Rewrite -m 32700 to use salt_iter and loop kernel as expected in slow hash modes

8 months ago · 573423af97
parent 992fb9047c
commit 573423af97
2 changed files with 85 additions and 64 deletions
--- a/OpenCL/m32700-pure.cl
+++ b/OpenCL/m32700-pure.cl
@ -16,10 +16,13 @@

 typedef struct sha1_tmp
 {
-  u32 digest[5];
+  u32 salt[2];
+  u32 newdes_key[15];
+
 } sha1_tmp_t;

-CONSTANT_VK uchar newdes_rotor[256] = {
+CONSTANT_VK uchar newdes_rotor[256] =
+{
  32, 137, 239, 188, 102, 125, 221, 72, 212, 68, 81, 37, 86, 237, 147, 149,
  70, 229, 17, 124, 115, 207, 33, 20, 122, 143, 25, 215, 51, 183, 138, 142,
  146, 211, 110, 173, 1, 228, 189, 14, 103, 78, 162, 36, 253, 167, 116, 255,
@ -40,16 +43,14 @@ CONSTANT_VK uchar newdes_rotor[256] = {

 DECLSPEC void new_des (uchar * block, uchar * newdes_key)
 {
-#define B0 (*block)
-#define B1 (*(block+1))
-#define B2 (*(block+2))
-#define B3 (*(block+3))
-#define B4 (*(block+4))
-#define B5 (*(block+5))
-#define B6 (*(block+6))
-#define B7 (*(block+7))
-
-
+  #define B0 (*(block+0))
+  #define B1 (*(block+1))
+  #define B2 (*(block+2))
+  #define B3 (*(block+3))
+  #define B4 (*(block+4))
+  #define B5 (*(block+5))
+  #define B6 (*(block+6))
+  #define B7 (*(block+7))

  for (int count = 0; count < 8; count++)
  {
@ -89,8 +90,7 @@ KERNEL_FQ void m32700_init (KERN_ATTR_TMPS (sha1_tmp_t))
 {
  const u64 gid = get_global_id (0);

-  if (gid >= GID_CNT)
-    return;
+  if (gid >= GID_CNT) return;

  // Initial "SHA-1" (with endianness bug)
  sha1_ctx_t ctx;
@ -99,74 +99,88 @@ KERNEL_FQ void m32700_init (KERN_ATTR_TMPS (sha1_tmp_t))
  sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len);
  sha1_final (&ctx);

-  tmps[gid].digest[0] = hc_swap32 (ctx.h[0]);
-  tmps[gid].digest[1] = hc_swap32 (ctx.h[1]);
-  tmps[gid].digest[2] = hc_swap32 (ctx.h[2]);
-  tmps[gid].digest[3] = hc_swap32 (ctx.h[3]);
-  tmps[gid].digest[4] = hc_swap32 (ctx.h[4]);
+  ctx.h[0] = hc_swap32_S (ctx.h[0]);
+  ctx.h[1] = hc_swap32_S (ctx.h[1]);
+  ctx.h[2] = hc_swap32_S (ctx.h[2]);
+  ctx.h[3] = hc_swap32_S (ctx.h[3]);
+  ctx.h[4] = hc_swap32_S (ctx.h[4]);
+
+  // Crate a NewDES key
+  u32 newdes_key[15];
+
+  key_expansion ((uchar *) ctx.h, (uchar *) newdes_key);
+
+  for (int i = 0; i < 15; i++)
+  {
+    tmps[gid].newdes_key[i] = newdes_key[i];
+  }
+
+  // Run NewDES on salt using the expanded key
+  tmps[gid].salt[0] = salt_bufs[SALT_POS_HOST].salt_buf[0];
+  tmps[gid].salt[1] = salt_bufs[SALT_POS_HOST].salt_buf[1];
 }

 KERNEL_FQ void m32700_loop (KERN_ATTR_TMPS (sha1_tmp_t))
 {
  const u64 gid = get_global_id (0);

-  if (gid >= GID_CNT)
-    return;
-
-  u32 digest[5];
+  if (gid >= GID_CNT) return;

-  digest[0] = tmps[gid].digest[0];
-  digest[1] = tmps[gid].digest[1];
-  digest[2] = tmps[gid].digest[2];
-  digest[3] = tmps[gid].digest[3];
-  digest[4] = tmps[gid].digest[4];
+  u32 newdes_key[15];

-  // Crate a NewDES key
-  uchar newdes_key[60];
+  for (int i = 0; i < 15; i++)
+  {
+    newdes_key[i] = tmps[gid].newdes_key[i];
+  }

-  key_expansion ((uchar *) digest, newdes_key);
+  u32 salt[2];

-  // Run NewDES on salt using the expanded key
-  u32 salt[16] = { 0 };         // sha1_update_swap needs more space then our 8 byte salt; This seem to work!
-  salt[0] = salt_bufs[SALT_POS_HOST].salt_buf[0];
-  salt[1] = salt_bufs[SALT_POS_HOST].salt_buf[1];
+  salt[0] = tmps[gid].salt[0];
+  salt[1] = tmps[gid].salt[1];

  // Run 1000 iterations of NewDES on the derived salt
-  for (int i = 0; i < 1000; i++)
+  for (int i = 0; i < LOOP_CNT; i++)
  {
-    new_des ((uchar *) salt, newdes_key);
+    new_des ((uchar *) salt, (uchar *) newdes_key);
  }

-  // Final "SHA-1" (with endianness bug)
-  sha1_ctx_t ctx;
-
-  sha1_init (&ctx);
-  sha1_update_swap (&ctx, salt, 8);
-  sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len);
-  sha1_final (&ctx);
+  for (int i = 0; i < 15; i++)
+  {
+    tmps[gid].newdes_key[i] = newdes_key[i];
+  }

-  tmps[gid].digest[0] = ctx.h[0];
-  tmps[gid].digest[1] = ctx.h[1];
-  tmps[gid].digest[2] = ctx.h[2];
-  tmps[gid].digest[3] = ctx.h[3];
-  tmps[gid].digest[4] = ctx.h[4];
+  // Run NewDES on salt using the expanded key
+  tmps[gid].salt[0] = salt[0];
+  tmps[gid].salt[1] = salt[1];
 }

 KERNEL_FQ void m32700_comp (KERN_ATTR_TMPS (sha1_tmp_t))
 {
  const u64 gid = get_global_id (0);

-  if (gid >= GID_CNT)
-    return;
+  if (gid >= GID_CNT) return;

-  const u32 r0 = tmps[gid].digest[DGST_R0];
-  const u32 r1 = tmps[gid].digest[DGST_R1];
-  const u32 r2 = tmps[gid].digest[DGST_R2];
-  const u32 r3 = tmps[gid].digest[DGST_R3];
+  u32 salt[16] = { 0 };

-#define il_pos 0
+  salt[0] = tmps[gid].salt[0];
+  salt[1] = tmps[gid].salt[1];

-#ifdef KERNEL_STATIC
-#include COMPARE_M
-#endif
+  // Final "SHA-1" (with endianness bug)
+  sha1_ctx_t ctx;
+
+  sha1_init (&ctx);
+  sha1_update_swap (&ctx, salt, 8);
+  sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len);
+  sha1_final (&ctx);
+
+  const u32 r0 = ctx.h[0];
+  const u32 r1 = ctx.h[1];
+  const u32 r2 = ctx.h[2];
+  const u32 r3 = ctx.h[3];
+
+  #define il_pos 0
+
+  #ifdef KERNEL_STATIC
+  #include COMPARE_M
+  #endif
 }
--- a/src/modules/module_32700.c
+++ b/src/modules/module_32700.c
@ -11,10 +11,10 @@
 #include "shared.h"

 static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
-static const u32 DGST_POS0 = 3;
-static const u32 DGST_POS1 = 4;
+static const u32 DGST_POS0 = 0;
+static const u32 DGST_POS1 = 1;
 static const u32 DGST_POS2 = 2;
-static const u32 DGST_POS3 = 1;
+static const u32 DGST_POS3 = 3;
 static const u32 DGST_SIZE = DGST_SIZE_4_5;
 static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE;
 static const char *HASH_NAME = "Kremlin Encrypt 3.0 w/NewDES";
@ -25,6 +25,13 @@ static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
 static const char *ST_PASS = "hashcat";
 static const char *ST_HASH = "$kgb$0ab30cf7a52dad93$82a7c454246fc7570224e9f24279791aa2a63bf4";

+typedef struct sha1_tmp
+{
+  u32 salt[2];
+  u32 newdes_key[15];
+
+} sha1_tmp_t;
+
 u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUSED const user_options_t * user_options, MAYBE_UNUSED const user_options_extra_t * user_options_extra)
 {
  return ATTACK_EXEC;
@ -145,7 +152,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUS
    salt->salt_buf[i] = hex_to_u32 (salt_pos + j);
  }
  salt->salt_len = 8;
-  salt->salt_iter = 1;
+  salt->salt_iter = 1000;

  // final "sha-1"-ish hash
  const u8 *hash_pos = token.buf[2];
@ -180,7 +187,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUS

 u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUSED const user_options_t * user_options, MAYBE_UNUSED const user_options_extra_t * user_options_extra)
 {
-  const u64 tmp_size = (const u64) sizeof (u32) * 5;
+  const u64 tmp_size = (const u64) sizeof (sha1_tmp_t);

  return tmp_size;
 }