mirror of
https://github.com/hashcat/hashcat.git
synced 2024-12-23 07:08:19 +00:00
Add -m 500 unit test
This commit is contained in:
parent
6a39617949
commit
06a5e736b9
@ -9,58 +9,6 @@ static const float MIN_SUFFICIENT_ENTROPY_FILE = 7.0f;
|
||||
* algo specific
|
||||
*/
|
||||
|
||||
typedef struct wpa_eapol
|
||||
{
|
||||
u32 pke[32];
|
||||
u32 eapol[64 + 16];
|
||||
u16 eapol_len;
|
||||
u8 message_pair;
|
||||
int message_pair_chgd;
|
||||
u8 keyver;
|
||||
u8 orig_mac_ap[6];
|
||||
u8 orig_mac_sta[6];
|
||||
u8 orig_nonce_ap[32];
|
||||
u8 orig_nonce_sta[32];
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u32 keymic[4];
|
||||
u32 hash[4];
|
||||
int nonce_compare;
|
||||
int nonce_error_corrections;
|
||||
int detected_le;
|
||||
int detected_be;
|
||||
|
||||
} wpa_eapol_t;
|
||||
|
||||
static const u32 ROUNDS_WPA_PBKDF2 = 4096;
|
||||
|
||||
#define HCCAPX_VERSION 4
|
||||
#define HCCAPX_SIGNATURE 0x58504348 // HCPX
|
||||
|
||||
// this is required to force mingw to accept the packed attribute
|
||||
#pragma pack(push,1)
|
||||
|
||||
struct hccapx
|
||||
{
|
||||
u32 signature;
|
||||
u32 version;
|
||||
u8 message_pair;
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u8 keyver;
|
||||
u8 keymic[16];
|
||||
u8 mac_ap[6];
|
||||
u8 nonce_ap[32];
|
||||
u8 mac_sta[6];
|
||||
u8 nonce_sta[32];
|
||||
u16 eapol_len;
|
||||
u8 eapol[256];
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
typedef struct hccapx hccapx_t;
|
||||
|
||||
#pragma pack(pop)
|
||||
|
||||
typedef struct itunes_backup
|
||||
{
|
||||
@ -489,15 +437,7 @@ typedef struct sha512crypt_tmp
|
||||
|
||||
} sha512crypt_tmp_t;
|
||||
|
||||
typedef struct wpa_pbkdf2_tmp
|
||||
{
|
||||
u32 ipad[5];
|
||||
u32 opad[5];
|
||||
|
||||
u32 dgst[10];
|
||||
u32 out[10];
|
||||
|
||||
} wpa_pbkdf2_tmp_t;
|
||||
|
||||
typedef struct wpa_pmk_tmp
|
||||
{
|
||||
@ -908,7 +848,6 @@ typedef enum hash_type
|
||||
HASH_TYPE_SHA384 = 7,
|
||||
HASH_TYPE_SHA512 = 8,
|
||||
HASH_TYPE_DCC2 = 9,
|
||||
HASH_TYPE_WPA_EAPOL = 10,
|
||||
HASH_TYPE_LM = 11,
|
||||
HASH_TYPE_ORACLEH = 13,
|
||||
HASH_TYPE_DESRACF = 14,
|
||||
@ -999,7 +938,6 @@ typedef enum kern_type
|
||||
KERN_TYPE_STDOUT = 2000,
|
||||
KERN_TYPE_DCC2 = 2100,
|
||||
KERN_TYPE_MD5ASA = 2410,
|
||||
KERN_TYPE_WPA_EAPOL_PBKDF2 = 2500,
|
||||
KERN_TYPE_WPA_EAPOL_PMK = 2501,
|
||||
KERN_TYPE_MD55 = 2600,
|
||||
KERN_TYPE_MD55_PWSLT1 = 2610,
|
||||
@ -1170,7 +1108,6 @@ typedef enum kern_type
|
||||
typedef enum rounds_count
|
||||
{
|
||||
ROUNDS_DCC2 = 10240,
|
||||
ROUNDS_WPA_PBKDF2 = 4096,
|
||||
ROUNDS_WPA_PMK = 1,
|
||||
ROUNDS_BCRYPT = (1 << 5),
|
||||
ROUNDS_PSAFE3 = 2048,
|
||||
@ -1287,7 +1224,6 @@ int sha512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu
|
||||
int sha512s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int sha512crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int vb30_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int wpa_eapol_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int psafe2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int psafe3_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
int ikepsk_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
|
||||
|
@ -4,7 +4,7 @@
|
||||
##
|
||||
|
||||
SHARED := 0
|
||||
DEBUG := 0
|
||||
DEBUG := 1
|
||||
PRODUCTION := 0
|
||||
PRODUCTION_VERSION := v5.1.0
|
||||
ENABLE_BRAIN := 0
|
||||
|
@ -195,6 +195,8 @@ int save_hash (hashcat_ctx_t *hashcat_ctx)
|
||||
const int binary_len = module_ctx->module_hash_binary_save (hashes, salt_pos, digest_pos, &binary_buf);
|
||||
|
||||
hc_fwrite (binary_buf, binary_len, 1, fp);
|
||||
|
||||
hcfree (binary_buf);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -60,7 +60,6 @@
|
||||
" 10900 | PBKDF2-HMAC-SHA256 | Generic KDF",
|
||||
" 12100 | PBKDF2-HMAC-SHA512 | Generic KDF",
|
||||
" 23 | Skype | Network Protocols",
|
||||
" 2500 | WPA-EAPOL-PBKDF2 | Network Protocols",
|
||||
" 2501 | WPA-EAPOL-PMK | Network Protocols",
|
||||
" 16800 | WPA-PMKID-PBKDF2 | Network Protocols",
|
||||
" 16801 | WPA-PMKID-PMK | Network Protocols",
|
||||
@ -320,7 +319,6 @@ static const char *ST_HASH_01750 = "138c00f17a1a0363f274817c91118f019aff09f937bf
|
||||
static const char *ST_HASH_01760 = "7d02921299935179d509e6dd4f3d0f2944e3451ea9de3af16baead6a7297e5653577d2473a0fff743d9fe78a89bd49296114319989dc7e7870fc7f62bc96accb:114";
|
||||
static const char *ST_HASH_01800 = "$6$72820166$U4DVzpcYxgw7MVVDGGvB2/H5lRistD5.Ah4upwENR5UtffLR4X4SxSzfREv8z6wVl0jRFX40/KnYVvK4829kD1";
|
||||
static const char *ST_HASH_02100 = "$DCC2$10240#6848#e2829c8af2232fa53797e2f0e35e4626";
|
||||
static const char *ST_HASH_02500 = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
|
||||
static const char *ST_HASH_02501 = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
|
||||
static const char *ST_HASH_02410 = "YjDBNr.A0AN7DA8s:4684";
|
||||
static const char *ST_HASH_02600 = "a936af92b0ae20b1ff6c3347a72e5fbe";
|
||||
@ -535,7 +533,6 @@ static const char *HT_01760 = "HMAC-SHA512 (key = $salt)";
|
||||
static const char *HT_01800 = "sha512crypt $6$, SHA512 (Unix)";
|
||||
static const char *HT_02100 = "Domain Cached Credentials 2 (DCC2), MS Cache 2";
|
||||
static const char *HT_02410 = "Cisco-ASA MD5";
|
||||
static const char *HT_02500 = "WPA-EAPOL-PBKDF2";
|
||||
static const char *HT_02501 = "WPA-EAPOL-PMK";
|
||||
static const char *HT_02600 = "md5(md5($pass))";
|
||||
static const char *HT_03000 = "LM";
|
||||
@ -3534,251 +3531,6 @@ int dpapimk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int wpa_eapol_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
|
||||
{
|
||||
u32 *digest = (u32 *) hash_buf->digest;
|
||||
|
||||
salt_t *salt = hash_buf->salt;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hash_buf->esalt;
|
||||
|
||||
// the *wpa was partially initialized beforehand, we can not simply memset it to zero
|
||||
|
||||
hccapx_t in;
|
||||
|
||||
memcpy (&in, input_buf, input_len);
|
||||
|
||||
if (in.signature != HCCAPX_SIGNATURE) return (PARSER_HCCAPX_SIGNATURE);
|
||||
|
||||
if (in.version != HCCAPX_VERSION) return (PARSER_HCCAPX_VERSION);
|
||||
|
||||
if (in.eapol_len < 1 || in.eapol_len > 255) return (PARSER_HCCAPX_EAPOL_LEN);
|
||||
|
||||
memcpy (wpa_eapol->keymic, in.keymic, 16);
|
||||
|
||||
/*
|
||||
http://www.one-net.eu/jsw/j_sec/m_ptype.html
|
||||
The phrase "Pairwise key expansion"
|
||||
Access Point Address (referred to as Authenticator Address AA)
|
||||
Supplicant Address (referred to as Supplicant Address SA)
|
||||
Access Point Nonce (referred to as Authenticator Anonce)
|
||||
Wireless Device Nonce (referred to as Supplicant Nonce Snonce)
|
||||
*/
|
||||
|
||||
u32 salt_len = in.essid_len;
|
||||
|
||||
if (salt_len > 32) return (PARSER_SALT_LENGTH);
|
||||
|
||||
memcpy (salt->salt_buf, in.essid, in.essid_len);
|
||||
|
||||
salt->salt_len = salt_len;
|
||||
|
||||
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
memcpy (wpa_eapol->essid, in.essid, in.essid_len);
|
||||
|
||||
wpa_eapol->essid_len = in.essid_len;
|
||||
|
||||
wpa_eapol->keyver = in.keyver;
|
||||
|
||||
if ((wpa_eapol->keyver != 1) && (wpa_eapol->keyver != 2) && (wpa_eapol->keyver != 3)) return (PARSER_SALT_VALUE);
|
||||
|
||||
u8 *pke_ptr = (u8 *) wpa_eapol->pke;
|
||||
|
||||
memset (pke_ptr, 0, 128);
|
||||
|
||||
if ((wpa_eapol->keyver == 1) || (wpa_eapol->keyver == 2))
|
||||
{
|
||||
memcpy (pke_ptr, "Pairwise key expansion", 23);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_ap, 32);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
pke_ptr[0] = 1;
|
||||
pke_ptr[1] = 0;
|
||||
|
||||
memcpy (pke_ptr + 2, "Pairwise key expansion", 22);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_ap, 32);
|
||||
}
|
||||
|
||||
pke_ptr[100] = 0x80;
|
||||
pke_ptr[101] = 1;
|
||||
}
|
||||
|
||||
for (int i = 0; i < 32; i++)
|
||||
{
|
||||
wpa_eapol->pke[i] = byte_swap_32 (wpa_eapol->pke[i]);
|
||||
}
|
||||
|
||||
memcpy (wpa_eapol->orig_mac_ap, in.mac_ap, 6);
|
||||
memcpy (wpa_eapol->orig_mac_sta, in.mac_sta, 6);
|
||||
memcpy (wpa_eapol->orig_nonce_ap, in.nonce_ap, 32);
|
||||
memcpy (wpa_eapol->orig_nonce_sta, in.nonce_sta, 32);
|
||||
|
||||
u8 message_pair_orig = in.message_pair;
|
||||
|
||||
in.message_pair &= 0x7f; // ignore the highest bit (it is used to indicate if the replay counters did match)
|
||||
|
||||
if (wpa_eapol->message_pair_chgd == true)
|
||||
{
|
||||
if (wpa_eapol->message_pair != in.message_pair) return (PARSER_HCCAPX_MESSAGE_PAIR);
|
||||
}
|
||||
|
||||
wpa_eapol->message_pair = message_pair_orig;
|
||||
|
||||
wpa_eapol->eapol_len = in.eapol_len;
|
||||
|
||||
u8 *eapol_ptr = (u8 *) wpa_eapol->eapol;
|
||||
|
||||
memcpy (eapol_ptr, in.eapol, wpa_eapol->eapol_len);
|
||||
|
||||
memset (eapol_ptr + wpa_eapol->eapol_len, 0, (256 + 64) - wpa_eapol->eapol_len);
|
||||
|
||||
eapol_ptr[wpa_eapol->eapol_len] = 0x80;
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
wpa_eapol->keymic[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
wpa_eapol->keymic[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
wpa_eapol->keymic[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
wpa_eapol->keymic[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
for (int i = 0; i < 64; i++)
|
||||
{
|
||||
wpa_eapol->eapol[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
|
||||
// Create a hash of the nonce as ESSID is not unique enough
|
||||
// Not a regular MD5 but good enough
|
||||
// We can also ignore cases where we should bzero the work buffer
|
||||
|
||||
u32 hash[4];
|
||||
|
||||
hash[0] = 0;
|
||||
hash[1] = 1;
|
||||
hash[2] = 2;
|
||||
hash[3] = 3;
|
||||
|
||||
u32 block[16];
|
||||
|
||||
memset (block, 0, sizeof (block));
|
||||
|
||||
u8 *block_ptr = (u8 *) block;
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 32];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 48];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 0] = wpa_eapol->orig_mac_ap[i];
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 6] = wpa_eapol->orig_mac_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 0] = wpa_eapol->orig_nonce_ap[i];
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 32] = wpa_eapol->orig_nonce_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
block[0] = wpa_eapol->keymic[0];
|
||||
block[1] = wpa_eapol->keymic[1];
|
||||
block[2] = wpa_eapol->keymic[2];
|
||||
block[3] = wpa_eapol->keymic[3];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
wpa_eapol->hash[0] = hash[0];
|
||||
wpa_eapol->hash[1] = hash[1];
|
||||
wpa_eapol->hash[2] = hash[2];
|
||||
wpa_eapol->hash[3] = hash[3];
|
||||
|
||||
// make all this stuff unique
|
||||
|
||||
digest[0] = wpa_eapol->hash[0];
|
||||
digest[1] = wpa_eapol->hash[1];
|
||||
digest[2] = wpa_eapol->hash[2];
|
||||
digest[3] = wpa_eapol->hash[3];
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int psafe2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
|
||||
{
|
||||
u32 *digest = (u32 *) hash_buf->digest;
|
||||
@ -17617,8 +17369,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
||||
break;
|
||||
case 2410: salt->salt_len = 4;
|
||||
break;
|
||||
case 2500: memcpy (salt->salt_buf, "hashcat.net", 11);
|
||||
break;
|
||||
case 2501: memcpy (salt->salt_buf, "hashcat.net", 11);
|
||||
break;
|
||||
case 3100: salt->salt_len = 1;
|
||||
@ -17714,8 +17464,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
||||
|
||||
switch (hashconfig->hash_mode)
|
||||
{
|
||||
case 2500: ((wpa_eapol_t *) esalt)->eapol_len = 128;
|
||||
break;
|
||||
case 2501: ((wpa_eapol_t *) esalt)->eapol_len = 128;
|
||||
break;
|
||||
case 5300: ((ikepsk_t *) esalt)->nr_len = 1;
|
||||
@ -17797,8 +17545,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
||||
break;
|
||||
case 2100: salt->salt_iter = ROUNDS_DCC2;
|
||||
break;
|
||||
case 2500: salt->salt_iter = ROUNDS_WPA_PBKDF2;
|
||||
break;
|
||||
case 2501: salt->salt_iter = ROUNDS_WPA_PMK;
|
||||
break;
|
||||
case 3200: salt->salt_iter = ROUNDS_BCRYPT;
|
||||
@ -18376,52 +18122,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size,
|
||||
|
||||
out_buf[16] = 0;
|
||||
}
|
||||
else if ((hash_mode == 2500) || (hash_mode == 2501))
|
||||
{
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) esalts_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digest_cur];
|
||||
|
||||
char *essid = (char *) wpa_eapol->essid;
|
||||
|
||||
int tmp_len = 0;
|
||||
|
||||
if (need_hexify (wpa_eapol->essid, wpa_eapol->essid_len, hashconfig->separator, 0) == true)
|
||||
{
|
||||
tmp_buf[tmp_len++] = '$';
|
||||
tmp_buf[tmp_len++] = 'H';
|
||||
tmp_buf[tmp_len++] = 'E';
|
||||
tmp_buf[tmp_len++] = 'X';
|
||||
tmp_buf[tmp_len++] = '[';
|
||||
|
||||
exec_hexify (wpa_eapol->essid, wpa_eapol->essid_len, (u8 *) tmp_buf + tmp_len);
|
||||
|
||||
tmp_len += wpa_eapol->essid_len * 2;
|
||||
|
||||
tmp_buf[tmp_len++] = ']';
|
||||
|
||||
essid = tmp_buf;
|
||||
}
|
||||
|
||||
snprintf (out_buf, out_size, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
|
||||
wpa_eapol->hash[0],
|
||||
wpa_eapol->hash[1],
|
||||
wpa_eapol->hash[2],
|
||||
wpa_eapol->hash[3],
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5],
|
||||
essid);
|
||||
}
|
||||
else if (hash_mode == 4400)
|
||||
{
|
||||
snprintf (out_buf, out_size, "%08x%08x%08x%08x",
|
||||
@ -22606,28 +22306,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
||||
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
|
||||
break;
|
||||
|
||||
case 2500: hashconfig->hash_type = HASH_TYPE_WPA_EAPOL;
|
||||
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
|
||||
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
|
||||
| OPTS_TYPE_AUX1
|
||||
| OPTS_TYPE_AUX2
|
||||
| OPTS_TYPE_AUX3
|
||||
| OPTS_TYPE_DEEP_COMP_KERNEL
|
||||
| OPTS_TYPE_BINARY_HASHFILE;
|
||||
hashconfig->kern_type = KERN_TYPE_WPA_EAPOL_PBKDF2;
|
||||
hashconfig->dgst_size = DGST_SIZE_4_4;
|
||||
hashconfig->parse_func = wpa_eapol_parse_hash;
|
||||
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
|
||||
hashconfig->dgst_pos0 = 0;
|
||||
hashconfig->dgst_pos1 = 1;
|
||||
hashconfig->dgst_pos2 = 2;
|
||||
hashconfig->dgst_pos3 = 3;
|
||||
hashconfig->st_hash = ST_HASH_02500;
|
||||
hashconfig->st_pass = ST_PASS_HASHCAT_EXCL;
|
||||
break;
|
||||
|
||||
case 2501: hashconfig->hash_type = HASH_TYPE_WPA_EAPOL;
|
||||
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
|
||||
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
@ -26204,7 +25882,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
||||
|
||||
switch (hashconfig->hash_mode)
|
||||
{
|
||||
case 2500: hashconfig->esalt_size = sizeof (wpa_eapol_t); break;
|
||||
case 2501: hashconfig->esalt_size = sizeof (wpa_eapol_t); break;
|
||||
case 5300: hashconfig->esalt_size = sizeof (ikepsk_t); break;
|
||||
case 5400: hashconfig->esalt_size = sizeof (ikepsk_t); break;
|
||||
@ -26315,7 +25992,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
||||
{
|
||||
case 1800: hashconfig->tmp_size = sizeof (sha512crypt_tmp_t); break;
|
||||
case 2100: hashconfig->tmp_size = sizeof (dcc2_tmp_t); break;
|
||||
case 2500: hashconfig->tmp_size = sizeof (wpa_pbkdf2_tmp_t); break;
|
||||
case 2501: hashconfig->tmp_size = sizeof (wpa_pmk_tmp_t); break;
|
||||
case 3200: hashconfig->tmp_size = sizeof (bcrypt_tmp_t); break;
|
||||
case 5200: hashconfig->tmp_size = sizeof (pwsafe3_tmp_t); break;
|
||||
@ -26427,7 +26103,6 @@ u32 default_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co
|
||||
|
||||
switch (hashconfig->hash_mode)
|
||||
{
|
||||
case 2500: pw_min = 8; break; // WPA-EAPOL-PBKDF2: min RFC
|
||||
case 2501: pw_min = 64; break; // WPA-EAPOL-PMK: fixed
|
||||
case 9710: pw_min = 5; break; // RC4-40 fixed
|
||||
case 9810: pw_min = 5; break; // RC4-40 fixed
|
||||
@ -26497,7 +26172,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co
|
||||
{
|
||||
case 112: pw_max = 30; break; // https://www.toadworld.com/platforms/oracle/b/weblog/archive/2013/11/12/oracle-12c-passwords
|
||||
case 2100: pw_max = PW_MAX; break;
|
||||
case 2500: pw_max = 63; break; // WPA-EAPOL-PBKDF2: limits itself to 63 by RFC
|
||||
case 2501: pw_max = 64; break; // WPA-EAPOL-PMK: fixed length
|
||||
case 3000: pw_max = 7; break; // LM max
|
||||
case 3100: pw_max = 30; break; // http://www.red-database-security.de/whitepaper/oracle_passwords.html
|
||||
@ -26661,11 +26335,8 @@ u32 default_salt_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED
|
||||
|
||||
const char *default_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
|
||||
switch (hashconfig->hash_mode)
|
||||
{
|
||||
case 2500: mask = "?a?a?a?a?a?a?a?a";
|
||||
break;
|
||||
case 2501: mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
|
||||
break;
|
||||
case 9710: mask = "?b?b?b?b?b";
|
||||
@ -26951,94 +26622,6 @@ int module_hash_decode_outfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY
|
||||
{
|
||||
|
||||
|
||||
if ((hash_mode == 2500) || (hash_mode == 2501)) // special case WPA/WPA2
|
||||
{
|
||||
// fake the parsing of the salt
|
||||
|
||||
u32 identifier_len = 32 + 1 + 12 + 1 + 12 + 1; // format is [ID_MD5]:[MAC1]:[MAC2]:$salt:$pass
|
||||
|
||||
if (line_len < identifier_len) continue;
|
||||
|
||||
hash_buf.salt->salt_len = line_len - identifier_len;
|
||||
|
||||
memcpy (hash_buf.salt->salt_buf, line_buf + identifier_len, hash_buf.salt->salt_len);
|
||||
|
||||
// fake the parsing of the digest
|
||||
|
||||
if (is_valid_hex_string ((u8 *) line_buf, 32) == false) break;
|
||||
|
||||
u32 *digest = (u32 *) hash_buf.digest;
|
||||
|
||||
digest[0] = hex_to_u32 ((u8 *) line_buf + 0);
|
||||
digest[1] = hex_to_u32 ((u8 *) line_buf + 8);
|
||||
digest[2] = hex_to_u32 ((u8 *) line_buf + 16);
|
||||
digest[3] = hex_to_u32 ((u8 *) line_buf + 24);
|
||||
|
||||
digest[0] = byte_swap_32 (digest[0]);
|
||||
digest[1] = byte_swap_32 (digest[1]);
|
||||
digest[2] = byte_swap_32 (digest[2]);
|
||||
digest[3] = byte_swap_32 (digest[3]);
|
||||
|
||||
return PARSER_OK;
|
||||
|
||||
/* this is from old potfile.c, seems to be more detailed
|
||||
|
||||
// here we have in line_hash_buf: hash:macap:macsta:essid:password
|
||||
|
||||
char *sep_pos = strrchr (line_hash_buf, ':');
|
||||
|
||||
if (sep_pos == NULL) continue;
|
||||
|
||||
sep_pos[0] = 0;
|
||||
|
||||
char *hash_pos = line_hash_buf;
|
||||
|
||||
const size_t hash_len = strlen (hash_pos);
|
||||
|
||||
if (hash_len != 32 + 1 + 12 + 1 + 12) continue;
|
||||
|
||||
char *essid_pos = sep_pos + 1;
|
||||
|
||||
size_t essid_len = strlen (essid_pos);
|
||||
|
||||
if (is_hexify ((const u8 *) essid_pos, essid_len) == true)
|
||||
{
|
||||
essid_len = exec_unhexify ((const u8 *) essid_pos, essid_len, (u8 *) essid_pos, essid_len);
|
||||
}
|
||||
|
||||
if (essid_len > 32) continue;
|
||||
|
||||
if (hashconfig->is_salted == true)
|
||||
{
|
||||
// this should be always true, but we need it to make scan-build happy
|
||||
|
||||
memcpy (hash_buf.salt->salt_buf, essid_pos, essid_len);
|
||||
|
||||
hash_buf.salt->salt_len = (u32) essid_len;
|
||||
hash_buf.salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
u32 hash[4];
|
||||
|
||||
hash[0] = hex_to_u32 ((const u8 *) &hash_pos[ 0]);
|
||||
hash[1] = hex_to_u32 ((const u8 *) &hash_pos[ 8]);
|
||||
hash[2] = hex_to_u32 ((const u8 *) &hash_pos[16]);
|
||||
hash[3] = hex_to_u32 ((const u8 *) &hash_pos[24]);
|
||||
|
||||
hash[0] = byte_swap_32 (hash[0]);
|
||||
hash[1] = byte_swap_32 (hash[1]);
|
||||
hash[2] = byte_swap_32 (hash[2]);
|
||||
hash[3] = byte_swap_32 (hash[3]);
|
||||
|
||||
u32 *digest = (u32 *) hash_buf.digest;
|
||||
|
||||
digest[0] = hash[0];
|
||||
digest[1] = hash[1];
|
||||
digest[2] = hash[2];
|
||||
digest[3] = hash[3];
|
||||
}
|
||||
*/
|
||||
|
||||
}
|
||||
else if (hash_mode == 6800) // special case LastPass (only email address in outfile/potfile)
|
||||
{
|
||||
// fake the parsing of the hash/salt
|
||||
@ -27470,27 +27053,6 @@ bool module_unstable_warning (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
|
||||
|
||||
u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos)
|
||||
{
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset;
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) hashes->esalts_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digests_offset + digest_pos];
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
return KERN_RUN_AUX1;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
return KERN_RUN_AUX2;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
return KERN_RUN_AUX3;
|
||||
}
|
||||
}
|
||||
else if (hashconfig->hash_mode == 9600)
|
||||
{
|
||||
return KERN_RUN_3;
|
||||
@ -27505,29 +27067,6 @@ int module_hash_encode_status (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB
|
||||
{
|
||||
if (hashes->digests_cnt == 1)
|
||||
{
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
char *tmp_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hashes->esalts_buf;
|
||||
|
||||
hc_asprintf (&tmp_buf, "%s (AP:%02x:%02x:%02x:%02x:%02x:%02x STA:%02x:%02x:%02x:%02x:%02x:%02x)",
|
||||
(char *) hashes->salts_buf[0].salt_buf,
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5]);
|
||||
|
||||
return tmp_buf;
|
||||
}
|
||||
else if (hashconfig->hash_mode == 5200)
|
||||
{
|
||||
return hashes->hashfile;
|
||||
@ -27565,267 +27104,19 @@ int module_hash_encode_status (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYB
|
||||
}
|
||||
|
||||
|
||||
int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash)
|
||||
{
|
||||
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
const size_t st_hash_len = strlen (hashconfig->st_hash);
|
||||
|
||||
for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2)
|
||||
{
|
||||
const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j);
|
||||
|
||||
tmpdata[i] = c;
|
||||
}
|
||||
|
||||
parser_status = module_ctx->module_hash_decode (hashconfig, hash.digest, hash.salt, hash.esalt, tmpdata, sizeof (hccapx_t));
|
||||
|
||||
hcfree (tmpdata);
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) st_esalts_buf;
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 3;
|
||||
}
|
||||
}
|
||||
|
||||
int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, const char **buf)
|
||||
{
|
||||
|
||||
|
||||
|
||||
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
hccapx_t hccapx;
|
||||
|
||||
to_hccapx_t (hashcat_ctx, &hccapx, salt_pos, digest_pos);
|
||||
|
||||
hc_fwrite (&hccapx, sizeof (hccapx_t), 1, fp);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
int module_hash_binary_count (MAYBE_UNUSED const hashes_t *hashes)
|
||||
{
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (stat (hashes->hashfile, &st) == -1) return -1;
|
||||
|
||||
return st.st_size / sizeof (hccapx_t);
|
||||
}
|
||||
else if (hashconfig->hash_mode == 14600)
|
||||
{
|
||||
return LUKS_NUMKEYS;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos)
|
||||
{
|
||||
const hashes_t *hashes = hashcat_ctx->hashes;
|
||||
|
||||
const salt_t *salts_buf = hashes->salts_buf;
|
||||
const void *esalts_buf = hashes->esalts_buf;
|
||||
|
||||
memset (hccapx, 0, sizeof (hccapx_t));
|
||||
|
||||
hccapx->signature = HCCAPX_SIGNATURE;
|
||||
hccapx->version = HCCAPX_VERSION;
|
||||
|
||||
const salt_t *salt = &salts_buf[salt_pos];
|
||||
|
||||
const u32 digest_cur = salt->digests_offset + digest_pos;
|
||||
|
||||
hccapx->essid_len = salt->salt_len;
|
||||
|
||||
memcpy (hccapx->essid, salt->salt_buf, hccapx->essid_len);
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) esalts_buf;
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digest_cur];
|
||||
|
||||
hccapx->message_pair = wpa_eapol->message_pair;
|
||||
hccapx->keyver = wpa_eapol->keyver;
|
||||
|
||||
hccapx->eapol_len = wpa_eapol->eapol_len;
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 eapol_tmp[64] = { 0 };
|
||||
|
||||
for (u32 i = 0; i < 64; i++)
|
||||
{
|
||||
eapol_tmp[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
|
||||
memcpy (hccapx->eapol, eapol_tmp, wpa_eapol->eapol_len);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->eapol, wpa_eapol->eapol, wpa_eapol->eapol_len);
|
||||
}
|
||||
|
||||
memcpy (hccapx->mac_ap, wpa_eapol->orig_mac_ap, 6);
|
||||
memcpy (hccapx->mac_sta, wpa_eapol->orig_mac_sta, 6);
|
||||
memcpy (hccapx->nonce_ap, wpa_eapol->orig_nonce_ap, 32);
|
||||
memcpy (hccapx->nonce_sta, wpa_eapol->orig_nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 digest_tmp[4];
|
||||
|
||||
digest_tmp[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
digest_tmp[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
digest_tmp[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
digest_tmp[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
memcpy (hccapx->keymic, digest_tmp, 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->keymic, wpa_eapol->keymic, 16);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int check_old_hccap (const char *hashfile)
|
||||
{
|
||||
FILE *fp = fopen (hashfile, "rb");
|
||||
|
||||
if (fp == NULL) return -1;
|
||||
|
||||
u32 signature;
|
||||
|
||||
const size_t nread = hc_fread (&signature, sizeof (u32), 1, fp);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
if (nread != 1) return -1;
|
||||
|
||||
if (signature == HCCAPX_SIGNATURE) return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
int module_hash_binary_parse ()
|
||||
{
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
hashes->hashlist_mode = HL_MODE_FILE;
|
||||
|
||||
FILE *fp = fopen (hash_buf, "rb");
|
||||
|
||||
if (fp == NULL)
|
||||
{
|
||||
event_log_error (hashcat_ctx, "%s: %s", hash_buf, strerror (errno));
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
char *in = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
while (!feof (fp))
|
||||
{
|
||||
const size_t nread = hc_fread (in, sizeof (hccapx_t), 1, fp);
|
||||
|
||||
if (nread == 0) break;
|
||||
|
||||
if (hashconfig->is_salted == true)
|
||||
{
|
||||
memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t));
|
||||
}
|
||||
|
||||
if (hashconfig->esalt_size > 0)
|
||||
{
|
||||
memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
|
||||
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hashes_buf[hashes_cnt].esalt;
|
||||
|
||||
if (user_options->hccapx_message_pair_chgd == true)
|
||||
{
|
||||
wpa_eapol->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd;
|
||||
wpa_eapol->message_pair = (u8) user_options->hccapx_message_pair;
|
||||
}
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 4))
|
||||
{
|
||||
// ap-less attack detected, nc not needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (wpa_eapol->message_pair & (1 << 7))
|
||||
{
|
||||
// replaycount not checked, nc needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
// replaycount checked, nc not needed, but we allow user overwrites
|
||||
|
||||
if (user_options->nonce_error_corrections_chgd == true)
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// now some optimization related to replay counter endianess
|
||||
// hcxtools has techniques to detect them
|
||||
// since we can not guarantee to get our handshakes from hcxtools we enable both by default
|
||||
// this means that we check both even if both are not set!
|
||||
// however if one of them is set, we can assume that the endianess has been checked and the other one is not needed
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 1;
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 5))
|
||||
{
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
}
|
||||
else if (wpa_eapol->message_pair & (1 << 6))
|
||||
{
|
||||
wpa_eapol->detected_le = 0;
|
||||
wpa_eapol->detected_be = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (hashconfig->hook_salt_size > 0)
|
||||
{
|
||||
memset (hashes_buf[hashes_cnt].hook_salt, 0, hashconfig->hook_salt_size);
|
||||
}
|
||||
|
||||
hash_t *hash = &hashes_buf[hashes_cnt];
|
||||
|
||||
parser_status = module_ctx->module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, in, sizeof (hccapx_t));
|
||||
|
||||
if (parser_status != PARSER_OK) continue;
|
||||
|
||||
hashes_cnt++;
|
||||
}
|
||||
|
||||
hcfree (in);
|
||||
|
||||
fclose (fp);
|
||||
}
|
||||
else if (hashconfig->hash_mode == 14600)
|
||||
{
|
||||
hashes->hashlist_mode = HL_MODE_FILE;
|
||||
@ -27848,26 +27139,7 @@ int module_hash_binary_parse ()
|
||||
|
||||
bool module_hash_binary_verify (MAYBE_UNUSED const hashes_t *hashes)
|
||||
{
|
||||
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (stat (hashes->hashfile, &st) == -1) return false;
|
||||
|
||||
// 392 = old hccap_t size
|
||||
|
||||
if ((st.st_size % 392) == 0)
|
||||
{
|
||||
const int rc = check_old_hccap (hashes->hashfile);
|
||||
|
||||
if (rc == 1) return false;
|
||||
|
||||
//{
|
||||
// event_log_error (hashcat_ctx, "%s: Old hccap format detected! You need to update: https://hashcat.net/q/hccapx", hashes->hashfile);
|
||||
//
|
||||
// return -1;
|
||||
//}
|
||||
}
|
||||
else if (hashconfig->hash_mode == 14600)
|
||||
{
|
||||
|
||||
|
850
src/modules/module_02500.c
Normal file
850
src/modules/module_02500.c
Normal file
@ -0,0 +1,850 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
#include "types.h"
|
||||
#include "modules.h"
|
||||
#include "bitops.h"
|
||||
#include "convert.h"
|
||||
#include "shared.h"
|
||||
#include "memory.h"
|
||||
#include "cpu_md5.h"
|
||||
|
||||
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||
static const u32 DGST_POS0 = 0;
|
||||
static const u32 DGST_POS1 = 1;
|
||||
static const u32 DGST_POS2 = 2;
|
||||
static const u32 DGST_POS3 = 3;
|
||||
static const u32 DGST_SIZE = DGST_SIZE_4_4;
|
||||
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
|
||||
static const char *HASH_NAME = "WPA-EAPOL-PBKDF2";
|
||||
static const u32 HASH_TYPE = HASH_TYPE_GENERIC;
|
||||
static const u64 KERN_TYPE = 2500;
|
||||
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
|
||||
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
|
||||
| OPTS_TYPE_AUX1
|
||||
| OPTS_TYPE_AUX2
|
||||
| OPTS_TYPE_AUX3
|
||||
| OPTS_TYPE_DEEP_COMP_KERNEL
|
||||
| OPTS_TYPE_BINARY_HASHFILE;
|
||||
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
|
||||
static const char *ST_PASS = "hashcat!";
|
||||
static const char *ST_HASH = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
|
||||
|
||||
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
|
||||
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
|
||||
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
|
||||
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
|
||||
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
|
||||
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
|
||||
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
|
||||
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
|
||||
u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; }
|
||||
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
|
||||
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
|
||||
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
|
||||
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
|
||||
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
|
||||
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
|
||||
|
||||
static const u32 ROUNDS_WPA_PBKDF2 = 4096;
|
||||
|
||||
typedef struct wpa_eapol
|
||||
{
|
||||
u32 pke[32];
|
||||
u32 eapol[64 + 16];
|
||||
u16 eapol_len;
|
||||
u8 message_pair;
|
||||
int message_pair_chgd;
|
||||
u8 keyver;
|
||||
u8 orig_mac_ap[6];
|
||||
u8 orig_mac_sta[6];
|
||||
u8 orig_nonce_ap[32];
|
||||
u8 orig_nonce_sta[32];
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u32 keymic[4];
|
||||
u32 hash[4];
|
||||
int nonce_compare;
|
||||
int nonce_error_corrections;
|
||||
int detected_le;
|
||||
int detected_be;
|
||||
|
||||
} wpa_eapol_t;
|
||||
|
||||
typedef struct wpa_pbkdf2_tmp
|
||||
{
|
||||
u32 ipad[5];
|
||||
u32 opad[5];
|
||||
|
||||
u32 dgst[10];
|
||||
u32 out[10];
|
||||
|
||||
} wpa_pbkdf2_tmp_t;
|
||||
|
||||
#define HCCAPX_VERSION 4
|
||||
#define HCCAPX_SIGNATURE 0x58504348 // HCPX
|
||||
|
||||
// this is required to force mingw to accept the packed attribute
|
||||
#pragma pack(push,1)
|
||||
|
||||
struct hccapx
|
||||
{
|
||||
u32 signature;
|
||||
u32 version;
|
||||
u8 message_pair;
|
||||
u8 essid_len;
|
||||
u8 essid[32];
|
||||
u8 keyver;
|
||||
u8 keymic[16];
|
||||
u8 mac_ap[6];
|
||||
u8 nonce_ap[32];
|
||||
u8 mac_sta[6];
|
||||
u8 nonce_sta[32];
|
||||
u16 eapol_len;
|
||||
u8 eapol[256];
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
typedef struct hccapx hccapx_t;
|
||||
|
||||
#pragma pack(pop)
|
||||
|
||||
static void to_hccapx_t (const hashes_t *hashes, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos)
|
||||
{
|
||||
const salt_t *salts_buf = hashes->salts_buf;
|
||||
const void *esalts_buf = hashes->esalts_buf;
|
||||
|
||||
memset (hccapx, 0, sizeof (hccapx_t));
|
||||
|
||||
hccapx->signature = HCCAPX_SIGNATURE;
|
||||
hccapx->version = HCCAPX_VERSION;
|
||||
|
||||
const salt_t *salt = &salts_buf[salt_pos];
|
||||
|
||||
const u32 digest_cur = salt->digests_offset + digest_pos;
|
||||
|
||||
hccapx->essid_len = salt->salt_len;
|
||||
|
||||
memcpy (hccapx->essid, salt->salt_buf, hccapx->essid_len);
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) esalts_buf;
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digest_cur];
|
||||
|
||||
hccapx->message_pair = wpa_eapol->message_pair;
|
||||
hccapx->keyver = wpa_eapol->keyver;
|
||||
|
||||
hccapx->eapol_len = wpa_eapol->eapol_len;
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 eapol_tmp[64] = { 0 };
|
||||
|
||||
for (u32 i = 0; i < 64; i++)
|
||||
{
|
||||
eapol_tmp[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
|
||||
memcpy (hccapx->eapol, eapol_tmp, wpa_eapol->eapol_len);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->eapol, wpa_eapol->eapol, wpa_eapol->eapol_len);
|
||||
}
|
||||
|
||||
memcpy (hccapx->mac_ap, wpa_eapol->orig_mac_ap, 6);
|
||||
memcpy (hccapx->mac_sta, wpa_eapol->orig_mac_sta, 6);
|
||||
memcpy (hccapx->nonce_ap, wpa_eapol->orig_nonce_ap, 32);
|
||||
memcpy (hccapx->nonce_sta, wpa_eapol->orig_nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->keyver != 1)
|
||||
{
|
||||
u32 digest_tmp[4];
|
||||
|
||||
digest_tmp[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
digest_tmp[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
digest_tmp[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
digest_tmp[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
memcpy (hccapx->keymic, digest_tmp, 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (hccapx->keymic, wpa_eapol->keymic, 16);
|
||||
}
|
||||
}
|
||||
|
||||
static int check_old_hccap (const char *hashfile)
|
||||
{
|
||||
FILE *fp = fopen (hashfile, "rb");
|
||||
|
||||
if (fp == NULL) return -1;
|
||||
|
||||
u32 signature;
|
||||
|
||||
const size_t nread = hc_fread (&signature, sizeof (u32), 1, fp);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
if (nread != 1) return -1;
|
||||
|
||||
if (signature == HCCAPX_SIGNATURE) return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const char *mask = "?a?a?a?a?a?a?a?a";
|
||||
|
||||
return mask;
|
||||
}
|
||||
|
||||
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 tmp_size = (const u64) sizeof (wpa_pbkdf2_tmp_t);
|
||||
|
||||
return tmp_size;
|
||||
}
|
||||
|
||||
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 esalt_size = (const u64) sizeof (wpa_eapol_t);
|
||||
|
||||
return esalt_size;
|
||||
}
|
||||
|
||||
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_min = 8;
|
||||
|
||||
return pw_min;
|
||||
}
|
||||
|
||||
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_max = 63;
|
||||
|
||||
return pw_max;
|
||||
}
|
||||
|
||||
int module_hash_decode_outfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
// here we have in line_hash_buf: hash:macap:macsta:essid:password
|
||||
|
||||
char *sep_pos = strrchr (line_buf, ':');
|
||||
|
||||
if (sep_pos == NULL) return (PARSER_HASH_ENCODING);
|
||||
|
||||
if ((line_buf + 32 + 1 + 12 + 1 + 12) != sep_pos) return (PARSER_HASH_LENGTH);
|
||||
|
||||
char *essid_pos = sep_pos + 1;
|
||||
|
||||
const int essid_len = strlen (essid_pos);
|
||||
|
||||
u8 tmp_buf[128] = { 0 };
|
||||
|
||||
int tmp_len = essid_len;
|
||||
|
||||
memcpy (tmp_buf, essid_pos, essid_len);
|
||||
|
||||
if (is_hexify (tmp_buf, tmp_len) == true)
|
||||
{
|
||||
tmp_len = exec_unhexify (tmp_buf, tmp_len, tmp_buf, sizeof (tmp_buf));
|
||||
}
|
||||
|
||||
if (tmp_len > 32) return (PARSER_HASH_VALUE);
|
||||
|
||||
memcpy (salt->salt_buf, tmp_buf, tmp_len);
|
||||
|
||||
salt->salt_len = tmp_len;
|
||||
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
digest[0] = hex_to_u32 ((const u8 *) &line_buf[ 0]);
|
||||
digest[1] = hex_to_u32 ((const u8 *) &line_buf[ 8]);
|
||||
digest[2] = hex_to_u32 ((const u8 *) &line_buf[16]);
|
||||
digest[3] = hex_to_u32 ((const u8 *) &line_buf[24]);
|
||||
|
||||
digest[0] = byte_swap_32 (digest[0]);
|
||||
digest[1] = byte_swap_32 (digest[1]);
|
||||
digest[2] = byte_swap_32 (digest[2]);
|
||||
digest[3] = byte_swap_32 (digest[3]);
|
||||
|
||||
return PARSER_OK;
|
||||
}
|
||||
|
||||
int module_hash_encode_status (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) esalt_buf;
|
||||
|
||||
const int line_len = snprintf (line_buf, line_size, "%s (AP:%02x:%02x:%02x:%02x:%02x:%02x STA:%02x:%02x:%02x:%02x:%02x:%02x)",
|
||||
(char *) salt->salt_buf,
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5]);
|
||||
|
||||
return line_len;
|
||||
}
|
||||
|
||||
int module_hash_init_selftest (MAYBE_UNUSED const hashconfig_t *hashconfig, hash_t *hash)
|
||||
{
|
||||
char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
const size_t st_hash_len = strlen (hashconfig->st_hash);
|
||||
|
||||
for (size_t i = 0, j = 0; j < st_hash_len; i += 1, j += 2)
|
||||
{
|
||||
const u8 c = hex_to_u8 ((const u8 *) hashconfig->st_hash + j);
|
||||
|
||||
tmpdata[i] = c;
|
||||
}
|
||||
|
||||
int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hash_info, tmpdata, sizeof (hccapx_t));
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hash->esalt;
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 3;
|
||||
|
||||
hcfree (tmpdata);
|
||||
|
||||
return parser_status;
|
||||
}
|
||||
|
||||
int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf)
|
||||
{
|
||||
hccapx_t *hccapx = hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
to_hccapx_t (hashes, hccapx, salt_pos, digest_pos);
|
||||
|
||||
*buf = (char *) hccapx;
|
||||
|
||||
return sizeof (hccapx_t);
|
||||
}
|
||||
|
||||
int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, hashes_t *hashes)
|
||||
{
|
||||
// hashes->hashlist_mode = HL_MODE_FILE; ???
|
||||
|
||||
hash_t *hashes_buf = hashes->hashes_buf;
|
||||
|
||||
int hashes_cnt = 0;
|
||||
|
||||
FILE *fp = fopen (hashes->hashfile, "rb");
|
||||
|
||||
if (fp == NULL) return -1;
|
||||
|
||||
char *in = (char *) hcmalloc (sizeof (hccapx_t));
|
||||
|
||||
while (!feof (fp))
|
||||
{
|
||||
const size_t nread = hc_fread (in, sizeof (hccapx_t), 1, fp);
|
||||
|
||||
if (nread == 0) break;
|
||||
|
||||
memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t));
|
||||
|
||||
memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_eapol_t));
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) hashes_buf[hashes_cnt].esalt;
|
||||
|
||||
if (user_options->hccapx_message_pair_chgd == true)
|
||||
{
|
||||
wpa_eapol->message_pair_chgd = (int) user_options->hccapx_message_pair_chgd;
|
||||
wpa_eapol->message_pair = (u8) user_options->hccapx_message_pair;
|
||||
}
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 4))
|
||||
{
|
||||
// ap-less attack detected, nc not needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (wpa_eapol->message_pair & (1 << 7))
|
||||
{
|
||||
// replaycount not checked, nc needed
|
||||
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
// replaycount checked, nc not needed, but we allow user overwrites
|
||||
|
||||
if (user_options->nonce_error_corrections_chgd == true)
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = user_options->nonce_error_corrections;
|
||||
}
|
||||
else
|
||||
{
|
||||
wpa_eapol->nonce_error_corrections = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// now some optimization related to replay counter endianess
|
||||
// hcxtools has techniques to detect them
|
||||
// since we can not guarantee to get our handshakes from hcxtools we enable both by default
|
||||
// this means that we check both even if both are not set!
|
||||
// however if one of them is set, we can assume that the endianess has been checked and the other one is not needed
|
||||
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 1;
|
||||
|
||||
if (wpa_eapol->message_pair & (1 << 5))
|
||||
{
|
||||
wpa_eapol->detected_le = 1;
|
||||
wpa_eapol->detected_be = 0;
|
||||
}
|
||||
else if (wpa_eapol->message_pair & (1 << 6))
|
||||
{
|
||||
wpa_eapol->detected_le = 0;
|
||||
wpa_eapol->detected_be = 1;
|
||||
}
|
||||
|
||||
hash_t *hash = &hashes_buf[hashes_cnt];
|
||||
|
||||
const int parser_status = module_hash_decode (hashconfig, hash->digest, hash->salt, hash->esalt, hash->hash_info, in, sizeof (hccapx_t));
|
||||
|
||||
if (parser_status != PARSER_OK) continue;
|
||||
|
||||
hashes_cnt++;
|
||||
}
|
||||
|
||||
hcfree (in);
|
||||
|
||||
fclose (fp);
|
||||
|
||||
return hashes_cnt;
|
||||
}
|
||||
|
||||
int module_hash_binary_count (MAYBE_UNUSED const hashes_t *hashes)
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (stat (hashes->hashfile, &st) == -1) return -1;
|
||||
|
||||
return st.st_size / sizeof (hccapx_t);
|
||||
}
|
||||
|
||||
u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos)
|
||||
{
|
||||
const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset;
|
||||
|
||||
wpa_eapol_t *wpa_eapols = (wpa_eapol_t *) hashes->esalts_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = &wpa_eapols[digests_offset + digest_pos];
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
return KERN_RUN_AUX1;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
return KERN_RUN_AUX2;
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
return KERN_RUN_AUX3;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
|
||||
{
|
||||
u32 *digest = (u32 *) digest_buf;
|
||||
|
||||
wpa_eapol_t *wpa_eapol = (wpa_eapol_t *) esalt_buf;
|
||||
|
||||
// the *wpa was partially initialized beforehand, we can not simply memset it to zero
|
||||
|
||||
hccapx_t in;
|
||||
|
||||
memcpy (&in, line_buf, sizeof (hccapx_t));
|
||||
|
||||
if (in.signature != HCCAPX_SIGNATURE) return (PARSER_HCCAPX_SIGNATURE);
|
||||
|
||||
if (in.version != HCCAPX_VERSION) return (PARSER_HCCAPX_VERSION);
|
||||
|
||||
if (in.eapol_len < 1 || in.eapol_len > 255) return (PARSER_HCCAPX_EAPOL_LEN);
|
||||
|
||||
memcpy (wpa_eapol->keymic, in.keymic, 16);
|
||||
|
||||
/*
|
||||
http://www.one-net.eu/jsw/j_sec/m_ptype.html
|
||||
The phrase "Pairwise key expansion"
|
||||
Access Point Address (referred to as Authenticator Address AA)
|
||||
Supplicant Address (referred to as Supplicant Address SA)
|
||||
Access Point Nonce (referred to as Authenticator Anonce)
|
||||
Wireless Device Nonce (referred to as Supplicant Nonce Snonce)
|
||||
*/
|
||||
|
||||
u32 salt_len = in.essid_len;
|
||||
|
||||
if (salt_len > 32) return (PARSER_SALT_LENGTH);
|
||||
|
||||
memcpy (salt->salt_buf, in.essid, in.essid_len);
|
||||
|
||||
salt->salt_len = salt_len;
|
||||
|
||||
salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1;
|
||||
|
||||
memcpy (wpa_eapol->essid, in.essid, in.essid_len);
|
||||
|
||||
wpa_eapol->essid_len = in.essid_len;
|
||||
|
||||
wpa_eapol->keyver = in.keyver;
|
||||
|
||||
if ((wpa_eapol->keyver != 1) && (wpa_eapol->keyver != 2) && (wpa_eapol->keyver != 3)) return (PARSER_SALT_VALUE);
|
||||
|
||||
u8 *pke_ptr = (u8 *) wpa_eapol->pke;
|
||||
|
||||
memset (pke_ptr, 0, 128);
|
||||
|
||||
if ((wpa_eapol->keyver == 1) || (wpa_eapol->keyver == 2))
|
||||
{
|
||||
memcpy (pke_ptr, "Pairwise key expansion", 23);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 23, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 29, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 35, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 67, in.nonce_ap, 32);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
pke_ptr[0] = 1;
|
||||
pke_ptr[1] = 0;
|
||||
|
||||
memcpy (pke_ptr + 2, "Pairwise key expansion", 22);
|
||||
|
||||
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_ap, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_sta, 6);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 24, in.mac_sta, 6);
|
||||
memcpy (pke_ptr + 30, in.mac_ap, 6);
|
||||
}
|
||||
|
||||
wpa_eapol->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
|
||||
|
||||
if (wpa_eapol->nonce_compare < 0)
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_ap, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_sta, 32);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (pke_ptr + 36, in.nonce_sta, 32);
|
||||
memcpy (pke_ptr + 68, in.nonce_ap, 32);
|
||||
}
|
||||
|
||||
pke_ptr[100] = 0x80;
|
||||
pke_ptr[101] = 1;
|
||||
}
|
||||
|
||||
for (int i = 0; i < 32; i++)
|
||||
{
|
||||
wpa_eapol->pke[i] = byte_swap_32 (wpa_eapol->pke[i]);
|
||||
}
|
||||
|
||||
memcpy (wpa_eapol->orig_mac_ap, in.mac_ap, 6);
|
||||
memcpy (wpa_eapol->orig_mac_sta, in.mac_sta, 6);
|
||||
memcpy (wpa_eapol->orig_nonce_ap, in.nonce_ap, 32);
|
||||
memcpy (wpa_eapol->orig_nonce_sta, in.nonce_sta, 32);
|
||||
|
||||
u8 message_pair_orig = in.message_pair;
|
||||
|
||||
in.message_pair &= 0x7f; // ignore the highest bit (it is used to indicate if the replay counters did match)
|
||||
|
||||
if (wpa_eapol->message_pair_chgd == true)
|
||||
{
|
||||
if (wpa_eapol->message_pair != in.message_pair) return (PARSER_HCCAPX_MESSAGE_PAIR);
|
||||
}
|
||||
|
||||
wpa_eapol->message_pair = message_pair_orig;
|
||||
|
||||
wpa_eapol->eapol_len = in.eapol_len;
|
||||
|
||||
u8 *eapol_ptr = (u8 *) wpa_eapol->eapol;
|
||||
|
||||
memcpy (eapol_ptr, in.eapol, wpa_eapol->eapol_len);
|
||||
|
||||
memset (eapol_ptr + wpa_eapol->eapol_len, 0, (256 + 64) - wpa_eapol->eapol_len);
|
||||
|
||||
eapol_ptr[wpa_eapol->eapol_len] = 0x80;
|
||||
|
||||
if (wpa_eapol->keyver == 1)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
else if (wpa_eapol->keyver == 2)
|
||||
{
|
||||
wpa_eapol->keymic[0] = byte_swap_32 (wpa_eapol->keymic[0]);
|
||||
wpa_eapol->keymic[1] = byte_swap_32 (wpa_eapol->keymic[1]);
|
||||
wpa_eapol->keymic[2] = byte_swap_32 (wpa_eapol->keymic[2]);
|
||||
wpa_eapol->keymic[3] = byte_swap_32 (wpa_eapol->keymic[3]);
|
||||
|
||||
for (int i = 0; i < 64; i++)
|
||||
{
|
||||
wpa_eapol->eapol[i] = byte_swap_32 (wpa_eapol->eapol[i]);
|
||||
}
|
||||
}
|
||||
else if (wpa_eapol->keyver == 3)
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
|
||||
// Create a hash of the nonce as ESSID is not unique enough
|
||||
// Not a regular MD5 but good enough
|
||||
// We can also ignore cases where we should bzero the work buffer
|
||||
|
||||
u32 hash[4];
|
||||
|
||||
hash[0] = 0;
|
||||
hash[1] = 1;
|
||||
hash[2] = 2;
|
||||
hash[3] = 3;
|
||||
|
||||
u32 block[16];
|
||||
|
||||
memset (block, 0, sizeof (block));
|
||||
|
||||
u8 *block_ptr = (u8 *) block;
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->pke[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 0];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 16];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 32];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 16; i++) block[i] = wpa_eapol->eapol[i + 48];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 0] = wpa_eapol->orig_mac_ap[i];
|
||||
for (int i = 0; i < 6; i++) block_ptr[i + 6] = wpa_eapol->orig_mac_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 0] = wpa_eapol->orig_nonce_ap[i];
|
||||
for (int i = 0; i < 32; i++) block_ptr[i + 32] = wpa_eapol->orig_nonce_sta[i];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
block[0] = wpa_eapol->keymic[0];
|
||||
block[1] = wpa_eapol->keymic[1];
|
||||
block[2] = wpa_eapol->keymic[2];
|
||||
block[3] = wpa_eapol->keymic[3];
|
||||
|
||||
md5_64 (block, hash);
|
||||
|
||||
wpa_eapol->hash[0] = hash[0];
|
||||
wpa_eapol->hash[1] = hash[1];
|
||||
wpa_eapol->hash[2] = hash[2];
|
||||
wpa_eapol->hash[3] = hash[3];
|
||||
|
||||
// make all this stuff unique
|
||||
|
||||
digest[0] = wpa_eapol->hash[0];
|
||||
digest[1] = wpa_eapol->hash[1];
|
||||
digest[2] = wpa_eapol->hash[2];
|
||||
digest[3] = wpa_eapol->hash[3];
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
|
||||
{
|
||||
const wpa_eapol_t *wpa_eapol = (const wpa_eapol_t *) esalt_buf;
|
||||
|
||||
int line_len = 0;
|
||||
|
||||
if (need_hexify (wpa_eapol->essid, wpa_eapol->essid_len, hashconfig->separator, 0) == true)
|
||||
{
|
||||
char tmp_buf[128];
|
||||
|
||||
int tmp_len = 0;
|
||||
|
||||
tmp_buf[tmp_len++] = '$';
|
||||
tmp_buf[tmp_len++] = 'H';
|
||||
tmp_buf[tmp_len++] = 'E';
|
||||
tmp_buf[tmp_len++] = 'X';
|
||||
tmp_buf[tmp_len++] = '[';
|
||||
|
||||
exec_hexify (wpa_eapol->essid, wpa_eapol->essid_len, (u8 *) tmp_buf + tmp_len);
|
||||
|
||||
tmp_len += wpa_eapol->essid_len * 2;
|
||||
|
||||
tmp_buf[tmp_len++] = ']';
|
||||
|
||||
tmp_buf[tmp_len++] = 0;
|
||||
|
||||
line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
|
||||
wpa_eapol->hash[0],
|
||||
wpa_eapol->hash[1],
|
||||
wpa_eapol->hash[2],
|
||||
wpa_eapol->hash[3],
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5],
|
||||
tmp_buf);
|
||||
}
|
||||
else
|
||||
{
|
||||
line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s",
|
||||
wpa_eapol->hash[0],
|
||||
wpa_eapol->hash[1],
|
||||
wpa_eapol->hash[2],
|
||||
wpa_eapol->hash[3],
|
||||
wpa_eapol->orig_mac_ap[0],
|
||||
wpa_eapol->orig_mac_ap[1],
|
||||
wpa_eapol->orig_mac_ap[2],
|
||||
wpa_eapol->orig_mac_ap[3],
|
||||
wpa_eapol->orig_mac_ap[4],
|
||||
wpa_eapol->orig_mac_ap[5],
|
||||
wpa_eapol->orig_mac_sta[0],
|
||||
wpa_eapol->orig_mac_sta[1],
|
||||
wpa_eapol->orig_mac_sta[2],
|
||||
wpa_eapol->orig_mac_sta[3],
|
||||
wpa_eapol->orig_mac_sta[4],
|
||||
wpa_eapol->orig_mac_sta[5],
|
||||
wpa_eapol->essid);
|
||||
}
|
||||
|
||||
return line_len;
|
||||
}
|
||||
|
||||
void module_init (module_ctx_t *module_ctx)
|
||||
{
|
||||
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
|
||||
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
|
||||
|
||||
module_ctx->module_attack_exec = module_attack_exec;
|
||||
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_benchmark_mask = module_benchmark_mask;
|
||||
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
|
||||
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
|
||||
module_ctx->module_deep_comp_kernel = module_deep_comp_kernel;
|
||||
module_ctx->module_dgst_pos0 = module_dgst_pos0;
|
||||
module_ctx->module_dgst_pos1 = module_dgst_pos1;
|
||||
module_ctx->module_dgst_pos2 = module_dgst_pos2;
|
||||
module_ctx->module_dgst_pos3 = module_dgst_pos3;
|
||||
module_ctx->module_dgst_size = module_dgst_size;
|
||||
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_esalt_size = module_esalt_size;
|
||||
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
|
||||
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_binary_count = module_hash_binary_count;
|
||||
module_ctx->module_hash_binary_parse = module_hash_binary_parse;
|
||||
module_ctx->module_hash_binary_save = module_hash_binary_save;
|
||||
module_ctx->module_hash_binary_verify = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode_outfile = module_hash_decode_outfile;
|
||||
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_decode = module_hash_decode;
|
||||
module_ctx->module_hash_encode_status = module_hash_encode_status;
|
||||
module_ctx->module_hash_encode = module_hash_encode;
|
||||
module_ctx->module_hash_init_selftest = module_hash_init_selftest;
|
||||
module_ctx->module_hash_mode = MODULE_DEFAULT;
|
||||
module_ctx->module_hash_category = module_hash_category;
|
||||
module_ctx->module_hash_name = module_hash_name;
|
||||
module_ctx->module_hash_type = module_hash_type;
|
||||
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_hook12 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook23 = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
|
||||
module_ctx->module_hook_size = MODULE_DEFAULT;
|
||||
module_ctx->module_jit_build_options = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
|
||||
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
|
||||
module_ctx->module_kern_type = module_kern_type;
|
||||
module_ctx->module_opti_type = module_opti_type;
|
||||
module_ctx->module_opts_type = module_opts_type;
|
||||
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_disable = MODULE_DEFAULT;
|
||||
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
|
||||
module_ctx->module_pwdump_column = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_max = module_pw_max;
|
||||
module_ctx->module_pw_min = module_pw_min;
|
||||
module_ctx->module_salt_max = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_type = module_salt_type;
|
||||
module_ctx->module_separator = MODULE_DEFAULT;
|
||||
module_ctx->module_st_hash = module_st_hash;
|
||||
module_ctx->module_st_pass = module_st_pass;
|
||||
module_ctx->module_tmp_size = module_tmp_size;
|
||||
module_ctx->module_unstable_warning = MODULE_DEFAULT;
|
||||
module_ctx->module_warmup_disable = MODULE_DEFAULT;
|
||||
}
|
12
src/status.c
12
src/status.c
@ -302,25 +302,25 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
|
||||
const hashes_t *hashes = hashcat_ctx->hashes;
|
||||
const module_ctx_t *module_ctx = hashcat_ctx->module_ctx;
|
||||
|
||||
if (hashes->digests_cnt == 1)
|
||||
{
|
||||
if (module_ctx->module_hash_encode_status != MODULE_DEFAULT)
|
||||
{
|
||||
char *tmp_buf = (char *) hcmalloc (HCBUFSIZ_LARGE);
|
||||
|
||||
const int tmp_len = module_ctx->module_hash_encode_status (hashconfig, hashes->digests_buf, hashes->salts_buf, hashes->esalts_buf, hashes->hash_info[0], tmp_buf, HCBUFSIZ_LARGE);
|
||||
const int tmp_len = module_ctx->module_hash_encode_status (hashconfig, hashes->digests_buf, hashes->salts_buf, hashes->esalts_buf, NULL, tmp_buf, HCBUFSIZ_LARGE);
|
||||
|
||||
char *tmp_buf2 = (char *) hcmalloc (tmp_len + 1);
|
||||
|
||||
memcpy (tmp_buf2, tmp_buf, tmp_len);
|
||||
|
||||
free (tmp_buf);
|
||||
|
||||
tmp_buf2[tmp_len] = 0;
|
||||
|
||||
free (tmp_buf);
|
||||
|
||||
return tmp_buf2;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (hashes->digests_cnt == 1)
|
||||
{
|
||||
char *tmp_buf = (char *) hcmalloc (HCBUFSIZ_LARGE);
|
||||
|
||||
@ -336,11 +336,11 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
|
||||
|
||||
return tmp_buf2;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return hashes->hashfile;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int status_get_guess_mode (const hashcat_ctx_t *hashcat_ctx)
|
||||
|
500
tools/test_modules/m02500.pm
Normal file
500
tools/test_modules/m02500.pm
Normal file
@ -0,0 +1,500 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
##
|
||||
## Author......: See docs/credits.txt
|
||||
## License.....: MIT
|
||||
##
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Crypt::PBKDF2;
|
||||
use Digest::CMAC;
|
||||
use Digest::MD5 qw (md5);
|
||||
use Digest::SHA qw (sha1 sha256);
|
||||
use Digest::HMAC qw (hmac);
|
||||
use MIME::Base64 qw (encode_base64);
|
||||
|
||||
sub module_constraints { [[8, 255], [0, 32], [8, 255], [0, 32], [-1, -1]] }
|
||||
|
||||
sub module_generate_hash
|
||||
{
|
||||
my $word = shift;
|
||||
my $salt = shift;
|
||||
|
||||
my $bssid = random_bytes (6);
|
||||
my $stmac = random_bytes (6);
|
||||
my $snonce = random_bytes (32);
|
||||
my $anonce = random_bytes (32);
|
||||
|
||||
my $keyver = random_number (1, 4); # 1, 2 or 3
|
||||
|
||||
# eapol:
|
||||
# should be "validly" generated, but in theory could be anything for us also:
|
||||
# $eapol = "\x00" x 121; # works too, but let's generate it correctly
|
||||
|
||||
my $eapol = gen_random_wpa_eapol ($keyver, $snonce);
|
||||
|
||||
my $eapol_len = length ($eapol);
|
||||
|
||||
# constants
|
||||
|
||||
my $iterations = 4096;
|
||||
|
||||
#
|
||||
# START
|
||||
#
|
||||
|
||||
# generate the Pairwise Master Key (PMK)
|
||||
|
||||
my $pbkdf2 = Crypt::PBKDF2->new
|
||||
(
|
||||
hash_class => 'HMACSHA1',
|
||||
iterations => $iterations,
|
||||
output_len => 32,
|
||||
);
|
||||
|
||||
my $pmk = $pbkdf2->PBKDF2 ($salt, $word);
|
||||
|
||||
# Pairwise Transient Key (PTK) transformation
|
||||
|
||||
my $ptk = wpa_prf_512 ($keyver, $pmk, $stmac, $bssid, $snonce, $anonce);
|
||||
|
||||
# generate the Message Integrity Code (MIC)
|
||||
|
||||
my $mic = "";
|
||||
|
||||
if ($keyver == 1) # WPA1 => MD5
|
||||
{
|
||||
$mic = hmac ($eapol, $ptk, \&md5);
|
||||
}
|
||||
elsif ($keyver == 2) # WPA2 => SHA1
|
||||
{
|
||||
$mic = hmac ($eapol, $ptk, \&sha1);
|
||||
}
|
||||
elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC
|
||||
{
|
||||
my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael');
|
||||
|
||||
$omac1->add ($eapol);
|
||||
|
||||
$mic = $omac1->digest;
|
||||
}
|
||||
|
||||
$mic = substr ($mic, 0, 16);
|
||||
|
||||
#
|
||||
# format the binary output
|
||||
#
|
||||
|
||||
my $HCCAPX_VERSION = 4;
|
||||
|
||||
# signature
|
||||
my $hash_buf = "HCPX";
|
||||
|
||||
# format version
|
||||
$hash_buf .= pack ("L<", $HCCAPX_VERSION);
|
||||
|
||||
# authenticated
|
||||
$hash_buf .= pack ("C", 0);
|
||||
|
||||
# essid length
|
||||
my $essid_len = length ($salt);
|
||||
$hash_buf .= pack ("C", $essid_len);
|
||||
|
||||
# essid (NULL-padded up to the first 32 bytes)
|
||||
$hash_buf .= $salt;
|
||||
$hash_buf .= "\x00" x (32 - $essid_len);
|
||||
|
||||
# key version
|
||||
$hash_buf .= pack ("C", $keyver);
|
||||
|
||||
# key mic
|
||||
$hash_buf .= $mic;
|
||||
|
||||
# access point MAC
|
||||
$hash_buf .= $bssid;
|
||||
|
||||
# access point nonce
|
||||
$hash_buf .= $snonce;
|
||||
|
||||
# client MAC
|
||||
$hash_buf .= $stmac;
|
||||
|
||||
# client nonce
|
||||
$hash_buf .= $anonce;
|
||||
|
||||
# eapol length
|
||||
$hash_buf .= pack ("S<", $eapol_len);
|
||||
|
||||
# eapol
|
||||
$hash_buf .= $eapol;
|
||||
$hash_buf .= "\x00" x (256 - $eapol_len);
|
||||
|
||||
# base64 encode the output
|
||||
my $hash = encode_base64 ($hash_buf, "");
|
||||
|
||||
return $hash;
|
||||
}
|
||||
|
||||
sub module_verify_hash
|
||||
{
|
||||
print "ERROR: verify currently not supported for WPA-EAPOL-PBKDF2 (because of hashcat's output format)\n";
|
||||
|
||||
exit (1);
|
||||
}
|
||||
|
||||
sub gen_random_wpa_eapol
|
||||
{
|
||||
my $keyver = shift;
|
||||
my $snonce = shift;
|
||||
|
||||
my $ret = "";
|
||||
|
||||
# version
|
||||
|
||||
my $version = 1; # 802.1X-2001
|
||||
|
||||
$ret .= pack ("C*", $version);
|
||||
|
||||
my $type = 3; # means that this EAPOL frame is used to transfer key information
|
||||
|
||||
$ret .= pack ("C*", $type);
|
||||
|
||||
my $length; # length of remaining data
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$length = 119;
|
||||
}
|
||||
else
|
||||
{
|
||||
$length = 117;
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $length);
|
||||
|
||||
my $descriptor_type;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$descriptor_type = 254; # EAPOL WPA key
|
||||
}
|
||||
else
|
||||
{
|
||||
$descriptor_type = 1; # EAPOL RSN key
|
||||
}
|
||||
|
||||
$ret .= pack ("C*", $descriptor_type);
|
||||
|
||||
# key_info is a bit vector:
|
||||
# generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3)
|
||||
|
||||
my $key_info = 0;
|
||||
|
||||
$key_info |= 1 << 8; # set key MIC
|
||||
$key_info |= 1 << 3; # set if it is a pairwise key
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_info |= 1 << 0; # RC4 Cipher, HMAC-MD5 MIC
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_info |= 1 << 1; # AES Cipher, HMAC-SHA1 MIC
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_info);
|
||||
|
||||
my $key_length;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_length = 32;
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_length = 0;
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_length);
|
||||
|
||||
my $replay_counter = 1;
|
||||
|
||||
$ret .= pack ("Q>*", $replay_counter);
|
||||
|
||||
$ret .= $snonce;
|
||||
|
||||
my $key_iv = "\x00" x 16;
|
||||
|
||||
$ret .= $key_iv;
|
||||
|
||||
my $key_rsc = "\x00" x 8;
|
||||
|
||||
$ret .= $key_rsc;
|
||||
|
||||
my $key_id = "\x00" x 8;
|
||||
|
||||
$ret .= $key_id;
|
||||
|
||||
my $key_mic = "\x00" x 16;
|
||||
|
||||
$ret .= $key_mic;
|
||||
|
||||
my $key_data_len;
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
$key_data_len = 24; # length of the key_data (== WPA info)
|
||||
}
|
||||
else
|
||||
{
|
||||
$key_data_len = 22; # length of the key_data (== RSN info)
|
||||
}
|
||||
|
||||
$ret .= pack ("n*", $key_data_len);
|
||||
|
||||
my $key_data = "";
|
||||
|
||||
if ($keyver == 1)
|
||||
{
|
||||
# wpa info
|
||||
|
||||
my $wpa_info = "";
|
||||
|
||||
my $vendor_specific_data = "";
|
||||
|
||||
my $tag_number = 221; # means it is a vendor specific tag
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $tag_number);
|
||||
|
||||
my $tag_len = 22; # length of the remaining "tag data"
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $tag_len);
|
||||
|
||||
my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_oui;
|
||||
|
||||
my $vendor_specific_oui_type = 1; # WPA Information Element
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_oui_type);
|
||||
|
||||
my $vendor_specific_wpa_version = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version);
|
||||
|
||||
# multicast
|
||||
|
||||
my $vendor_specific_multicast_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_multicast_oui;
|
||||
|
||||
my $vendor_specific_multicast_type = 2; # TKIP
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type);
|
||||
|
||||
# unicast
|
||||
|
||||
my $vendor_specific_unicast_count = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count);
|
||||
|
||||
my $vendor_specific_unicast_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $vendor_specific_unicast_oui;
|
||||
|
||||
my $vendor_specific_unicast_type = 2; # TKIP
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type);
|
||||
|
||||
# Auth Key Management (AKM)
|
||||
|
||||
my $auth_key_management_count = 1;
|
||||
|
||||
$vendor_specific_data .= pack ("v*", $auth_key_management_count);
|
||||
|
||||
my $auth_key_management_oui = pack ("H*", "0050f2");
|
||||
|
||||
$vendor_specific_data .= $auth_key_management_oui;
|
||||
|
||||
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
|
||||
|
||||
$vendor_specific_data .= pack ("C*", $auth_key_management_type);
|
||||
|
||||
$wpa_info = $vendor_specific_data;
|
||||
|
||||
$key_data = $wpa_info;
|
||||
}
|
||||
else
|
||||
{
|
||||
# rsn info
|
||||
|
||||
my $rsn_info = "";
|
||||
|
||||
my $tag_number = 48; # RSN info
|
||||
|
||||
$rsn_info .= pack ("C*", $tag_number);
|
||||
|
||||
my $tag_len = 20; # length of the remaining "tag_data"
|
||||
|
||||
$rsn_info .= pack ("C*", $tag_len);
|
||||
|
||||
my $rsn_version = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $rsn_version);
|
||||
|
||||
# group cipher suite
|
||||
|
||||
my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $group_cipher_suite_oui;
|
||||
|
||||
my $group_cipher_suite_type = 4; # AES (CCM)
|
||||
|
||||
$rsn_info .= pack ("C*", $group_cipher_suite_type);
|
||||
|
||||
# pairwise cipher suite
|
||||
|
||||
my $pairwise_cipher_suite_count = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $pairwise_cipher_suite_count);
|
||||
|
||||
my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $pairwise_cipher_suite_oui;
|
||||
|
||||
my $pairwise_cipher_suite_type = 4; # AES (CCM)
|
||||
|
||||
$rsn_info .= pack ("C*", $pairwise_cipher_suite_type);
|
||||
|
||||
# Auth Key Management (AKM)
|
||||
|
||||
my $auth_key_management_count = 1;
|
||||
|
||||
$rsn_info .= pack ("v*", $auth_key_management_count);
|
||||
|
||||
my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021
|
||||
|
||||
$rsn_info .= $auth_key_management_oui;
|
||||
|
||||
my $auth_key_management_type = 2; # Pre-Shared Key (PSK)
|
||||
|
||||
$rsn_info .= pack ("C*", $auth_key_management_type);
|
||||
|
||||
# RSN Capabilities
|
||||
|
||||
# bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required,
|
||||
# RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities
|
||||
|
||||
my $rsn_capabilities = pack ("H*", "0000");
|
||||
|
||||
$rsn_info .= $rsn_capabilities;
|
||||
|
||||
$key_data = $rsn_info;
|
||||
}
|
||||
|
||||
$ret .= $key_data;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
sub wpa_prf_512
|
||||
{
|
||||
my $keyver = shift;
|
||||
my $pmk = shift;
|
||||
my $stmac = shift;
|
||||
my $bssid = shift;
|
||||
my $snonce = shift;
|
||||
my $anonce = shift;
|
||||
|
||||
my $data = "Pairwise key expansion";
|
||||
|
||||
if (($keyver == 1) || ($keyver == 2))
|
||||
{
|
||||
$data .= "\x00";
|
||||
}
|
||||
|
||||
#
|
||||
# Min(AA, SPA) || Max(AA, SPA)
|
||||
#
|
||||
|
||||
# compare if greater: Min()/Max() on the MACs (6 bytes)
|
||||
|
||||
if (memcmp ($stmac, $bssid, 6) < 0)
|
||||
{
|
||||
$data .= $stmac;
|
||||
$data .= $bssid;
|
||||
}
|
||||
else
|
||||
{
|
||||
$data .= $bssid;
|
||||
$data .= $stmac;
|
||||
}
|
||||
|
||||
#
|
||||
# Min(ANonce,SNonce) || Max(ANonce,SNonce)
|
||||
#
|
||||
|
||||
# compare if greater: Min()/Max() on the nonces (32 bytes)
|
||||
|
||||
if (memcmp ($snonce, $anonce, 32) < 0)
|
||||
{
|
||||
$data .= $snonce;
|
||||
$data .= $anonce;
|
||||
}
|
||||
else
|
||||
{
|
||||
$data .= $anonce;
|
||||
$data .= $snonce;
|
||||
}
|
||||
|
||||
my $prf_buf;
|
||||
|
||||
if (($keyver == 1) || ($keyver == 2))
|
||||
{
|
||||
$data .= "\x00";
|
||||
|
||||
$prf_buf = hmac ($data, $pmk, \&sha1);
|
||||
}
|
||||
else
|
||||
{
|
||||
my $data3 = "\x01\x00" . $data . "\x80\x01";
|
||||
|
||||
$prf_buf = hmac ($data3, $pmk, \&sha256);
|
||||
}
|
||||
|
||||
$prf_buf = substr ($prf_buf, 0, 16);
|
||||
|
||||
return $prf_buf;
|
||||
}
|
||||
|
||||
sub memcmp
|
||||
{
|
||||
my $str1 = shift;
|
||||
my $str2 = shift;
|
||||
my $len = shift;
|
||||
|
||||
my $len_str1 = length ($str1);
|
||||
my $len_str2 = length ($str2);
|
||||
|
||||
if (($len > $len_str1) || ($len > $len_str2))
|
||||
{
|
||||
print "ERROR: memcmp () lengths wrong";
|
||||
|
||||
exit (1);
|
||||
}
|
||||
|
||||
for (my $i = 0; $i < $len; $i++)
|
||||
{
|
||||
my $c_1 = ord (substr ($str1, $i, 1));
|
||||
my $c_2 = ord (substr ($str2, $i, 1));
|
||||
|
||||
return -1 if ($c_1 < $c_2);
|
||||
return 1 if ($c_1 > $c_2);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user