From 2a0435440129a8537223ca13b46b84f3f763137a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 15 Dec 2019 21:09:04 +0100 Subject: [PATCH] New mode 22000 WPA-PBKDF2-PMKID+EAPOL to replace -m 2500 and -m 16800. NOTE: missing support for message_pair and nonce_error_corrections handling --- OpenCL/m22000-pure.cl | 1035 ++++++++++++++++++++++++++++++++++ src/modules/module_22000.c | 952 +++++++++++++++++++++++++++++++ src/selftest.c | 29 +- tools/test.sh | 126 ++++- tools/test_modules/m22000.pm | 557 ++++++++++++++++++ 5 files changed, 2696 insertions(+), 3 deletions(-) create mode 100644 OpenCL/m22000-pure.cl create mode 100644 src/modules/module_22000.c create mode 100644 tools/test_modules/m22000.pm diff --git a/OpenCL/m22000-pure.cl b/OpenCL/m22000-pure.cl new file mode 100644 index 000000000..98bc1d6ee --- /dev/null +++ b/OpenCL/m22000-pure.cl @@ -0,0 +1,1035 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_simd.cl" +#include "inc_hash_md5.cl" +#include "inc_hash_sha1.cl" +#include "inc_hash_sha256.cl" +#include "inc_cipher_aes.cl" +#else +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.h" +#include "inc_common.h" +#include "inc_simd.h" +#include "inc_hash_md5.h" +#include "inc_hash_sha1.h" +#include "inc_hash_sha256.h" +#include "inc_cipher_aes.h" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +typedef struct wpa_pbkdf2_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[10]; + u32 out[10]; + +} wpa_pbkdf2_tmp_t; + +typedef struct wpa +{ + u8 orig_mac_ap[6]; + u8 orig_mac_sta[6]; + u8 essid_len; + u32 essid_buf[16]; + + u8 type; // 1 = PMKID, 2 = EAPOL + u8 extra; + + // PMKID specific + + u32 pmkid[4]; + u32 pmkid_data[16]; + + // EAPOL specific + + u32 keymic[4]; + u32 anonce[8]; + + u8 keyver; + + u32 eapol[64 + 16]; + u16 eapol_len; + + u32 pke[32]; + + u8 message_pair; + int message_pair_chgd; + int nonce_compare; + int nonce_error_corrections; + int detected_le; + int detected_be; + +} wpa_t; + +DECLSPEC void make_kn (u32 *k) +{ + u32 kl[4]; + u32 kr[4]; + + kl[0] = (k[0] << 1) & 0xfefefefe; + kl[1] = (k[1] << 1) & 0xfefefefe; + kl[2] = (k[2] << 1) & 0xfefefefe; + kl[3] = (k[3] << 1) & 0xfefefefe; + + kr[0] = (k[0] >> 7) & 0x01010101; + kr[1] = (k[1] >> 7) & 0x01010101; + kr[2] = (k[2] >> 7) & 0x01010101; + kr[3] = (k[3] >> 7) & 0x01010101; + + const u32 c = kr[0] & 1; + + kr[0] = kr[0] >> 8 | kr[1] << 24; + kr[1] = kr[1] >> 8 | kr[2] << 24; + kr[2] = kr[2] >> 8 | kr[3] << 24; + kr[3] = kr[3] >> 8; + + k[0] = kl[0] | kr[0]; + k[1] = kl[1] | kr[1]; + k[2] = kl[2] | kr[2]; + k[3] = kl[3] | kr[3]; + + k[3] ^= c * 0x87000000; +} + +DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) +{ + digest[0] = ipad[0]; + digest[1] = ipad[1]; + digest[2] = ipad[2]; + digest[3] = ipad[3]; + digest[4] = ipad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); + + w0[0] = digest[0]; + w0[1] = digest[1]; + w0[2] = digest[2]; + w0[3] = digest[3]; + w1[0] = digest[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + digest[0] = opad[0]; + digest[1] = opad[1]; + digest[2] = opad[2]; + digest[3] = opad[3]; + digest[4] = opad[4]; + + sha1_transform_vector (w0, w1, w2, w3, digest); +} + +KERNEL_FQ void m22000_init (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init_global_swap (&sha1_hmac_ctx, pws[gid].i, pws[gid].pw_len); + + tmps[gid].ipad[0] = sha1_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha1_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha1_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha1_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha1_hmac_ctx.ipad.h[4]; + + tmps[gid].opad[0] = sha1_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha1_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha1_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha1_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha1_hmac_ctx.opad.h[4]; + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, esalt_bufs[digests_offset].essid_buf, esalt_bufs[digests_offset].essid_len); + + for (u32 i = 0, j = 1; i < 8; i += 5, j += 1) + { + sha1_hmac_ctx_t sha1_hmac_ctx2 = sha1_hmac_ctx; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha1_hmac_update_64 (&sha1_hmac_ctx2, w0, w1, w2, w3, 4); + + sha1_hmac_final (&sha1_hmac_ctx2); + + tmps[gid].dgst[i + 0] = sha1_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[i + 1] = sha1_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[i + 2] = sha1_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[i + 3] = sha1_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[i + 4] = sha1_hmac_ctx2.opad.h[4]; + + tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; + tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; + tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; + tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; + tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; + } +} + +KERNEL_FQ void m22000_loop (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= gid_max) return; + + u32x ipad[5]; + u32x opad[5]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + + for (u32 i = 0; i < 8; i += 5) + { + u32x dgst[5]; + u32x out[5]; + + dgst[0] = packv (tmps, dgst, gid, i + 0); + dgst[1] = packv (tmps, dgst, gid, i + 1); + dgst[2] = packv (tmps, dgst, gid, i + 2); + dgst[3] = packv (tmps, dgst, gid, i + 3); + dgst[4] = packv (tmps, dgst, gid, i + 4); + + out[0] = packv (tmps, out, gid, i + 0); + out[1] = packv (tmps, out, gid, i + 1); + out[2] = packv (tmps, out, gid, i + 2); + out[3] = packv (tmps, out, gid, i + 3); + out[4] = packv (tmps, out, gid, i + 4); + + for (u32 j = 0; j < loop_cnt; j++) + { + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = 0x80000000; + w1[2] = 0; + w1[3] = 0; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 20) * 8; + + hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst); + + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + } + + unpackv (tmps, dgst, gid, i + 0, dgst[0]); + unpackv (tmps, dgst, gid, i + 1, dgst[1]); + unpackv (tmps, dgst, gid, i + 2, dgst[2]); + unpackv (tmps, dgst, gid, i + 3, dgst[3]); + unpackv (tmps, dgst, gid, i + 4, dgst[4]); + + unpackv (tmps, out, gid, i + 0, out[0]); + unpackv (tmps, out, gid, i + 1, out[1]); + unpackv (tmps, out, gid, i + 2, out[2]); + unpackv (tmps, out, gid, i + 3, out[3]); + unpackv (tmps, out, gid, i + 4, out[4]); + } +} + +KERNEL_FQ void m22000_comp (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + // not in use here, special case... +} + +KERNEL_FQ void m22000_aux1 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + md5_hmac_ctx_t ctx2; + + md5_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + md5_hmac_final (&ctx2); + + ctx2.opad.h[0] = hc_swap32_S (ctx2.opad.h[0]); + ctx2.opad.h[1] = hc_swap32_S (ctx2.opad.h[1]); + ctx2.opad.h[2] = hc_swap32_S (ctx2.opad.h[2]); + ctx2.opad.h[3] = hc_swap32_S (ctx2.opad.h[3]); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux2 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha1_hmac_ctx_t ctx1; + + sha1_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha1_hmac_update (&ctx1, pke, 100); + + sha1_hmac_final (&ctx1); + + sha1_hmac_ctx_t ctx2; + + sha1_hmac_init_64 (&ctx2, ctx1.opad.h, z, z, z); + + sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len); + + sha1_hmac_final (&ctx2); + + /** + * final compare + */ + + if ((ctx2.opad.h[0] == wpa->keymic[0]) + && (ctx2.opad.h[1] == wpa->keymic[1]) + && (ctx2.opad.h[2] == wpa->keymic[2]) + && (ctx2.opad.h[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux3 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + /** + * aes shared + */ + + #ifdef REAL_SHM + + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + #ifdef IS_CUDA + __syncthreads(); + #else + SYNC_THREADS (); + #endif + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 out0[4]; + u32 out1[4]; + + out0[0] = tmps[gid].out[0]; + out0[1] = tmps[gid].out[1]; + out0[2] = tmps[gid].out[2]; + out0[3] = tmps[gid].out[3]; + out1[0] = tmps[gid].out[4]; + out1[1] = tmps[gid].out[5]; + out1[2] = tmps[gid].out[6]; + out1[3] = tmps[gid].out[7]; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + u32 pke[32]; + + pke[ 0] = wpa->pke[ 0]; + pke[ 1] = wpa->pke[ 1]; + pke[ 2] = wpa->pke[ 2]; + pke[ 3] = wpa->pke[ 3]; + pke[ 4] = wpa->pke[ 4]; + pke[ 5] = wpa->pke[ 5]; + pke[ 6] = wpa->pke[ 6]; + pke[ 7] = wpa->pke[ 7]; + pke[ 8] = wpa->pke[ 8]; + pke[ 9] = wpa->pke[ 9]; + pke[10] = wpa->pke[10]; + pke[11] = wpa->pke[11]; + pke[12] = wpa->pke[12]; + pke[13] = wpa->pke[13]; + pke[14] = wpa->pke[14]; + pke[15] = wpa->pke[15]; + pke[16] = wpa->pke[16]; + pke[17] = wpa->pke[17]; + pke[18] = wpa->pke[18]; + pke[19] = wpa->pke[19]; + pke[20] = wpa->pke[20]; + pke[21] = wpa->pke[21]; + pke[22] = wpa->pke[22]; + pke[23] = wpa->pke[23]; + pke[24] = wpa->pke[24]; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; + + u32 z[4]; + + z[0] = 0; + z[1] = 0; + z[2] = 0; + z[3] = 0; + + u32 to; + + u32 m0; + u32 m1; + + if (wpa->nonce_compare < 0) + { + m0 = pke[15] & ~0x000000ff; + m1 = pke[16] & ~0xffffff00; + + to = pke[15] << 24 + | pke[16] >> 8; + } + else + { + m0 = pke[23] & ~0x000000ff; + m1 = pke[24] & ~0xffffff00; + + to = pke[23] << 24 + | pke[24] >> 8; + } + + u32 bo_loops = wpa->detected_le + wpa->detected_be; + + bo_loops = (bo_loops == 0) ? 2 : bo_loops; + + const u32 nonce_error_corrections = wpa->nonce_error_corrections; + + for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++) + { + for (u32 bo_pos = 0; bo_pos < bo_loops; bo_pos++) + { + u32 t = to; + + if (bo_loops == 1) + { + if (wpa->detected_le == 1) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (wpa->detected_be == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + else + { + if (bo_pos == 0) + { + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + } + else if (bo_pos == 1) + { + t = hc_swap32_S (t); + + t -= nonce_error_corrections / 2; + t += nonce_error_correction; + + t = hc_swap32_S (t); + } + } + + if (wpa->nonce_compare < 0) + { + pke[15] = m0 | (t >> 24); + pke[16] = m1 | (t << 8); + } + else + { + pke[23] = m0 | (t >> 24); + pke[24] = m1 | (t << 8); + } + + sha256_hmac_ctx_t ctx1; + + sha256_hmac_init_64 (&ctx1, out0, out1, z, z); + + sha256_hmac_update (&ctx1, pke, 102); + + sha256_hmac_final (&ctx1); + + ctx1.opad.h[0] = hc_swap32_S (ctx1.opad.h[0]); + ctx1.opad.h[1] = hc_swap32_S (ctx1.opad.h[1]); + ctx1.opad.h[2] = hc_swap32_S (ctx1.opad.h[2]); + ctx1.opad.h[3] = hc_swap32_S (ctx1.opad.h[3]); + + // AES CMAC + + u32 ks[44]; + + aes128_set_encrypt_key (ks, ctx1.opad.h, s_te0, s_te1, s_te2, s_te3); + + u32 m[4]; + + m[0] = 0; + m[1] = 0; + m[2] = 0; + m[3] = 0; + + u32 iv[4]; + + iv[0] = 0; + iv[1] = 0; + iv[2] = 0; + iv[3] = 0; + + int eapol_left; + int eapol_idx; + + for (eapol_left = wpa->eapol_len, eapol_idx = 0; eapol_left > 16; eapol_left -= 16, eapol_idx += 4) + { + m[0] = wpa->eapol[eapol_idx + 0] ^ iv[0]; + m[1] = wpa->eapol[eapol_idx + 1] ^ iv[1]; + m[2] = wpa->eapol[eapol_idx + 2] ^ iv[2]; + m[3] = wpa->eapol[eapol_idx + 3] ^ iv[3]; + + aes128_encrypt (ks, m, iv, s_te0, s_te1, s_te2, s_te3, s_te4); + } + + m[0] = wpa->eapol[eapol_idx + 0]; + m[1] = wpa->eapol[eapol_idx + 1]; + m[2] = wpa->eapol[eapol_idx + 2]; + m[3] = wpa->eapol[eapol_idx + 3]; + + u32 k[4]; + + k[0] = 0; + k[1] = 0; + k[2] = 0; + k[3] = 0; + + aes128_encrypt (ks, k, k, s_te0, s_te1, s_te2, s_te3, s_te4); + + make_kn (k); + + if (eapol_left < 16) + { + make_kn (k); + } + + m[0] ^= k[0]; + m[1] ^= k[1]; + m[2] ^= k[2]; + m[3] ^= k[3]; + + m[0] ^= iv[0]; + m[1] ^= iv[1]; + m[2] ^= iv[2]; + m[3] ^= iv[3]; + + u32 keymic[4]; + + keymic[0] = 0; + keymic[1] = 0; + keymic[2] = 0; + keymic[3] = 0; + + aes128_encrypt (ks, m, keymic, s_te0, s_te1, s_te2, s_te3, s_te4); + + /** + * final compare + */ + + keymic[0] = hc_swap32_S (keymic[0]); + keymic[1] = hc_swap32_S (keymic[1]); + keymic[2] = hc_swap32_S (keymic[2]); + keymic[3] = hc_swap32_S (keymic[3]); + + if ((keymic[0] == wpa->keymic[0]) + && (keymic[1] == wpa->keymic[1]) + && (keymic[2] == wpa->keymic[2]) + && (keymic[3] == wpa->keymic[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + } + } +} + +KERNEL_FQ void m22000_aux4 (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + u32 w[16]; + + w[ 0] = tmps[gid].out[0]; + w[ 1] = tmps[gid].out[1]; + w[ 2] = tmps[gid].out[2]; + w[ 3] = tmps[gid].out[3]; + w[ 4] = tmps[gid].out[4]; + w[ 5] = tmps[gid].out[5]; + w[ 6] = tmps[gid].out[6]; + w[ 7] = tmps[gid].out[7]; + w[ 8] = 0; + w[ 9] = 0; + w[10] = 0; + w[11] = 0; + w[12] = 0; + w[13] = 0; + w[14] = 0; + w[15] = 0; + + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + + GLOBAL_AS const wpa_t *wpa = &esalt_bufs[digest_cur]; + + sha1_hmac_ctx_t sha1_hmac_ctx; + + sha1_hmac_init (&sha1_hmac_ctx, w, 32); + + sha1_hmac_update_global_swap (&sha1_hmac_ctx, wpa->pmkid_data, 20); + + sha1_hmac_final (&sha1_hmac_ctx); + + const u32 r0 = sha1_hmac_ctx.opad.h[0]; + const u32 r1 = sha1_hmac_ctx.opad.h[1]; + const u32 r2 = sha1_hmac_ctx.opad.h[2]; + const u32 r3 = sha1_hmac_ctx.opad.h[3]; + + #ifdef KERNEL_STATIC + + #define il_pos 0 + #include COMPARE_M + + #else + + if ((hc_swap32_S (r0) == wpa->pmkid[0]) + && (hc_swap32_S (r1) == wpa->pmkid[1]) + && (hc_swap32_S (r2) == wpa->pmkid[2]) + && (hc_swap32_S (r3) == wpa->pmkid[3])) + { + if (atomic_inc (&hashes_shown[digest_cur]) == 0) + { + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); + } + } + + #endif +} diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c new file mode 100644 index 000000000..cbcc86de6 --- /dev/null +++ b/src/modules/module_22000.c @@ -0,0 +1,952 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +#define DGST_ELEM 4 + +#include "emu_general.h" +#include "emu_inc_cipher_aes.h" +#include "emu_inc_hash_md5.h" +#include "m22000-pure.cl" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "WPA-PBKDF2-PMKID+EAPOL"; +static const u64 KERN_TYPE = 22000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_AUX1 + | OPTS_TYPE_AUX2 + | OPTS_TYPE_AUX3 + | OPTS_TYPE_AUX4 + | OPTS_TYPE_DEEP_COMP_KERNEL + | OPTS_TYPE_COPY_TMPS; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat!"; +static const char *ST_HASH = "WPA:01:9d42bfc4ab79cf3a3a85761efd2a0cf0:e8e61d2bfe07:e21f445660bb:3c3429452aba22e9a7a6:::"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +static const u32 ROUNDS_WPA_PBKDF2 = 4096; + +struct auth_packet +{ + u8 version; + u8 type; + u16 length; + u8 key_descriptor; + u16 key_information; + u16 key_length; + u64 replay_counter; + u8 wpa_key_nonce[32]; + u8 wpa_key_iv[16]; + u8 wpa_key_rsc[8]; + u8 wpa_key_id[8]; + u8 wpa_key_mic[16]; + u16 wpa_key_data_length; + +} __attribute__((packed)); + +typedef struct auth_packet auth_packet_t; + +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const char *mask = "?a?a?a?a?a?a?a?a"; + + return mask; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (wpa_pbkdf2_tmp_t); + + return tmp_size; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (wpa_t); + + return esalt_size; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_min = 8; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 63; + + return pw_max; +} + +int module_hash_decode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len, MAYBE_UNUSED void *tmps) +{ + wpa_t *wpa = (wpa_t *) esalt_buf; + + wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (wpa_pbkdf2_tmp_t *) tmps; + + // here we have in line_hash_buf: PMK*essid:password + // but we don't care about the password + + // PMK + + wpa_pbkdf2_tmp->out[0] = hex_to_u32 ((const u8 *) line_buf + 0); + wpa_pbkdf2_tmp->out[1] = hex_to_u32 ((const u8 *) line_buf + 8); + wpa_pbkdf2_tmp->out[2] = hex_to_u32 ((const u8 *) line_buf + 16); + wpa_pbkdf2_tmp->out[3] = hex_to_u32 ((const u8 *) line_buf + 24); + wpa_pbkdf2_tmp->out[4] = hex_to_u32 ((const u8 *) line_buf + 32); + wpa_pbkdf2_tmp->out[5] = hex_to_u32 ((const u8 *) line_buf + 40); + wpa_pbkdf2_tmp->out[6] = hex_to_u32 ((const u8 *) line_buf + 48); + wpa_pbkdf2_tmp->out[7] = hex_to_u32 ((const u8 *) line_buf + 56); + + // essid + + char *sep_pos = strrchr (line_buf, ':'); + + if (sep_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED); + + if ((line_buf + 64) != sep_pos) return (PARSER_HASH_LENGTH); + + char *essid_pos = sep_pos + 1; + + const int essid_len = strlen (essid_pos); + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + if (essid_len > 64) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode ((const u8 *) essid_pos, essid_len, (u8 *) wpa->essid_buf); + + return PARSER_OK; +} + +int module_hash_encode_potfile (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size, MAYBE_UNUSED const void *tmps) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) tmps; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x%08x%08x%08x:%s", + wpa_pbkdf2_tmp->out[0], + wpa_pbkdf2_tmp->out[1], + wpa_pbkdf2_tmp->out[2], + wpa_pbkdf2_tmp->out[3], + wpa_pbkdf2_tmp->out[4], + wpa_pbkdf2_tmp->out[5], + wpa_pbkdf2_tmp->out[6], + wpa_pbkdf2_tmp->out[7], + tmp_buf); + + return line_len; +} + +int module_hash_binary_save (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos, char **buf) +{ + const salt_t *salts_buf = hashes->salts_buf; + const void *esalts_buf = hashes->esalts_buf; + + const salt_t *salt = &salts_buf[salt_pos]; + + const u32 digest_cur = salt->digests_offset + digest_pos; + + const wpa_t *wpas = (const wpa_t *) esalts_buf; + const wpa_t *wpa = &wpas[digest_cur]; + + char tmp_buf[128]; + + const int tmp_len = hex_encode ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf); + + tmp_buf[tmp_len] = 0; + + if (wpa->type == 1) + { + const int len = hc_asprintf (buf, "WPA:01:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:::" EOL, + byte_swap_32 (wpa->pmkid[0]), + byte_swap_32 (wpa->pmkid[1]), + byte_swap_32 (wpa->pmkid[2]), + byte_swap_32 (wpa->pmkid[3]), + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf); + + return len; + } + else if (wpa->type == 2) + { + u32 eapol_swapped[64 + 2]; + + for (int i = 0; i < 64; i++) + { + eapol_swapped[i] = wpa->eapol[i]; + + if (wpa->keyver == 2) + { + eapol_swapped[i] = byte_swap_32 (eapol_swapped[i]); + } + } + + eapol_swapped[64] = 0; + eapol_swapped[65] = 0; + + char tmp2_buf[384]; + + const int tmp2_len = hex_encode ((const u8 *) eapol_swapped, wpa->eapol_len, (u8 *) tmp2_buf); + + tmp2_buf[tmp2_len] = 0; + + const int len = hc_asprintf (buf, "WPA:02:%08x%08x%08x%08x:%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s:%08x%08x%08x%08x%08x%08x%08x%08x:%s:%02x" EOL, + wpa->keymic[0], + wpa->keymic[1], + wpa->keymic[2], + wpa->keymic[3], + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf, + byte_swap_32 (wpa->anonce[0]), + byte_swap_32 (wpa->anonce[1]), + byte_swap_32 (wpa->anonce[2]), + byte_swap_32 (wpa->anonce[3]), + byte_swap_32 (wpa->anonce[4]), + byte_swap_32 (wpa->anonce[5]), + byte_swap_32 (wpa->anonce[6]), + byte_swap_32 (wpa->anonce[7]), + tmp2_buf, + wpa->extra); + + return len; + } + + return 0; +} + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset; + + wpa_t *wpas = (wpa_t *) hashes->esalts_buf; + + wpa_t *wpa = &wpas[digests_offset + digest_pos]; + + if (wpa->type == 1) + { + return KERN_RUN_AUX4; + } + else if (wpa->type == 2) + { + if (wpa->keyver == 1) + { + return KERN_RUN_AUX1; + } + else if (wpa->keyver == 2) + { + return KERN_RUN_AUX2; + } + else if (wpa->keyver == 3) + { + return KERN_RUN_AUX3; + } + } + + return 0; +} + +bool module_potfile_custom_check (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const hash_t *db, MAYBE_UNUSED const hash_t *entry_hash, MAYBE_UNUSED const void *entry_tmps) +{ + const wpa_t *wpa_entry = (const wpa_t *) entry_hash->esalt; + const wpa_t *wpa_db = (const wpa_t *) db->esalt; + + if (wpa_db->essid_len != wpa_entry->essid_len) return false; + + if (strcmp ((const char *) wpa_db->essid_buf, (const char *) wpa_entry->essid_buf)) return false; + + const wpa_pbkdf2_tmp_t *wpa_pbkdf2_tmp = (const wpa_pbkdf2_tmp_t *) entry_tmps; + + wpa_pbkdf2_tmp_t tmps; + + tmps.out[0] = byte_swap_32 (wpa_pbkdf2_tmp->out[0]); + tmps.out[1] = byte_swap_32 (wpa_pbkdf2_tmp->out[1]); + tmps.out[2] = byte_swap_32 (wpa_pbkdf2_tmp->out[2]); + tmps.out[3] = byte_swap_32 (wpa_pbkdf2_tmp->out[3]); + tmps.out[4] = byte_swap_32 (wpa_pbkdf2_tmp->out[4]); + tmps.out[5] = byte_swap_32 (wpa_pbkdf2_tmp->out[5]); + tmps.out[6] = byte_swap_32 (wpa_pbkdf2_tmp->out[6]); + tmps.out[7] = byte_swap_32 (wpa_pbkdf2_tmp->out[7]); + + plain_t plains_buf; + + u32 hashes_shown = 0; + + u32 d_return_buf = 0; + + void (*m22000_aux) (KERN_ATTR_TMPS_ESALT (wpa_pbkdf2_tmp_t, wpa_t)); + + if (wpa_db->type == 1) + { + m22000_aux = m22000_aux4; + } + else if (wpa_db->type == 2) + { + if (wpa_db->keyver == 1) + { + m22000_aux = m22000_aux1; + } + else if (wpa_db->keyver == 2) + { + m22000_aux = m22000_aux2; + } + else if (wpa_db->keyver == 3) + { + m22000_aux = m22000_aux3; + } + else + { + return false; + } + } + else + { + return false; + } + + m22000_aux + ( + NULL, // pws + NULL, // rules_buf + NULL, // combs_buf + NULL, // bfs_buf + &tmps, // tmps + NULL, // hooks + NULL, // bitmaps_buf_s1_a + NULL, // bitmaps_buf_s1_b + NULL, // bitmaps_buf_s1_c + NULL, // bitmaps_buf_s1_d + NULL, // bitmaps_buf_s2_a + NULL, // bitmaps_buf_s2_b + NULL, // bitmaps_buf_s2_c + NULL, // bitmaps_buf_s2_d + &plains_buf, // plains_buf + db->digest, // digests_buf + &hashes_shown, // hashes_shown + db->salt, // salt_bufs + db->esalt, // esalt_bufs + &d_return_buf, // d_return_buf + NULL, // d_extra0_buf + NULL, // d_extra1_buf + NULL, // d_extra2_buf + NULL, // d_extra3_buf + 0, // bitmap_mask + 0, // bitmap_shift1 + 0, // bitmap_shift2 + 0, // salt_pos + 0, // loop_pos + 0, // loop_cnt + 0, // il_cnt + 1, // digests_cnt + 0, // digests_offset + 0, // combs_mode + 1 // gid_max + ); + + const bool r = (d_return_buf == 0) ? false : true; + + return r; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + wpa_t *wpa = (wpa_t *) esalt_buf; + + // start normal parsing + + token_t token; + + token.token_cnt = 9; + + token.signatures_cnt = 1; + token.signatures_buf[0] = "WPA"; + + token.sep[0] = ':'; + token.len_min[0] = 3; + token.len_max[0] = 3; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = ':'; + token.len_min[1] = 2; + token.len_max[1] = 2; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[2] = ':'; + token.len_min[2] = 32; + token.len_max[2] = 32; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = ':'; + token.len_min[3] = 12; + token.len_max[3] = 12; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[4] = ':'; + token.len_min[4] = 12; + token.len_max[4] = 12; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = ':'; + token.len_min[5] = 0; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = ':'; + token.len_min[6] = 0; + token.len_max[6] = 64; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = ':'; + token.len_min[7] = 0; + token.len_max[7] = 512; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = ':'; + token.len_min[8] = 0; + token.len_max[8] = 2; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // mac_ap + + const u8 *macap_buf = token.buf[3]; + + wpa->orig_mac_ap[0] = hex_to_u8 (macap_buf + 0); + wpa->orig_mac_ap[1] = hex_to_u8 (macap_buf + 2); + wpa->orig_mac_ap[2] = hex_to_u8 (macap_buf + 4); + wpa->orig_mac_ap[3] = hex_to_u8 (macap_buf + 6); + wpa->orig_mac_ap[4] = hex_to_u8 (macap_buf + 8); + wpa->orig_mac_ap[5] = hex_to_u8 (macap_buf + 10); + + // mac_sta + + const u8 *macsta_buf = token.buf[4]; + + wpa->orig_mac_sta[0] = hex_to_u8 (macsta_buf + 0); + wpa->orig_mac_sta[1] = hex_to_u8 (macsta_buf + 2); + wpa->orig_mac_sta[2] = hex_to_u8 (macsta_buf + 4); + wpa->orig_mac_sta[3] = hex_to_u8 (macsta_buf + 6); + wpa->orig_mac_sta[4] = hex_to_u8 (macsta_buf + 8); + wpa->orig_mac_sta[5] = hex_to_u8 (macsta_buf + 10); + + // essid + + const u8 *essid_buf = token.buf[5]; + const int essid_len = token.len[5]; + + if (essid_len & 1) return (PARSER_SALT_VALUE); + + wpa->essid_len = hex_decode (essid_buf, essid_len, (u8 *) wpa->essid_buf); + + // salt + + memcpy (salt->salt_buf, wpa->essid_buf, wpa->essid_len); + + salt->salt_len = wpa->essid_len; + + salt->salt_iter = ROUNDS_WPA_PBKDF2 - 1; + + // type + + const u8 *type_buf = token.buf[1]; + + const u8 type = hex_to_u8 (type_buf); + + if ((type != 1) && (type != 2)) return (PARSER_SALT_VALUE); + + wpa->type = type; + + // PMKID specific code + + if (type == 1) + { + // pmkid + + const u8 *pmkid_buf = token.buf[2]; + + wpa->pmkid[0] = hex_to_u32 (pmkid_buf + 0); + wpa->pmkid[1] = hex_to_u32 (pmkid_buf + 8); + wpa->pmkid[2] = hex_to_u32 (pmkid_buf + 16); + wpa->pmkid[3] = hex_to_u32 (pmkid_buf + 24); + + // pmkid_data + + wpa->pmkid_data[0] = 0x204b4d50; // "PMK " + wpa->pmkid_data[1] = 0x656d614e; // "Name" + wpa->pmkid_data[2] = (wpa->orig_mac_ap[0] << 0) + | (wpa->orig_mac_ap[1] << 8) + | (wpa->orig_mac_ap[2] << 16) + | (wpa->orig_mac_ap[3] << 24); + wpa->pmkid_data[3] = (wpa->orig_mac_ap[4] << 0) + | (wpa->orig_mac_ap[5] << 8) + | (wpa->orig_mac_sta[0] << 16) + | (wpa->orig_mac_sta[1] << 24); + wpa->pmkid_data[4] = (wpa->orig_mac_sta[2] << 0) + | (wpa->orig_mac_sta[3] << 8) + | (wpa->orig_mac_sta[4] << 16) + | (wpa->orig_mac_sta[5] << 24); + + // hash + + digest[0] = wpa->pmkid[0]; + digest[1] = wpa->pmkid[1]; + digest[2] = wpa->pmkid[2]; + digest[3] = wpa->pmkid[3]; + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + } + + // EAPOL specific code + + if (type == 2) + { + // checks + + if (token.len[6] != 64) return (PARSER_SALT_LENGTH); + + if (token.len[7] < (int) sizeof (auth_packet_t) * 2) return (PARSER_SALT_LENGTH); + + if (token.len[8] != 2) return (PARSER_SALT_LENGTH); + + // anonce + + const u8 *anonce_pos = token.buf[6]; + + wpa->anonce[0] = hex_to_u32 (anonce_pos + 0); + wpa->anonce[1] = hex_to_u32 (anonce_pos + 8); + wpa->anonce[2] = hex_to_u32 (anonce_pos + 16); + wpa->anonce[3] = hex_to_u32 (anonce_pos + 24); + wpa->anonce[4] = hex_to_u32 (anonce_pos + 32); + wpa->anonce[5] = hex_to_u32 (anonce_pos + 40); + wpa->anonce[6] = hex_to_u32 (anonce_pos + 48); + wpa->anonce[7] = hex_to_u32 (anonce_pos + 56); + + // eapol + + const u8 *eapol_pos = token.buf[7]; + + u8 *eapol_ptr = (u8 *) wpa->eapol; + + wpa->eapol_len = hex_decode ((const u8 *) eapol_pos, token.len[7], eapol_ptr); + + memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len); + + auth_packet_t *auth_packet = (auth_packet_t *) wpa->eapol; + + // keyver + + const u16 key_information = byte_swap_16 (auth_packet->key_information); + + wpa->keyver = key_information & 3; + + if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE); + + // pke + + u8 *pke_ptr = (u8 *) wpa->pke; + + memset (pke_ptr, 0, 128); + + if ((wpa->keyver == 1) || (wpa->keyver == 2)) + { + memcpy (pke_ptr, "Pairwise key expansion\x00", 23); + + if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + { + memcpy (pke_ptr + 23, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 29, wpa->orig_mac_sta, 6); + } + else + { + memcpy (pke_ptr + 23, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 29, wpa->orig_mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 35, wpa->anonce, 32); + memcpy (pke_ptr + 67, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 35, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 67, wpa->anonce, 32); + } + } + else if (wpa->keyver == 3) + { + pke_ptr[0] = 1; + pke_ptr[1] = 0; + + memcpy (pke_ptr + 2, "Pairwise key expansion", 22); + + if (memcmp (wpa->orig_mac_ap, wpa->orig_mac_sta, 6) < 0) + { + memcpy (pke_ptr + 24, wpa->orig_mac_ap, 6); + memcpy (pke_ptr + 30, wpa->orig_mac_sta, 6); + } + else + { + memcpy (pke_ptr + 24, wpa->orig_mac_sta, 6); + memcpy (pke_ptr + 30, wpa->orig_mac_ap, 6); + } + + wpa->nonce_compare = memcmp (wpa->anonce, auth_packet->wpa_key_nonce, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 36, wpa->anonce, 32); + memcpy (pke_ptr + 68, auth_packet->wpa_key_nonce, 32); + } + else + { + memcpy (pke_ptr + 36, auth_packet->wpa_key_nonce, 32); + memcpy (pke_ptr + 68, wpa->anonce, 32); + } + + pke_ptr[100] = 0x80; + pke_ptr[101] = 1; + } + + for (int i = 0; i < 32; i++) + { + wpa->pke[i] = byte_swap_32 (wpa->pke[i]); + } + + if (wpa->keyver == 2) + { + for (int i = 0; i < 64; i++) + { + wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]); + } + } + + if (wpa->keyver == 3) + { + eapol_ptr[wpa->eapol_len] = 0x80; + } + + // extra + + const u8 *extra_pos = token.buf[8]; + + wpa->extra = hex_to_u8 (extra_pos); + + // todo stuff + + wpa->message_pair = wpa->extra; + wpa->message_pair_chgd = 0; + wpa->nonce_error_corrections = 0; + wpa->detected_le = 0; + wpa->detected_be = 0; + + // mic + + const u8 *mic_pos = token.buf[2]; + + wpa->keymic[0] = hex_to_u32 (mic_pos + 0); + wpa->keymic[1] = hex_to_u32 (mic_pos + 8); + wpa->keymic[2] = hex_to_u32 (mic_pos + 16); + wpa->keymic[3] = hex_to_u32 (mic_pos + 24); + + wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]); + wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]); + wpa->keymic[2] = byte_swap_32 (wpa->keymic[2]); + wpa->keymic[3] = byte_swap_32 (wpa->keymic[3]); + + // Create a hash of the nonce as ESSID is not unique enough + // Not a regular MD5 but good enough + // We can also ignore cases where we should bzero the work buffer + + u32 hash[4]; + + hash[0] = 0; + hash[1] = 1; + hash[2] = 2; + hash[3] = 3; + + u32 block[16]; + + memset (block, 0, sizeof (block)); + + u8 *block_ptr = (u8 *) block; + + for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 0]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 16]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 32]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + for (int i = 0; i < 16; i++) block[i] = wpa->eapol[i + 48]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + memcpy (block_ptr + 0, wpa->orig_mac_ap, 6); + memcpy (block_ptr + 6, wpa->orig_mac_sta, 6); + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + memcpy (block_ptr + 0, wpa->anonce, 32); + memcpy (block_ptr + 32, auth_packet->wpa_key_nonce, 32); + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + block[0] = wpa->keymic[0]; + block[1] = wpa->keymic[1]; + block[2] = wpa->keymic[2]; + block[3] = wpa->keymic[3]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + + // make all this stuff unique + + digest[0] = hash[0]; + digest[1] = hash[1]; + digest[2] = hash[2]; + digest[3] = hash[3]; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const wpa_t *wpa = (const wpa_t *) esalt_buf; + + int line_len = 0; + + if (need_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, ':', 0) == true) + { + char tmp_buf[128]; + + int tmp_len = 0; + + tmp_buf[tmp_len++] = '$'; + tmp_buf[tmp_len++] = 'H'; + tmp_buf[tmp_len++] = 'E'; + tmp_buf[tmp_len++] = 'X'; + tmp_buf[tmp_len++] = '['; + + exec_hexify ((const u8 *) wpa->essid_buf, wpa->essid_len, (u8 *) tmp_buf + tmp_len); + + tmp_len += wpa->essid_len * 2; + + tmp_buf[tmp_len++] = ']'; + + tmp_buf[tmp_len++] = 0; + + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + tmp_buf); + } + else + { + line_len = snprintf (line_buf, line_size, "%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x:%s", + wpa->orig_mac_ap[0], + wpa->orig_mac_ap[1], + wpa->orig_mac_ap[2], + wpa->orig_mac_ap[3], + wpa->orig_mac_ap[4], + wpa->orig_mac_ap[5], + wpa->orig_mac_sta[0], + wpa->orig_mac_sta[1], + wpa->orig_mac_sta[2], + wpa->orig_mac_sta[3], + wpa->orig_mac_sta[4], + wpa->orig_mac_sta[5], + (const char *) wpa->essid_buf); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = module_hash_binary_save; + module_ctx->module_hash_decode_potfile = module_hash_decode_potfile; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = module_hash_encode_potfile; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = module_potfile_custom_check; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/selftest.c b/src/selftest.c index 2bff174bc..77652f9d9 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -542,9 +542,34 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; - const u32 deep_comp_kernel = module_ctx->module_deep_comp_kernel (hashes, 0, 0); + bool test_ok = false; - if (run_kernel (hashcat_ctx, device_param, deep_comp_kernel, 1, false, 0) == -1) return -1; + if (hashconfig->opts_type & OPTS_TYPE_AUX1) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX1, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX2) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX2, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX3) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX3, 1, false, 0) == 0) test_ok = true; + } + + if (hashconfig->opts_type & OPTS_TYPE_AUX4) + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_AUX4, 1, false, 0) == 0) test_ok = true; + } + + else + { + if (run_kernel (hashcat_ctx, device_param, KERN_RUN_3, 1, false, 0) == -1) return -1; + } + + if (test_ok == false) return -1; } else { diff --git a/tools/test.sh b/tools/test.sh index 0adb8e174..d610304d8 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -19,7 +19,7 @@ VC_MODES="13711 13712 13713 13721 13722 13723 13731 13732 13733 13741 13742 1374 NEVER_CRACK="9720 9820 14900 18100" # List of modes which return a different output hash format than the input hash format -NOCHECK_ENCODING="16800" +NOCHECK_ENCODING="16800 22000" # LUKS mode has test containers LUKS_MODE="14600" @@ -273,6 +273,8 @@ function init() min_offset=3 elif [ "${hash_type}" -eq 16800 ]; then min_offset=7 # means length 8, since we start with 0 + elif [ "${hash_type}" -eq 22000 ]; then + min_offset=7 # means length 8, since we start with 0 fi # foreach password entry split password in 2 (skip first entry, is len 1) @@ -334,6 +336,8 @@ function init() min_len=31 elif [ "${hash_type}" -eq 16800 ]; then min_len=7 # means length 8, since we start with 0 + elif [ "${hash_type}" -eq 22000 ]; then + min_len=7 # means length 8, since we start with 0 fi # generate multiple pass/hash foreach len (2 to 8) @@ -925,6 +929,8 @@ function attack_3() max=1 elif [ "${hash_type}" -eq 16800 ]; then max=7 + elif [ "${hash_type}" -eq 22000 ]; then + max=7 fi i=1 @@ -1094,6 +1100,11 @@ function attack_3() increment_max=9 fi + if [ "${hash_type}" -eq 22000 ]; then + increment_min=8 + increment_max=9 + fi + # if file_only -> decode all base64 "hashes" and put them in the temporary file if [ "${file_only}" -eq 1 ]; then @@ -1335,6 +1346,91 @@ function attack_3() custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" fi + if [ "${hash_type}" -eq 22000 ]; then + + mask="?d?d?d?d?d?1?2?3?4" + + charset_1="" + charset_2="" + charset_3="" + charset_4="" + + # check positions (here we assume that mask is always composed of non literal chars + # i.e. something like ?d?l?u?s?1 is possible, but ?d?dsuffix not + charset_1_pos=$(expr index "${mask}" 1) + charset_2_pos=$(expr index "${mask}" 2) + charset_3_pos=$(expr index "${mask}" 3) + charset_4_pos=$(expr index "${mask}" 4) + + # divide each charset position by 2 since each of them occupies 2 positions in the mask + + charset_1_pos=$((charset_1_pos / 2)) + charset_2_pos=$((charset_2_pos / 2)) + charset_3_pos=$((charset_3_pos / 2)) + charset_4_pos=$((charset_4_pos / 2)) + + i=1 + + while read -r -u 9 hash; do + + pass=$(sed -n ${i}p "${OUTD}/${hash_type}_passwords.txt") + + # charset 1 + char=$(echo "${pass}" | cut -b ${charset_1_pos}) + charset_1=$(printf "%s\n%s\n" "${charset_1}" "${char}") + + # charset 2 + char=$(echo "${pass}" | cut -b ${charset_2_pos}) + charset_2=$(printf "%s\n%s\n" "${charset_2}" "${char}") + + # charset 3 + char=$(echo "${pass}" | cut -b ${charset_3_pos}) + charset_3=$(printf "%s\n%s\n" "${charset_3}" "${char}") + + # charset 4 + char=$(echo "${pass}" | cut -b ${charset_4_pos}) + charset_4=$(printf "%s\n%s\n" "${charset_4}" "${char}") + + i=$((i + 1)) + + done 9< "${OUTD}/${hash_type}_multihash_bruteforce.txt" + + # just make sure that all custom charset fields are initialized + + if [ -z "${charset_1}" ]; then + + charset_1="1" + + fi + + if [ -z "${charset_2}" ]; then + + charset_2="2" + + fi + + if [ -z "${charset_3}" ]; then + + charset_3="3" + + fi + + if [ -z "${charset_4}" ]; then + + charset_4="4" + + fi + + # unique and remove new lines + + charset_1=$(echo "${charset_1}" | sort -u | tr -d '\n') + charset_2=$(echo "${charset_2}" | sort -u | tr -d '\n') + charset_3=$(echo "${charset_3}" | sort -u | tr -d '\n') + charset_4=$(echo "${charset_4}" | sort -u | tr -d '\n') + + custom_charsets="-1 ${charset_1} -2 ${charset_2} -3 ${charset_3} -4 ${charset_4}" + fi + increment_charset_opts="" if [ ${need_hcmask} -eq 0 ]; then # the "normal" case without .hcmask file @@ -1449,6 +1545,8 @@ function attack_6() mask_offset=29 elif [ "${hash_type}" -eq 16800 ]; then max=6 + elif [ "${hash_type}" -eq 22000 ]; then + max=6 fi # special case: we need to split the first line @@ -1667,6 +1765,8 @@ function attack_6() max=8 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then @@ -1813,6 +1913,8 @@ function attack_7() max=1 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi # special case: we need to split the first line @@ -1916,6 +2018,26 @@ function attack_7() fi + if [ "${hash_type}" -eq 22000 ]; then + + pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") + pass_part_2=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict2") + + pass_part_2_len=${#pass_part_2} + + pass=${pass_part_1}${pass_part_2} + pass_len=${#pass} + + # add first x chars of password to mask and append the (old) mask + + mask_len=${#mask} + mask_len=$((mask_len / 2)) + + mask_prefix=$(echo "${pass}" | cut -b -$((pass_len - mask_len - pass_part_2_len))) + mask=${mask_prefix}${mask} + + fi + if [ "${hash_type}" -eq 20510 ]; then pass_part_1=$(sed -n ${line_nr}p "${OUTD}/${hash_type}_dict1") @@ -2060,6 +2182,8 @@ function attack_7() max=5 elif [ "${hash_type}" -eq 16800 ]; then max=5 + elif [ "${hash_type}" -eq 22000 ]; then + max=5 fi if is_in_array "${hash_type}" ${TIMEOUT_ALGOS}; then diff --git a/tools/test_modules/m22000.pm b/tools/test_modules/m22000.pm new file mode 100644 index 000000000..d9eb66c9a --- /dev/null +++ b/tools/test_modules/m22000.pm @@ -0,0 +1,557 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use Digest::MD5 qw (md5); +use Digest::SHA qw (sha1 sha256); +use Digest::HMAC qw (hmac hmac_hex); +use Digest::CMAC; +use MIME::Base64 qw (encode_base64); + +sub module_constraints { [[8, 63], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $type = shift // random_number (1, 2); + my $macap = shift; + my $macsta = shift; + my $essid = shift; + my $anonce = shift; + my $eapol = shift; + my $extra = shift; + + my $hash; + + if ($type == 1) + { + if (!defined ($macap)) + { + $macap = unpack ("H*", random_bytes (6)); + } + + if (!defined ($macsta)) + { + $macsta = unpack ("H*", random_bytes (6)); + } + + if (!defined ($essid)) + { + $essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e)); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hash_class => 'HMACSHA1', + iterations => 4096, + output_len => 32, + ); + + my $essid_bin = pack ("H*", $essid); + + my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word); + + my $macap_bin = pack ("H*", $macap); + my $macsta_bin = pack ("H*", $macsta); + + my $data = "PMK Name" . $macap_bin . $macsta_bin; + + my $pmkid = hmac_hex ($data, $pmk, \&sha1); + + $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:::", $type, substr ($pmkid, 0, 32), $macap, $macsta, $essid); + } + elsif ($type == 2) + { + if (!defined ($macap)) + { + $macap = random_bytes (6); + } + else + { + $macap = pack ("H*", $macap); + } + + if (!defined ($macsta)) + { + $macsta = random_bytes (6); + } + else + { + $macsta = pack ("H*", $macsta); + } + + if (!defined ($extra)) + { + $extra = "\x00"; + } + else + { + $extra = pack ("H*", $extra); + } + + my $keyver; + + my $snonce; + + if (!defined ($eapol)) + { + $keyver = random_number (1, 3); # 1, 2 or 3 + + $snonce = random_bytes (32); + + $eapol = gen_random_wpa_eapol ($keyver, $snonce); + } + else + { + $eapol = pack ("H*", $eapol); + + my $key_info = unpack ("n*", substr ($eapol, 5, 2)); + + $keyver = $key_info & 3; + + $snonce = substr ($eapol, 17, 32); + } + + if (!defined ($anonce)) + { + $anonce = random_bytes (32); + } + else + { + $anonce = pack ("H*", $anonce); + } + + if (!defined ($essid)) + { + $essid = unpack ("H*", random_bytes (random_number (0, 32) & 0x1e)); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hash_class => 'HMACSHA1', + iterations => 4096, + output_len => 32, + ); + + my $essid_bin = pack ("H*", $essid); + + my $pmk = $pbkdf2->PBKDF2 ($essid_bin, $word); + + # Pairwise Transient Key (PTK) transformation + + my $ptk = wpa_prf_512 ($keyver, $pmk, $macsta, $macap, $snonce, $anonce); + + # generate the Message Integrity Code (MIC) + + my $mic = ""; + + if ($keyver == 1) # WPA1 => MD5 + { + $mic = hmac ($eapol, $ptk, \&md5); + } + elsif ($keyver == 2) # WPA2 => SHA1 + { + $mic = hmac ($eapol, $ptk, \&sha1); + } + elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC + { + my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael'); + + $omac1->add ($eapol); + + $mic = $omac1->digest; + } + + $mic = substr ($mic, 0, 16); + + $hash = sprintf ("WPA:%02x:%s:%s:%s:%s:%s:%s:%s", $type, unpack ("H*", $mic), unpack ("H*", $macap), unpack ("H*", $macsta), $essid, unpack ("H*", $anonce), unpack ("H*", $eapol), unpack ("H*", $extra)); + } + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my @data = split (':', $line); + + return unless scalar @data == 10; + + my ($signature, $type, undef, $macap, $macsta, $essid, $anonce, $eapol, $extra, $word) = @data; + + return unless ($signature eq "WPA"); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, undef, $type, $macap, $macsta, $essid, $anonce, $eapol, $extra); + + return ($new_hash, $word); +} + +sub gen_random_wpa_eapol +{ + my $keyver = shift; + my $snonce = shift; + + my $ret = ""; + + # version + + my $version = 1; # 802.1X-2001 + + $ret .= pack ("C*", $version); + + my $type = 3; # means that this EAPOL frame is used to transfer key information + + $ret .= pack ("C*", $type); + + my $length; # length of remaining data + + if ($keyver == 1) + { + $length = 119; + } + else + { + $length = 117; + } + + $ret .= pack ("n*", $length); + + my $descriptor_type; + + if ($keyver == 1) + { + $descriptor_type = 254; # EAPOL WPA key + } + else + { + $descriptor_type = 1; # EAPOL RSN key + } + + $ret .= pack ("C*", $descriptor_type); + + # key_info is a bit vector: + # generated from these 13 bits: encrypted key data, request, error, secure, key mic, key ack, install, key index (2), key type, key descriptor (3) + + my $key_info = 0; + + $key_info |= 1 << 8; # set key MIC + $key_info |= 1 << 3; # set if it is a pairwise key + + if ($keyver == 1) + { + $key_info |= 1; # RC4 Cipher, HMAC-MD5 MIC + } + elsif ($keyver == 2) + { + $key_info |= 2; # AES Cipher, HMAC-SHA1 MIC + } + elsif ($keyver == 3) + { + $key_info |= 3; # AES-CMAC + } + + $ret .= pack ("n*", $key_info); + + my $key_length; + + if ($keyver == 1) + { + $key_length = 32; + } + else + { + $key_length = 0; + } + + $ret .= pack ("n*", $key_length); + + my $replay_counter = 1; + + $ret .= pack ("Q>*", $replay_counter); + + $ret .= $snonce; + + my $key_iv = "\x00" x 16; + + $ret .= $key_iv; + + my $key_rsc = "\x00" x 8; + + $ret .= $key_rsc; + + my $key_id = "\x00" x 8; + + $ret .= $key_id; + + my $key_mic = "\x00" x 16; + + $ret .= $key_mic; + + my $key_data_len; + + if ($keyver == 1) + { + $key_data_len = 24; # length of the key_data (== WPA info) + } + else + { + $key_data_len = 22; # length of the key_data (== RSN info) + } + + $ret .= pack ("n*", $key_data_len); + + my $key_data = ""; + + if ($keyver == 1) + { + # wpa info + + my $wpa_info = ""; + + my $vendor_specific_data = ""; + + my $tag_number = 221; # means it is a vendor specific tag + + $vendor_specific_data .= pack ("C*", $tag_number); + + my $tag_len = 22; # length of the remaining "tag data" + + $vendor_specific_data .= pack ("C*", $tag_len); + + my $vendor_specific_oui = pack ("H*", "0050f2"); # microsoft + + $vendor_specific_data .= $vendor_specific_oui; + + my $vendor_specific_oui_type = 1; # WPA Information Element + + $vendor_specific_data .= pack ("C*", $vendor_specific_oui_type); + + my $vendor_specific_wpa_version = 1; + + $vendor_specific_data .= pack ("v*", $vendor_specific_wpa_version); + + # multicast + + my $vendor_specific_multicast_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $vendor_specific_multicast_oui; + + my $vendor_specific_multicast_type = 2; # TKIP + + $vendor_specific_data .= pack ("C*", $vendor_specific_multicast_type); + + # unicast + + my $vendor_specific_unicast_count = 1; + + $vendor_specific_data .= pack ("v*", $vendor_specific_unicast_count); + + my $vendor_specific_unicast_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $vendor_specific_unicast_oui; + + my $vendor_specific_unicast_type = 2; # TKIP + + $vendor_specific_data .= pack ("C*", $vendor_specific_unicast_type); + + # Auth Key Management (AKM) + + my $auth_key_management_count = 1; + + $vendor_specific_data .= pack ("v*", $auth_key_management_count); + + my $auth_key_management_oui = pack ("H*", "0050f2"); + + $vendor_specific_data .= $auth_key_management_oui; + + my $auth_key_management_type = 2; # Pre-Shared Key (PSK) + + $vendor_specific_data .= pack ("C*", $auth_key_management_type); + + $wpa_info = $vendor_specific_data; + + $key_data = $wpa_info; + } + else + { + # rsn info + + my $rsn_info = ""; + + my $tag_number = 48; # RSN info + + $rsn_info .= pack ("C*", $tag_number); + + my $tag_len = 20; # length of the remaining "tag_data" + + $rsn_info .= pack ("C*", $tag_len); + + my $rsn_version = 1; + + $rsn_info .= pack ("v*", $rsn_version); + + # group cipher suite + + my $group_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $group_cipher_suite_oui; + + my $group_cipher_suite_type = 4; # AES (CCM) + + $rsn_info .= pack ("C*", $group_cipher_suite_type); + + # pairwise cipher suite + + my $pairwise_cipher_suite_count = 1; + + $rsn_info .= pack ("v*", $pairwise_cipher_suite_count); + + my $pairwise_cipher_suite_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $pairwise_cipher_suite_oui; + + my $pairwise_cipher_suite_type = 4; # AES (CCM) + + $rsn_info .= pack ("C*", $pairwise_cipher_suite_type); + + # Auth Key Management (AKM) + + my $auth_key_management_count = 1; + + $rsn_info .= pack ("v*", $auth_key_management_count); + + my $auth_key_management_oui = pack ("H*", "000fac"); # Ieee8021 + + $rsn_info .= $auth_key_management_oui; + + my $auth_key_management_type = 2; # Pre-Shared Key (PSK) + + $rsn_info .= pack ("C*", $auth_key_management_type); + + # RSN Capabilities + + # bit vector of these 9 bits: peerkey enabled, management frame protection (MFP) capable, MFP required, + # RSN GTKSA Capabilities (2), RSN PTKSA Capabilities (2), no pairwise Capabilities, Pre-Auth Capabilities + + my $rsn_capabilities = pack ("H*", "0000"); + + $rsn_info .= $rsn_capabilities; + + $key_data = $rsn_info; + } + + $ret .= $key_data; + + return $ret; +} + +sub wpa_prf_512 +{ + my $keyver = shift; + my $pmk = shift; + my $macsta = shift; + my $macap = shift; + my $snonce = shift; + my $anonce = shift; + + my $data = "Pairwise key expansion"; + + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + } + + # + # Min(AA, SPA) || Max(AA, SPA) + # + + # compare if greater: Min()/Max() on the MACs (6 bytes) + + if (memcmp ($macsta, $macap, 6) < 0) + { + $data .= $macsta; + $data .= $macap; + } + else + { + $data .= $macap; + $data .= $macsta; + } + + # + # Min(ANonce,SNonce) || Max(ANonce,SNonce) + # + + # compare if greater: Min()/Max() on the nonces (32 bytes) + + if (memcmp ($snonce, $anonce, 32) < 0) + { + $data .= $snonce; + $data .= $anonce; + } + else + { + $data .= $anonce; + $data .= $snonce; + } + + my $prf_buf; + + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + + $prf_buf = hmac ($data, $pmk, \&sha1); + } + else + { + my $data3 = "\x01\x00" . $data . "\x80\x01"; + + $prf_buf = hmac ($data3, $pmk, \&sha256); + } + + $prf_buf = substr ($prf_buf, 0, 16); + + return $prf_buf; +} + +sub memcmp +{ + my $str1 = shift; + my $str2 = shift; + my $len = shift; + + my $len_str1 = length ($str1); + my $len_str2 = length ($str2); + + if (($len > $len_str1) || ($len > $len_str2)) + { + print "ERROR: memcmp () lengths wrong"; + + exit (1); + } + + for (my $i = 0; $i < $len; $i++) + { + my $c_1 = ord (substr ($str1, $i, 1)); + my $c_2 = ord (substr ($str2, $i, 1)); + + return -1 if ($c_1 < $c_2); + return 1 if ($c_1 > $c_2); + } + + return 0; +} + +1;