mirror of
https://github.com/hashcat/hashcat.git
synced 2024-12-24 23:48:39 +00:00
Merge pull request #1238 from Fist0urs/DPAPImk
Add new format -m 15300 Dpapi master key file version 1 and version 2
This commit is contained in:
commit
2eabc360d7
@ -1033,6 +1033,27 @@ typedef struct
|
|||||||
|
|
||||||
} keepass_t;
|
} keepass_t;
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
u32 version;
|
||||||
|
u32 context;
|
||||||
|
|
||||||
|
u32 SID[32];
|
||||||
|
u32 SID_len;
|
||||||
|
u32 SID_offset;
|
||||||
|
|
||||||
|
/* here only for possible
|
||||||
|
forward compatibiliy
|
||||||
|
*/
|
||||||
|
//char cipher_algo[16];
|
||||||
|
//char hash_algo[16];
|
||||||
|
|
||||||
|
u32 iv[4];
|
||||||
|
u32 contents_len;
|
||||||
|
u32 contents[128];
|
||||||
|
|
||||||
|
} dpapimk_t;
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
u32 digest[4];
|
u32 digest[4];
|
||||||
@ -1372,6 +1393,24 @@ typedef struct
|
|||||||
|
|
||||||
} keepass_tmp_t;
|
} keepass_tmp_t;
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
/* dedicated to hmac-sha1 */
|
||||||
|
u32 ipad[5];
|
||||||
|
u32 opad[5];
|
||||||
|
u32 dgst[10];
|
||||||
|
u32 out[10];
|
||||||
|
|
||||||
|
u32 userKey[5];
|
||||||
|
|
||||||
|
/* dedicated to hmac-sha512 */
|
||||||
|
u64 ipad64[8];
|
||||||
|
u64 opad64[8];
|
||||||
|
u64 dgst64[16];
|
||||||
|
u64 out64[16];
|
||||||
|
|
||||||
|
} dpapimk_tmp_t;
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
u32 Kc[16];
|
u32 Kc[16];
|
||||||
|
2634
OpenCL/m15300.cl
Normal file
2634
OpenCL/m15300.cl
Normal file
File diff suppressed because it is too large
Load Diff
@ -6,6 +6,7 @@
|
|||||||
|
|
||||||
- Added hash-mode 600 = Blake2-512
|
- Added hash-mode 600 = Blake2-512
|
||||||
- Added hash-mode 15200 = Blockchain, My Wallet, V2
|
- Added hash-mode 15200 = Blockchain, My Wallet, V2
|
||||||
|
- Added hash-mode 15300 = DPAPI masterkey file v1 and v2
|
||||||
|
|
||||||
##
|
##
|
||||||
## Features
|
## Features
|
||||||
|
@ -31,6 +31,7 @@ Jean-Christophe "Fist0urs" Delaunay <jean-christophe.delaunay@synacktiv.com> (@F
|
|||||||
* Kerberos TGS Rep enctype 23 kernel module
|
* Kerberos TGS Rep enctype 23 kernel module
|
||||||
* AxCrypt kernel module
|
* AxCrypt kernel module
|
||||||
* KeePass kernel module
|
* KeePass kernel module
|
||||||
|
* DPAPImk v1 and v2 kernel module
|
||||||
|
|
||||||
Other contributors to hashcat
|
Other contributors to hashcat
|
||||||
|
|
||||||
|
@ -145,6 +145,7 @@ NVIDIA GPUs require "NVIDIA Driver" (367.x or later)
|
|||||||
- NTLM
|
- NTLM
|
||||||
- Domain Cached Credentials (DCC), MS Cache
|
- Domain Cached Credentials (DCC), MS Cache
|
||||||
- Domain Cached Credentials 2 (DCC2), MS Cache 2
|
- Domain Cached Credentials 2 (DCC2), MS Cache 2
|
||||||
|
- DPAPI masterkey file v1 and v2
|
||||||
- MS-AzureSync PBKDF2-HMAC-SHA256
|
- MS-AzureSync PBKDF2-HMAC-SHA256
|
||||||
- descrypt
|
- descrypt
|
||||||
- bsdicrypt
|
- bsdicrypt
|
||||||
|
@ -176,7 +176,7 @@ _hashcat ()
|
|||||||
{
|
{
|
||||||
local VERSION=3.5.0
|
local VERSION=3.5.0
|
||||||
|
|
||||||
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200"
|
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300"
|
||||||
local ATTACK_MODES="0 1 3 6 7"
|
local ATTACK_MODES="0 1 3 6 7"
|
||||||
local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5"
|
local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5"
|
||||||
local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"
|
local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"
|
||||||
|
@ -420,6 +420,27 @@ typedef struct psafe3
|
|||||||
|
|
||||||
} psafe3_t;
|
} psafe3_t;
|
||||||
|
|
||||||
|
typedef struct dpapimk
|
||||||
|
{
|
||||||
|
u32 version;
|
||||||
|
u32 context;
|
||||||
|
|
||||||
|
u32 SID[32];
|
||||||
|
u32 SID_len;
|
||||||
|
u32 SID_offset;
|
||||||
|
|
||||||
|
/* here only for possible
|
||||||
|
forward compatibiliy
|
||||||
|
*/
|
||||||
|
// u8 cipher_algo[16];
|
||||||
|
// u8 hash_algo[16];
|
||||||
|
|
||||||
|
u32 iv[4];
|
||||||
|
u32 contents_len;
|
||||||
|
u32 contents[128];
|
||||||
|
|
||||||
|
} dpapimk_t;
|
||||||
|
|
||||||
typedef struct pdf14_tmp
|
typedef struct pdf14_tmp
|
||||||
{
|
{
|
||||||
u32 digest[4];
|
u32 digest[4];
|
||||||
@ -810,6 +831,24 @@ typedef struct keepass_tmp
|
|||||||
|
|
||||||
} keepass_tmp_t;
|
} keepass_tmp_t;
|
||||||
|
|
||||||
|
typedef struct dpapimk_tmp
|
||||||
|
{
|
||||||
|
/* dedicated to hmac-sha1 */
|
||||||
|
u32 ipad[5];
|
||||||
|
u32 opad[5];
|
||||||
|
u32 dgst[10];
|
||||||
|
u32 out[10];
|
||||||
|
|
||||||
|
u32 userKey[5];
|
||||||
|
|
||||||
|
/* dedicated to hmac-sha512 */
|
||||||
|
u64 ipad64[8];
|
||||||
|
u64 opad64[8];
|
||||||
|
u64 dgst64[16];
|
||||||
|
u64 out64[16];
|
||||||
|
|
||||||
|
} dpapimk_tmp_t;
|
||||||
|
|
||||||
typedef struct seven_zip_hook
|
typedef struct seven_zip_hook
|
||||||
{
|
{
|
||||||
u32 ukey[8];
|
u32 ukey[8];
|
||||||
@ -1190,6 +1229,8 @@ typedef enum display_len
|
|||||||
DISPLAY_LEN_MAX_15100 = 6 + 6 + 1 + 8 + 1 + 28,
|
DISPLAY_LEN_MAX_15100 = 6 + 6 + 1 + 8 + 1 + 28,
|
||||||
DISPLAY_LEN_MIN_15200 = 1 + 10 + 1 + 2 + 1 + 1 + 1 + 1 + 1 + 64,
|
DISPLAY_LEN_MIN_15200 = 1 + 10 + 1 + 2 + 1 + 1 + 1 + 1 + 1 + 64,
|
||||||
DISPLAY_LEN_MAX_15200 = 1 + 10 + 1 + 2 + 1 + 8 + 1 + 5 + 1 + 20000,
|
DISPLAY_LEN_MAX_15200 = 1 + 10 + 1 + 2 + 1 + 8 + 1 + 5 + 1 + 20000,
|
||||||
|
DISPLAY_LEN_MIN_15300 = 1 + 7 + 1 + 1 + 1 + 1 + 1 + 10 + 1 + 4 + 1 + 4 + 1 + 1 + 1 + 32 + 1 + 3 + 1 + 128,
|
||||||
|
DISPLAY_LEN_MAX_15300 = 1 + 7 + 1 + 1 + 1 + 1 + 1 + 100 + 1 + 6 + 1 + 6 + 1 + 10 + 1 + 32 + 1 + 4 + 1 + 512,
|
||||||
DISPLAY_LEN_MIN_99999 = 1,
|
DISPLAY_LEN_MIN_99999 = 1,
|
||||||
DISPLAY_LEN_MAX_99999 = 55,
|
DISPLAY_LEN_MAX_99999 = 55,
|
||||||
|
|
||||||
@ -1329,6 +1370,8 @@ typedef enum hash_type
|
|||||||
HASH_TYPE_ITUNES_BACKUP_10 = 57,
|
HASH_TYPE_ITUNES_BACKUP_10 = 57,
|
||||||
HASH_TYPE_SKIP32 = 58,
|
HASH_TYPE_SKIP32 = 58,
|
||||||
HASH_TYPE_BLAKE2B = 59,
|
HASH_TYPE_BLAKE2B = 59,
|
||||||
|
HASH_TYPE_CHACHA20 = 60,
|
||||||
|
HASH_TYPE_DPAPIMK = 61,
|
||||||
|
|
||||||
} hash_type_t;
|
} hash_type_t;
|
||||||
|
|
||||||
@ -1518,6 +1561,7 @@ typedef enum kern_type
|
|||||||
KERN_TYPE_SKIP32 = 14900,
|
KERN_TYPE_SKIP32 = 14900,
|
||||||
KERN_TYPE_FILEZILLA_SERVER = 15000,
|
KERN_TYPE_FILEZILLA_SERVER = 15000,
|
||||||
KERN_TYPE_NETBSD_SHA1CRYPT = 15100,
|
KERN_TYPE_NETBSD_SHA1CRYPT = 15100,
|
||||||
|
KERN_TYPE_DPAPIMK = 15300,
|
||||||
KERN_TYPE_PLAINTEXT = 99999,
|
KERN_TYPE_PLAINTEXT = 99999,
|
||||||
|
|
||||||
} kern_type_t;
|
} kern_type_t;
|
||||||
@ -1588,6 +1632,7 @@ typedef enum rounds_count
|
|||||||
ROUNDS_ITUNES102_BACKUP = 10000,
|
ROUNDS_ITUNES102_BACKUP = 10000,
|
||||||
ROUNDS_ATLASSIAN = 10000,
|
ROUNDS_ATLASSIAN = 10000,
|
||||||
ROUNDS_NETBSD_SHA1CRYPT = 20000,
|
ROUNDS_NETBSD_SHA1CRYPT = 20000,
|
||||||
|
ROUNDS_DPAPIMK = 24000 - 1, // from 4000 to 24000 (possibly more)
|
||||||
ROUNDS_STDOUT = 0
|
ROUNDS_STDOUT = 0
|
||||||
|
|
||||||
} rounds_count_t;
|
} rounds_count_t;
|
||||||
@ -1766,6 +1811,7 @@ int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu
|
|||||||
int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
int filezilla_server_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
||||||
int netbsd_sha1crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
int netbsd_sha1crypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
||||||
int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
||||||
|
int dpapimk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* hook functions
|
* hook functions
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "benchmark.h"
|
#include "benchmark.h"
|
||||||
|
|
||||||
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 150;
|
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 151;
|
||||||
|
|
||||||
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] =
|
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] =
|
||||||
{
|
{
|
||||||
@ -85,6 +85,7 @@ const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] =
|
|||||||
1000,
|
1000,
|
||||||
1100,
|
1100,
|
||||||
2100,
|
2100,
|
||||||
|
15300,
|
||||||
12800,
|
12800,
|
||||||
1500,
|
1500,
|
||||||
12400,
|
12400,
|
||||||
|
278
src/interface.c
278
src/interface.c
@ -240,6 +240,7 @@ static const char HT_14900[] = "Skip32 (PT = $salt, key = $pass)";
|
|||||||
static const char HT_15000[] = "FileZilla Server >= 0.9.55";
|
static const char HT_15000[] = "FileZilla Server >= 0.9.55";
|
||||||
static const char HT_15100[] = "Juniper/NetBSD sha1crypt";
|
static const char HT_15100[] = "Juniper/NetBSD sha1crypt";
|
||||||
static const char HT_15200[] = "Blockchain, My Wallet, V2";
|
static const char HT_15200[] = "Blockchain, My Wallet, V2";
|
||||||
|
static const char HT_15300[] = "DPAPI masterkey file v1 and v2";
|
||||||
static const char HT_99999[] = "Plaintext";
|
static const char HT_99999[] = "Plaintext";
|
||||||
|
|
||||||
static const char HT_00011[] = "Joomla < 2.5.18";
|
static const char HT_00011[] = "Joomla < 2.5.18";
|
||||||
@ -317,6 +318,7 @@ static const char SIGNATURE_CRAM_MD5[] = "$cram_md5$";
|
|||||||
static const char SIGNATURE_DCC2[] = "$DCC2$";
|
static const char SIGNATURE_DCC2[] = "$DCC2$";
|
||||||
static const char SIGNATURE_DJANGOPBKDF2[] = "pbkdf2_sha256$";
|
static const char SIGNATURE_DJANGOPBKDF2[] = "pbkdf2_sha256$";
|
||||||
static const char SIGNATURE_DJANGOSHA1[] = "sha1$";
|
static const char SIGNATURE_DJANGOSHA1[] = "sha1$";
|
||||||
|
static const char SIGNATURE_DPAPIMK[] = "$DPAPImk$";
|
||||||
static const char SIGNATURE_DRUPAL7[] = "$S$";
|
static const char SIGNATURE_DRUPAL7[] = "$S$";
|
||||||
static const char SIGNATURE_ECRYPTFS[] = "$ecryptfs$";
|
static const char SIGNATURE_ECRYPTFS[] = "$ecryptfs$";
|
||||||
static const char SIGNATURE_EPISERVER4[] = "$episerver$*1*";
|
static const char SIGNATURE_EPISERVER4[] = "$episerver$*1*";
|
||||||
@ -2831,6 +2833,164 @@ int dcc2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSE
|
|||||||
return (PARSER_OK);
|
return (PARSER_OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int dpapimk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig)
|
||||||
|
{
|
||||||
|
if ((input_len < DISPLAY_LEN_MIN_15300) || (input_len > DISPLAY_LEN_MAX_15300)) return (PARSER_GLOBAL_LENGTH);
|
||||||
|
|
||||||
|
if (memcmp (SIGNATURE_DPAPIMK, input_buf, 9)) return (PARSER_SIGNATURE_UNMATCHED);
|
||||||
|
|
||||||
|
u32 *digest = (u32 *) hash_buf->digest;
|
||||||
|
|
||||||
|
salt_t *salt = hash_buf->salt;
|
||||||
|
|
||||||
|
dpapimk_t *dpapimk = (dpapimk_t *) hash_buf->esalt;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* parse line
|
||||||
|
*/
|
||||||
|
|
||||||
|
u8 *version_pos;
|
||||||
|
u8 *context_pos;
|
||||||
|
u8 *SID_pos;
|
||||||
|
u8 *cipher_algo_pos; // here just for possible forward compatibilities
|
||||||
|
u8 *hash_algo_pos; // same
|
||||||
|
u8 *rounds_pos;
|
||||||
|
u32 iv_len = 32;
|
||||||
|
u8 *iv_pos;
|
||||||
|
u8 *contents_len_pos;
|
||||||
|
u8 *contents_pos;
|
||||||
|
|
||||||
|
version_pos = input_buf + 8 + 1;
|
||||||
|
|
||||||
|
context_pos = (u8 *) strchr ((const char *) version_pos, '*');
|
||||||
|
|
||||||
|
if (context_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
context_pos++;
|
||||||
|
|
||||||
|
SID_pos = (u8 *) strchr ((const char *) context_pos, '*');
|
||||||
|
|
||||||
|
if (SID_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
SID_pos++;
|
||||||
|
|
||||||
|
cipher_algo_pos = (u8 *) strchr ((const char *) SID_pos, '*');
|
||||||
|
|
||||||
|
if (cipher_algo_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
cipher_algo_pos++;
|
||||||
|
|
||||||
|
hash_algo_pos = (u8 *) strchr ((const char *) cipher_algo_pos, '*');
|
||||||
|
|
||||||
|
if (hash_algo_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
hash_algo_pos++;
|
||||||
|
|
||||||
|
rounds_pos = (u8 *) strchr ((const char *) hash_algo_pos, '*');
|
||||||
|
|
||||||
|
if (rounds_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
rounds_pos++;
|
||||||
|
|
||||||
|
iv_pos = (u8 *) strchr ((const char *) rounds_pos, '*');
|
||||||
|
|
||||||
|
if (iv_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
iv_pos++;
|
||||||
|
|
||||||
|
contents_len_pos = (u8 *) strchr ((const char *) iv_pos, '*');
|
||||||
|
|
||||||
|
if (contents_len_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
if (contents_len_pos - iv_pos != iv_len) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
|
if (is_valid_hex_string (iv_pos, 32) == false) return (PARSER_SALT_ENCODING);
|
||||||
|
|
||||||
|
contents_len_pos++;
|
||||||
|
|
||||||
|
contents_pos = (u8 *) strchr ((const char *) contents_len_pos, '*');
|
||||||
|
|
||||||
|
if (contents_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
contents_pos++;
|
||||||
|
|
||||||
|
u32 version = atoll ((const char *) version_pos);
|
||||||
|
u32 contents_len = atoll ((const char *) contents_len_pos);
|
||||||
|
|
||||||
|
if (version == 1 && contents_len != 208) return (PARSER_SALT_LENGTH);
|
||||||
|
if (version == 2 && contents_len != 288) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
|
if (is_valid_hex_string (contents_pos, contents_len) == false) return (PARSER_SALT_ENCODING);
|
||||||
|
|
||||||
|
u8 *end_line = (u8 *) strchr ((const char *) contents_pos, 0);
|
||||||
|
|
||||||
|
if (end_line - contents_pos != contents_len) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
|
dpapimk->version = version;
|
||||||
|
|
||||||
|
dpapimk->context = atoll ((const char *) context_pos);
|
||||||
|
|
||||||
|
salt->salt_iter = (atoll ((const char *) rounds_pos)) - 1;
|
||||||
|
|
||||||
|
dpapimk->iv[0] = hex_to_u32 ((const u8 *) &iv_pos[ 0]);
|
||||||
|
dpapimk->iv[1] = hex_to_u32 ((const u8 *) &iv_pos[ 8]);
|
||||||
|
dpapimk->iv[2] = hex_to_u32 ((const u8 *) &iv_pos[16]);
|
||||||
|
dpapimk->iv[3] = hex_to_u32 ((const u8 *) &iv_pos[24]);
|
||||||
|
|
||||||
|
dpapimk->iv[0] = byte_swap_32 (dpapimk->iv[0]);
|
||||||
|
dpapimk->iv[1] = byte_swap_32 (dpapimk->iv[1]);
|
||||||
|
dpapimk->iv[2] = byte_swap_32 (dpapimk->iv[2]);
|
||||||
|
dpapimk->iv[3] = byte_swap_32 (dpapimk->iv[3]);
|
||||||
|
|
||||||
|
dpapimk->contents_len = contents_len;
|
||||||
|
|
||||||
|
for (u32 i = 0; i < dpapimk->contents_len / 4; i++)
|
||||||
|
{
|
||||||
|
dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]);
|
||||||
|
|
||||||
|
dpapimk->contents[i] = byte_swap_32 (dpapimk->contents[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
u32 SID_len = cipher_algo_pos - 1 - SID_pos;
|
||||||
|
|
||||||
|
/* maximum size of SID supported */
|
||||||
|
u8 *SID_unicode = (u8 *) hcmalloc (32 * 4);
|
||||||
|
memset (SID_unicode, 0, 32 * 4);
|
||||||
|
|
||||||
|
for (u32 i = 0; i < SID_len; i += 1)
|
||||||
|
{
|
||||||
|
SID_unicode[i * 2] = SID_pos[i];
|
||||||
|
}
|
||||||
|
|
||||||
|
SID_unicode[(SID_len + 1) * 2] = 0x80;
|
||||||
|
|
||||||
|
/* Specific to DPAPI: needs trailing '\0' while computing hash */
|
||||||
|
dpapimk->SID_len = (SID_len + 1) * 2;
|
||||||
|
|
||||||
|
memcpy ((u8 *) dpapimk->SID, SID_unicode, 32 * 4);
|
||||||
|
|
||||||
|
for (u32 i = 0; i < 32; i++)
|
||||||
|
{
|
||||||
|
dpapimk->SID[i] = byte_swap_32 (dpapimk->SID[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
digest[0] = dpapimk->iv[0];
|
||||||
|
digest[1] = dpapimk->iv[1];
|
||||||
|
digest[2] = dpapimk->iv[2];
|
||||||
|
digest[3] = dpapimk->iv[3];
|
||||||
|
|
||||||
|
salt->salt_buf[0] = dpapimk->iv[0];
|
||||||
|
salt->salt_buf[1] = dpapimk->iv[1];
|
||||||
|
salt->salt_buf[2] = dpapimk->iv[2];
|
||||||
|
salt->salt_buf[3] = dpapimk->iv[3];
|
||||||
|
|
||||||
|
salt->salt_len = 16;
|
||||||
|
|
||||||
|
hcfree(SID_unicode);
|
||||||
|
|
||||||
|
return (PARSER_OK);
|
||||||
|
}
|
||||||
|
|
||||||
int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig)
|
int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig)
|
||||||
{
|
{
|
||||||
u32 *digest = (u32 *) hash_buf->digest;
|
u32 *digest = (u32 *) hash_buf->digest;
|
||||||
@ -15226,6 +15386,7 @@ char *strhashtype (const u32 hash_mode)
|
|||||||
case 15000: return ((char *) HT_15000);
|
case 15000: return ((char *) HT_15000);
|
||||||
case 15100: return ((char *) HT_15100);
|
case 15100: return ((char *) HT_15100);
|
||||||
case 15200: return ((char *) HT_15200);
|
case 15200: return ((char *) HT_15200);
|
||||||
|
case 15300: return ((char *) HT_15300);
|
||||||
case 99999: return ((char *) HT_99999);
|
case 99999: return ((char *) HT_99999);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -18330,6 +18491,103 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
|
|||||||
|
|
||||||
snprintf (out_buf, out_len - 1, "%s", hash_buf);
|
snprintf (out_buf, out_len - 1, "%s", hash_buf);
|
||||||
}
|
}
|
||||||
|
else if (hash_mode == 15300)
|
||||||
|
{
|
||||||
|
dpapimk_t *dpapimks = (dpapimk_t *) esalts_buf;
|
||||||
|
|
||||||
|
dpapimk_t *dpapimk = &dpapimks[digest_cur];
|
||||||
|
|
||||||
|
u32 version = (u32) dpapimk->version;
|
||||||
|
u32 context = (u32) dpapimk->context;
|
||||||
|
u32 rounds = salt.salt_iter + 1;
|
||||||
|
u32 contents_len = (u32) dpapimk->contents_len;
|
||||||
|
u32 SID_len = (u32) dpapimk->SID_len;
|
||||||
|
u32 iv_len = 32;
|
||||||
|
|
||||||
|
u8 cipher_algorithm[8] = { 0 };
|
||||||
|
u8 hash_algorithm[8] = { 0 };
|
||||||
|
u8 SID[512] = { 0 };
|
||||||
|
u8* SID_tmp;
|
||||||
|
|
||||||
|
u32 *ptr_SID = (u32 *) dpapimk->SID;
|
||||||
|
u32 *ptr_iv = (u32 *) dpapimk->iv;
|
||||||
|
u32 *ptr_contents = (u32 *) dpapimk->contents;
|
||||||
|
|
||||||
|
u32 u32_iv[4];
|
||||||
|
u8 iv[32 + 1];
|
||||||
|
|
||||||
|
/* convert back SID */
|
||||||
|
|
||||||
|
SID_tmp = (u8 *) hcmalloc ((SID_len + 1) * sizeof(u8));
|
||||||
|
|
||||||
|
for (u32 i = 0; i < (SID_len / 4) + 1; i++)
|
||||||
|
{
|
||||||
|
u8 hex[8] = { 0 };
|
||||||
|
u32_to_hex_lower (byte_swap_32 (ptr_SID[i]), hex);
|
||||||
|
|
||||||
|
for (u32 j = 0, k = 0; j < 8; j += 2, k++)
|
||||||
|
{
|
||||||
|
SID_tmp[i * 4 + k] = hex_to_u8 (&hex[j]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* overwrite trailing 0x80 */
|
||||||
|
SID_tmp[SID_len] = 0;
|
||||||
|
|
||||||
|
for (u32 i = 0, j = 0 ; j < SID_len ; i++, j += 2)
|
||||||
|
{
|
||||||
|
SID[i] = SID_tmp[j];
|
||||||
|
}
|
||||||
|
|
||||||
|
hcfree(SID_tmp);
|
||||||
|
|
||||||
|
for (u32 i = 0; i < iv_len / 8; i++)
|
||||||
|
{
|
||||||
|
u32_iv[i] = byte_swap_32 (ptr_iv[i]);
|
||||||
|
u32_to_hex_lower (u32_iv[i], iv + i * 8);
|
||||||
|
}
|
||||||
|
iv[32] = 0;
|
||||||
|
|
||||||
|
u32 u32_contents[36];
|
||||||
|
u8 contents[288 + 1];
|
||||||
|
|
||||||
|
for (u32 i = 0; i < contents_len / 8; i++)
|
||||||
|
{
|
||||||
|
u32_contents[i] = byte_swap_32 (ptr_contents[i]);
|
||||||
|
u32_to_hex_lower (u32_contents[i], contents + i * 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (version == 1)
|
||||||
|
{
|
||||||
|
contents[208] = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
contents[288] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (contents_len == 288 && version == 2)
|
||||||
|
{
|
||||||
|
memcpy(cipher_algorithm, "aes256", strlen("aes256"));
|
||||||
|
memcpy(hash_algorithm, "sha512", strlen("sha512"));
|
||||||
|
}
|
||||||
|
else if (contents_len == 208 && version == 1)
|
||||||
|
{
|
||||||
|
memcpy(cipher_algorithm, "des3", strlen("des3"));
|
||||||
|
memcpy(hash_algorithm, "sha1", strlen("sha1"));
|
||||||
|
}
|
||||||
|
|
||||||
|
snprintf (out_buf, out_len - 1, "%s%d*%d*%s*%s*%s*%d*%s*%d*%s",
|
||||||
|
SIGNATURE_DPAPIMK,
|
||||||
|
version,
|
||||||
|
context,
|
||||||
|
SID,
|
||||||
|
cipher_algorithm,
|
||||||
|
hash_algorithm,
|
||||||
|
rounds,
|
||||||
|
iv,
|
||||||
|
contents_len,
|
||||||
|
contents);
|
||||||
|
}
|
||||||
else if (hash_mode == 99999)
|
else if (hash_mode == 99999)
|
||||||
{
|
{
|
||||||
char *ptr = (char *) digest_buf;
|
char *ptr = (char *) digest_buf;
|
||||||
@ -22627,6 +22885,20 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|||||||
hashconfig->dgst_pos3 = 3;
|
hashconfig->dgst_pos3 = 3;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 15300: hashconfig->hash_type = HASH_TYPE_DPAPIMK;
|
||||||
|
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
|
||||||
|
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
|
||||||
|
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE;
|
||||||
|
hashconfig->kern_type = KERN_TYPE_DPAPIMK;
|
||||||
|
hashconfig->dgst_size = DGST_SIZE_4_4;
|
||||||
|
hashconfig->parse_func = dpapimk_parse_hash;
|
||||||
|
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE;
|
||||||
|
hashconfig->dgst_pos0 = 0;
|
||||||
|
hashconfig->dgst_pos1 = 1;
|
||||||
|
hashconfig->dgst_pos2 = 2;
|
||||||
|
hashconfig->dgst_pos3 = 3;
|
||||||
|
break;
|
||||||
|
|
||||||
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
|
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
|
||||||
hashconfig->salt_type = SALT_TYPE_NONE;
|
hashconfig->salt_type = SALT_TYPE_NONE;
|
||||||
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
|
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
|
||||||
@ -22763,6 +23035,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|||||||
case 14600: hashconfig->esalt_size = sizeof (luks_t); break;
|
case 14600: hashconfig->esalt_size = sizeof (luks_t); break;
|
||||||
case 14700: hashconfig->esalt_size = sizeof (itunes_backup_t); break;
|
case 14700: hashconfig->esalt_size = sizeof (itunes_backup_t); break;
|
||||||
case 14800: hashconfig->esalt_size = sizeof (itunes_backup_t); break;
|
case 14800: hashconfig->esalt_size = sizeof (itunes_backup_t); break;
|
||||||
|
case 15300: hashconfig->esalt_size = sizeof (dpapimk_t); break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// hook_salt_size
|
// hook_salt_size
|
||||||
@ -22866,6 +23139,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|||||||
case 14800: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
|
case 14800: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
|
||||||
case 15100: hashconfig->tmp_size = sizeof (pbkdf1_sha1_tmp_t); break;
|
case 15100: hashconfig->tmp_size = sizeof (pbkdf1_sha1_tmp_t); break;
|
||||||
case 15200: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break;
|
case 15200: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break;
|
||||||
|
case 15300: hashconfig->tmp_size = sizeof (dpapimk_tmp_t); break;
|
||||||
};
|
};
|
||||||
|
|
||||||
// hook_size
|
// hook_size
|
||||||
@ -23270,6 +23544,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
|||||||
((luks_t *) esalt)->cipher_type = HC_LUKS_CIPHER_TYPE_AES;
|
((luks_t *) esalt)->cipher_type = HC_LUKS_CIPHER_TYPE_AES;
|
||||||
((luks_t *) esalt)->cipher_mode = HC_LUKS_CIPHER_MODE_XTS_PLAIN;
|
((luks_t *) esalt)->cipher_mode = HC_LUKS_CIPHER_MODE_XTS_PLAIN;
|
||||||
break;
|
break;
|
||||||
|
case 15300: ((dpapimk_t *) esalt)->version = 1;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// special hook salt handling
|
// special hook salt handling
|
||||||
@ -23464,6 +23740,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
|||||||
break;
|
break;
|
||||||
case 15200: salt->salt_iter = ROUNDS_MYWALLETV2;
|
case 15200: salt->salt_iter = ROUNDS_MYWALLETV2;
|
||||||
break;
|
break;
|
||||||
|
case 15300: salt->salt_iter = ROUNDS_DPAPIMK;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,6 +241,7 @@ static const char *USAGE_BIG[] =
|
|||||||
" 1000 | NTLM | Operating Systems",
|
" 1000 | NTLM | Operating Systems",
|
||||||
" 1100 | Domain Cached Credentials (DCC), MS Cache | Operating Systems",
|
" 1100 | Domain Cached Credentials (DCC), MS Cache | Operating Systems",
|
||||||
" 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating Systems",
|
" 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating Systems",
|
||||||
|
" 15300 | DPAPI masterkey file v1 and v2 | Operating Systems",
|
||||||
" 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating Systems",
|
" 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating Systems",
|
||||||
" 1500 | descrypt, DES (Unix), Traditional DES | Operating Systems",
|
" 1500 | descrypt, DES (Unix), Traditional DES | Operating Systems",
|
||||||
" 12400 | BSDiCrypt, Extended DES | Operating Systems",
|
" 12400 | BSDiCrypt, Extended DES | Operating Systems",
|
||||||
|
432
tools/test.pl
432
tools/test.pl
@ -9,7 +9,7 @@ use strict;
|
|||||||
use warnings;
|
use warnings;
|
||||||
use Digest::MD4 qw (md4 md4_hex);
|
use Digest::MD4 qw (md4 md4_hex);
|
||||||
use Digest::MD5 qw (md5 md5_hex);
|
use Digest::MD5 qw (md5 md5_hex);
|
||||||
use Digest::SHA qw (sha1 sha256 sha384 sha512 sha1_hex sha224_hex sha256_hex sha384_hex sha512_hex);
|
use Digest::SHA qw (sha1 sha256 sha384 sha512 sha1_hex sha224_hex sha256_hex sha384_hex sha512_hex hmac_sha1 hmac_sha512);
|
||||||
use Digest::HMAC qw (hmac hmac_hex);
|
use Digest::HMAC qw (hmac hmac_hex);
|
||||||
use Digest::Keccak qw (keccak_256_hex);
|
use Digest::Keccak qw (keccak_256_hex);
|
||||||
use Digest::BLAKE2 qw (blake2b_hex);
|
use Digest::BLAKE2 qw (blake2b_hex);
|
||||||
@ -47,7 +47,7 @@ my $hashcat = "./hashcat";
|
|||||||
|
|
||||||
my $MAX_LEN = 55;
|
my $MAX_LEN = 55;
|
||||||
|
|
||||||
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 99999);
|
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 99999);
|
||||||
|
|
||||||
my %is_unicode = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800);
|
my %is_unicode = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800);
|
||||||
my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
|
my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
|
||||||
@ -2621,6 +2621,60 @@ sub verify
|
|||||||
|
|
||||||
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
|
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
($hash_in, $word) = split ":", $line;
|
||||||
|
|
||||||
|
next unless defined $hash_in;
|
||||||
|
next unless defined $word;
|
||||||
|
|
||||||
|
my @tmp_data = split ('\$', $hash_in);
|
||||||
|
|
||||||
|
my $signature = $tmp_data[1];
|
||||||
|
|
||||||
|
next unless ($signature eq 'DPAPImk');
|
||||||
|
|
||||||
|
my @data = split ('\*', $tmp_data[2]);
|
||||||
|
|
||||||
|
next unless (scalar @data == 9);
|
||||||
|
|
||||||
|
my $version = shift @data;
|
||||||
|
|
||||||
|
next unless ($version == 1 || $version == 2);
|
||||||
|
|
||||||
|
my $context = shift @data;
|
||||||
|
|
||||||
|
my $SID = shift @data;
|
||||||
|
|
||||||
|
my $cipher_algorithm = shift @data;
|
||||||
|
|
||||||
|
my $hash_algorithm = shift @data;
|
||||||
|
|
||||||
|
my $iteration = shift @data;
|
||||||
|
|
||||||
|
my $iv = shift @data;
|
||||||
|
|
||||||
|
my $cipher_len = shift @data;
|
||||||
|
|
||||||
|
my $cipher = shift @data;
|
||||||
|
|
||||||
|
next unless (length ($cipher) == $cipher_len);
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
next unless ($cipher_len == 208);
|
||||||
|
}
|
||||||
|
elsif ($version == 2)
|
||||||
|
{
|
||||||
|
next unless ($cipher_len == 288);
|
||||||
|
}
|
||||||
|
|
||||||
|
$salt = substr ($hash_in, length ('$DPAPImk$'));
|
||||||
|
|
||||||
|
$param = $cipher;
|
||||||
|
|
||||||
|
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
print "ERROR: hash mode is not supported\n";
|
print "ERROR: hash mode is not supported\n";
|
||||||
@ -2996,6 +3050,14 @@ sub verify
|
|||||||
|
|
||||||
$hash_out = $hash_in;
|
$hash_out = $hash_in;
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
$hash_out = gen_hash ($mode, $word, $salt, $iter, $param);
|
||||||
|
|
||||||
|
$len = length $hash_out;
|
||||||
|
|
||||||
|
return unless (substr ($line, 0, $len) eq $hash_out);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$hash_out = gen_hash ($mode, $word, $salt, $iter);
|
$hash_out = gen_hash ($mode, $word, $salt, $iter);
|
||||||
@ -3510,6 +3572,12 @@ sub passthrough
|
|||||||
{
|
{
|
||||||
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 32));
|
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 32));
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
$salt_buf = get_random_dpapimk_salt ();
|
||||||
|
|
||||||
|
$tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
print "ERROR: Unsupported hash type\n";
|
print "ERROR: Unsupported hash type\n";
|
||||||
@ -4450,6 +4518,20 @@ sub single
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
for (my $i = 1; $i < 16; $i++)
|
||||||
|
{
|
||||||
|
if ($len != 0)
|
||||||
|
{
|
||||||
|
rnd ($mode, $len, 16);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
rnd ($mode, $i, 16);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -8153,6 +8235,266 @@ END_CODE
|
|||||||
|
|
||||||
$tmp_hash = sprintf ("\$blockchain\$v2\$%d\$%s\$%s", $iterations, length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
|
$tmp_hash = sprintf ("\$blockchain\$v2\$%d\$%s\$%s", $iterations, length ($salt_buf . $encrypted) / 2, $salt_buf . $encrypted);
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
my @salt_arr = split ('\*', $salt_buf);
|
||||||
|
|
||||||
|
my $version = $salt_arr[0];
|
||||||
|
|
||||||
|
my $context = $salt_arr[1];
|
||||||
|
|
||||||
|
my $SID = $salt_arr[2];
|
||||||
|
|
||||||
|
my $cipher_algorithm = $salt_arr[3];
|
||||||
|
|
||||||
|
my $hash_algorithm = $salt_arr[4];
|
||||||
|
|
||||||
|
my $iterations = $salt_arr[5];
|
||||||
|
|
||||||
|
my $salt = pack ("H*", $salt_arr[6]);
|
||||||
|
|
||||||
|
my $cipher_len = $salt_arr[7];
|
||||||
|
|
||||||
|
my $cipher;
|
||||||
|
|
||||||
|
# intermediate values
|
||||||
|
|
||||||
|
my $user_hash;
|
||||||
|
my $user_derivationKey;
|
||||||
|
my $encKey;
|
||||||
|
my $expected_hmac;
|
||||||
|
my $cleartext;
|
||||||
|
|
||||||
|
if ($context == 1)
|
||||||
|
{
|
||||||
|
$user_hash = sha1 (encode ("UTF-16LE", $word_buf));
|
||||||
|
}
|
||||||
|
elsif ($context == 2)
|
||||||
|
{
|
||||||
|
$user_hash = md4 (encode ("UTF-16LE", $word_buf));
|
||||||
|
}
|
||||||
|
|
||||||
|
$user_derivationKey = hmac_sha1 (encode ("UTF-16LE", $SID . "\x00"), $user_hash);
|
||||||
|
|
||||||
|
my $hmacSalt = randbytes (16);
|
||||||
|
my $last_key = randbytes (64);
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
$encKey = hmac_sha1 ($hmacSalt, $user_derivationKey);
|
||||||
|
$expected_hmac = hmac_sha1 ($last_key, $encKey);
|
||||||
|
|
||||||
|
# need padding because keyLen is 24 and hashLen 20
|
||||||
|
$expected_hmac = $expected_hmac . randbytes (4);
|
||||||
|
}
|
||||||
|
elsif ($version == 2)
|
||||||
|
{
|
||||||
|
$encKey = hmac_sha512 ($hmacSalt, $user_derivationKey);
|
||||||
|
$expected_hmac = hmac_sha512 ($last_key, $encKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
$cleartext = $hmacSalt . $expected_hmac . $last_key;
|
||||||
|
|
||||||
|
my $derived_key;
|
||||||
|
my $key;
|
||||||
|
my $iv;
|
||||||
|
|
||||||
|
my $pbkdf2;
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
$derived_key = dpapi_pbkdf2 ($user_derivationKey, $salt, $iterations, 32, \&hmac_sha1);
|
||||||
|
}
|
||||||
|
elsif ($version == 2)
|
||||||
|
{
|
||||||
|
$derived_key = dpapi_pbkdf2 ($user_derivationKey, $salt, $iterations, 48, \&hmac_sha512);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (defined $additional_param)
|
||||||
|
{
|
||||||
|
$cipher = pack ("H*", $additional_param);
|
||||||
|
my $computed_hmac = "";
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
$key = substr ($derived_key, 0, 24);
|
||||||
|
$iv = substr ($derived_key, 24, 8);
|
||||||
|
|
||||||
|
my $p1 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 0, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
my $p2 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 8, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
my $p3 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 16, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
# let's compute a 3DES-EDE-CBC decryption
|
||||||
|
|
||||||
|
my $out1;
|
||||||
|
my $out2;
|
||||||
|
my $out3;
|
||||||
|
my $expected_cleartext = "";
|
||||||
|
|
||||||
|
# size of cipherlen is 104 bytes
|
||||||
|
for (my $k = 0; $k < 13; $k++)
|
||||||
|
{
|
||||||
|
$out1 = $p3->decrypt (substr ($cipher, $k * 8, 8));
|
||||||
|
$out2 = $p2->encrypt ($out1);
|
||||||
|
$out3 = $p1->decrypt ($out2);
|
||||||
|
|
||||||
|
$expected_cleartext .= substr ($out3, 0, 8) ^ $iv;
|
||||||
|
|
||||||
|
$iv = substr ($cipher, $k * 8, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
$last_key = substr ($expected_cleartext, length ($expected_cleartext) - 64, 64);
|
||||||
|
$hmacSalt = substr ($expected_cleartext, 0, 16);
|
||||||
|
$expected_hmac = substr ($expected_cleartext, 16, 20);
|
||||||
|
|
||||||
|
$encKey = hmac_sha1 ($hmacSalt, $user_derivationKey);
|
||||||
|
$computed_hmac = hmac_sha1 ($last_key, $encKey);
|
||||||
|
|
||||||
|
$cleartext = $expected_cleartext;
|
||||||
|
|
||||||
|
if (unpack ("H*", $expected_hmac) ne unpack ("H*", $computed_hmac))
|
||||||
|
{
|
||||||
|
$cleartext = "0" x 104;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif ($version == 2)
|
||||||
|
{
|
||||||
|
$key = substr ($derived_key, 0, 32);
|
||||||
|
$iv = substr ($derived_key, 32, 16);
|
||||||
|
|
||||||
|
my $aes = Crypt::CBC->new ({
|
||||||
|
key => $key,
|
||||||
|
cipher => "Crypt::Rijndael",
|
||||||
|
iv => $iv,
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 32,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
my $expected_cleartext = $aes->decrypt ($cipher);
|
||||||
|
|
||||||
|
$last_key = substr ($expected_cleartext, length ($expected_cleartext) - 64, 64);
|
||||||
|
$hmacSalt = substr ($expected_cleartext, 0, 16);
|
||||||
|
$expected_hmac = substr ($expected_cleartext, 16, 64);
|
||||||
|
|
||||||
|
$encKey = hmac_sha512 ($hmacSalt, $user_derivationKey);
|
||||||
|
$computed_hmac = hmac_sha512 ($last_key, $encKey);
|
||||||
|
|
||||||
|
$cleartext = $expected_cleartext;
|
||||||
|
|
||||||
|
if (unpack ("H*", $expected_hmac) ne unpack ("H*", $computed_hmac))
|
||||||
|
{
|
||||||
|
$cleartext = "0" x 144;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
$key = substr ($derived_key, 0, 24);
|
||||||
|
$iv = substr ($derived_key, 24, 8);
|
||||||
|
|
||||||
|
my $p1 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 0, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
my $p2 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 8, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
my $p3 = Crypt::ECB->new ({
|
||||||
|
key => substr ($key, 16, 8),
|
||||||
|
cipher => "DES",
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 8,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
# let's compute a 3DES-EDE-CBC encryption
|
||||||
|
|
||||||
|
# compute first block
|
||||||
|
my $out1 = $p1->encrypt (substr ($cleartext, 0, 8) ^ $iv);
|
||||||
|
my $out2 = $p2->decrypt ($out1);
|
||||||
|
my $out3 = $p3->encrypt ($out2);
|
||||||
|
|
||||||
|
$cipher = substr ($out3, 0, 8);
|
||||||
|
|
||||||
|
# size of cipherlen is 104 bytes
|
||||||
|
for (my $k = 1; $k < 13; $k++)
|
||||||
|
{
|
||||||
|
$iv = $out3;
|
||||||
|
|
||||||
|
$out1 = $p1->encrypt (substr ($cleartext, $k * 8, 8) ^ $iv);
|
||||||
|
$out2 = $p2->decrypt ($out1);
|
||||||
|
$out3 = $p3->encrypt ($out2);
|
||||||
|
|
||||||
|
$cipher .= substr ($out3, 0, 8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$key = substr ($derived_key, 0, 32);
|
||||||
|
$iv = substr ($derived_key, 32, 16);
|
||||||
|
|
||||||
|
my $aes = Crypt::CBC->new ({
|
||||||
|
key => $key,
|
||||||
|
cipher => "Crypt::Rijndael",
|
||||||
|
iv => $iv,
|
||||||
|
literal_key => 1,
|
||||||
|
header => "none",
|
||||||
|
keysize => 32,
|
||||||
|
padding => "null",
|
||||||
|
});
|
||||||
|
|
||||||
|
$cipher = $aes->encrypt ($cleartext);
|
||||||
|
}
|
||||||
|
|
||||||
|
$tmp_hash = sprintf ('$DPAPImk$%d*%d*%s*%s*%s*%d*%s*%d*%s',
|
||||||
|
$version,
|
||||||
|
$context,
|
||||||
|
$SID,
|
||||||
|
$cipher_algorithm,
|
||||||
|
$hash_algorithm,
|
||||||
|
$iterations,
|
||||||
|
unpack ("H*", $salt),
|
||||||
|
$cipher_len,
|
||||||
|
unpack ("H*", $cipher));
|
||||||
|
}
|
||||||
elsif ($mode == 99999)
|
elsif ($mode == 99999)
|
||||||
{
|
{
|
||||||
$tmp_hash = sprintf ("%s", $word_buf);
|
$tmp_hash = sprintf ("%s", $word_buf);
|
||||||
@ -8161,6 +8503,30 @@ END_CODE
|
|||||||
return ($tmp_hash);
|
return ($tmp_hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#Thanks to Jochen Hoenicke <hoenicke@gmail.com>
|
||||||
|
# (one of the authors of Palm Keyring)
|
||||||
|
# for these next two subs.
|
||||||
|
sub dpapi_pbkdf2
|
||||||
|
{
|
||||||
|
my ($password, $salt, $iter, $keylen, $prf) = @_;
|
||||||
|
my ($k, $t, $u, $ui, $i);
|
||||||
|
$t = "";
|
||||||
|
for ($k = 1; length ($t) < $keylen; $k++)
|
||||||
|
{
|
||||||
|
$u = $ui = &$prf ($salt.pack ('N', $k), $password);
|
||||||
|
for ($i = 1; $i < $iter; $i++)
|
||||||
|
{
|
||||||
|
# modification to fit Microsoft
|
||||||
|
# weird pbkdf2 implementation...
|
||||||
|
$ui = &$prf ($u, $password);
|
||||||
|
$u ^= $ui;
|
||||||
|
}
|
||||||
|
$t .= $u;
|
||||||
|
}
|
||||||
|
return substr ($t, 0, $keylen);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
sub rnd
|
sub rnd
|
||||||
{
|
{
|
||||||
my $mode = shift;
|
my $mode = shift;
|
||||||
@ -8267,6 +8633,10 @@ sub rnd
|
|||||||
{
|
{
|
||||||
$salt_buf = get_pstoken_salt ();
|
$salt_buf = get_pstoken_salt ();
|
||||||
}
|
}
|
||||||
|
elsif ($mode == 15300)
|
||||||
|
{
|
||||||
|
$salt_buf = get_random_dpapimk_salt ();
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
my @salt_arr;
|
my @salt_arr;
|
||||||
@ -9707,6 +10077,64 @@ sub get_random_dnssec_salt
|
|||||||
return $salt_buf;
|
return $salt_buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub get_random_dpapimk_salt
|
||||||
|
{
|
||||||
|
my $salt_buf = "";
|
||||||
|
|
||||||
|
my $version = get_random_num (1, 3);
|
||||||
|
|
||||||
|
my $context = get_random_num (1, 3);
|
||||||
|
|
||||||
|
my $cipher_algo = "";
|
||||||
|
|
||||||
|
my $hash_algo = "";
|
||||||
|
|
||||||
|
my $iterations;
|
||||||
|
|
||||||
|
my $SID = sprintf ('S-15-21-%d-%d-%d-%d',
|
||||||
|
get_random_num (400000000,490000000),
|
||||||
|
get_random_num (400000000,490000000),
|
||||||
|
get_random_num (400000000,490000000),
|
||||||
|
get_random_num (1000,1999));
|
||||||
|
|
||||||
|
my $cipher_len = 0;
|
||||||
|
|
||||||
|
if ($version == 1)
|
||||||
|
{
|
||||||
|
$iterations = get_random_num (4000, 24000);
|
||||||
|
|
||||||
|
$cipher_algo = "des3";
|
||||||
|
|
||||||
|
$hash_algo = "sha1";
|
||||||
|
|
||||||
|
$cipher_len = 208;
|
||||||
|
}
|
||||||
|
elsif ($version == 2)
|
||||||
|
{
|
||||||
|
$iterations = get_random_num (8000, 17000);
|
||||||
|
|
||||||
|
$cipher_algo = "aes256";
|
||||||
|
|
||||||
|
$hash_algo = "sha512";
|
||||||
|
|
||||||
|
$cipher_len = 288;
|
||||||
|
}
|
||||||
|
|
||||||
|
my $iv = randbytes (16);
|
||||||
|
$iv = unpack ("H*", $iv);
|
||||||
|
|
||||||
|
$salt_buf = $version . '*' .
|
||||||
|
$context . '*' .
|
||||||
|
$SID . '*' .
|
||||||
|
$cipher_algo . '*' .
|
||||||
|
$hash_algo . '*' .
|
||||||
|
$iterations . '*' .
|
||||||
|
$iv . '*' .
|
||||||
|
$cipher_len . '*';
|
||||||
|
|
||||||
|
return $salt_buf;
|
||||||
|
}
|
||||||
|
|
||||||
sub md5bit
|
sub md5bit
|
||||||
{
|
{
|
||||||
my $digest = shift;
|
my $digest = shift;
|
||||||
|
@ -9,7 +9,7 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|||||||
|
|
||||||
# missing hash types: 5200,6251,6261,6271,6281
|
# missing hash types: 5200,6251,6261,6271,6281
|
||||||
|
|
||||||
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 99999"
|
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 99999"
|
||||||
|
|
||||||
#ATTACK_MODES="0 1 3 6 7"
|
#ATTACK_MODES="0 1 3 6 7"
|
||||||
ATTACK_MODES="0 1 3 7"
|
ATTACK_MODES="0 1 3 7"
|
||||||
@ -22,7 +22,7 @@ HASHFILE_ONLY="2500"
|
|||||||
|
|
||||||
NEVER_CRACK="11600 14900"
|
NEVER_CRACK="11600 14900"
|
||||||
|
|
||||||
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200"
|
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300"
|
||||||
|
|
||||||
OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable --weak-hash-threshold=0"
|
OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable --weak-hash-threshold=0"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user