1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-25 17:38:23 +00:00

Expect Hex input, removed OPTS_TYPE_PT_ALWAYS_HEXIFY, added benchmark mask.

This commit is contained in:
Michael Kruger 2021-08-02 11:40:14 +02:00
parent 39e78702e0
commit 3ba02f11ea
4 changed files with 190 additions and 129 deletions

View File

@ -493,6 +493,23 @@ DECLSPEC void transform_netntlmv1_key (const u32 w0, const u32 w1, u32 *out)
| ((k[7] & 0xff) << 24);
}
#ifdef KERNEL_STATIC
DECLSPEC u8 hex_convert (const u8 c)
{
return (c & 15) + (c >> 6) * 9;
}
DECLSPEC u8 hex_to_u8 (const u8 *hex)
{
u8 v = 0;
v |= ((u8) hex_convert (hex[1]) << 0);
v |= ((u8) hex_convert (hex[0]) << 4);
return (v);
}
#endif
typedef struct netntlm
{
u32 user_len;
@ -527,23 +544,52 @@ KERNEL_FQ void m27000_init (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
* salt
*/
tmps[gid].digest_buf[0] = pws[gid].i[ 0];
tmps[gid].digest_buf[1] = pws[gid].i[ 1];
tmps[gid].digest_buf[2] = pws[gid].i[ 2];
tmps[gid].digest_buf[3] = pws[gid].i[ 3];
u32 in[16];
in[ 0] = pws[gid].i[ 0];
in[ 1] = pws[gid].i[ 1];
in[ 2] = pws[gid].i[ 2];
in[ 3] = pws[gid].i[ 3];
in[ 4] = pws[gid].i[ 4];
in[ 5] = pws[gid].i[ 5];
in[ 6] = pws[gid].i[ 6];
in[ 7] = pws[gid].i[ 7];
u8 *in_ptr = (u8 *) in;
u32 out[4];
u8 *out_ptr = (u8 *) out;
for (int i = 0, j = 0; i < 16; i += 1, j += 2)
{
out_ptr[i] = hex_to_u8 (in_ptr + j);
}
tmps[gid].digest_buf[0] = out[ 0];
tmps[gid].digest_buf[1] = out[ 1];
tmps[gid].digest_buf[2] = out[ 2];
tmps[gid].digest_buf[3] = out[ 3];
}
KERNEL_FQ void m27000_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
/**
}
KERNEL_FQ void m27000_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
/**
* modifier
*/
const u64 lid = get_local_id (0);
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
/**
* sbox, kbox
*/
@ -598,77 +644,52 @@ KERNEL_FQ void m27000_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
const u32 c = tmps[gid].digest_buf[2];
const u32 d = tmps[gid].digest_buf[3];
// I believe this matches the last 2 bytes and throws away.
// Taken from 5500.
if ((d >> 16) != s2) return;
/**
* loop
*/
* DES1
*/
for (u32 i = 0; i < loop_cnt; i++)
{
u32 key[2];
// if ((d >> 16) != s2) continue;
transform_netntlmv1_key (a, b, key);
/**
* DES1
*/
u32 Kc[16];
u32 Kd[16];
u32 key[2];
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
transform_netntlmv1_key (a, b, key);
u32 data[2];
u32 Kc[16];
u32 Kd[16];
data[0] = s0;
data[1] = s1;
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 out1[2];
u32 data[2];
_des_crypt_encrypt (out1, data, Kc, Kd, s_SPtrans);
data[0] = s0;
data[1] = s1;
/**
* DES2
*/
u32 out1[2];
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_encrypt (out1, data, Kc, Kd, s_SPtrans);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
/**
* DES2
*/
u32 out2[2];
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 out2[2];
_des_crypt_encrypt (out2, data, Kc, Kd, s_SPtrans);
tmps[gid].digest_buf[0] = out1[0];
tmps[gid].digest_buf[1] = out1[1];
tmps[gid].digest_buf[2] = out2[0];
tmps[gid].digest_buf[3] = out2[1];
}
}
KERNEL_FQ void m27000_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
_des_crypt_encrypt (out2, data, Kc, Kd, s_SPtrans);
/**
* digest
*/
const u32 r0 = tmps[gid].digest_buf[0];
const u32 r1 = tmps[gid].digest_buf[1];
const u32 r2 = tmps[gid].digest_buf[2];
const u32 r3 = tmps[gid].digest_buf[3];
const u32 r0 = out1[0];
const u32 r1 = out1[1];
const u32 r2 = out2[0];
const u32 r3 = out2[1];
#define il_pos 0

View File

@ -20,6 +20,23 @@
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#ifdef KERNEL_STATIC
DECLSPEC u8 hex_convert (const u8 c)
{
return (c & 15) + (c >> 6) * 9;
}
DECLSPEC u8 hex_to_u8 (const u8 *hex)
{
u8 v = 0;
v |= ((u8) hex_convert (hex[1]) << 0);
v |= ((u8) hex_convert (hex[0]) << 4);
return (v);
}
#endif
typedef struct netntlm
{
u32 user_len;
@ -54,19 +71,54 @@ KERNEL_FQ void m27100_init (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
* base
*/
tmps[gid].digest_buf[0] = pws[gid].i[ 0];
tmps[gid].digest_buf[1] = pws[gid].i[ 1];
tmps[gid].digest_buf[2] = pws[gid].i[ 2];
tmps[gid].digest_buf[3] = pws[gid].i[ 3];
u32 in[16];
in[ 0] = pws[gid].i[ 0];
in[ 1] = pws[gid].i[ 1];
in[ 2] = pws[gid].i[ 2];
in[ 3] = pws[gid].i[ 3];
in[ 4] = pws[gid].i[ 4];
in[ 5] = pws[gid].i[ 5];
in[ 6] = pws[gid].i[ 6];
in[ 7] = pws[gid].i[ 7];
u8 *in_ptr = (u8 *) in;
u32 out[4];
u8 *out_ptr = (u8 *) out;
for (int i = 0, j = 0; i < 16; i += 1, j += 2)
{
out_ptr[i] = hex_to_u8 (in_ptr + j);
}
tmps[gid].digest_buf[0] = out[ 0];
tmps[gid].digest_buf[1] = out[ 1];
tmps[gid].digest_buf[2] = out[ 2];
tmps[gid].digest_buf[3] = out[ 3];
}
KERNEL_FQ void m27100_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
const u64 lid = get_local_id (0);
}
KERNEL_FQ void m27100_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
u32 w0[4];
u32 w1[4];
u32 w2[4];
@ -88,70 +140,54 @@ KERNEL_FQ void m27100_loop (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
for (u32 i = 0; i < loop_cnt; i++)
{
md5_hmac_ctx_t ctx0;
md5_hmac_ctx_t ctx0;
md5_hmac_init_64 (&ctx0, w0, w1, w2, w3);
md5_hmac_init_64 (&ctx0, w0, w1, w2, w3);
md5_hmac_update_global (&ctx0, esalt_bufs[DIGESTS_OFFSET].userdomain_buf, esalt_bufs[DIGESTS_OFFSET].user_len + esalt_bufs[DIGESTS_OFFSET].domain_len);
md5_hmac_update_global (&ctx0, esalt_bufs[DIGESTS_OFFSET].userdomain_buf, esalt_bufs[DIGESTS_OFFSET].user_len + esalt_bufs[DIGESTS_OFFSET].domain_len);
md5_hmac_final (&ctx0);
md5_hmac_final (&ctx0);
w0[0] = ctx0.opad.h[0];
w0[1] = ctx0.opad.h[1];
w0[2] = ctx0.opad.h[2];
w0[3] = ctx0.opad.h[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
w0[0] = ctx0.opad.h[0];
w0[1] = ctx0.opad.h[1];
w0[2] = ctx0.opad.h[2];
w0[3] = ctx0.opad.h[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
md5_hmac_ctx_t ctx;
md5_hmac_ctx_t ctx;
md5_hmac_init_64 (&ctx, w0, w1, w2, w3);
md5_hmac_init_64 (&ctx, w0, w1, w2, w3);
md5_hmac_update_global (&ctx, esalt_bufs[DIGESTS_OFFSET].chall_buf, esalt_bufs[DIGESTS_OFFSET].srvchall_len + esalt_bufs[DIGESTS_OFFSET].clichall_len);
md5_hmac_update_global (&ctx, esalt_bufs[DIGESTS_OFFSET].chall_buf, esalt_bufs[DIGESTS_OFFSET].srvchall_len + esalt_bufs[DIGESTS_OFFSET].clichall_len);
md5_hmac_final (&ctx);
md5_hmac_final (&ctx);
tmps[gid].digest_buf[0] = ctx.opad.h[0];
tmps[gid].digest_buf[1] = ctx.opad.h[1];
tmps[gid].digest_buf[2] = ctx.opad.h[2];
tmps[gid].digest_buf[3] = ctx.opad.h[3];
}
}
tmps[gid].digest_buf[0] = ctx.opad.h[0];
tmps[gid].digest_buf[1] = ctx.opad.h[1];
tmps[gid].digest_buf[2] = ctx.opad.h[2];
tmps[gid].digest_buf[3] = ctx.opad.h[3];
KERNEL_FQ void m27100_comp (KERN_ATTR_TMPS_ESALT (netntlm_tmp_t, netntlm_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
const u64 lid = get_local_id (0);
/**
* digest
*/
const u32 r0 = tmps[gid].digest_buf[DGST_R0];
const u32 r1 = tmps[gid].digest_buf[DGST_R1];
const u32 r2 = tmps[gid].digest_buf[DGST_R2];
const u32 r3 = tmps[gid].digest_buf[DGST_R3];
const u32 r0 = ctx.opad.h[DGST_R0];
const u32 r1 = ctx.opad.h[DGST_R1];
const u32 r2 = ctx.opad.h[DGST_R2];
const u32 r3 = ctx.opad.h[DGST_R3];
#define il_pos 0

View File

@ -26,10 +26,9 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_PT_ADD80
| OPTS_TYPE_PT_ADDBITS14
| OPTS_TYPE_PT_UTF16LE
| OPTS_TYPE_ST_HEX
| OPTS_TYPE_PT_ALWAYS_HEXIFY;
| OPTS_TYPE_ST_HEX;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "\xb4\xb9\xb0\x2e\x6f\x09\xa9\xbd\x76\x0f\x38\x8b\x67\x35\x1e\x2b";
static const char *ST_PASS = "b4b9b02e6f09a9bd760f388b67351e2b";
static const char *ST_HASH = "::5V4T:ada06359242920a500000000000000000000000000000000:0556d5297b5daa70eaffde82ef99293a3f3bb59b7c9704ea:9c23f6c094853920";
typedef struct netntlm
@ -334,9 +333,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_buf[0] = rotl32 (salt->salt_buf[0], 3);
salt->salt_buf[1] = rotl32 (salt->salt_buf[1], 3);
// Why my _loop wasnt being called and what was causing me such confusion :D
salt->salt_iter = 1;
return (PARSER_OK);
}
@ -420,18 +416,24 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 16; // Length of a NT hash
const u32 pw_max = 32; // Length of a NT hash
return pw_max;
}
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 16; // Length of a NT hash
const u32 pw_min = 32; // Length of a NT hash
return pw_min;
}
const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxx";
return mask;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
@ -440,7 +442,7 @@ void module_init (module_ctx_t *module_ctx)
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = module_benchmark_mask;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;

View File

@ -26,10 +26,9 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_PT_ADD80
| OPTS_TYPE_PT_ADDBITS14
| OPTS_TYPE_PT_UTF16LE
| OPTS_TYPE_ST_HEX
| OPTS_TYPE_PT_ALWAYS_HEXIFY;
| OPTS_TYPE_ST_HEX;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "\xb4\xb9\xb0\x2e\x6f\x09\xa9\xbd\x76\x0f\x38\x8b\x67\x35\x1e\x2b";
static const char *ST_PASS = "b4b9b02e6f09a9bd760f388b67351e2b";
static const char *ST_HASH = "0UL5G37JOI0SX::6VB1IS0KA74:ebe1afa18b7fbfa6:aab8bf8675658dd2a939458a1077ba08:010100000000000031c8aa092510945398b9f7b7dde1a9fb00000000f7876f2b04b700";
typedef struct netntlm
@ -241,9 +240,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = 16;
// Why my _loop wasnt being called and what was causing me such confusion :D
salt->salt_iter = 1;
return (PARSER_OK);
}
@ -316,18 +312,24 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 16; // Length of a NT hash
const u32 pw_max = 32; // Length of a NT hash
return pw_max;
}
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 16; // Length of a NT hash
const u32 pw_min = 32; // Length of a NT hash
return pw_min;
}
const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const char *mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxx";
return mask;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
@ -336,7 +338,7 @@ void module_init (module_ctx_t *module_ctx)
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = module_benchmark_mask;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;