From 573423af977e28a52cd7e1fd46b2256d9bfe4305 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 12 Sep 2023 07:10:31 +0000 Subject: [PATCH] Rewrite -m 32700 to use salt_iter and loop kernel as expected in slow hash modes --- OpenCL/m32700-pure.cl | 132 ++++++++++++++++++++----------------- src/modules/module_32700.c | 17 +++-- 2 files changed, 85 insertions(+), 64 deletions(-) diff --git a/OpenCL/m32700-pure.cl b/OpenCL/m32700-pure.cl index 1a85d6baf..985fcfd46 100644 --- a/OpenCL/m32700-pure.cl +++ b/OpenCL/m32700-pure.cl @@ -16,10 +16,13 @@ typedef struct sha1_tmp { - u32 digest[5]; + u32 salt[2]; + u32 newdes_key[15]; + } sha1_tmp_t; -CONSTANT_VK uchar newdes_rotor[256] = { +CONSTANT_VK uchar newdes_rotor[256] = +{ 32, 137, 239, 188, 102, 125, 221, 72, 212, 68, 81, 37, 86, 237, 147, 149, 70, 229, 17, 124, 115, 207, 33, 20, 122, 143, 25, 215, 51, 183, 138, 142, 146, 211, 110, 173, 1, 228, 189, 14, 103, 78, 162, 36, 253, 167, 116, 255, @@ -40,16 +43,14 @@ CONSTANT_VK uchar newdes_rotor[256] = { DECLSPEC void new_des (uchar * block, uchar * newdes_key) { -#define B0 (*block) -#define B1 (*(block+1)) -#define B2 (*(block+2)) -#define B3 (*(block+3)) -#define B4 (*(block+4)) -#define B5 (*(block+5)) -#define B6 (*(block+6)) -#define B7 (*(block+7)) - - + #define B0 (*(block+0)) + #define B1 (*(block+1)) + #define B2 (*(block+2)) + #define B3 (*(block+3)) + #define B4 (*(block+4)) + #define B5 (*(block+5)) + #define B6 (*(block+6)) + #define B7 (*(block+7)) for (int count = 0; count < 8; count++) { @@ -89,8 +90,7 @@ KERNEL_FQ void m32700_init (KERN_ATTR_TMPS (sha1_tmp_t)) { const u64 gid = get_global_id (0); - if (gid >= GID_CNT) - return; + if (gid >= GID_CNT) return; // Initial "SHA-1" (with endianness bug) sha1_ctx_t ctx; @@ -99,74 +99,88 @@ KERNEL_FQ void m32700_init (KERN_ATTR_TMPS (sha1_tmp_t)) sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); sha1_final (&ctx); - tmps[gid].digest[0] = hc_swap32 (ctx.h[0]); - tmps[gid].digest[1] = hc_swap32 (ctx.h[1]); - tmps[gid].digest[2] = hc_swap32 (ctx.h[2]); - tmps[gid].digest[3] = hc_swap32 (ctx.h[3]); - tmps[gid].digest[4] = hc_swap32 (ctx.h[4]); + ctx.h[0] = hc_swap32_S (ctx.h[0]); + ctx.h[1] = hc_swap32_S (ctx.h[1]); + ctx.h[2] = hc_swap32_S (ctx.h[2]); + ctx.h[3] = hc_swap32_S (ctx.h[3]); + ctx.h[4] = hc_swap32_S (ctx.h[4]); + + // Crate a NewDES key + u32 newdes_key[15]; + + key_expansion ((uchar *) ctx.h, (uchar *) newdes_key); + + for (int i = 0; i < 15; i++) + { + tmps[gid].newdes_key[i] = newdes_key[i]; + } + + // Run NewDES on salt using the expanded key + tmps[gid].salt[0] = salt_bufs[SALT_POS_HOST].salt_buf[0]; + tmps[gid].salt[1] = salt_bufs[SALT_POS_HOST].salt_buf[1]; } KERNEL_FQ void m32700_loop (KERN_ATTR_TMPS (sha1_tmp_t)) { const u64 gid = get_global_id (0); - if (gid >= GID_CNT) - return; - - u32 digest[5]; + if (gid >= GID_CNT) return; - digest[0] = tmps[gid].digest[0]; - digest[1] = tmps[gid].digest[1]; - digest[2] = tmps[gid].digest[2]; - digest[3] = tmps[gid].digest[3]; - digest[4] = tmps[gid].digest[4]; + u32 newdes_key[15]; - // Crate a NewDES key - uchar newdes_key[60]; + for (int i = 0; i < 15; i++) + { + newdes_key[i] = tmps[gid].newdes_key[i]; + } - key_expansion ((uchar *) digest, newdes_key); + u32 salt[2]; - // Run NewDES on salt using the expanded key - u32 salt[16] = { 0 }; // sha1_update_swap needs more space then our 8 byte salt; This seem to work! - salt[0] = salt_bufs[SALT_POS_HOST].salt_buf[0]; - salt[1] = salt_bufs[SALT_POS_HOST].salt_buf[1]; + salt[0] = tmps[gid].salt[0]; + salt[1] = tmps[gid].salt[1]; // Run 1000 iterations of NewDES on the derived salt - for (int i = 0; i < 1000; i++) + for (int i = 0; i < LOOP_CNT; i++) { - new_des ((uchar *) salt, newdes_key); + new_des ((uchar *) salt, (uchar *) newdes_key); } - // Final "SHA-1" (with endianness bug) - sha1_ctx_t ctx; - - sha1_init (&ctx); - sha1_update_swap (&ctx, salt, 8); - sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); - sha1_final (&ctx); + for (int i = 0; i < 15; i++) + { + tmps[gid].newdes_key[i] = newdes_key[i]; + } - tmps[gid].digest[0] = ctx.h[0]; - tmps[gid].digest[1] = ctx.h[1]; - tmps[gid].digest[2] = ctx.h[2]; - tmps[gid].digest[3] = ctx.h[3]; - tmps[gid].digest[4] = ctx.h[4]; + // Run NewDES on salt using the expanded key + tmps[gid].salt[0] = salt[0]; + tmps[gid].salt[1] = salt[1]; } KERNEL_FQ void m32700_comp (KERN_ATTR_TMPS (sha1_tmp_t)) { const u64 gid = get_global_id (0); - if (gid >= GID_CNT) - return; + if (gid >= GID_CNT) return; - const u32 r0 = tmps[gid].digest[DGST_R0]; - const u32 r1 = tmps[gid].digest[DGST_R1]; - const u32 r2 = tmps[gid].digest[DGST_R2]; - const u32 r3 = tmps[gid].digest[DGST_R3]; + u32 salt[16] = { 0 }; -#define il_pos 0 + salt[0] = tmps[gid].salt[0]; + salt[1] = tmps[gid].salt[1]; -#ifdef KERNEL_STATIC -#include COMPARE_M -#endif + // Final "SHA-1" (with endianness bug) + sha1_ctx_t ctx; + + sha1_init (&ctx); + sha1_update_swap (&ctx, salt, 8); + sha1_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); + sha1_final (&ctx); + + const u32 r0 = ctx.h[0]; + const u32 r1 = ctx.h[1]; + const u32 r2 = ctx.h[2]; + const u32 r3 = ctx.h[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif } diff --git a/src/modules/module_32700.c b/src/modules/module_32700.c index 764eba823..5eebc6fd2 100644 --- a/src/modules/module_32700.c +++ b/src/modules/module_32700.c @@ -11,10 +11,10 @@ #include "shared.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; -static const u32 DGST_POS0 = 3; -static const u32 DGST_POS1 = 4; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; static const u32 DGST_POS2 = 2; -static const u32 DGST_POS3 = 1; +static const u32 DGST_POS3 = 3; static const u32 DGST_SIZE = DGST_SIZE_4_5; static const u32 HASH_CATEGORY = HASH_CATEGORY_ARCHIVE; static const char *HASH_NAME = "Kremlin Encrypt 3.0 w/NewDES"; @@ -25,6 +25,13 @@ static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat"; static const char *ST_HASH = "$kgb$0ab30cf7a52dad93$82a7c454246fc7570224e9f24279791aa2a63bf4"; +typedef struct sha1_tmp +{ + u32 salt[2]; + u32 newdes_key[15]; + +} sha1_tmp_t; + u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUSED const user_options_t * user_options, MAYBE_UNUSED const user_options_extra_t * user_options_extra) { return ATTACK_EXEC; @@ -145,7 +152,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUS salt->salt_buf[i] = hex_to_u32 (salt_pos + j); } salt->salt_len = 8; - salt->salt_iter = 1; + salt->salt_iter = 1000; // final "sha-1"-ish hash const u8 *hash_pos = token.buf[2]; @@ -180,7 +187,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUS u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t * hashconfig, MAYBE_UNUSED const user_options_t * user_options, MAYBE_UNUSED const user_options_extra_t * user_options_extra) { - const u64 tmp_size = (const u64) sizeof (u32) * 5; + const u64 tmp_size = (const u64) sizeof (sha1_tmp_t); return tmp_size; }