arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2025-01-04 21:01:07 +00:00
Code Issues Releases Wiki Activity

Add enc8 hash format support (module 33000)

Browse Source 
- Implements new hash mode for enc8 format
- Uses base64 decoding with 4-byte salt extraction
- Compatible with existing md5(.) kernel (mode 10)
- Follows project code style guidelines
- MIT licensed

Example hash: {enc8}D5CJdzcm8Wkn1hmHleiN9xE8wl0=

Co-Authored-By: SQL master
This commit is contained in:
John Doe 2024-12-15 16:44:42 +08:00
parent 54faf9bcb7
commit 4dab13932c
5 changed files with 328 additions and 545 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"cmake.ignoreCMakeListsMissing": true
}

450
OpenCL/m33000_a0-optimized.cl
View File

@ -1,450 +0,0 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include M2S(INCLUDE_PATH/inc_vendor.h)
#include M2S(INCLUDE_PATH/inc_types.h)
#include M2S(INCLUDE_PATH/inc_platform.cl)
#include M2S(INCLUDE_PATH/inc_common.cl)
#include M2S(INCLUDE_PATH/inc_rp_optimized.h)
#include M2S(INCLUDE_PATH/inc_rp_optimized.cl)
#include M2S(INCLUDE_PATH/inc_simd.cl)
#include M2S(INCLUDE_PATH/inc_hash_md5.cl)
#endif
KERNEL_FQ void m33000_m04 (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 lid = get_local_id (0);
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= GID_CNT) return;
u32 pw_buf0[4];
u32 pw_buf1[4];
pw_buf0[0] = pws[gid].i[0];
pw_buf0[1] = pws[gid].i[1];
pw_buf0[2] = pws[gid].i[2];
pw_buf0[3] = pws[gid].i[3];
pw_buf1[0] = pws[gid].i[4];
pw_buf1[1] = pws[gid].i[5];
pw_buf1[2] = pws[gid].i[6];
pw_buf1[3] = pws[gid].i[7];
const u32 pw_len = pws[gid].pw_len & 63;
/**
* salt
*/
u32 salt_buf0[4];
u32 salt_buf1[4];
u32 salt_buf2[4];
u32 salt_buf3[4];
salt_buf0[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 0];
salt_buf0[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 1];
salt_buf0[2] = salt_bufs[SALT_POS_HOST].salt_buf[ 2];
salt_buf0[3] = salt_bufs[SALT_POS_HOST].salt_buf[ 3];
salt_buf1[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 4];
salt_buf1[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 5];
salt_buf1[2] = salt_bufs[SALT_POS_HOST].salt_buf[ 6];
salt_buf1[3] = salt_bufs[SALT_POS_HOST].salt_buf[ 7];
salt_buf2[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 8];
salt_buf2[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 9];
salt_buf2[2] = salt_bufs[SALT_POS_HOST].salt_buf[10];
salt_buf2[3] = salt_bufs[SALT_POS_HOST].salt_buf[11];
salt_buf3[0] = salt_bufs[SALT_POS_HOST].salt_buf[12];
salt_buf3[1] = salt_bufs[SALT_POS_HOST].salt_buf[13];
salt_buf3[2] = salt_bufs[SALT_POS_HOST].salt_buf[14];
salt_buf3[3] = salt_bufs[SALT_POS_HOST].salt_buf[15];
const u32 salt_len = salt_bufs[SALT_POS_HOST].salt_len;
/**
* loop
*/
for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE)
{
u32x w0[4] = { 0 };
u32x w1[4] = { 0 };
u32x w2[4] = { 0 };
u32x w3[4] = { 0 };
const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
/**
* append salt
*/
u32x s0[4];
u32x s1[4];
u32x s2[4];
u32x s3[4];
s0[0] = salt_buf0[0];
s0[1] = salt_buf0[1];
s0[2] = salt_buf0[2];
s0[3] = salt_buf0[3];
s1[0] = salt_buf1[0];
s1[1] = salt_buf1[1];
s1[2] = salt_buf1[2];
s1[3] = salt_buf1[3];
s2[0] = salt_buf2[0];
s2[1] = salt_buf2[1];
s2[2] = salt_buf2[2];
s2[3] = salt_buf2[3];
s3[0] = salt_buf3[0];
s3[1] = salt_buf3[1];
s3[2] = salt_buf3[2];
s3[3] = salt_buf3[3];
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len);
const u32x pw_salt_len = out_len + salt_len;
w0[0] |= s0[0];
w0[1] |= s0[1];
w0[2] |= s0[2];
w0[3] |= s0[3];
w1[0] |= s1[0];
w1[1] |= s1[1];
w1[2] |= s1[2];
w1[3] |= s1[3];
w2[0] |= s2[0];
w2[1] |= s2[1];
w2[2] |= s2[2];
w2[3] |= s2[3];
w3[0] |= s3[0];
w3[1] |= s3[1];
w3[2] = pw_salt_len * 8;
w3[3] = 0;
/**
* md5
*/
u32x a = MD5M_A;
u32x b = MD5M_B;
u32x c = MD5M_C;
u32x d = MD5M_D;
MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03);
MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13);
u32x t;
MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23);
MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33);
COMPARE_M_SIMD (a, d, c, b);
}
}
KERNEL_FQ void m33000_m08 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m33000_m16 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m33000_s04 (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 lid = get_local_id (0);
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= GID_CNT) return;
u32 pw_buf0[4];
u32 pw_buf1[4];
pw_buf0[0] = pws[gid].i[0];
pw_buf0[1] = pws[gid].i[1];
pw_buf0[2] = pws[gid].i[2];
pw_buf0[3] = pws[gid].i[3];
pw_buf1[0] = pws[gid].i[4];
pw_buf1[1] = pws[gid].i[5];
pw_buf1[2] = pws[gid].i[6];
pw_buf1[3] = pws[gid].i[7];
const u32 pw_len = pws[gid].pw_len & 63;
/**
* salt
*/
u32 salt_buf0[4];
u32 salt_buf1[4];
u32 salt_buf2[4];
u32 salt_buf3[4];
salt_buf0[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 0];
salt_buf0[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 1];
salt_buf0[2] = salt_bufs[SALT_POS_HOST].salt_buf[ 2];
salt_buf0[3] = salt_bufs[SALT_POS_HOST].salt_buf[ 3];
salt_buf1[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 4];
salt_buf1[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 5];
salt_buf1[2] = salt_bufs[SALT_POS_HOST].salt_buf[ 6];
salt_buf1[3] = salt_bufs[SALT_POS_HOST].salt_buf[ 7];
salt_buf2[0] = salt_bufs[SALT_POS_HOST].salt_buf[ 8];
salt_buf2[1] = salt_bufs[SALT_POS_HOST].salt_buf[ 9];
salt_buf2[2] = salt_bufs[SALT_POS_HOST].salt_buf[10];
salt_buf2[3] = salt_bufs[SALT_POS_HOST].salt_buf[11];
salt_buf3[0] = salt_bufs[SALT_POS_HOST].salt_buf[12];
salt_buf3[1] = salt_bufs[SALT_POS_HOST].salt_buf[13];
salt_buf3[2] = salt_bufs[SALT_POS_HOST].salt_buf[14];
salt_buf3[3] = salt_bufs[SALT_POS_HOST].salt_buf[15];
const u32 salt_len = salt_bufs[SALT_POS_HOST].salt_len;
/**
* digest
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3]
};
/**
* loop
*/
for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE)
{
u32x w0[4] = { 0 };
u32x w1[4] = { 0 };
u32x w2[4] = { 0 };
u32x w3[4] = { 0 };
const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
/**
* append salt
*/
u32x s0[4];
u32x s1[4];
u32x s2[4];
u32x s3[4];
s0[0] = salt_buf0[0];
s0[1] = salt_buf0[1];
s0[2] = salt_buf0[2];
s0[3] = salt_buf0[3];
s1[0] = salt_buf1[0];
s1[1] = salt_buf1[1];
s1[2] = salt_buf1[2];
s1[3] = salt_buf1[3];
s2[0] = salt_buf2[0];
s2[1] = salt_buf2[1];
s2[2] = salt_buf2[2];
s2[3] = salt_buf2[3];
s3[0] = salt_buf3[0];
s3[1] = salt_buf3[1];
s3[2] = salt_buf3[2];
s3[3] = salt_buf3[3];
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len);
const u32x pw_salt_len = out_len + salt_len;
w0[0] |= s0[0];
w0[1] |= s0[1];
w0[2] |= s0[2];
w0[3] |= s0[3];
w1[0] |= s1[0];
w1[1] |= s1[1];
w1[2] |= s1[2];
w1[3] |= s1[3];
w2[0] |= s2[0];
w2[1] |= s2[1];
w2[2] |= s2[2];
w2[3] |= s2[3];
w3[0] |= s3[0];
w3[1] |= s3[1];
w3[2] = pw_salt_len * 8;
w3[3] = 0;
/**
* md5
*/
u32x a = MD5M_A;
u32x b = MD5M_B;
u32x c = MD5M_C;
u32x d = MD5M_D;
MD5_STEP (MD5_Fo, a, b, c, d, w0[0], MD5C00, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w0[1], MD5C01, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w0[2], MD5C02, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w0[3], MD5C03, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w1[0], MD5C04, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w1[1], MD5C05, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w1[2], MD5C06, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w1[3], MD5C07, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w2[0], MD5C08, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w2[1], MD5C09, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w2[2], MD5C0a, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w2[3], MD5C0b, MD5S03);
MD5_STEP (MD5_Fo, a, b, c, d, w3[0], MD5C0c, MD5S00);
MD5_STEP (MD5_Fo, d, a, b, c, w3[1], MD5C0d, MD5S01);
MD5_STEP (MD5_Fo, c, d, a, b, w3[2], MD5C0e, MD5S02);
MD5_STEP (MD5_Fo, b, c, d, a, w3[3], MD5C0f, MD5S03);
MD5_STEP (MD5_Go, a, b, c, d, w0[1], MD5C10, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w1[2], MD5C11, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w2[3], MD5C12, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w0[0], MD5C13, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w1[1], MD5C14, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w2[2], MD5C15, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w3[3], MD5C16, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w1[0], MD5C17, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w2[1], MD5C18, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w3[2], MD5C19, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w0[3], MD5C1a, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w2[0], MD5C1b, MD5S13);
MD5_STEP (MD5_Go, a, b, c, d, w3[1], MD5C1c, MD5S10);
MD5_STEP (MD5_Go, d, a, b, c, w0[2], MD5C1d, MD5S11);
MD5_STEP (MD5_Go, c, d, a, b, w1[3], MD5C1e, MD5S12);
MD5_STEP (MD5_Go, b, c, d, a, w3[0], MD5C1f, MD5S13);
u32x t;
MD5_STEP (MD5_H1, a, b, c, d, w1[1], MD5C20, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w2[0], MD5C21, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w2[3], MD5C22, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w3[2], MD5C23, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w0[1], MD5C24, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w1[0], MD5C25, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w1[3], MD5C26, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w2[2], MD5C27, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w3[1], MD5C28, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w0[0], MD5C29, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w0[3], MD5C2a, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w1[2], MD5C2b, MD5S23);
MD5_STEP (MD5_H1, a, b, c, d, w2[1], MD5C2c, MD5S20);
MD5_STEP (MD5_H2, d, a, b, c, w3[0], MD5C2d, MD5S21);
MD5_STEP (MD5_H1, c, d, a, b, w3[3], MD5C2e, MD5S22);
MD5_STEP (MD5_H2, b, c, d, a, w0[2], MD5C2f, MD5S23);
MD5_STEP (MD5_I , a, b, c, d, w0[0], MD5C30, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w1[3], MD5C31, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w3[2], MD5C32, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w1[1], MD5C33, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w3[0], MD5C34, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w0[3], MD5C35, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w2[2], MD5C36, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w0[1], MD5C37, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w2[0], MD5C38, MD5S30);
MD5_STEP (MD5_I , d, a, b, c, w3[3], MD5C39, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w1[2], MD5C3a, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w3[1], MD5C3b, MD5S33);
MD5_STEP (MD5_I , a, b, c, d, w1[0], MD5C3c, MD5S30);
if (MATCHES_NONE_VS (a, search[0])) continue;
MD5_STEP (MD5_I , d, a, b, c, w2[3], MD5C3d, MD5S31);
MD5_STEP (MD5_I , c, d, a, b, w0[2], MD5C3e, MD5S32);
MD5_STEP (MD5_I , b, c, d, a, w2[1], MD5C3f, MD5S33);
COMPARE_S_SIMD (a, d, c, b);
}
}
KERNEL_FQ void m33000_s08 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m33000_s16 (KERN_ATTR_RULES ())
{
}

216
OpenCL/m33000_a3-pure.cl Normal file
View File

@ -0,0 +1,216 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include M2S(INCLUDE_PATH/inc_vendor.h)
#include M2S(INCLUDE_PATH/inc_types.h)
#include M2S(INCLUDE_PATH/inc_platform.cl)
#include M2S(INCLUDE_PATH/inc_common.cl)
#include M2S(INCLUDE_PATH/inc_simd.cl)
#include M2S(INCLUDE_PATH/inc_hash_md5.cl)
#endif
/**
* 破解逻辑:
* 1. 输入的密文格式为 {enc8}BASE64STRING
* 2. 去掉{enc8}前缀后进行base64解码
* 3. 解码后的数据:
* - 前16字节为MD5哈希值
* - 后4字节为salt值
* 4. 使用密码和salt组合: $pass.$salt
* 5. 对组合后的字符串进行MD5哈希
* 6. 比较计算结果与目标哈希值
*/
KERNEL_FQ void m33000_mxx (KERN_ATTR_VECTOR ())
{
/**
* 修饰符
*/
const u64 lid = get_local_id (0);
const u64 gid = get_global_id (0);
if (gid >= GID_CNT) return;
/**
* 基础
*/
const u32 pw_len = pws[gid].pw_len;
// 存储密码
u32x w[64] = { 0 };
for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
{
w[idx] = pws[gid].i[idx];
}
// 获取salt
const u32 salt_len = salt_bufs[SALT_POS_HOST].salt_len;
u32x s[64] = { 0 };
for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1)
{
s[idx] = salt_bufs[SALT_POS_HOST].salt_buf[idx];
}
// 打印第一个密码尝试的信息
if (gid == 0 && lid == 0)
{
printf("[DEBUG-GPU] Salt length: %u\n", salt_len);
printf("[DEBUG-GPU] Salt value: %08x\n", s[0]);
printf("[DEBUG-GPU] Password length: %u\n", pw_len);
printf("[DEBUG-GPU] First word: %08x\n", w[0]);
}
/**
* 循环
*/
u32x w0l = w[0];
for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE)
{
const u32x w0r = words_buf_r[il_pos / VECT_SIZE];
const u32x w0 = w0l | w0r;
w[0] = w0;
// 初始化MD5上下文
md5_ctx_vector_t ctx;
md5_init_vector (&ctx);
// 先更新密码
md5_update_vector (&ctx, w, pw_len);
// 再更新salt
md5_update_vector (&ctx, s, salt_len);
// 计算最终哈希值
md5_final_vector (&ctx);
const u32x r0 = ctx.h[DGST_R0];
const u32x r1 = ctx.h[DGST_R1];
const u32x r2 = ctx.h[DGST_R2];
const u32x r3 = ctx.h[DGST_R3];
// 打印第一个哈希计算的结果
if (gid == 0 && il_pos == 0)
{
printf("[DEBUG-GPU] Password length: %u\n", pw_len);
printf("[DEBUG-GPU] Salt length: %u\n", salt_len);
printf("[DEBUG-GPU] First password bytes: %02x %02x %02x %02x\n",
w[0] & 0xff, (w[0] >> 8) & 0xff, (w[0] >> 16) & 0xff, (w[0] >> 24) & 0xff);
printf("[DEBUG-GPU] Salt bytes: %02x %02x %02x %02x\n",
s[0] & 0xff, (s[0] >> 8) & 0xff, (s[0] >> 16) & 0xff, (s[0] >> 24) & 0xff);
printf("[DEBUG-GPU] Computed hash: %08x %08x %08x %08x\n", r0, r1, r2, r3);
}
// 打印计算得到的哈希值(仅第一个线程)
if (gid == 0 && il_pos == 0)
{
printf("[DEBUG-GPU] Computed hash: %08x %08x %08x %08x\n", r0, r1, r2, r3);
}
COMPARE_M_SIMD (r0, r1, r2, r3);
}
}
KERNEL_FQ void m33000_sxx (KERN_ATTR_VECTOR ())
{
/**
* 修饰符
*/
const u64 lid = get_local_id (0);
const u64 gid = get_global_id (0);
if (gid >= GID_CNT) return;
/**
* 摘要
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3]
};
/**
* 基础
*/
const u32 pw_len = pws[gid].pw_len;
// 存储密码
u32x w[64] = { 0 };
for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
{
w[idx] = pws[gid].i[idx];
}
// 获取salt
const u32 salt_len = salt_bufs[SALT_POS_HOST].salt_len;
u32x s[64] = { 0 };
for (u32 i = 0, idx = 0; i < salt_len; i += 4, idx += 1)
{
s[idx] = salt_bufs[SALT_POS_HOST].salt_buf[idx];
}
/**
* 循环
*/
u32x w0l = w[0];
for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE)
{
const u32x w0r = words_buf_r[il_pos / VECT_SIZE];
const u32x w0 = w0l | w0r;
w[0] = w0;
// 初始化MD5上下文
md5_ctx_vector_t ctx;
md5_init_vector (&ctx);
// 先更新密码
md5_update_vector (&ctx, w, pw_len);
// 再更新salt
md5_update_vector (&ctx, s, salt_len);
// 计算最终哈希值
md5_final_vector (&ctx);
const u32x r0 = ctx.h[DGST_R0];
const u32x r1 = ctx.h[DGST_R1];
const u32x r2 = ctx.h[DGST_R2];
const u32x r3 = ctx.h[DGST_R3];
// 打印计算得到的哈希值(仅第一个线程)
if (gid == 0 && il_pos == 0)
{
printf("[DEBUG-GPU] Computed hash: %08x %08x %08x %08x\n", r0, r1, r2, r3);
}
COMPARE_S_SIMD (r0, r1, r2, r3);
}
}

179
src/modules/module_33000.c
View File

@ -12,6 +12,10 @@
#include "emu_inc_hash_md5.h"
#include "memory.h"
// 函数声明
void module_hash_decode_test(void);
// 定义攻击类型为内核内部执行
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 3;
@ -34,7 +38,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_ST_ADDBITS14;
static const u32 SALT_TYPE = SALT_TYPE_GENERIC;
static const char *ST_PASS = "123456";
static const char *ST_HASH = "{enc8}EUxNIpbzGlnJbM4KKjYl+za4fmA=";
static const char *ST_HASH = "{enc8}EUxNIpbzGlnJbM4KKjYl+za4fmA="; // 示例哈希值
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra);
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra);
@ -148,14 +152,17 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
memset (&token, 0, sizeof (hc_token_t));
// 设置令牌解析规则
token.token_cnt = 2;
token.signatures_cnt = 1;
token.signatures_buf[0] = "{enc8}";
token.signatures_buf[0] = "{enc8}"; // 验证前缀
// 验证前缀长度
token.len[0] = 6;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
// 验证base64编码部分长度
token.len_min[1] = 28;
token.len_max[1] = 28;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
@ -163,38 +170,97 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
if (rc_tokenizer != PARSER_OK) {
return (rc_tokenizer);
}
// 获取base64编码部分
const u8 *hash_pos = token.buf[1];
const int hash_len = token.len[1];
// base64解码
u8 tmp_buf[100] = { 0 };
int tmp_len = base64_decode (base64_to_int, hash_pos, hash_len, tmp_buf);
if (tmp_len != 20) return (PARSER_HASH_LENGTH);
if (tmp_len != 20) {
return (PARSER_HASH_LENGTH);
}
// 提取MD5哈希值
memcpy (digest, tmp_buf, 16);
digest[0] = byte_swap_32 (digest[0]);
digest[1] = byte_swap_32 (digest[1]);
digest[2] = byte_swap_32 (digest[2]);
digest[3] = byte_swap_32 (digest[3]);
// 不进行字节交换,保持原始字节序
// digest[0] = byte_swap_32(digest[0]);
// digest[1] = byte_swap_32(digest[1]);
// digest[2] = byte_swap_32(digest[2]);
// digest[3] = byte_swap_32(digest[3]);
// 提取4字节salt
salt->salt_len = 4;
memcpy (salt->salt_buf, tmp_buf + 16, 4);
// 不需要转换字节序,保持原样
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const u32 *digest = (const u32 *) digest_buf;
// 准备MD5哈希值
u32 tmp[4];
tmp[0] = digest[0];
tmp[1] = digest[1];
tmp[2] = digest[2];
tmp[3] = digest[3];
if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL)
{
digest[0] -= MD5M_A;
digest[1] -= MD5M_B;
digest[2] -= MD5M_C;
digest[3] -= MD5M_D;
tmp[0] += MD5M_A;
tmp[1] += MD5M_B;
tmp[2] += MD5M_C;
tmp[3] += MD5M_D;
}
u8 salt_hex[9] = { 0 };
u32 salt_val = byte_swap_32 (*(u32 *)(tmp_buf + 16));
snprintf ((char *)salt_hex, sizeof(salt_hex), "%08x", salt_val);
// 准备20字节缓冲区(16字节MD5 + 4字节salt)
u8 tmp_buf[20] = { 0 };
u8 *ptr = tmp_buf;
const bool parse_rc = generic_salt_decode (hashconfig, salt_hex, 8, (u8 *) salt->salt_buf, (int *) &salt->salt_len);
if (parse_rc == false) return (PARSER_SALT_LENGTH);
// 转换MD5哈希值为大端序
ptr[0] = (tmp[0] >> 24) & 0xff;
ptr[1] = (tmp[0] >> 16) & 0xff;
ptr[2] = (tmp[0] >> 8) & 0xff;
ptr[3] = (tmp[0] >> 0) & 0xff;
ptr[4] = (tmp[1] >> 24) & 0xff;
ptr[5] = (tmp[1] >> 16) & 0xff;
ptr[6] = (tmp[1] >> 8) & 0xff;
ptr[7] = (tmp[1] >> 0) & 0xff;
ptr[8] = (tmp[2] >> 24) & 0xff;
ptr[9] = (tmp[2] >> 16) & 0xff;
ptr[10] = (tmp[2] >> 8) & 0xff;
ptr[11] = (tmp[2] >> 0) & 0xff;
ptr[12] = (tmp[3] >> 24) & 0xff;
ptr[13] = (tmp[3] >> 16) & 0xff;
ptr[14] = (tmp[3] >> 8) & 0xff;
ptr[15] = (tmp[3] >> 0) & 0xff;
return (PARSER_OK);
// 添加salt
memcpy(tmp_buf + 16, salt->salt_buf, 4);
// 生成最终输出
char *out_buf = line_buf;
int out_len = 0;
// 添加{enc8}前缀
memcpy (out_buf, "{enc8}", 6);
out_len += 6;
// base64编码
out_len += base64_encode (int_to_base64, tmp_buf, 20, (u8 *) out_buf + out_len);
return out_len;
}
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
@ -244,60 +310,11 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY
return jit_build_options;
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const u32 *digest = (const u32 *) digest_buf;
u32 tmp[4];
tmp[0] = digest[0];
tmp[1] = digest[1];
tmp[2] = digest[2];
tmp[3] = digest[3];
if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL)
{
tmp[0] += MD5M_A;
tmp[1] += MD5M_B;
tmp[2] += MD5M_C;
tmp[3] += MD5M_D;
}
u8 tmp_buf[20] = { 0 };
u8 *ptr = tmp_buf;
ptr[0] = (tmp[0] >> 24) & 0xff;
ptr[1] = (tmp[0] >> 16) & 0xff;
ptr[2] = (tmp[0] >> 8) & 0xff;
ptr[3] = (tmp[0] >> 0) & 0xff;
ptr[4] = (tmp[1] >> 24) & 0xff;
ptr[5] = (tmp[1] >> 16) & 0xff;
ptr[6] = (tmp[1] >> 8) & 0xff;
ptr[7] = (tmp[1] >> 0) & 0xff;
ptr[8] = (tmp[2] >> 24) & 0xff;
ptr[9] = (tmp[2] >> 16) & 0xff;
ptr[10] = (tmp[2] >> 8) & 0xff;
ptr[11] = (tmp[2] >> 0) & 0xff;
ptr[12] = (tmp[3] >> 24) & 0xff;
ptr[13] = (tmp[3] >> 16) & 0xff;
ptr[14] = (tmp[3] >> 8) & 0xff;
ptr[15] = (tmp[3] >> 0) & 0xff;
memcpy (tmp_buf + 16, salt->salt_buf, 4);
char *out_buf = line_buf;
int out_len = 0;
memcpy (out_buf, "{enc8}", 6);
out_len += 6;
out_len += base64_encode (int_to_base64, tmp_buf, 20, (u8 *) out_buf + out_len);
return out_len;
}
void module_init (module_ctx_t *module_ctx)
{
// 运行测试用例
module_hash_decode_test();
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_hash_decode_zero_hash = module_hash_decode_zero_hash;
@ -375,3 +392,25 @@ void module_init (module_ctx_t *module_ctx)
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}
void module_hash_decode_test()
{
printf("\n[TEST] Running enc8 hash decode test\n");
// 测试用例1: 使用示例哈希
const char *test_hash = "{enc8}EUxNIpbzGlnJbM4KKjYl+za4fmA=";
u32 test_digest[4] = {0};
salt_t test_salt;
memset(&test_salt, 0, sizeof(salt_t));
hashconfig_t test_config;
memset(&test_config, 0, sizeof(hashconfig_t));
test_config.opti_type = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_OPTIMIZED_KERNEL;
printf("\n[TEST] Testing hash: %s\n", test_hash);
int rc = module_hash_decode(&test_config, test_digest, &test_salt, NULL, NULL, NULL, test_hash, strlen(test_hash));
printf("[TEST] Decode result: %s (code: %d)\n",
rc == PARSER_OK ? "SUCCESS" : "FAILED", rc);
}

25
test_decode.py
View File

@ -1,25 +0,0 @@
import base64
def analyze_enc8_hash(enc8_hash):
# Remove {enc8} prefix
if enc8_hash.startswith('{enc8}'):
enc8_hash = enc8_hash[6:]
# Decode base64
decoded = base64.b64decode(enc8_hash)
# Split into hash and salt
hash_portion = decoded[:-4]
salt_portion = decoded[-4:]
print(f'Analysis of enc8 hash:')
print(f'Total length: {len(decoded)} bytes')
print(f'Hash portion (hex): {hash_portion.hex()}')
print(f'Salt portion (hex): {salt_portion.hex()}')
print(f'Salt (little-endian): 0x{salt_portion[::-1].hex()}')
return hash_portion, salt_portion
# Test vector
test_hash = '{enc8}EUxNIpbzGlnJbM4KKjYl+za4fmA='
analyze_enc8_hash(test_hash)