1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-22 08:08:10 +00:00

Added hash-mode 16900 = Ansible Vault

This commit is contained in:
Michael Sprecher 2018-07-31 19:05:06 +02:00
parent 39af031ced
commit 3a321c8dce
No known key found for this signature in database
GPG Key ID: BB773AC8D5836ABD
8 changed files with 549 additions and 4 deletions

View File

@ -1528,6 +1528,12 @@ typedef struct electrum_wallet
} electrum_wallet_t;
typedef struct ansible_vault
{
u32 ct_data_buf[4096];
u32 ct_data_len;
} ansible_vault_t;
typedef struct pdf14_tmp
{
u32 digest[4];

290
OpenCL/m16900-pure.cl Normal file
View File

@ -0,0 +1,290 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_hash_sha256.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
DECLSPEC void hmac_sha256_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
}
__kernel void m16900_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ansible_vault_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
sha256_hmac_ctx_t sha256_hmac_ctx;
sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len);
tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0];
tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1];
tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2];
tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3];
tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4];
tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5];
tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6];
tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7];
tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0];
tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1];
tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2];
tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3];
tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4];
tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5];
tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6];
tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7];
sha256_hmac_update_global (&sha256_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len);
for (u32 i = 0, j = 2; i < 8; i += 8, j += 1)
{
sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = j;
w0[1] = 0;
w0[2] = 0;
w0[3] = 0;
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4);
sha256_hmac_final (&sha256_hmac_ctx2);
tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0];
tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1];
tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2];
tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3];
tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4];
tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5];
tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6];
tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7];
tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0];
tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1];
tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2];
tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3];
tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4];
tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5];
tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6];
tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7];
}
}
__kernel void m16900_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ansible_vault_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
const u64 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad, gid, 0);
ipad[1] = packv (tmps, ipad, gid, 1);
ipad[2] = packv (tmps, ipad, gid, 2);
ipad[3] = packv (tmps, ipad, gid, 3);
ipad[4] = packv (tmps, ipad, gid, 4);
ipad[5] = packv (tmps, ipad, gid, 5);
ipad[6] = packv (tmps, ipad, gid, 6);
ipad[7] = packv (tmps, ipad, gid, 7);
opad[0] = packv (tmps, opad, gid, 0);
opad[1] = packv (tmps, opad, gid, 1);
opad[2] = packv (tmps, opad, gid, 2);
opad[3] = packv (tmps, opad, gid, 3);
opad[4] = packv (tmps, opad, gid, 4);
opad[5] = packv (tmps, opad, gid, 5);
opad[6] = packv (tmps, opad, gid, 6);
opad[7] = packv (tmps, opad, gid, 7);
for (u32 i = 0; i < 8; i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst, gid, i + 0);
dgst[1] = packv (tmps, dgst, gid, i + 1);
dgst[2] = packv (tmps, dgst, gid, i + 2);
dgst[3] = packv (tmps, dgst, gid, i + 3);
dgst[4] = packv (tmps, dgst, gid, i + 4);
dgst[5] = packv (tmps, dgst, gid, i + 5);
dgst[6] = packv (tmps, dgst, gid, i + 6);
dgst[7] = packv (tmps, dgst, gid, i + 7);
out[0] = packv (tmps, out, gid, i + 0);
out[1] = packv (tmps, out, gid, i + 1);
out[2] = packv (tmps, out, gid, i + 2);
out[3] = packv (tmps, out, gid, i + 3);
out[4] = packv (tmps, out, gid, i + 4);
out[5] = packv (tmps, out, gid, i + 5);
out[6] = packv (tmps, out, gid, i + 6);
out[7] = packv (tmps, out, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst, gid, i + 0, dgst[0]);
unpackv (tmps, dgst, gid, i + 1, dgst[1]);
unpackv (tmps, dgst, gid, i + 2, dgst[2]);
unpackv (tmps, dgst, gid, i + 3, dgst[3]);
unpackv (tmps, dgst, gid, i + 4, dgst[4]);
unpackv (tmps, dgst, gid, i + 5, dgst[5]);
unpackv (tmps, dgst, gid, i + 6, dgst[6]);
unpackv (tmps, dgst, gid, i + 7, dgst[7]);
unpackv (tmps, out, gid, i + 0, out[0]);
unpackv (tmps, out, gid, i + 1, out[1]);
unpackv (tmps, out, gid, i + 2, out[2]);
unpackv (tmps, out, gid, i + 3, out[3]);
unpackv (tmps, out, gid, i + 4, out[4]);
unpackv (tmps, out, gid, i + 5, out[5]);
unpackv (tmps, out, gid, i + 6, out[6]);
unpackv (tmps, out, gid, i + 7, out[7]);
}
}
__kernel void m16900_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global pbkdf2_sha256_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const ansible_vault_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
u32 key[16] = { 0 };
key[0] = tmps[gid].out[0];
key[1] = tmps[gid].out[1];
key[2] = tmps[gid].out[2];
key[3] = tmps[gid].out[3];
key[4] = tmps[gid].out[4];
key[5] = tmps[gid].out[5];
key[6] = tmps[gid].out[6];
key[7] = tmps[gid].out[7];
sha256_hmac_ctx_t ctx;
sha256_hmac_init (&ctx, key, 32);
sha256_hmac_update_global_swap (&ctx, esalt_bufs[digests_offset].ct_data_buf, esalt_bufs[digests_offset].ct_data_len);
sha256_hmac_final(&ctx);
const u32 r0 = ctx.opad.h[DGST_R0];
const u32 r1 = ctx.opad.h[DGST_R1];
const u32 r2 = ctx.opad.h[DGST_R2];
const u32 r3 = ctx.opad.h[DGST_R3];
#define il_pos 0
#include COMPARE_M
}

View File

@ -7,6 +7,7 @@
- Added hash-mode 16700 = FileVault 2
- Added hash-mode 16800 = WPA-PMKID-PBKDF2
- Added hash-mode 16801 = WPA-PMKID-PMK
- Added hash-mode 16900 = Ansible Vault
##
## Improvements

View File

@ -531,6 +531,12 @@ typedef struct electrum_wallet
} electrum_wallet_t;
typedef struct ansible_vault
{
u32 ct_data_buf[4096];
u32 ct_data_len;
} ansible_vault_t;
typedef struct luks_tmp
{
u32 ipad32[8];
@ -1106,6 +1112,7 @@ typedef enum hash_type
HASH_TYPE_ELECTRUM_WALLET = 67,
HASH_TYPE_WPA_PMKID_PBKDF2 = 68,
HASH_TYPE_WPA_PMKID_PMK = 69,
HASH_TYPE_ANSIBLE_VAULT = 70,
} hash_type_t;
@ -1315,6 +1322,7 @@ typedef enum kern_type
KERN_TYPE_ELECTRUM_WALLET13 = 16600,
KERN_TYPE_WPA_PMKID_PBKDF2 = 16800,
KERN_TYPE_WPA_PMKID_PMK = 16801,
KERN_TYPE_ANSIBLE_VAULT = 16900,
KERN_TYPE_PLAINTEXT = 99999,
} kern_type_t;
@ -1391,6 +1399,7 @@ typedef enum rounds_count
ROUNDS_ETHEREUM_PBKDF2 = 262144 - 1,
ROUNDS_APPLE_SECURE_NOTES = 20000,
ROUNDS_ETHEREUM_PRESALE = 2000 - 1,
ROUNDS_ANSIBLE_VAULT = 10000,
ROUNDS_STDOUT = 0
} rounds_count_t;
@ -1575,6 +1584,7 @@ int electrum_wallet13_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu
int filevault2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
int wpa_pmkid_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
int wpa_pmkid_pmk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
int ansible_vault_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig);
/**
* hook functions

View File

@ -280,6 +280,7 @@ static const char *ST_HASH_16600 = "$electrum$1*44358283104603165383613672586868
static const char *ST_HASH_16700 = "$fvde$1$16$84286044060108438487434858307513$20000$f1620ab93192112f0a23eea89b5d4df065661f974b704191";
static const char *ST_HASH_16800 = "2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a";
static const char *ST_HASH_16801 = "2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4";
static const char *ST_HASH_16900 = "$ansible$0*0*6b761adc6faeb0cc0bf197d3d4a4a7d3f1682e4b169cae8fa6b459b3214ed41e*426d313c5809d4a80a4b9bc7d4823070*d8bad190c7fbc7c3cb1c60a27abfb0ff59d6fb73178681c7454d94a0f56a4360";
static const char *ST_HASH_99999 = "hashcat";
static const char *OPTI_STR_OPTIMIZED_KERNEL = "Optimized-Kernel";
@ -527,6 +528,7 @@ static const char *HT_16600 = "Electrum Wallet (Salt-Type 1-3)";
static const char *HT_16700 = "FileVault 2";
static const char *HT_16800 = "WPA-PMKID-PBKDF2";
static const char *HT_16801 = "WPA-PMKID-PMK";
static const char *HT_16900 = "Ansible Vault";
static const char *HT_99999 = "Plaintext";
static const char *HT_00011 = "Joomla < 2.5.18";
@ -677,6 +679,7 @@ static const char *SIGNATURE_APPLE_SECURE_NOTES = "$ASN$";
static const char *SIGNATURE_ETHEREUM_PRESALE = "$ethereum$w";
static const char *SIGNATURE_ELECTRUM_WALLET = "$electrum$";
static const char *SIGNATURE_FILEVAULT2 = "$fvde$";
static const char *SIGNATURE_ANSIBLE_VAULT = "$ansible$";
/**
* decoder / encoder
@ -17792,6 +17795,128 @@ int wpa_pmkid_pmk_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA
return (PARSER_OK);
}
int ansible_vault_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
{
u32 *digest = (u32 *) hash_buf->digest;
salt_t *salt = hash_buf->salt;
ansible_vault_t *ansible_vault = (ansible_vault_t *) hash_buf->esalt;
token_t token;
token.token_cnt = 6;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_ANSIBLE_VAULT;
token.len[0] = 9;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
// version (unused)
token.sep[1] = '*';
token.len_min[1] = 1;
token.len_max[1] = 1;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
// cipher (unused)
token.sep[2] = '*';
token.len_min[2] = 1;
token.len_max[2] = 1;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
token.sep[3] = '*';
token.len_min[3] = 64;
token.len_max[3] = 64;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[4] = '*';
token.len_min[4] = 32;
token.len_max[4] = 8192;
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[5] = '*';
token.len_min[5] = 64;
token.len_max[5] = 64;
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// salt
u8 *salt_pos = token.buf[3];
salt->salt_len = 32;
salt->salt_iter = ROUNDS_ANSIBLE_VAULT - 1;
salt->salt_buf[0] = hex_to_u32 (salt_pos + 0);
salt->salt_buf[1] = hex_to_u32 (salt_pos + 8);
salt->salt_buf[2] = hex_to_u32 (salt_pos + 16);
salt->salt_buf[3] = hex_to_u32 (salt_pos + 24);
salt->salt_buf[4] = hex_to_u32 (salt_pos + 32);
salt->salt_buf[5] = hex_to_u32 (salt_pos + 40);
salt->salt_buf[6] = hex_to_u32 (salt_pos + 48);
salt->salt_buf[7] = hex_to_u32 (salt_pos + 56);
salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]);
salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]);
salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]);
salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]);
salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]);
salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]);
salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]);
salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]);
// ciphertext
u8 *ct_buf_pos = token.buf[4];
int ct_buf_len = token.len[4];
u8 *ct_data_ptr = (u8 *) ansible_vault->ct_data_buf;
for (int i = 0, j = 0; j < ct_buf_len; i += 1, j += 2)
{
ct_data_ptr[i] = hex_to_u8 ((const u8 *) &ct_buf_pos[j]);
ansible_vault->ct_data_len++;
}
// hash
u8 *hash_pos = token.buf[5];
digest[0] = hex_to_u32 ((const u8 *) &hash_pos[ 0]);
digest[1] = hex_to_u32 ((const u8 *) &hash_pos[ 8]);
digest[2] = hex_to_u32 ((const u8 *) &hash_pos[16]);
digest[3] = hex_to_u32 ((const u8 *) &hash_pos[24]);
digest[4] = hex_to_u32 ((const u8 *) &hash_pos[32]);
digest[5] = hex_to_u32 ((const u8 *) &hash_pos[40]);
digest[6] = hex_to_u32 ((const u8 *) &hash_pos[48]);
digest[7] = hex_to_u32 ((const u8 *) &hash_pos[56]);
digest[0] = byte_swap_32 (digest[0]);
digest[1] = byte_swap_32 (digest[1]);
digest[2] = byte_swap_32 (digest[2]);
digest[3] = byte_swap_32 (digest[3]);
digest[4] = byte_swap_32 (digest[4]);
digest[5] = byte_swap_32 (digest[5]);
digest[6] = byte_swap_32 (digest[6]);
digest[7] = byte_swap_32 (digest[7]);
return (PARSER_OK);
}
/**
* hook functions
*/
@ -18234,6 +18359,7 @@ const char *strhashtype (const u32 hash_mode)
case 16700: return HT_16700;
case 16800: return HT_16800;
case 16801: return HT_16801;
case 16900: return HT_16900;
case 99999: return HT_99999;
}
@ -21912,6 +22038,13 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
wpa_pmkid->orig_mac_sta[4],
wpa_pmkid->orig_mac_sta[5]);
}
else if (hash_mode == 16900)
{
hashinfo_t **hashinfo_ptr = hash_info;
char *hash_buf = hashinfo_ptr[digest_cur]->orighash;
snprintf (out_buf, out_len - 1, "%s", hash_buf);
}
else if (hash_mode == 99999)
{
char *ptr = (char *) digest_buf;
@ -27090,6 +27223,24 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
hashconfig->st_pass = ST_PASS_HEX_16801;
break;
case 16900: hashconfig->hash_type = HASH_TYPE_ANSIBLE_VAULT;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_HASH_COPY;
hashconfig->kern_type = KERN_TYPE_ANSIBLE_VAULT;
hashconfig->dgst_size = DGST_SIZE_4_8;
hashconfig->parse_func = ansible_vault_parse_hash;
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
hashconfig->dgst_pos0 = 0;
hashconfig->dgst_pos1 = 1;
hashconfig->dgst_pos2 = 2;
hashconfig->dgst_pos3 = 3;
hashconfig->st_hash = ST_HASH_16900;
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
break;
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
hashconfig->salt_type = SALT_TYPE_NONE;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
@ -27313,6 +27464,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 16700: hashconfig->esalt_size = sizeof (apple_secure_notes_t); break;
case 16800: hashconfig->esalt_size = sizeof (wpa_pmkid_t); break;
case 16801: hashconfig->esalt_size = sizeof (wpa_pmkid_t); break;
case 16900: hashconfig->esalt_size = sizeof (ansible_vault_t); break;
}
// hook_salt_size
@ -27425,6 +27577,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 16700: hashconfig->tmp_size = sizeof (apple_secure_notes_tmp_t); break;
case 16800: hashconfig->tmp_size = sizeof (wpa_pbkdf2_tmp_t); break;
case 16801: hashconfig->tmp_size = sizeof (wpa_pmk_tmp_t); break;
case 16900: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
};
// hook_size
@ -27844,6 +27997,7 @@ int hashconfig_get_pw_max (hashcat_ctx_t *hashcat_ctx, const bool optimized_kern
case 16000: pw_max = 8; break; // Underlaying DES max
case 16800: pw_max = 63; break; // WPA-PMKID-PBKDF2: limits itself to 63 by RFC
case 16801: pw_max = 64; break; // WPA-PMKID-PMK: fixed length
case 16900: pw_max = PW_MAX; break;
}
return pw_max;
@ -28135,6 +28289,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 16801: memcpy (salt->salt_buf, "hashcat.net", 11);
break;
case 16900: salt->salt_len = 32;
break;
}
// special esalt handling
@ -28422,6 +28578,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 16801: salt->salt_iter = ROUNDS_WPA_PMK;
break;
case 16900: salt->salt_iter = ROUNDS_ANSIBLE_VAULT - 1;
break;
}
}

View File

@ -371,6 +371,7 @@ static const char *const USAGE_BIG[] =
" 15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers",
" 15700 | Ethereum Wallet, SCRYPT | Password Managers",
" 16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers",
" 16900 | Ansible Vault | Password Managers",
" 99999 | Plaintext | Plaintext",
"",
"- [ Outfile Formats ] -",

View File

@ -57,11 +57,11 @@ my $hashcat = "./hashcat";
my $MAX_LEN = 55;
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7701, 7800, 7801, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15900, 16000, 16100, 16200, 16300, 16400, 16500, 16600, 16700, 16800, 99999);
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7701, 7800, 7801, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15900, 16000, 16100, 16200, 16300, 16400, 16500, 16600, 16700, 16800, 16900, 99999);
my %is_utf16le = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800);
my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 3200 6300 7400 10500 10700);
my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000);
my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000 16900);
my @lotus_magic_table =
(
@ -2974,6 +2974,28 @@ sub verify
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
}
# Ansible Vault
elsif ($mode == 16900)
{
($hash_in, $word) = split ":", $line;
next unless defined $hash_in;
next unless defined $word;
my @data = split ('\*', $hash_in);
next unless scalar @data == 5;
my ($signature_tmp, $cipher, $salt, $ciphertext, $hmac) = @data;
my ($signature, undef) = split ('\$', $signature_tmp);
next unless ($signature eq "ansible");
$param = $ciphertext;
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
}
else
{
print "ERROR: hash mode is not supported\n";
@ -3437,6 +3459,14 @@ sub verify
return unless (substr ($line, 0, $len) eq $hash_out);
}
elsif ($mode == 16900)
{
$hash_out = gen_hash ($mode, $word, $salt, 0, $param);
$len = length $hash_out;
return unless (substr ($line, 0, $len) eq $hash_out);
}
else
{
$hash_out = gen_hash ($mode, $word, $salt, $iter);
@ -4018,6 +4048,10 @@ sub passthrough
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 32));
}
elsif ($mode == 16900)
{
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 64));
}
else
{
print "ERROR: Unsupported hash type\n";
@ -5136,6 +5170,20 @@ sub single
}
}
}
elsif ($mode == 16900)
{
for (my $i = 1; $i < 32; $i++)
{
if ($len != 0)
{
rnd ($mode, $len, 64);
}
else
{
rnd ($mode, $i, 64);
}
}
}
}
}
@ -7458,6 +7506,37 @@ sub gen_hash
$tmp_hash = sprintf ("sha256:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf);
}
elsif ($mode == 16900)
{
my $iterations = 10000;
my $salt_hex = substr ($salt_buf, 0, 64);
my $salt = pack ("H*", $salt_hex);
my $ciphertext = randbytes(32);
if (defined $additional_param)
{
my $ciphertext_hex = $additional_param;
$ciphertext = pack ("H*", $ciphertext_hex);
}
# actually 80 but the last 16 bytes are the IV which we don't need
my $out_len = 64;
my $pbkdf2 = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
iterations => $iterations,
output_len => $out_len
);
my $derived_key = $pbkdf2->PBKDF2 ($salt, $word_buf);
$hash_buf = hmac_hex ($ciphertext, substr ($derived_key, 32, 32), \&sha256);
$tmp_hash = sprintf ('$ansible$0*0*%s*%s*%s', unpack ("H*", $salt), unpack ("H*", $ciphertext), $hash_buf);
}
elsif ($mode == 11000)
{
$hash_buf = md5_hex ($salt_buf . $word_buf);

View File

@ -9,7 +9,7 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# missing hash types: 5200,6251,6261,6271,6281
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7701 7800 7801 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15900 16000 16100 16200 16300 16400 16500 16600 16700 16800 99999"
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7701 7800 7801 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15900 16000 16100 16200 16300 16400 16500 16600 16700 16800 16900 99999"
#ATTACK_MODES="0 1 3 6 7"
ATTACK_MODES="0 1 3 7"
@ -22,7 +22,7 @@ HASHFILE_ONLY="2500"
NEVER_CRACK="11600 14900"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 13751 13752 13753 14600 14611 14612 14613 14621 14622 14623 14631 14632 14633 14641 14642 14643 14700 14800 15100 15200 15300 15600 15700 15900 16000 16200 16300 16800"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 13751 13752 13753 14600 14611 14612 14613 14621 14622 14623 14631 14632 14633 14641 14642 14643 14700 14800 15100 15200 15300 15600 15700 15900 16000 16200 16300 16800 16900"
OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable"