From 08ea00020a6f727cc0e876ec17668e11bb684787 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 10 May 2020 10:05:14 +0200 Subject: [PATCH] Fixed calculation of brain-session ID, only the first hash of the hashset was taken into account --- docs/changes.txt | 1 + src/brain.c | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index d4cdc1ee7..e16ea49cd 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -78,6 +78,7 @@ - Fixed buffer overflow in build_plain() function - Fixed buffer overflow in mp_add_cs_buf() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 +- Fixed calculation of brain-session ID, only the first hash of the hashset was taken into account - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt - Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data - Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16 diff --git a/src/brain.c b/src/brain.c index e91347c8b..f659ea7d7 100644 --- a/src/brain.c +++ b/src/brain.c @@ -95,10 +95,11 @@ u32 brain_compute_session (hashcat_ctx_t *hashcat_ctx) else { // using hash_encode is an easy workaround for dealing with optimizations - // like OPTI_TYPE_PRECOMPUTE_MERKLE which cause diffrent hashes in digests_buf + // like OPTI_TYPE_PRECOMPUTE_MERKLE which cause different hashes in digests_buf // in case -O is used char **out_bufs = (char **) hccalloc (hashes->digests_cnt, sizeof (char *)); + int *out_lens = (int *) hccalloc (hashes->digests_cnt, sizeof (int)); int out_idx = 0; @@ -114,9 +115,12 @@ u32 brain_compute_session (hashcat_ctx_t *hashcat_ctx) { const int out_len = hash_encode (hashcat_ctx->hashconfig, hashcat_ctx->hashes, hashcat_ctx->module_ctx, (char *) out_buf, HCBUFSIZ_LARGE, salts_idx, digest_idx); - out_buf[out_len] = 0; + out_bufs[out_idx] = (char *) hcmalloc (out_len + 1); + out_lens[out_idx] = out_len; - out_bufs[out_idx] = hcstrdup ((char *) out_buf); + memcpy (out_bufs[out_idx], out_buf, out_len); + + out_idx++; } } @@ -124,16 +128,15 @@ u32 brain_compute_session (hashcat_ctx_t *hashcat_ctx) qsort (out_bufs, out_idx, sizeof (char *), sort_by_string); - for (int i = 0; i <= out_idx; i++) + for (int i = 0; i < out_idx; i++) { - const size_t out_len = strlen (out_bufs[out_idx]); - - XXH64_update (state, out_bufs[out_idx], out_len); + XXH64_update (state, out_bufs[i], out_lens[i]); - hcfree (out_bufs[out_idx]); + hcfree (out_bufs[i]); } hcfree (out_bufs); + hcfree (out_lens); } const u32 session = (const u32) XXH64_digest (state);