mirror of
https://github.com/hashcat/hashcat.git
synced 2025-01-11 08:10:59 +00:00
Add support for TOTP (RFC 6238)
This commit is contained in:
parent
1b980cf010
commit
3d0f1626ed
225
OpenCL/m17300_a3-pure.cl
Normal file
225
OpenCL/m17300_a3-pure.cl
Normal file
@ -0,0 +1,225 @@
|
||||
/**
|
||||
* Author......: See docs/credits.txt
|
||||
* License.....: MIT
|
||||
*/
|
||||
|
||||
#define NEW_SIMD_CODE
|
||||
|
||||
#include "inc_vendor.cl"
|
||||
#include "inc_hash_constants.h"
|
||||
#include "inc_hash_functions.cl"
|
||||
#include "inc_types.cl"
|
||||
#include "inc_common.cl"
|
||||
#include "inc_simd.cl"
|
||||
#include "inc_hash_sha1.cl"
|
||||
|
||||
__kernel void m17300_mxx (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __constant const u32x *words_buf_r, __global void *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const void *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
|
||||
{
|
||||
/**
|
||||
* modifier
|
||||
*/
|
||||
|
||||
const u64 lid = get_local_id (0);
|
||||
const u64 gid = get_global_id (0);
|
||||
|
||||
if (gid >= gid_max) return;
|
||||
|
||||
/**
|
||||
* base
|
||||
*/
|
||||
|
||||
const u32 pw_len = pws[gid].pw_len;
|
||||
|
||||
u32x w[64] = { 0 };
|
||||
|
||||
for (int i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
|
||||
{
|
||||
w[idx] = pws[gid].i[idx];
|
||||
}
|
||||
|
||||
const u32 salt_len = salt_bufs[salt_pos].salt_len;
|
||||
|
||||
u32x s[64] = { 0 };
|
||||
|
||||
for (int i = 0, idx = 0; i < salt_len; i += 4, idx += 1)
|
||||
{
|
||||
s[idx] = swap32_S (salt_bufs[salt_pos].salt_buf[idx]);
|
||||
}
|
||||
|
||||
/**
|
||||
* loop
|
||||
*/
|
||||
|
||||
u32x w0l = w[0];
|
||||
|
||||
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
|
||||
{
|
||||
const u32x w0r = words_buf_r[il_pos / VECT_SIZE];
|
||||
|
||||
const u32x w0 = w0l | w0r;
|
||||
|
||||
w[0] = w0;
|
||||
|
||||
sha1_hmac_ctx_vector_t ctx;
|
||||
|
||||
sha1_hmac_init_vector (&ctx, w, pw_len);
|
||||
|
||||
sha1_hmac_update_vector (&ctx, s, salt_len);
|
||||
|
||||
sha1_hmac_final_vector (&ctx);
|
||||
|
||||
// ------- PUT TOTP HERE ------- //
|
||||
// calculate the offset using the least 4 bits of the last byte of our hash
|
||||
const int otp_offset = ctx.opad.h[4] & 0xf;
|
||||
|
||||
// initialize a buffer for the otp code
|
||||
unsigned int otp_code = 0;
|
||||
|
||||
// grab 4 consecutive bytes of the hash, starting at offset
|
||||
switch(otp_offset%4)
|
||||
{
|
||||
case 1:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xffffff) << 8) | ((ctx.opad.h[otp_offset/4+1] % 0xffffff00) >> 24);
|
||||
break;
|
||||
case 2:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xffff) << 16) | ((ctx.opad.h[otp_offset/4+1] % 0xffff0000) >> 16);
|
||||
break;
|
||||
case 3:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xff) << 24) | ((ctx.opad.h[otp_offset/4+1] % 0xffffff00) >> 8);
|
||||
break;
|
||||
default:
|
||||
otp_code = ctx.opad.h[otp_offset/4];
|
||||
break;
|
||||
}
|
||||
// take only the lower 31 bits
|
||||
otp_code &= 0x7fffffff;
|
||||
// we want to generate only 6 digits of code
|
||||
otp_code %= 1000000;
|
||||
|
||||
const u32x r0 = ctx.opad.h[DGST_R0];
|
||||
const u32x r1 = ctx.opad.h[DGST_R1];
|
||||
const u32x r2 = ctx.opad.h[DGST_R2];
|
||||
const u32x r3 = ctx.opad.h[DGST_R3];
|
||||
|
||||
COMPARE_M_SIMD (otp_code, 0, 0, 0);
|
||||
//COMPARE_M_SIMD (r0, r1, r2, r3);
|
||||
}
|
||||
}
|
||||
|
||||
__kernel void m17300_sxx (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __constant const u32x *words_buf_r, __global void *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const void *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
|
||||
{
|
||||
/**
|
||||
* modifier
|
||||
*/
|
||||
|
||||
const u64 lid = get_local_id (0);
|
||||
const u64 gid = get_global_id (0);
|
||||
|
||||
if (gid >= gid_max) return;
|
||||
|
||||
/**
|
||||
* digest
|
||||
*/
|
||||
|
||||
const u32 search[4] =
|
||||
{
|
||||
digests_buf[digests_offset].digest_buf[DGST_R0],
|
||||
digests_buf[digests_offset].digest_buf[DGST_R1],
|
||||
digests_buf[digests_offset].digest_buf[DGST_R2],
|
||||
digests_buf[digests_offset].digest_buf[DGST_R3]
|
||||
};
|
||||
|
||||
/**
|
||||
* base
|
||||
*/
|
||||
|
||||
const u32 pw_len = pws[gid].pw_len;
|
||||
|
||||
u32x w[64] = { 0 };
|
||||
|
||||
for (int i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
|
||||
{
|
||||
w[idx] = pws[gid].i[idx];
|
||||
}
|
||||
|
||||
const u32 salt_len = salt_bufs[salt_pos].salt_len;
|
||||
|
||||
u32x s[64] = { 0 };
|
||||
|
||||
for (int i = 0, idx = 0; i < salt_len; i += 4, idx += 1)
|
||||
{
|
||||
s[idx] = swap32_S (salt_bufs[salt_pos].salt_buf[idx]);
|
||||
}
|
||||
|
||||
/**
|
||||
* loop
|
||||
*/
|
||||
|
||||
u32x w0l = w[0];
|
||||
|
||||
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
|
||||
{
|
||||
const u32x w0r = words_buf_r[il_pos / VECT_SIZE];
|
||||
|
||||
const u32x w0 = w0l | w0r;
|
||||
|
||||
w[0] = w0;
|
||||
|
||||
sha1_hmac_ctx_vector_t ctx;
|
||||
|
||||
sha1_hmac_init_vector (&ctx, w, pw_len);
|
||||
|
||||
sha1_hmac_update_vector (&ctx, s, salt_len);
|
||||
|
||||
sha1_hmac_final_vector (&ctx);
|
||||
//printf("%d ", sizeof(ctx.opad.h));
|
||||
|
||||
// ------- PUT TOTP HERE ------- //
|
||||
// calculate the offset using the least 4 bits of the last byte of our hash
|
||||
const int otp_offset = ctx.opad.h[4] & 0xf;
|
||||
|
||||
// initialize a buffer for the otp code
|
||||
unsigned int otp_code = 0;
|
||||
|
||||
// grab 4 consecutive bytes of the hash, starting at offset
|
||||
switch(otp_offset%4)
|
||||
{
|
||||
case 1:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xffffff) << 8) | ((ctx.opad.h[otp_offset/4+1] % 0xffffff00) >> 24);
|
||||
break;
|
||||
case 2:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xffff) << 16) | ((ctx.opad.h[otp_offset/4+1] % 0xffff0000) >> 16);
|
||||
break;
|
||||
case 3:
|
||||
otp_code = ((ctx.opad.h[otp_offset/4] & 0xff) << 24) | ((ctx.opad.h[otp_offset/4+1] % 0xffffff00) >> 8);
|
||||
break;
|
||||
default:
|
||||
otp_code = ctx.opad.h[otp_offset/4];
|
||||
break;
|
||||
}
|
||||
// take only the lower 31 bits
|
||||
otp_code &= 0x7fffffff;
|
||||
// we want to generate only 6 digits of code
|
||||
otp_code %= 1000000;
|
||||
|
||||
const u32x r0 = ctx.opad.h[DGST_R0];
|
||||
const u32x r1 = ctx.opad.h[DGST_R1];
|
||||
const u32x r2 = ctx.opad.h[DGST_R2];
|
||||
const u32x r3 = ctx.opad.h[DGST_R3];
|
||||
|
||||
if( ctx.opad.h[0] == 0xc085d274)
|
||||
//if( ctx.opad.h[0] == 0x50184678)
|
||||
//if( ctx.opad.h[0] == 0x8e664b2e)
|
||||
{
|
||||
//printf(" [[ %d %d %d %d ]]\n ", ctx.opad.h[otp_offset], ctx.opad.h[otp_offset +1], ctx.opad.h[otp_offset +2], ctx.opad.h[otp_offset +3]);
|
||||
//printf(" MAXX:: %d %d\n", pw_len, salt_len);
|
||||
//printf(" SRCH:: %x\n", search[0]);
|
||||
//printf(" SRCH:: %x\n", search[1]);
|
||||
//printf(" SRCH:: %x\n", search[2]);
|
||||
//printf(" SRCH:: %x\n", search[3]);
|
||||
//printf(" CODE:: %x\n", otp_code);
|
||||
}
|
||||
COMPARE_S_SIMD (otp_code, 0, 0, 0);
|
||||
//COMPARE_S_SIMD (r0, r1, r2, r3);
|
||||
}
|
||||
}
|
@ -1325,6 +1325,7 @@ typedef enum kern_type
|
||||
KERN_TYPE_WPA_PMKID_PBKDF2 = 16800,
|
||||
KERN_TYPE_WPA_PMKID_PMK = 16801,
|
||||
KERN_TYPE_ANSIBLE_VAULT = 16900,
|
||||
KERN_TYPE_TOTP_HMACSHA1 = 17300,
|
||||
KERN_TYPE_PLAINTEXT = 99999,
|
||||
|
||||
} kern_type_t;
|
||||
|
15
src/hashes.c
15
src/hashes.c
@ -275,6 +275,21 @@ void check_hash (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, pl
|
||||
|
||||
build_plain (hashcat_ctx, device_param, plain, plain_buf, &plain_len);
|
||||
|
||||
// TOTP should be base32 encoded
|
||||
if (hashcat_ctx->hashconfig->hash_mode == KERN_TYPE_TOTP_HMACSHA1)
|
||||
{
|
||||
// we need a temp buffer for the base32 encoding
|
||||
u32 temp_buf[64] = { 0 };
|
||||
u8 *temp_ptr = (u8 *) temp_buf;
|
||||
|
||||
// encode our plain
|
||||
base32_encode (int_to_base32, (const u8 *) plain_ptr, plain_len, (u8 *) temp_buf);
|
||||
plain_len = strlen((const char *) temp_buf);
|
||||
|
||||
// copy the base32 content into our plain buffer
|
||||
plain_ptr = (u8 *) strdup((const char *) temp_ptr);
|
||||
}
|
||||
|
||||
// crackpos
|
||||
|
||||
u64 crackpos = 0;
|
||||
|
@ -281,6 +281,7 @@ static const char *ST_HASH_16700 = "$fvde$1$16$84286044060108438487434858307513$
|
||||
static const char *ST_HASH_16800 = "2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a";
|
||||
static const char *ST_HASH_16801 = "2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4";
|
||||
static const char *ST_HASH_16900 = "$ansible$0*0*6b761adc6faeb0cc0bf197d3d4a4a7d3f1682e4b169cae8fa6b459b3214ed41e*426d313c5809d4a80a4b9bc7d4823070*d8bad190c7fbc7c3cb1c60a27abfb0ff59d6fb73178681c7454d94a0f56a4360";
|
||||
static const char *ST_HASH_17300 = "597056:3600";
|
||||
static const char *ST_HASH_99999 = "hashcat";
|
||||
|
||||
static const char *OPTI_STR_OPTIMIZED_KERNEL = "Optimized-Kernel";
|
||||
@ -529,6 +530,7 @@ static const char *HT_16700 = "FileVault 2";
|
||||
static const char *HT_16800 = "WPA-PMKID-PBKDF2";
|
||||
static const char *HT_16801 = "WPA-PMKID-PMK";
|
||||
static const char *HT_16900 = "Ansible Vault";
|
||||
static const char *HT_17300 = "TOTP (HMAC-SHA1)";
|
||||
static const char *HT_99999 = "Plaintext";
|
||||
|
||||
static const char *HT_00011 = "Joomla < 2.5.18";
|
||||
@ -5142,6 +5144,74 @@ int sha1s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int totp_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
|
||||
{
|
||||
// this is going to start off like HMAC-SHA1
|
||||
u32 *digest = (u32 *) hash_buf->digest;
|
||||
|
||||
salt_t *salt = hash_buf->salt;
|
||||
|
||||
token_t token;
|
||||
|
||||
token.token_cnt = 2;
|
||||
|
||||
token.sep[0] = hashconfig->separator;
|
||||
token.len_min[0] = 6;
|
||||
token.len_max[0] = 6;
|
||||
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
token.len_min[1] = SALT_MIN;
|
||||
token.len_max[1] = SALT_MAX;
|
||||
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
|
||||
|
||||
if (hashconfig->opts_type & OPTS_TYPE_ST_HEX)
|
||||
{
|
||||
token.len_min[1] *= 2;
|
||||
token.len_max[1] *= 2;
|
||||
|
||||
token.attr[1] |= TOKEN_ATTR_VERIFY_HEX;
|
||||
}
|
||||
|
||||
const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token);
|
||||
|
||||
// now we need to reduce our hash into a token
|
||||
int otp_code = 0;
|
||||
for (int i = 0; i < 6; i++)
|
||||
{
|
||||
otp_code = otp_code * 10 + itoa32_to_int(input_buf[i]);
|
||||
}
|
||||
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
|
||||
|
||||
u8 *hash_pos = token.buf[0];
|
||||
|
||||
digest[1] = otp_code;
|
||||
|
||||
u8 *salt_pos = token.buf[1];
|
||||
int salt_len = token.len[1];
|
||||
|
||||
// convert ascii timestamp to ulong timestamp
|
||||
unsigned long timestamp = 0;
|
||||
for(int i = 0; i<salt_len; i++)
|
||||
{
|
||||
timestamp = timestamp * 10 + ( *(salt_pos + i) - '0');
|
||||
}
|
||||
|
||||
// divide our timestamp by our step. We will use the RFC 6238 default of 30 for now
|
||||
timestamp /= 30;
|
||||
|
||||
// convert counter to 8-byte salt
|
||||
for (int i = 2; i--; timestamp >>= 32)
|
||||
{
|
||||
salt->salt_buf[i] = byte_swap_32(timestamp);
|
||||
}
|
||||
|
||||
// our salt will always be 8 bytes
|
||||
salt->salt_len = 8;
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
int pstoken_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
|
||||
{
|
||||
u32 *digest = (u32 *) hash_buf->digest;
|
||||
@ -18387,6 +18457,7 @@ const char *strhashtype (const u32 hash_mode)
|
||||
case 16800: return HT_16800;
|
||||
case 16801: return HT_16801;
|
||||
case 16900: return HT_16900;
|
||||
case 17300: return HT_17300;
|
||||
case 99999: return HT_99999;
|
||||
}
|
||||
|
||||
@ -22102,6 +22173,14 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
|
||||
byte_swap_32 (digest_buf[6]),
|
||||
byte_swap_32 (digest_buf[7]));
|
||||
}
|
||||
else if (hash_mode == 17300)
|
||||
{
|
||||
// salt_buf[1] holds our 32 bit value. salt_buf[0] and salt_buf[1] would be 64 bits.
|
||||
// for now, we only need to worry about 32 bit counters.
|
||||
// we also need to multiply salt by our step to see the floor of our original timestamp range.
|
||||
// again, we will use the default RFC 6238 step of 30.
|
||||
snprintf (out_buf, out_len - 1, "%d:%d", digest_buf[1], byte_swap_32(salt.salt_buf[1]) * 30);
|
||||
}
|
||||
else if (hash_mode == 99999)
|
||||
{
|
||||
char *ptr = (char *) digest_buf;
|
||||
@ -27299,6 +27378,25 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
||||
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
|
||||
break;
|
||||
|
||||
case 17300: hashconfig->hash_type = HASH_TYPE_SHA1;
|
||||
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
|
||||
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
|
||||
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_BE
|
||||
| OPTS_TYPE_PT_ADD80
|
||||
| OPTS_TYPE_PT_ADDBITS15;
|
||||
hashconfig->kern_type = KERN_TYPE_TOTP_HMACSHA1;
|
||||
hashconfig->dgst_size = DGST_SIZE_4_5;
|
||||
hashconfig->parse_func = totp_parse_hash;
|
||||
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
|
||||
| OPTI_TYPE_NOT_ITERATED;
|
||||
hashconfig->dgst_pos0 = 1;
|
||||
hashconfig->dgst_pos1 = 2;
|
||||
hashconfig->dgst_pos2 = 3;
|
||||
hashconfig->dgst_pos3 = 4;
|
||||
hashconfig->st_hash = ST_HASH_17300;
|
||||
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
|
||||
break;
|
||||
|
||||
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
|
||||
hashconfig->salt_type = SALT_TYPE_NONE;
|
||||
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
|
||||
|
@ -170,6 +170,7 @@ static const char *const USAGE_BIG[] =
|
||||
" 60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated",
|
||||
" 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated",
|
||||
" 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated",
|
||||
" 17300 | TOTP (HMAC-SHA1) | Raw Hash, Authenticated",
|
||||
" 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated",
|
||||
" 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated",
|
||||
" 1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated",
|
||||
|
Loading…
Reference in New Issue
Block a user