1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-23 15:18:16 +00:00

Merge pull request #249 from Fist0urs/AxCrypt_format

New format -m 13200 AxCrypt
This commit is contained in:
Jens Steube 2016-03-02 10:07:17 +01:00
commit 3fc7620dec
9 changed files with 1497 additions and 5 deletions

1230
OpenCL/m13200.cl Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1373,6 +1373,8 @@ typedef struct
u32 digest_buf[4];
#elif defined _KRB5TGS_
u32 digest_buf[4];
#elif defined _AXCRYPT_
u32 digest_buf[4];
#endif
} digest_t;
@ -1902,6 +1904,15 @@ typedef struct
} seven_zip_tmp_t;
typedef struct
{
u32 KEK[5];
u32 lsb[4];
u32 cipher[4];
} axcrypt_tmp_t;
typedef struct
{
u32 Kc[16];

View File

@ -19,6 +19,10 @@ File.: Kernel
Desc.: Added new hash mode -m 13100 = Kerberos 5 TGS-REP etype 23
Issue: 81
Type.: Feature
File.: Kernel
Desc.: Added new hash mode -m 13200 = AxCrypt
Type.: Feature
File.: Kernel
Desc.: Extended support from 14 to 255 functions calls per rule on GPU

View File

@ -363,6 +363,7 @@ extern hc_thread_mutex_t mux_display;
#define HT_12900 "Android FDE (Samsung DEK)"
#define HT_13000 "RAR5"
#define HT_13100 "Kerberos 5 TGS-REP etype 23"
#define HT_13200 "AxCrypt"
#define HT_00011 "Joomla < 2.5.18"
#define HT_00012 "PostgreSQL"
@ -698,6 +699,8 @@ extern hc_thread_mutex_t mux_display;
#define DISPLAY_LEN_MAX_13000 1 + 4 + 1 + 2 + 1 + 32 + 1 + 2 + 1 + 32 + 1 + 1 + 1 + 16
#define DISPLAY_LEN_MIN_13100 1 + 7 + 1 + 2 + 1 + 0 + 0 + 32 + 1 + 64
#define DISPLAY_LEN_MAX_13100 1 + 7 + 1 + 2 + 1 + 2 + 512 + 1 + 32 + 1 + 20480
#define DISPLAY_LEN_MIN_13200 1 + 7 + 1 + 1 + 1 + 1 + 1 + 1 + 32 + 1 + 48
#define DISPLAY_LEN_MAX_13200 1 + 7 + 1 + 1 + 1 + 1 + 50 + 1 + 32 + 1 + 48 + 1 + 20480
#define DISPLAY_LEN_MIN_11 32 + 1 + 16
#define DISPLAY_LEN_MAX_11 32 + 1 + 32
@ -958,6 +961,7 @@ extern hc_thread_mutex_t mux_display;
#define KERN_TYPE_ANDROIDFDE_SAMSUNG 12900
#define KERN_TYPE_RAR5 13000
#define KERN_TYPE_KRB5TGS 13100
#define KERN_TYPE_AXCRYPT 13200
/**
* signatures
@ -1028,6 +1032,7 @@ extern hc_thread_mutex_t mux_display;
#define SIGNATURE_MS_DRSR "v1;PPH1_MD4"
#define SIGNATURE_RAR5 "$rar5$"
#define SIGNATURE_KRB5TGS "$krb5tgs$23"
#define SIGNATURE_AXCRYPT "$axcrypt$*1"
/**
* Default iteration numbers
@ -1079,6 +1084,7 @@ extern hc_thread_mutex_t mux_display;
#define ROUNDS_MS_DRSR 100
#define ROUNDS_ANDROIDFDE_SAMSUNG 4096
#define ROUNDS_RAR5 (1 << 15)
#define ROUNDS_AXCRYPT 10000
/**
* salt types
@ -1588,6 +1594,7 @@ int cf10_parse_hash (char *input_buf, uint input_len, hash_t *hash
int mywallet_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf);
int ms_drsr_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf);
int androidfde_samsung_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf);
int axcrypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf);
void load_kernel (const char *kernel_file, int num_devices, size_t *kernel_lengths, const u8 **kernel_sources);
void writeProgramBin (char *dst, u8 *binary, size_t binary_size);

View File

@ -587,6 +587,15 @@ typedef struct
} seven_zip_t;
typedef struct
{
u32 KEK[5];
u32 lsb[4];
u32 cipher[4];
} axcrypt_tmp_t;
typedef struct
{
u32 random[2];

View File

@ -137,7 +137,7 @@ double TARGET_MS_PROFILE[3] = { 8, 16, 96 };
#define MAX_DICTSTAT 10000
#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 131
#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 132
#define global_free(attr) \
{ \
@ -260,6 +260,7 @@ static uint default_benchmark_algorithms[NUM_DEFAULT_BENCHMARK_ALGORITHMS] =
11600,
12500,
13000,
13200,
6211,
6221,
6231,
@ -685,6 +686,7 @@ const char *USAGE_BIG[] =
" 11600 = 7-Zip",
" 12500 = RAR3-hp",
" 13000 = RAR5",
" 13200 = AxCrypt",
"",
"[[ Full-Disk encryptions (FDE) ]]",
"",
@ -5965,7 +5967,7 @@ int main (int argc, char **argv)
return (-1);
}
if (hash_mode_chgd && hash_mode > 13100) // just added to remove compiler warnings for hash_mode_chgd
if (hash_mode_chgd && hash_mode > 13200) // just added to remove compiler warnings for hash_mode_chgd
{
log_error ("ERROR: Invalid hash-type specified");
@ -10215,6 +10217,21 @@ int main (int argc, char **argv)
dgst_pos3 = 3;
break;
case 13200: hash_type = HASH_TYPE_AES;
salt_type = SALT_TYPE_EMBEDDED;
attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
opts_type = OPTS_TYPE_PT_GENERATE_LE;
kern_type = KERN_TYPE_AXCRYPT;
dgst_size = DGST_SIZE_4_4;
parse_func = axcrypt_parse_hash;
sort_by_digest = sort_by_digest_4_4;
opti_type = OPTI_TYPE_ZERO_BYTE;
dgst_pos0 = 0;
dgst_pos1 = 1;
dgst_pos2 = 2;
dgst_pos3 = 3;
break;
default: usage_mini_print (PROGNAME); return (-1);
}
@ -11551,6 +11568,8 @@ int main (int argc, char **argv)
break;
case 13000: hashes_buf[0].salt->salt_iter = ROUNDS_RAR5 - 1;
break;
case 13200: hashes_buf[0].salt->salt_iter = ROUNDS_AXCRYPT;
break;
}
hashes_cnt = 1;
@ -13648,6 +13667,7 @@ int main (int argc, char **argv)
case 12800: size_tmps = kernel_power_max * sizeof (pbkdf2_sha256_tmp_t); break;
case 12900: size_tmps = kernel_power_max * sizeof (pbkdf2_sha256_tmp_t); break;
case 13000: size_tmps = kernel_power_max * sizeof (pbkdf2_sha256_tmp_t); break;
case 13200: size_tmps = kernel_power_max * sizeof (axcrypt_tmp_t); break;
};
// size_hooks

View File

@ -5849,6 +5849,7 @@ char *strhashtype (const uint hash_mode)
case 12900: return ((char *) HT_12900); break;
case 13000: return ((char *) HT_13000); break;
case 13100: return ((char *) HT_13100); break;
case 13200: return ((char *) HT_13200); break;
}
return ((char *) "Unknown");
@ -8321,6 +8322,22 @@ void ascii_digest (char out_buf[4096], uint salt_pos, uint digest_pos)
data,
data + 33);
}
else if (hash_mode == 13200)
{
snprintf (out_buf, len-1, "%s*%d*%08x%08x%08x%08x*%08x%08x%08x%08x%08x%08x",
SIGNATURE_AXCRYPT,
salt.salt_iter,
salt.salt_buf[0],
salt.salt_buf[1],
salt.salt_buf[2],
salt.salt_buf[3],
salt.salt_buf[4],
salt.salt_buf[5],
salt.salt_buf[6],
salt.salt_buf[7],
salt.salt_buf[8],
salt.salt_buf[9]);
}
else
{
if (hash_type == HASH_TYPE_MD4)
@ -18844,6 +18861,81 @@ int krb5tgs_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
return (PARSER_OK);
}
int axcrypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
{
if ((input_len < DISPLAY_LEN_MIN_13200) || (input_len > DISPLAY_LEN_MAX_13200)) return (PARSER_GLOBAL_LENGTH);
if (memcmp (SIGNATURE_AXCRYPT, input_buf, 11)) return (PARSER_SIGNATURE_UNMATCHED);
u32 *digest = (u32 *) hash_buf->digest;
salt_t *salt = hash_buf->salt;
/**
* parse line
*/
/* Skip '*' */
char *wrapping_rounds_pos = input_buf + 11 + 1;
char *salt_pos;
char *wrapped_key_pos;
char *data_pos;
salt->salt_iter = atoi (wrapping_rounds_pos);
salt_pos = strchr (wrapping_rounds_pos, '*');
if (salt_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
uint wrapping_rounds_len = salt_pos - wrapping_rounds_pos;
/* Skip '*' */
salt_pos++;
data_pos = salt_pos;
wrapped_key_pos = strchr (salt_pos, '*');
if (wrapped_key_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
uint salt_len = wrapped_key_pos - salt_pos;
if (salt_len != 32) return (PARSER_SALT_LENGTH);
/* Skip '*' */
wrapped_key_pos++;
uint wrapped_key_len = input_len - 11 - 1 - wrapping_rounds_len - 1 - salt_len - 1;
if (wrapped_key_len != 48) return (PARSER_SALT_LENGTH);
salt->salt_buf[0] = hex_to_u32 ((const u8 *) &data_pos[ 0]);
salt->salt_buf[1] = hex_to_u32 ((const u8 *) &data_pos[ 8]);
salt->salt_buf[2] = hex_to_u32 ((const u8 *) &data_pos[16]);
salt->salt_buf[3] = hex_to_u32 ((const u8 *) &data_pos[24]);
data_pos += 33;
salt->salt_buf[4] = hex_to_u32 ((const u8 *) &data_pos[ 0]);
salt->salt_buf[5] = hex_to_u32 ((const u8 *) &data_pos[ 8]);
salt->salt_buf[6] = hex_to_u32 ((const u8 *) &data_pos[16]);
salt->salt_buf[7] = hex_to_u32 ((const u8 *) &data_pos[24]);
salt->salt_buf[8] = hex_to_u32 ((const u8 *) &data_pos[32]);
salt->salt_buf[9] = hex_to_u32 ((const u8 *) &data_pos[40]);
salt->salt_len = 40;
digest[0] = salt->salt_buf[0];
digest[1] = salt->salt_buf[1];
digest[2] = salt->salt_buf[2];
digest[3] = salt->salt_buf[3];
return (PARSER_OK);
}
int cf10_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
{
if ((input_len < DISPLAY_LEN_MIN_12600) || (input_len > DISPLAY_LEN_MAX_12600)) return (PARSER_GLOBAL_LENGTH);

View File

@ -44,7 +44,7 @@ my $hashcat = "./oclHashcat";
my $MAX_LEN = 55;
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100);
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 130, 131, 132, 140, 141, 150, 160, 190, 200, 300, 400, 500, 900, 1000, 1100, 1400, 1410, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7100, 7200, 7300, 7400, 7500, 7600, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200);
my %is_unicode = map { $_ => 1 } qw(30 40 130 131 132 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800);
my %less_fifteen = map { $_ => 1 } qw(500 1600 1800 2400 2410 3200 6300 7400 10500 10700);
@ -2240,6 +2240,33 @@ sub verify
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
}
elsif ($mode == 13200)
{
($hash_in, $word) = split '\*', $line;
next unless defined $hash_in;
next unless defined $word;
my @data = split ('\*', $hash_in);
next unless scalar @data == 5;
shift @data;
my $signature = shift @data;
my $version = shift @data;
my $iteration = shift @data;
my $mysalt = shift @data;
my $digest = shift @data;
next unless ($signature eq '$axcrypt$');
next unless (length ($mysalt) == 32);
next unless (length ($digest) == 48);
$salt = $iteration . '*' . $mysalt;
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
}
else
{
print "ERROR: hash mode is not supported\n";
@ -2530,6 +2557,14 @@ sub verify
return unless (substr ($line, 0, $len) eq $hash_out);
}
elsif ($mode == 13200)
{
$hash_out = gen_hash ($mode, $word, $salt);
$len = length $hash_out;
return unless (substr ($line, 0, $len) eq $hash_out);
}
else
{
$hash_out = gen_hash ($mode, $word, $salt, $iter);
@ -2956,6 +2991,12 @@ sub passthrough
$tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
}
elsif ($mode == 13200)
{
$salt_buf = get_random_axcrypt_salt ();
$tmp_hash = gen_hash ($mode, $word_buf, $salt_buf);
}
else
{
print "ERROR: Unsupported hash type\n";
@ -3697,6 +3738,20 @@ sub single
}
}
}
elsif ($mode == 13200)
{
for (my $i = 1; $i < 32; $i++)
{
if ($len != 0)
{
rnd ($mode, $len, 32);
}
else
{
rnd ($mode, $i, 32);
}
}
}
}
}
@ -6706,6 +6761,53 @@ END_CODE
$tmp_hash = sprintf ('$krb5tgs$23$*%s$%s$%s*$%s$%s', $user, $realm, $spn, unpack ("H*", $checksum), unpack ("H*", $edata2));
}
elsif ($mode == 13200)
{
my @salt_arr = split ('\*', $salt_buf);
my $iteration = $salt_arr[0];
my $mysalt = $salt_arr[1];
$mysalt = pack ("H*", $mysalt);
my $DEK = randbytes (16);
my $iv = "a6a6a6a6a6a6a6a6";
my $KEK = sha1($word_buf);
$KEK = substr ($KEK ^ $mysalt, 0, 16);
my $aes = Crypt::Mode::ECB->new ('AES');
my @R = ('', substr(pack ("H*",$DEK),0,8), substr(pack ("H*",$DEK),8,16));
my $B;
my $A = pack ("H*", $iv);
for (my $j = 0; $j < $iteration; $j++)
{
$B = $aes->encrypt ($A . $R[1], $KEK);
$A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 1));
$R[1] = substr ($B, 8, 16);
$B = $aes->encrypt ($A . $R[2], $KEK);
$A = substr ($B, 0, 8) ^ pack ("q", (2 * $j + 2));
$R[2] = substr ($B, 8, 16);
}
my $wrapped_key = unpack ("H*", $A . substr ($R[1], 0 ,8) . substr ($R[2], 0 ,8));
$mysalt = unpack ("H*", $mysalt);
$tmp_hash = sprintf ('$axcrypt$*1*%s*%s*%s', $iteration, $mysalt, $wrapped_key);
}
return ($tmp_hash);
}
@ -6804,6 +6906,10 @@ sub rnd
{
$salt_buf = get_random_kerberos5_tgs_salt ();
}
elsif ($mode == 13200)
{
$salt_buf = get_random_axcrypt_salt ();
}
else
{
my @salt_arr;
@ -8084,6 +8190,19 @@ sub get_random_kerberos5_tgs_salt
return $salt_buf;
}
sub get_random_axcrypt_salt
{
my $mysalt = randbytes (16);
$mysalt = unpack ("H*", $mysalt);
my $iteration = get_random_num (6, 100000);
my $salt_buf = $iteration . '*' . $mysalt;
return $salt_buf;
}
sub get_random_md5chap_salt
{
my $salt_buf = shift;

View File

@ -10,7 +10,7 @@
# missing hash types: 5200,6211,6221,6231,6241,6251,6261,6271,6281
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 130 131 132 140 141 150 160 190 200 300 400 500 900 1000 1100 1400 1410 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 4300 4400 4500 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6300 6400 6500 6600 6700 6800 6900 7100 7200 7300 7400 7500 7600 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12100 12200 12300 12400 12600 12800 12900 13000 13100"
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 130 131 132 140 141 150 160 190 200 300 400 500 900 1000 1100 1400 1410 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 4300 4400 4500 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6300 6400 6500 6600 6700 6800 6900 7100 7200 7300 7400 7500 7600 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12100 12200 12300 12400 12600 12800 12900 13000 13100 13200"
#ATTACK_MODES="0 1 3 6 7"
ATTACK_MODES="0 1 3 7"
@ -23,7 +23,7 @@ HASHFILE_ONLY="2500"
NEVER_CRACK="11600"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6221 6231 6241 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12100 12200 12300 12400 12500 12800 12900 13000"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6221 6231 6241 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12100 12200 12300 12400 12500 12800 12900 13000 13200"
OPTS="--quiet --force --potfile-disable --runtime 200 --gpu-temp-disable --weak-hash-threshold=0 -u 1024 -n 128"