From 30949c15787c2ee4f9a195920cbe29c82886982a Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sat, 15 Aug 2020 17:00:55 +0200 Subject: [PATCH] Fixed unexpected non-unique salts in multi-hash cracking in Bitcoin/Litecoin wallet.dat module which lead to false negatives --- OpenCL/m11300-pure.cl | 28 ++++++++++++++++------------ docs/changes.txt | 1 + src/modules/module_11300.c | 10 ++++++++-- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/OpenCL/m11300-pure.cl b/OpenCL/m11300-pure.cl index 994721f3b..a9f33476e 100644 --- a/OpenCL/m11300-pure.cl +++ b/OpenCL/m11300-pure.cl @@ -296,29 +296,33 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ key[6] = h32_from_64_S (dgst[3]); key[7] = l32_from_64_S (dgst[3]); + const u32 digest_pos = loop_pos; + + const u32 digest_cur = digests_offset + digest_pos; + #define KEYLEN 60 u32 ks[KEYLEN]; AES256_set_decrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); - u32 i = esalt_bufs[digests_offset].cry_master_len - 32; + u32 i = esalt_bufs[digest_cur].cry_master_len - 32; u32 iv[4]; - iv[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); - iv[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); - iv[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); - iv[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); + iv[0] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 0]); + iv[1] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 1]); + iv[2] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 2]); + iv[3] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 3]); i += 16; u32 data[4]; - data[0] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 0]); - data[1] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 1]); - data[2] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 2]); - data[3] = hc_swap32_S (esalt_bufs[digests_offset].cry_master_buf[(i / 4) + 3]); + data[0] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 0]); + data[1] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 1]); + data[2] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 2]); + data[3] = hc_swap32_S (esalt_bufs[digest_cur].cry_master_buf[(i / 4) + 3]); u32 out[4]; @@ -331,7 +335,7 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ u32 pad = 0; - if (esalt_bufs[digests_offset].cry_salt_len != 18) + if (esalt_bufs[digest_cur].cry_salt_len != 18) { /* most wallets */ pad = 0x10101010; @@ -347,9 +351,9 @@ KERNEL_FQ void m11300_comp (KERN_ATTR_TMPS_ESALT (bitcoin_wallet_tmp_t, bitcoin_ if (out[2] == pad && out[3] == pad) { - if (atomic_inc (&hashes_shown[digests_offset]) == 0) + if (atomic_inc (&hashes_shown[digest_cur]) == 0) { - mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, 0, digests_offset + 0, gid, 0, 0, 0); + mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0, 0, 0); } } } diff --git a/docs/changes.txt b/docs/changes.txt index 2a3a03148..37938c8b1 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -14,6 +14,7 @@ - Fixed too early execution of some module functions which could make use of non-final values opts_type and opti_type - Fixed internal access on module option attribute OPTS_TYPE_SUGGEST_KG with the result that it was unused - Fixed race condition resulting in out of memory error on startup if multiple hashcat instances are started at the same time +- Fixed unexpected non-unique salts in multi-hash cracking in Bitcoin/Litecoin wallet.dat module which lead to false negatives ## ## Improvements diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c index 044383bf0..bf9833fc3 100644 --- a/src/modules/module_11300.c +++ b/src/modules/module_11300.c @@ -26,7 +26,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE | OPTS_TYPE_ST_HEX | OPTS_TYPE_ST_ADD80 - | OPTS_TYPE_HASH_COPY; + | OPTS_TYPE_HASH_COPY + | OPTS_TYPE_DEEP_COMP_KERNEL; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$bitcoin$96$c265931309b4a59307921cf054b4ec6b6e4554369be79802e94e16477645777d948ae1d375191831efc78e5acd1f0443$16$8017214013543185$200460$96$480008005625057442352316337722323437108374245623701184230273883222762730232857701607167815448714$66$014754433300175043011633205413774877455616682000536368706315333388"; @@ -100,6 +101,11 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + return KERN_RUN_3; +} + u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 esalt_size = (const u64) sizeof (bitcoin_wallet_t); @@ -283,7 +289,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_benchmark_mask = MODULE_DEFAULT; module_ctx->module_benchmark_salt = MODULE_DEFAULT; module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; - module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; module_ctx->module_dgst_pos0 = module_dgst_pos0; module_ctx->module_dgst_pos1 = module_dgst_pos1; module_ctx->module_dgst_pos2 = module_dgst_pos2;