
memset (pke_ptr, 0, 128);
|
||||
|
||||
if ((wpa_eapol->keyver == 1) || (wpa_eapol->keyver == 2))
|
||||
{
|
||||
memcpy (pke_ptr, "Pairwise key expansion", 23);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_ap, 32);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
pke_ptr[0] = 1;
|
||||
pke_ptr[1] = 0;
|
||||
|
||||
memcpy (pke_ptr + 2, "Pairwise key expansion", 22);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_ap, 32);
|
||||
}
|
||||
|
||||
pke_ptr[100] = 0x80;
|
||||
pke_ptr[101] = 1;
|
||||
}
|
||||
|
||||
for (int i = 0; i < 32; i++)
|
||||
{
|
||||
wpa_eapol->pke[i] = byte_swap_32 (wpa_eapol->pke[i]);
|
||||
}
|
||||
|
||||
memcpy (wpa_eapol->orig_mac_ap, in.mac_ap, 6);
|
||||
memcpy (wpa_eapol->orig_mac_sta, in.mac_sta, 6);
|
||||
memcpy (wpa_eapol->orig_nonce_ap, in.nonce_ap, 32);
|
||||
memcpy (wpa_eapol->orig_nonce_sta, in.nonce_sta, 32);
|
||||
|
||||
u8 message_pair_orig = in.message_pair;
|
||||
|
||||
in.message_pair &= 0x7f; // ignore the highest bit (it is used to indicate if the replay counters did match)
|
||||
|
||||
if (wpa_eapol->message_pair_chgd == true)
|
||||
{
|
||||
if (wpa_eapol->message_pair != in.message_pair) return (PARSER_HCCAPX_MESSAGE_PAIR);
|
||||
}
|
||||
|
||||
wpa_eapol->message_pair = message_pair_orig;
|
||||
|
||||
wpa_eapol->eapol_len = in.eapol_len;
|
||||
|
||||
u8 *eapol_ptr = (u8 *) wpa_eapol->eapol;
|
||||
|
||||
memcpy (eapol_ptr, in.eapol, wpa_eapol->eapol_len);
|
||||
|
||||
memset (eapol_ptr + wpa_eapol->eapol_len, 0, (256 + 64) - wpa_eapol->eapol_len);
|
||||
|
||||
eapol_ptr[wpa_eapol->eapol_len] = 0x80;
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
wpa_eapol->keymic[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
wpa_eapol->keymic[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
wpa_eapol->keymic[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
wpa_eapol->keymic[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
for (int i = 0; i < 64; i++)
|
||||
{
|
||||
wpa_eapol->eapol[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
|
||||
// Create a hash of the nonce as ESSID is not unique enough
|
||||
// Not a regular MD5 but good enough
|
||||
// We can also ignore cases where we should bzero the work buffer
|
||||
|
||||
u32 hash[4];
|
||||
|
||||
hash[0] = 0;
|
||||
hash[1] = 1;
|
||||
hash[2] = 2;
|
||||
hash[3] = 3;
|
||||
|
||||
u32 block[16];
|
||||
|
||||
memset (block, 0, sizeof (block));
|
||||
|
||||
u8 *block_ptr = (u8 *) block;
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 32];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 48];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 0] = wpa_eapol->orig_mac_ap[i];
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 6] = wpa_eapol->orig_mac_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 0] = wpa_eapol->orig_nonce_ap[i];
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 32] = wpa_eapol->orig_nonce_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
block[0] = wpa_eapol->keymic[0];
|
||||
block[1] = wpa_eapol->keymic[1];
|
||||
block[2] = wpa_eapol->keymic[2];
|
||||
block[3] = wpa_eapol->keymic[3];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
wpa_eapol->hash[0] = hash[0];
|
||||
wpa_eapol->hash[1] = hash[1];
|
||||
wpa_eapol->hash[2] = hash[2];
|
||||
wpa_eapol->hash[3] = hash[3];
|
||||
|
||||
// make all this stuff unique
|
||||
|
||||
digest[0] = wpa_eapol->hash[0];
|
||||
digest[1] = wpa_eapol->hash[1];
|
||||
digest[2] = wpa_eapol->hash[2];
|
||||
digest[3] = wpa_eapol->hash[3];
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
const wpa_eapol_t *wpa_eapol = (const wpa_eapol_t *) esalt_buf;
|
||||
|
||||
int line_len = 0;
|
||||
|
||||
if (need_hexify (wpa_eapol->essid, wpa_eapol->essid_len, hashconfig->separator, 0) == true)
|
||||
{
|
||||
char tmp_buf[128];
|
||||
|
||||
int tmp_len = 0;
|
||||
|
||||
tmp_buf[tmp_len++] = '$';
|
||||
tmp_buf[tmp_len++] = 'H';
|
||||
tmp_buf[tmp_len++] = 'E';
|
||||
tmp_buf[tmp_len++] = 'X';
|
||||
tmp_buf[tmp_len++] = '[';
|
||||
|
||||
exec_hexify (wpa_eapol->essid, wpa_eapol->essid_len, (u8 *) tmp_buf + tmp_len);
|
||||
|
||||
tmp_len += wpa_eapol->essid_len * 2;
|
||||
|
||||
tmp_buf[tmp_len++] = ']';
|
||||
|
||||
tmp_buf[tmp_len++] = 0;
|
||||
|
||||
line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
|
||||
wpa_eapol->hash[0],
|
||||
wpa_eapol->hash[1],
|
||||
wpa_eapol->hash[2],
|
||||
wpa_eapol->hash[3],
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5],
|
||||
tmp_buf);
|
||||
}
|
||||
else
|
||||
{
|
||||
line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
|
||||
wpa_eapol->hash[0],
|
||||
wpa_eapol->hash[1],
|
||||
wpa_eapol->hash[2],
|
||||
wpa_eapol->hash[3],
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5],
|
||||
wpa_eapol->essid);
|
||||
}
|
||||
|
||||
return line_len;
|
||||
}
|
||||
|
||||
void module_init (module_ctx_t *module_ctx)
|
||||
{
|
||||
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
|
||||
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
|
||||
|
||||
module_ctx->module_attack_exec = module_attack_exec;
|
||||
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_mask = module_benchmark_mask;
|
||||
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
|
||||
module_ctx->module_deep_comp_kernel = module_deep_comp_kernel;
|
||||
module_ctx->module_dgst_pos0 = module_dgst_pos0;
|
||||
module_ctx->module_dgst_pos1 = module_dgst_pos1;
|
||||
module_ctx->module_dgst_pos2 = module_dgst_pos2;
|
||||
module_ctx->module_dgst_pos3 = module_dgst_pos3;
|
||||
module_ctx->module_dgst_size = module_dgst_size;
|
||||
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_esalt_size = module_esalt_size;
|
||||
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
|
||||
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_count = module_hash_binary_count;
|
||||
module_ctx->module_hash_binary_parse = module_hash_binary_parse;
|
||||
module_ctx->module_hash_binary_save = module_hash_binary_save;
|
||||
module_ctx->module_hash_binary_verify = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_outfile = module_hash_decode_outfile;
|
||||
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode = module_hash_decode;
|
||||
module_ctx->module_hash_encode_status = module_hash_encode_status;
|
||||
module_ctx->module_hash_encode = module_hash_encode;
|
||||
module_ctx->module_hash_init_selftest = module_hash_init_selftest;
|
||||
module_ctx->module_hash_mode = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_category = module_hash_category;
|
||||
module_ctx->module_hash_name = module_hash_name;
|
||||
module_ctx->module_hash_type = module_hash_type;
|
||||
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_hook12 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook23 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_size = MODULE_DEFAULT;
|
||||
module_ctx->module_jit_build_options = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kern_type = module_kern_type;
|
||||
module_ctx->module_opti_type = module_opti_type;
|
||||
module_ctx->module_opts_type = module_opts_type;
|
||||
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
|
||||
module_ctx->module_pwdump_column = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_max = module_pw_max;
|
||||
module_ctx->module_pw_min = module_pw_min;
|
||||
module_ctx->module_salt_max = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_type = module_salt_type;
|
||||
module_ctx->module_separator = MODULE_DEFAULT;
|
||||
module_ctx->module_st_hash = module_st_hash;
|
||||
module_ctx->module_st_pass = module_st_pass;
|
||||
module_ctx->module_tmp_size = module_tmp_size;
|
||||
module_ctx->module_unstable_warning = MODULE_DEFAULT;
|
||||
module_ctx->module_warmup_disable = MODULE_DEFAULT;
|
||||
}
|
@ -0,0 +1,500 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
##
|
||||
## Author......: See docs/credits.txt
|
||||
## License.....: MIT
|
||||
##
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Crypt::PBKDF2;
|
||||
use Digest::CMAC;
|
||||
use Digest::MD5 qw (md5);
|
||||
use Digest::SHA qw (sha1 sha256);
|
||||
use Digest::HMAC qw (hmac);
|
||||
use MIME::Base64 qw (encode_base64);
|
||||
|
||||
sub module_constraints { [[8, 255], [0, 32], [8, 255], [0, 32], [-1, -1]] }
|
||||
|
||||
sub module_generate_hash
|
||||
{
|
||||
my $word = shift;
|
||||
my $salt = shift;
|
||||
|
||||
my $bssid = random_bytes (6);
|
||||
my $stmac = random_bytes (6);
|
||||
my $snonce = random_bytes (32);
|
||||
my $anonce = random_bytes (32);
|
||||
|
||||
my $keyver = random_number (1, 4); # 1, 2 or 3
|
||||
|
||||
# eapol:
|
||||
# should be "validly" generated, but in theory could be anything for us also:
|
||||
# $eapol = "\x00" x 121; # works too, but let's generate it correctly
|
||||
|
||||
my $eapol = gen_random_wpa_eapol ($keyver, $snonce);
|
||||
|
||||
my $eapol_len = length ($eapol);
|
||||
|
||||
# constants
|
||||
|
||||
my $iterations = 4096;
|
||||
|
||||
#
|
||||
# START
|
||||
#
|
||||
|
||||
# generate the Pairwise Master Key (PMK)
|
||||
|
||||
my $pbkdf2 = Crypt::PBKDF2->new
|
||||
(
|
||||
hash_class => 'HMACSHA1',
|
||||
iterations => $iterations,
|
||||
output_len => 32,
|
||||
);
|
||||
|
||||
my $pmk = $pbkdf2->PBKDF2 ($salt, $word);
|
||||
|
||||
# Pairwise Transient Key (PTK) transformation
|
||||
|
||||
my $ptk = wpa_prf_512 ($keyver, $pmk, $stmac, $bssid, $snonce, $anonce);
|
||||
|
||||
# generate the Message Integrity Code (MIC)
|
||||
|
||||
my $mic = "";
|
||||
|
||||
if ($keyver == 1) # WPA1 => MD5
|
||||
{
|
||||
$mic = hmac ($eapol, $ptk, \&md5);
|
||||
}
|
||||
elsif ($keyver == 2) # WPA2 => SHA1
|
||||
{
|
||||
$mic = hmac ($eapol, $ptk, \&sha1);
|
||||
}
|
||||
elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC
|
||||
{
|
||||
my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael');
|
||||
|
||||
$omac1->add ($eapol);
|
||||
|
||||
$mic = $omac1->digest;
|
||||
}
|
||||
|
||||
$mic = substr ($mic, 0, 16);
|
||||
|
||||
#
|
||||
# format the binary output
|
||||
#
|
||||
|
||||
my $HCCAPX_VERSION = 4;
|
||||
|
||||
# signature
|
||||
my $hash_buf = "HCPX";
|
||||
|
||||
# format version
|
||||
$hash_buf .= pack ("L<", $HCCAPX_VERSION);
|
||||
|
||||
# authenticated
|
||||
$hash_buf .= pack ("C", 0);
|
||||
|
||||
# essid length
|
||||
my $essid_len = length ($salt);
|
||||
$hash_buf .= pack ("C", $essid_len);
|
||||
|
||||
# essid (NULL-padded up to the first 32 bytes)
|
||||
$hash_buf .= $salt;
|
||||
$hash_buf .= "\x00" x (32 - $essid_len);
|
||||
|
||||
# key version
|
||||
$hash_buf .= pack ("C", $keyver);
|
||||
|
||||
# key mic
|
||||
$hash_buf .= $mic;
|
||||
|
||||
# access point MAC
|
||||
$hash_buf .= $bssid;
|
||||
|
||||
# access point nonce
|
||||
$hash_buf .= $snonce;
|
||||
|
||||
# client MAC
|
||||
$hash_buf .= $stmac;
|
||||
|
||||
# client nonce
|
||||
$hash_buf .= $anonce;
|
||||
|
||||
# eapol length
|
||||
$hash_buf .= pack ("S<", $eapol_len);
|
||||
|
||||
# eapol
|
||||
$hash_buf .= $eapol;
|
||||
$hash_buf .= "\x00" x (256 - $eapol_len);
|
||||
|
||||
# base64 encode the output
|
||||
my $hash = encode_base64 ($hash_buf, "");
|
||||
|
||||
return $hash;
|
||||
}
|
||||
|
||||
sub module_verify_hash
|
||||
{
|
||||
print "ERROR: verify currently not supported for WPA-EAPOL-PBKDF2 (because of hashcat's output format)\n";
|
||||
|
||||
exit (1);
|
||||
}
|
||||
|
||||
sub gen_random_wpa_eapol
|
||||
{
|
||||
my $keyver = shift;
|
||||
my $snonce = shift;
|
||||
|
||||
my $ret = "";
|
||||
|
||||
# version
|
||||
|
||||
my $version = 1; # 802.1X-2001
|
||||
|
||||
$ret .= pack ("C*", $version);
|
||||
|
||||
my $type = 3; # means that this EAPOL frame is used to transfer key information
|
||||
|
||||
$ret .= pack ("C*", $type);
|
||||
|
||||
my $length; # length of remaining data
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$length = 119;
|
||||
}
|
||||
else
|
||||
{
|
||||
$length = 117;
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $length);
|
||||
|
||||
my $descriptor_type;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$descriptor_type = 254; # EAPOL WPA key
|
||||
}
|
||||
else
|
||||
{
|
||||
$descriptor_type = 1; # EAPOL RSN key
|
||||
}
|
||||
|
||||
$ret .= pack ("C*", $descriptor_type);
|
||||
|
||||
# key_info is a bit vector:
|
||||
# generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
|
||||
|
||||
my $key_info = 0;
|
||||
|
||||
$key_info |= 1 << 8; # set key MIC
|
||||
$key_info |= 1 << 3; # set if it is a pairwise key
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_info);
|
||||
|
||||
my $key_length;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_length = 32;
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_length = 0;
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_length);
|
||||
|
||||
my $replay_counter = 1;
|
||||
|
||||
$ret .= pack ("Q>*", $replay_counter);
|
||||
|
||||
$ret .= $snonce;
|
||||
|
||||
my $key_iv = "\x00" x 16;
|
||||
|
||||
$ret .= $key_iv;
|
||||
|
||||
my $key_rsc = "\x00" x 8;
|
||||
|
||||
$ret .= $key_rsc;
|
||||
|
||||
my $key_id = "\x00" x 8;
|
||||
|
||||
$ret .= $key_id;
|
||||
|
||||
my $key_mic = "\x00" x 16;
|
||||
|
||||
$ret .= $key_mic;
|
||||
|
||||
my $key_data_len;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_data_len = 24; # length of the key_data (== WPA info)
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_data_len = 22; # length of the key_data (== RSN info)
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_data_len);
|
||||
|
||||
my $key_data = "";
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
# wpa info
|
||||
|
||||
my $wpa_info = "";
|
||||
|
||||
my $vendor_specific_data = "";
|
||||
|
||||
my $tag_number = 221; # means it is a vendor specific tag
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $tag_number);
|
||||
|
||||
my $tag_len = 22; # length of the remaining "tag data"
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $tag_len);
|
||||
|
||||
my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_oui;
|
||||
|
||||
my $vendor_specific_oui_type = 1; # WPA Information Element
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
|
||||
|
||||
my $vendor_specific_wpa_version = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
|
||||
|
||||
# multicast
|
||||
|
||||
my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_multicast_oui;
|
||||
|
||||
my $vendor_specific_multicast_type = 2; # TKIP
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
|
||||
|
||||
# unicast
|
||||
|
||||
my $vendor_specific_unicast_count = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
|
||||
|
||||
my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_unicast_oui;
|
||||
|
||||
my $vendor_specific_unicast_type = 2; # TKIP
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
|
||||
|
||||
# Auth Key Management (AKM)
|
||||
|
||||
my $auth_key_management_count = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $auth_key_management_count);
|
||||
|
||||
my $auth_key_management_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $auth_key_management_oui;
|
||||
|
||||
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $auth_key_management_type);
|
||||
|
||||
$wpa_info = $vendor_specific_data;
|
||||
|
||||
$key_data = $wpa_info;
|
||||
}
|
||||
else
|
||||
{
|
||||
# rsn info
|
||||
|
||||
my $rsn_info = "";
|
||||
|
||||
my $tag_number = 48; # RSN info
|
||||
|
||||
$rsn_info .= pack ("C*", $tag_number);
|
||||
|
||||
my $tag_len = 20; # length of the remaining "tag_data"
|
||||
|
||||
$rsn_info .= pack ("C*", $tag_len);
|
||||
|
||||
my $rsn_version = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $rsn_version);
|
||||
|
||||
# group cipher suite
|
||||
|
||||
my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $group_cipher_suite_oui;
|
||||
|
||||
my $group_cipher_suite_type = 4; # AES (CCM)
|
||||
|
||||
$rsn_info .= pack ("C*", $group_cipher_suite_type);
|
||||
|
||||
# pairwise cipher suite
|
||||
|
||||
my $pairwise_cipher_suite_count = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
|
||||
|
||||
my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $pairwise_cipher_suite_oui;
|
||||
|
||||
my $pairwise_cipher_suite_type = 4; # AES (CCM)
|
||||
|
||||
$rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
|
||||
|
||||
# Auth Key Management (AKM)
|
||||
|
||||
my $auth_key_management_count = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $auth_key_management_count);
|
||||
|
||||
my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $auth_key_management_oui;
|
||||
|
||||
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
|
||||
|
||||
$rsn_info .= pack ("C*", $auth_key_management_type);
|
||||
|
||||
# RSN Capabilities
|
||||
|
||||
# bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
|
||||
# RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
|
||||
|
||||
my $rsn_capabilities = pack ("H*", "0000");
|
||||
|
||||
$rsn_info .= $rsn_capabilities;
|
||||
|
||||
$key_data = $rsn_info;
|
||||
}
|
||||
|
||||
$ret .= $key_data;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
sub wpa_prf_512
|
||||
{
|
||||
my $keyver = shift;
|
||||
my $pmk = shift;
|
||||
my $stmac = shift;
|
||||
my $bssid = shift;
|
||||
my $snonce = shift;
|
||||
my $anonce = shift;
|
||||
|
||||
my $data = "Pairwise key expansion";
|
||||
|
||||
if (($keyver == 1) || ($keyver == 2))
|
||||
{
|
||||
$data .= "\x00";
|
||||
}
|
||||
|
||||
#
|
||||
# Min(AA, SPA) || Max(AA, SPA)
|
||||
#
|
||||
|
||||
# compare if greater: Min()/Max() on the MACs (6 bytes)
|
||||
|
||||
if (memcmp ($stmac, $bssid, 6) < 0)
|
||||
{
|
||||
$data .= $stmac;
|
||||
$data .= $bssid;
|
||||
}
|
||||
else
|
||||
{
|
||||
$data .= $bssid;
|
||||
$data .= $stmac;
|
||||
}
|
||||
|
||||
#
|
||||
# Min(ANonce,SNonce) || Max(ANonce,SNonce)
|
||||
#
|
||||
|
||||
# compare if greater: Min()/Max() on the nonces (32 bytes)
|
||||
|
||||
if (memcmp ($snonce, $anonce, 32) < 0)
|
||||
{
|
||||
$data .= $snonce;
|
||||
$data .= $anonce;
|
||||
}
|
||||
else
|
||||
{
|
||||
$data .= $anonce;
|
||||
$data .= $snonce;
|
||||
}
|
||||
|
||||
my $prf_buf;
|
||||
|
||||
if (($keyver == 1) || ($keyver == 2))
|
||||
{
|
||||
$data .= "\x00";
|
||||
|
||||
$prf_buf = hmac ($data, $pmk, \&sha1);
|
||||
}
|
||||
else
|
||||
{
|
||||
my $data3 = "\x01\x00" . $data . "\x80\x01";
|
||||
|
||||
$prf_buf = hmac ($data3, $pmk, \&sha256);
|
||||
}
|
||||
|
||||
$prf_buf = substr ($prf_buf, 0, 16);
|
||||
|
||||
return $prf_buf;
|
||||
}
|
||||
|
||||
sub memcmp
|
||||
{
|
||||
my $str1 = shift;
|
||||
my $str2 = shift;
|
||||
my $len = shift;
|
||||
|
||||
my $len_str1 = length ($str1);
|
||||
my $len_str2 = length ($str2);
|
||||
|
||||
if (($len > $len_str1) || ($len > $len_str2))
|
||||
{
|
||||
print "ERROR: memcmp () lengths wrong";
|
||||
|
||||
exit (1);
|
||||
}
|
||||
|
||||
for (my $i = 0; $i < $len; $i++)
|
||||
{
|
||||
my $c_1 = ord (substr ($str1, $i, 1));
|
||||
my $c_2 = ord (substr ($str2, $i, 1));
|
||||
|
||||
return -1 if ($c_1 < $c_2);
|
||||
return 1 if ($c_1 > $c_2);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in new issue