diff --git a/docs/changes.txt b/docs/changes.txt index 1703f6f1f..c71ad1de7 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -29,6 +29,9 @@ - Added hash-mode: sha1($salt1.$pass.$salt2) - Added hash-mode: Ruby on Rails Restful-Authentication - Added hash-mode: DiskCryptor +- Added hash-mode: Python passlib pbkdf2-sha1 +- Added hash-mode: Python passlib pbkdf2-sha256 +- Added hash-mode: Python passlib pbkdf2-sha512 ## ## Bugs diff --git a/docs/readme.txt b/docs/readme.txt index 5d56ff28c..62341bc52 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -110,6 +110,9 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (10.1 o - PBKDF2-HMAC-SHA1 - PBKDF2-HMAC-SHA256 - PBKDF2-HMAC-SHA512 +- Python passlib pbkdf2-sha1 +- Python passlib pbkdf2-sha256 +- Python passlib pbkdf2-sha512 - Skype - WPA-EAPOL-PBKDF2 - WPA-EAPOL-PMK diff --git a/include/convert.h b/include/convert.h index cff45eb5a..7a11466ca 100644 --- a/include/convert.h +++ b/include/convert.h @@ -39,6 +39,8 @@ u8 int_to_base32 (const u8 c); u8 base32_to_int (const u8 c); u8 int_to_base64 (const u8 c); u8 base64_to_int (const u8 c); +u8 int_to_ab64 (const u8 c); +u8 ab64_to_int (const u8 c); u8 int_to_base64url (const u8 c); u8 base64url_to_int (const u8 c); u8 int_to_itoa32 (const u8 c); diff --git a/src/convert.c b/src/convert.c index bed989ae4..befca7fb9 100644 --- a/src/convert.c +++ b/src/convert.c @@ -555,6 +555,45 @@ u8 base64_to_int (const u8 c) return tbl[c]; } +// alternate base64 using ./ instead of +/, used in python passlib hashes +u8 int_to_ab64 (const u8 c) +{ + const u8 tbl[0x40] = + { + 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, + 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, + 0x77, 0x78, 0x79, 0x7a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x2e, 0x2f, + }; + + return tbl[c]; +} + +u8 ab64_to_int (const u8 c) +{ + const u8 tbl[0x100] = + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x3f, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, + 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + + return tbl[c]; +} + u8 int_to_base64url (const u8 c) { const u8 tbl[0x40] = diff --git a/src/modules/module_20200.c b/src/modules/module_20200.c new file mode 100644 index 000000000..ece0a5949 --- /dev/null +++ b/src/modules/module_20200.c @@ -0,0 +1,300 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_8_16; +static const u32 HASH_CATEGORY = HASH_CATEGORY_GENERIC_KDF; +static const char *HASH_NAME = "Python passlib pbkdf2-sha512"; +static const u64 KERN_TYPE = 7100; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pbkdf2-sha512$25000$LyWE0HrP2RsjZCxlDGFMKQ$1vC5Ohk2mCS9b6akqsEfgeb4l74SF8XjH.SljXf3dMLHdlY1GK9ojcCKts6/asR4aPqBmk74nCDddU3tvSCJvw"; + +static const u32 HASH_LEN_RAW = 64; +static const u32 HASH_LEN_B64 = 86; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha512 +{ + u32 salt_buf[64]; + +} pbkdf2_sha512_t; + +typedef struct pbkdf2_sha512_tmp +{ + u64 ipad[8]; + u64 opad[8]; + + u64 dgst[16]; + u64 out[16]; + +} pbkdf2_sha512_tmp_t; + +static const char *SIGNATURE_PASSLIB_PBKDF2_SHA512 = "pbkdf2-sha512"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha512_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha512_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u64 *digest = (u64 *) digest_buf; + + pbkdf2_sha512_t *pbkdf2_sha512 = (pbkdf2_sha512_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PASSLIB_PBKDF2_SHA512; + + // the hash starts with a $ + token.sep[0] = '$'; + token.len_min[0] = 0; + token.len_max[0] = 0; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[1] = '$'; + token.len_min[1] = 13; + token.len_max[1] = 13; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + // iterations in decimal representation + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 6; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // salt in alternate base64 repretentation + token.sep[3] = '$'; + token.len_min[3] = SALT_MIN; + token.len_max[3] = SALT_MAX; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + // payload in alternate base64 representanion + token.sep[4] = '$'; + token.len_min[4] = HASH_LEN_B64; + token.len_max[4] = HASH_LEN_B64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iter + const u8 *iter_pos = token.buf[2]; + salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10) - 1; + + + // base64 decode salt + const u8 *salt_pos = token.buf[3]; + const int salt_len = token.len[3]; + + u8 tmp_buf[256] = { 0 }; + + const size_t salt_len_decoded = base64_decode (ab64_to_int, (const u8 *) salt_pos, salt_len, tmp_buf); + + u8 *salt_buf_ptr = (u8 *) pbkdf2_sha512->salt_buf; + memcpy (salt_buf_ptr, tmp_buf, salt_len_decoded); + memcpy (salt->salt_buf, salt_buf_ptr, salt_len_decoded); + + salt->salt_len = salt_len_decoded; + + + // base64 decode hash + const u8 *hash_pos = token.buf[4]; + const int hash_len = token.len[4]; + + base64_decode (ab64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf); + memcpy (digest, tmp_buf, HASH_LEN_RAW); + + digest[0] = byte_swap_64 (digest[0]); + digest[1] = byte_swap_64 (digest[1]); + digest[2] = byte_swap_64 (digest[2]); + digest[3] = byte_swap_64 (digest[3]); + digest[4] = byte_swap_64 (digest[4]); + digest[5] = byte_swap_64 (digest[5]); + digest[6] = byte_swap_64 (digest[6]); + digest[7] = byte_swap_64 (digest[7]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u64 *digest = (const u64 *) digest_buf; + + const pbkdf2_sha512_t *pbkdf2_sha512 = (const pbkdf2_sha512_t *) esalt_buf; + + // hash + u64 tmp[9]; + + tmp[0] = byte_swap_64 (digest[0]); + tmp[1] = byte_swap_64 (digest[1]); + tmp[2] = byte_swap_64 (digest[2]); + tmp[3] = byte_swap_64 (digest[3]); + tmp[4] = byte_swap_64 (digest[4]); + tmp[5] = byte_swap_64 (digest[5]); + tmp[6] = byte_swap_64 (digest[6]); + tmp[7] = byte_swap_64 (digest[7]); + tmp[8] = 0; + + char salt_enc[257] = { 0 }; + char hash_enc[128] = { 0 }; + + const size_t salt_len_enc = base64_encode (int_to_ab64, (const u8 *) pbkdf2_sha512->salt_buf, salt->salt_len, (u8 *) salt_enc); + const size_t hash_len_enc = base64_encode (int_to_ab64, (const u8 *) tmp, HASH_LEN_RAW, (u8 *) hash_enc); + + // remove padding = + for (size_t i = 0; i < salt_len_enc; i++) + { + if (salt_enc[i] == '=') + { + salt_enc[i] = '\0'; + } + } + + for (size_t i = 0; i < hash_len_enc; i++) + { + if (hash_enc[i] == '=') + { + hash_enc[i] = '\0'; + } + } + + // output + const int line_len = snprintf (line_buf, line_size, "$%s$%u$%s$%s", SIGNATURE_PASSLIB_PBKDF2_SHA512, salt->salt_iter + 1, salt_enc, hash_enc); + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_20300.c b/src/modules/module_20300.c new file mode 100644 index 000000000..fb5a519a6 --- /dev/null +++ b/src/modules/module_20300.c @@ -0,0 +1,299 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_32; +static const u32 HASH_CATEGORY = HASH_CATEGORY_GENERIC_KDF; +static const char *HASH_NAME = "Python passlib pbkdf2-sha256"; +static const u64 KERN_TYPE = 10900; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pbkdf2-sha256$29000$x9h7j/Ge8x6DMEao1VqrdQ$kra3R1wEnY8mPdDWOpTqOTINaAmZvRMcYd8u5OBQP9A"; + +static const u32 HASH_LEN_RAW = 32; +static const u32 HASH_LEN_B64 = 43; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha256 +{ + u32 salt_buf[64]; + +} pbkdf2_sha256_t; + +typedef struct pbkdf2_sha256_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha256_tmp_t; + +static const char *SIGNATURE_PASSLIB_PBKDF2_SHA256 = "pbkdf2-sha256"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha256_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PASSLIB_PBKDF2_SHA256; + + // the hash starts with a $ + token.sep[0] = '$'; + token.len_min[0] = 0; + token.len_max[0] = 0; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[1] = '$'; + token.len_min[1] = 13; + token.len_max[1] = 13; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + // iterations in decimal representation + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 6; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // salt in alternate base64 repretentation + token.sep[3] = '$'; + token.len_min[3] = SALT_MIN; + token.len_max[3] = SALT_MAX; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + // payload in alternate base64 representanion + token.sep[4] = '$'; + token.len_min[4] = HASH_LEN_B64; + token.len_max[4] = HASH_LEN_B64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iter + const u8 *iter_pos = token.buf[2]; + salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10) - 1; + + + // base64 decode salt + const u8 *salt_pos = token.buf[3]; + const int salt_len = token.len[3]; + + u8 tmp_buf[256] = { 0 }; + + const size_t salt_len_decoded = base64_decode (ab64_to_int, (const u8 *) salt_pos, salt_len, tmp_buf); + + u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf; + memcpy (salt_buf_ptr, tmp_buf, salt_len_decoded); + memcpy (salt->salt_buf, salt_buf_ptr, salt_len_decoded); + + salt->salt_len = salt_len_decoded; + + + // base64 decode hash + const u8 *hash_pos = token.buf[4]; + const int hash_len = token.len[4]; + + base64_decode (ab64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf); + memcpy (digest, tmp_buf, HASH_LEN_RAW); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const pbkdf2_sha256_t *pbkdf2_sha256 = (const pbkdf2_sha256_t *) esalt_buf; + + // hash + u32 tmp[9]; + + tmp[0] = byte_swap_32 (digest[0]); + tmp[1] = byte_swap_32 (digest[1]); + tmp[2] = byte_swap_32 (digest[2]); + tmp[3] = byte_swap_32 (digest[3]); + tmp[4] = byte_swap_32 (digest[4]); + tmp[5] = byte_swap_32 (digest[5]); + tmp[6] = byte_swap_32 (digest[6]); + tmp[7] = byte_swap_32 (digest[7]); + tmp[8] = 0; + + char salt_enc[257] = { 0 }; + char hash_enc[128] = { 0 }; + + const size_t salt_len_enc = base64_encode (int_to_ab64, (const u8 *) pbkdf2_sha256->salt_buf, salt->salt_len, (u8 *) salt_enc); + const size_t hash_len_enc = base64_encode (int_to_ab64, (const u8 *) tmp, HASH_LEN_RAW, (u8 *) hash_enc); + + // remove padding = + for (size_t i = 0; i < salt_len_enc; i++) + { + if (salt_enc[i] == '=') + { + salt_enc[i] = '\0'; + } + } + + for (size_t i = 0; i < hash_len_enc; i++) + { + if (hash_enc[i] == '=') + { + hash_enc[i] = '\0'; + } + } + + // output + const int line_len = snprintf (line_buf, line_size, "$%s$%u$%s$%s", SIGNATURE_PASSLIB_PBKDF2_SHA256, salt->salt_iter + 1, salt_enc, hash_enc); + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_20400.c b/src/modules/module_20400.c new file mode 100644 index 000000000..56ecaf9c4 --- /dev/null +++ b/src/modules/module_20400.c @@ -0,0 +1,292 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_32; +static const u32 HASH_CATEGORY = HASH_CATEGORY_GENERIC_KDF; +static const char *HASH_NAME = "Python passlib pbkdf2-sha1"; +static const u64 KERN_TYPE = 12000; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pbkdf2$131000$r5WythYixPgfQ2jt3buXcg$8Kdr.QQEOaZIXNOrrru36I/.6Po"; + +static const u32 HASH_LEN_RAW = 20; +static const u32 HASH_LEN_B64 = 27; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pbkdf2_sha1 +{ + u32 salt_buf[64]; + +} pbkdf2_sha1_t; + +typedef struct pbkdf2_sha1_tmp +{ + u32 ipad[5]; + u32 opad[5]; + + u32 dgst[32]; + u32 out[32]; + +} pbkdf2_sha1_tmp_t; + +static const char *SIGNATURE_PASSLIB_PBKDF2_SHA1 = "pbkdf2"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pbkdf2_sha1_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pbkdf2_sha1_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = PW_MAX; + + return pw_max; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + hc_asprintf (&jit_build_options, "-D NO_UNROLL"); + + return jit_build_options; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pbkdf2_sha1_t *pbkdf2_sha1 = (pbkdf2_sha1_t *) esalt_buf; + + token_t token; + + token.token_cnt = 5; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PASSLIB_PBKDF2_SHA1; + + // the hash starts with a $ + token.sep[0] = '$'; + token.len_min[0] = 0; + token.len_max[0] = 0; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[1] = '$'; + token.len_min[1] = 6; + token.len_max[1] = 6; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + // iterations in decimal representation + token.sep[2] = '$'; + token.len_min[2] = 1; + token.len_max[2] = 6; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // salt in alternate base64 repretentation + token.sep[3] = '$'; + token.len_min[3] = SALT_MIN; + token.len_max[3] = SALT_MAX; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + // payload in alternate base64 representanion + token.sep[4] = '$'; + token.len_min[4] = HASH_LEN_B64; + token.len_max[4] = HASH_LEN_B64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64B; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // iter + const u8 *iter_pos = token.buf[2]; + salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10) - 1; + + + // base64 decode salt + const u8 *salt_pos = token.buf[3]; + const int salt_len = token.len[3]; + + u8 tmp_buf[256] = { 0 }; + + const size_t salt_len_decoded = base64_decode (ab64_to_int, (const u8 *) salt_pos, salt_len, tmp_buf); + + u8 *salt_buf_ptr = (u8 *) pbkdf2_sha1->salt_buf; + memcpy (salt_buf_ptr, tmp_buf, salt_len_decoded); + memcpy (salt->salt_buf, salt_buf_ptr, salt_len_decoded); + + salt->salt_len = salt_len_decoded; + + // base64 decode hash + const u8 *hash_pos = token.buf[4]; + const int hash_len = token.len[4]; + + base64_decode (ab64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf); + memcpy (digest, tmp_buf, HASH_LEN_RAW); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const pbkdf2_sha1_t *pbkdf2_sha1 = (const pbkdf2_sha1_t *) esalt_buf; + + // hash + u32 tmp[6]; + + tmp[0] = byte_swap_32 (digest[0]); + tmp[1] = byte_swap_32 (digest[1]); + tmp[2] = byte_swap_32 (digest[2]); + tmp[3] = byte_swap_32 (digest[3]); + tmp[4] = byte_swap_32 (digest[4]); + tmp[5] = 0; + + char salt_enc[257] = { 0 }; + char hash_enc[128] = { 0 }; + + const size_t salt_len_enc = base64_encode (int_to_ab64, (const u8 *) pbkdf2_sha1->salt_buf, salt->salt_len, (u8 *) salt_enc); + const size_t hash_len_enc = base64_encode (int_to_ab64, (const u8 *) tmp, HASH_LEN_RAW, (u8 *) hash_enc); + + // remove padding = + for (size_t i = 0; i < salt_len_enc; i++) + { + if (salt_enc[i] == '=') + { + salt_enc[i] = '\0'; + } + } + + for (size_t i = 0; i < hash_len_enc; i++) + { + if (hash_enc[i] == '=') + { + hash_enc[i] = '\0'; + } + } + + // output + const int line_len = snprintf (line_buf, line_size, "$%s$%u$%s$%s", SIGNATURE_PASSLIB_PBKDF2_SHA1, salt->salt_iter + 1, salt_enc, hash_enc); + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m20200.pm b/tools/test_modules/m20200.pm new file mode 100644 index 000000000..823a5b279 --- /dev/null +++ b/tools/test_modules/m20200.pm @@ -0,0 +1,88 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use MIME::Base64 qw (encode_base64 decode_base64); + +sub module_constraints { [[0, 256], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iter = shift // 1024; + + if (length $salt == 0) + { + $salt = random_bytes (16); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 512), + iterations => $iter + ); + + my $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt, $word), ''); + my $salt_buf = encode_base64 ($salt, ''); + + # replace + with . + $hash_buf =~ s/\+/\./g; + $salt_buf =~ s/\+/\./g; + + # remove padding = + $hash_buf =~ s/\=+$//; + $salt_buf =~ s/\=+$//; + + my $hash = sprintf ("\$pbkdf2-sha512\$%i\$%s\$%s", $iter, $salt_buf, $hash_buf); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + # check signature + return unless (substr ($line, 0, 15) eq '$pbkdf2-sha512$'); + + # get hash + my $index1 = index ($line, '$', 15); + + return if $index1 < 1; + + my $index2 = index ($line, '$', $index1 + 1); + + my $iter = substr ($line, 15, $index1 - 15); + + my $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + $index1 = index ($line, ':', $index2 + 1); + + return if $index1 < 1; + + my $word = substr ($line, $index1 + 1); + + return unless defined $salt; + return unless defined $iter; + return unless defined $word; + + $word = pack_if_HEX_notation ($word); + + # fix salt from 'alternate' to 'ordinary' base64 encoding before + $salt =~ s/\./\+/g; + $salt .= '=='; + + my $new_hash = module_generate_hash ($word, decode_base64($salt), $iter); + + return ($new_hash, $word); +} + +1; diff --git a/tools/test_modules/m20300.pm b/tools/test_modules/m20300.pm new file mode 100644 index 000000000..c9c515d60 --- /dev/null +++ b/tools/test_modules/m20300.pm @@ -0,0 +1,88 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use MIME::Base64 qw (encode_base64 decode_base64); + +sub module_constraints { [[0, 256], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iter = shift // 1024; + + if (length $salt == 0) + { + $salt = random_bytes (16); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), + iterations => $iter + ); + + my $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt, $word), ''); + my $salt_buf = encode_base64 ($salt, ''); + + # replace + with . + $hash_buf =~ s/\+/\./g; + $salt_buf =~ s/\+/\./g; + + # remove padding = + $hash_buf =~ s/\=+$//; + $salt_buf =~ s/\=+$//; + + my $hash = sprintf ("\$pbkdf2-sha256\$%i\$%s\$%s", $iter, $salt_buf, $hash_buf); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + # check signature + return unless (substr ($line, 0, 15) eq '$pbkdf2-sha256$'); + + # get hash + my $index1 = index ($line, '$', 15); + + return if $index1 < 1; + + my $index2 = index ($line, '$', $index1 + 1); + + my $iter = substr ($line, 15, $index1 - 15); + + my $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + $index1 = index ($line, ':', $index2 + 1); + + return if $index1 < 1; + + my $word = substr ($line, $index1 + 1); + + return unless defined $salt; + return unless defined $iter; + return unless defined $word; + + $word = pack_if_HEX_notation ($word); + + # fix salt from 'alternate' to 'ordinary' base64 encoding before + $salt =~ s/\./\+/g; + $salt .= '=='; + + my $new_hash = module_generate_hash ($word, decode_base64($salt), $iter); + + return ($new_hash, $word); +} + +1; diff --git a/tools/test_modules/m20400.pm b/tools/test_modules/m20400.pm new file mode 100644 index 000000000..07a5feca3 --- /dev/null +++ b/tools/test_modules/m20400.pm @@ -0,0 +1,88 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Crypt::PBKDF2; +use MIME::Base64 qw (encode_base64 decode_base64); + +sub module_constraints { [[0, 256], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift; + my $iter = shift // 1024; + + if (length $salt == 0) + { + $salt = random_bytes (16); + } + + my $pbkdf2 = Crypt::PBKDF2->new + ( + hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'), + iterations => $iter + ); + + my $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt, $word), ''); + my $salt_buf = encode_base64 ($salt, ''); + + # replace + with . + $hash_buf =~ s/\+/\./g; + $salt_buf =~ s/\+/\./g; + + # remove padding = + $hash_buf =~ s/\=+$//; + $salt_buf =~ s/\=+$//; + + my $hash = sprintf ("\$pbkdf2\$%i\$%s\$%s", $iter, $salt_buf, $hash_buf); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + # check signature + return unless (substr ($line, 0, 15) eq '$pbkdf2$'); + + # get hash + my $index1 = index ($line, '$', 15); + + return if $index1 < 1; + + my $index2 = index ($line, '$', $index1 + 1); + + my $iter = substr ($line, 15, $index1 - 15); + + my $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1); + + $index1 = index ($line, ':', $index2 + 1); + + return if $index1 < 1; + + my $word = substr ($line, $index1 + 1); + + return unless defined $salt; + return unless defined $iter; + return unless defined $word; + + $word = pack_if_HEX_notation ($word); + + # fix salt from 'alternate' to 'ordinary' base64 encoding before + $salt =~ s/\./\+/g; + $salt .= '=='; + + my $new_hash = module_generate_hash ($word, decode_base64($salt), $iter); + + return ($new_hash, $word); +} + +1;