diff --git a/src/Makefile b/src/Makefile index 5b196c0f6..a33e11b03 100644 --- a/src/Makefile +++ b/src/Makefile @@ -389,7 +389,7 @@ WIN_64_OBJS += $(foreach OBJ,$(OBJS_XXHASH),obj/$(OBJ).WIN.64.o) endif endif -MODULE_OBJS_ALL := bitops convert cpu_aes cpu_crc32 cpu_des cpu_md4 cpu_md5 ext_lzma filehandling keyboard_layout memory shared +MODULE_OBJS_ALL := bitops convert cpu_aes cpu_crc32 cpu_des cpu_md4 cpu_md5 cpu_sha1 ext_lzma filehandling keyboard_layout memory shared ifeq ($(USE_SYSTEM_LZMA),0) MODULE_OBJS_ALL += Alloc Lzma2Dec LzmaDec diff --git a/src/modules/module_06800.c b/src/modules/module_06800.c new file mode 100644 index 000000000..e8e6a597d --- /dev/null +++ b/src/modules/module_06800.c @@ -0,0 +1,208 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_8; // because kernel uses _SHA256; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "LastPass + LastPass sniffed"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 6800; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "82dbb8ccc9c7ead8c38a92a6b5740f94:500:pmix@trash-mail.com"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct lastpass_tmp +{ + u32 ipad[8]; + u32 opad[8]; + + u32 dgst[8]; + u32 out[8]; + +} lastpass_tmp_t; + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (lastpass_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + token_t token; + + token.token_cnt = 3; + + token.len_min[0] = 32; + token.len_max[0] = 64; + token.sep[0] = ':'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 1; + token.len_max[1] = 6; + token.sep[1] = ':'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[2] = 0; + token.len_max[2] = 32; + token.sep[2] = ':'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + + const u8 *iter_pos = token.buf[1]; + + salt->salt_iter = hc_strtoul ((const char *) iter_pos, NULL, 10) - 1; + + const u8 *salt_pos = token.buf[2]; + const int salt_len = token.len[2]; + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, salt_pos, salt_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + return snprintf (line_buf, line_size, "%08x%08x%08x%08x:%d:%s", + digest[0], + digest[1], + digest[2], + digest[3], + salt->salt_iter + 1, + (char *) salt->salt_buf); +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_11300.c b/src/modules/module_11300.c new file mode 100644 index 000000000..b2a012810 --- /dev/null +++ b/src/modules/module_11300.c @@ -0,0 +1,363 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "Bitcoin/Litecoin wallet.dat"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 11300; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64 + | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_ST_HEX + | OPTS_TYPE_ST_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$bitcoin$96$c265931309b4a59307921cf054b4ec6b6e4554369be79802e94e16477645777d948ae1d375191831efc78e5acd1f0443$16$8017214013543185$200460$96$480008005625057442352316337722323437108374245623701184230273883222762730232857701607167815448714$66$014754433300175043011633205413774877455616682000536368706315333388"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct bitcoin_wallet +{ + u32 cry_master_buf[64]; + u32 ckey_buf[64]; + u32 public_key_buf[64]; + + u32 cry_master_len; + u32 ckey_len; + u32 public_key_len; + +} bitcoin_wallet_t; + +typedef struct bitcoin_wallet_tmp +{ + u64 dgst[8]; + +} bitcoin_wallet_tmp_t; + +static const char *SIGNATURE_BITCOIN_WALLET = "$bitcoin$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (bitcoin_wallet_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (bitcoin_wallet_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + bitcoin_wallet_t *bitcoin_wallet = (bitcoin_wallet_t *) esalt_buf; + + token_t token; + + token.token_cnt = 10; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_BITCOIN_WALLET; + + token.len[0] = 9; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '$'; + token.len_min[1] = 2; + token.len_max[1] = 2; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '$'; + token.len_min[2] = 16; + token.len_max[2] = 256; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[3] = '$'; + token.len_min[3] = 2; + token.len_max[3] = 2; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[4] = '$'; + token.len_min[4] = 16; + token.len_max[4] = 16; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '$'; + token.len_min[5] = 1; + token.len_max[5] = 6; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[6] = '$'; + token.len_min[6] = 2; + token.len_max[6] = 2; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[7] = '$'; + token.len_min[7] = 96; + token.len_max[7] = 96; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '$'; + token.len_min[8] = 1; + token.len_max[8] = 3; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[9] = '$'; + token.len_min[9] = 2; + token.len_max[9] = 512; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *cry_master_len_pos = token.buf[1]; + const u8 *cry_master_buf_pos = token.buf[2]; + const u8 *cry_salt_len_pos = token.buf[3]; + const u8 *cry_salt_buf_pos = token.buf[4]; + const u8 *cry_rounds_pos = token.buf[5]; + const u8 *ckey_len_pos = token.buf[6]; + const u8 *ckey_buf_pos = token.buf[7]; + const u8 *public_key_len_pos = token.buf[8]; + const u8 *public_key_buf_pos = token.buf[9]; + + const int cry_master_buf_len = token.len[2]; + const int cry_salt_buf_len = token.len[4]; + const int ckey_buf_len = token.len[7]; + const int public_key_buf_len = token.len[9]; + + // verify + + const int cry_master_len = hc_strtoul ((const char *) cry_master_len_pos, NULL, 10); + const int cry_salt_len = hc_strtoul ((const char *) cry_salt_len_pos, NULL, 10); + const int ckey_len = hc_strtoul ((const char *) ckey_len_pos, NULL, 10); + const int public_key_len = hc_strtoul ((const char *) public_key_len_pos, NULL, 10); + + if (cry_master_buf_len != cry_master_len) return (PARSER_SALT_VALUE); + if (cry_salt_buf_len != cry_salt_len) return (PARSER_SALT_VALUE); + if (ckey_buf_len != ckey_len) return (PARSER_SALT_VALUE); + if (public_key_buf_len != public_key_len) return (PARSER_SALT_VALUE); + + if (cry_master_len % 16) return (PARSER_SALT_VALUE); + + // esalt + + for (int i = 0, j = 0; j < cry_master_len; i += 1, j += 8) + { + bitcoin_wallet->cry_master_buf[i] = hex_to_u32 ((const u8 *) &cry_master_buf_pos[j]); + } + + for (int i = 0, j = 0; j < ckey_len; i += 1, j += 8) + { + bitcoin_wallet->ckey_buf[i] = hex_to_u32 ((const u8 *) &ckey_buf_pos[j]); + } + + for (int i = 0, j = 0; j < public_key_len; i += 1, j += 8) + { + bitcoin_wallet->public_key_buf[i] = hex_to_u32 ((const u8 *) &public_key_buf_pos[j]); + } + + bitcoin_wallet->cry_master_len = cry_master_len / 2; + bitcoin_wallet->ckey_len = ckey_len / 2; + bitcoin_wallet->public_key_len = public_key_len / 2; + + // hash + + digest[0] = bitcoin_wallet->cry_master_buf[0]; + digest[1] = bitcoin_wallet->cry_master_buf[1]; + digest[2] = bitcoin_wallet->cry_master_buf[2]; + digest[3] = bitcoin_wallet->cry_master_buf[3]; + + // iter + + const int cry_rounds = hc_strtoul ((const char *) cry_rounds_pos, NULL, 10); + + salt->salt_iter = cry_rounds - 1; + + // salt + + const bool parse_rc = parse_and_store_generic_salt ((u8 *) salt->salt_buf, (int *) &salt->salt_len, cry_salt_buf_pos, cry_salt_buf_len, hashconfig); + + if (parse_rc == false) return (PARSER_SALT_LENGTH); + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + bitcoin_wallet_t *bitcoin_wallet = (bitcoin_wallet_t *) esalt_buf; + + const u32 cry_master_len = bitcoin_wallet->cry_master_len; + const u32 ckey_len = bitcoin_wallet->ckey_len; + const u32 public_key_len = bitcoin_wallet->public_key_len; + + char *cry_master_buf = (char *) hcmalloc ((cry_master_len * 2) + 1); + char *ckey_buf = (char *) hcmalloc ((ckey_len * 2) + 1); + char *public_key_buf = (char *) hcmalloc ((public_key_len * 2) + 1); + + for (u32 i = 0, j = 0; i < cry_master_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) bitcoin_wallet->cry_master_buf; + + sprintf (cry_master_buf + j, "%02x", ptr[i]); + } + + for (u32 i = 0, j = 0; i < ckey_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) bitcoin_wallet->ckey_buf; + + sprintf (ckey_buf + j, "%02x", ptr[i]); + } + + for (u32 i = 0, j = 0; i < public_key_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) bitcoin_wallet->public_key_buf; + + sprintf (public_key_buf + j, "%02x", ptr[i]); + } + + const int line_len = snprintf (line_buf, line_size, "%s%u$%s$%u$%08x%08x$%u$%u$%s$%u$%s", + SIGNATURE_BITCOIN_WALLET, + cry_master_len * 2, + cry_master_buf, + salt->salt_len * 2, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1]), + salt->salt_iter + 1, + ckey_len * 2, + ckey_buf, + public_key_len * 2, + public_key_buf + ); + + hcfree (cry_master_buf); + hcfree (ckey_buf); + hcfree (public_key_buf); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13400.c b/src/modules/module_13400.c new file mode 100644 index 000000000..b8a69391d --- /dev/null +++ b/src/modules/module_13400.c @@ -0,0 +1,716 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "KeePass 1 (AES/Twofish) and KeePass 2 (AES)"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PREFERED_THREAD; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$keepass$*2*24569*0*c40432355cce7348c48053ceea0a28e7d18859c4ea47e3a799c6300861f64b95*265dafcc42e1537ff42e97e1e283c70014133be0fe2d420b4d24c6d57c9d2207*a00e20a852694c15aabb074d61b902fa*48dd553fb96f7996635f2414bfe6a1a8429ef0ffb71a1752abbef31853172c35*a44ae659958ad7fae8c8952cb83f3cf03fec2371ce22a8bf7fac1e687af2f249*1*64*5a26ea376cc5afc955104c334571d30486acbac512a94b75ca82a9e31dd97bf7"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct keepass +{ + u32 version; + u32 algorithm; + + /* key-file handling */ + u32 keyfile_len; + u32 keyfile[8]; + + u32 final_random_seed[8]; + u32 transf_random_seed[8]; + u32 enc_iv[4]; + u32 contents_hash[8]; + + /* specific to version 1 */ + u32 contents_len; + u32 contents[75000]; + + /* specific to version 2 */ + u32 expected_bytes[8]; + +} keepass_t; + +typedef struct keepass_tmp +{ + u32 tmp_digest[8]; + +} keepass_tmp_t; + +static const char *SIGNATURE_KEEPASS = "$keepass$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (keepass_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (keepass_tmp_t); + + return tmp_size; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // this overrides the reductions of PW_MAX in case optimized kernel is selected + // IOW, even in optimized kernel mode it support length 256 + + const u32 pw_max = PW_MAX; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + keepass_t *keepass = (keepass_t *) esalt_buf; + + bool is_keyfile_present = false; + + if (line_len < 128) return (PARSER_SALT_LENGTH); + + if ((line_buf[line_len - (64 + 1 + 2 + 1 + 2)] == '*') + && (line_buf[line_len - (64 + 1 + 2 + 1 + 1)] == '1') + && (line_buf[line_len - (64 + 1 + 2 + 1 + 0)] == '*')) is_keyfile_present = true; + + token_t token; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_KEEPASS; + + token.sep[0] = '*'; + token.len_min[0] = 9; + token.len_max[0] = 9; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '*'; + token.len_min[2] = 1; + token.len_max[2] = 8; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '*'; + token.len_min[3] = 1; + token.len_max[3] = 3; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + if (line_len < 16) return (PARSER_SALT_LENGTH); + + const u8 version = line_buf[10]; + + if (version == '1') + { + token.token_cnt = 11; + + token.sep[4] = '*'; + token.len_min[4] = 32; + token.len_max[4] = 32; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 64; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '*'; + token.len_min[6] = 32; + token.len_max[6] = 32; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '*'; + token.len_min[7] = 64; + token.len_max[7] = 64; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '*'; + token.len_min[8] = 1; + token.len_max[8] = 1; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[9] = '*'; + token.len_min[9] = 1; + token.len_max[9] = 6; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[10] = '*'; + token.len_min[10] = 2; + token.len_max[10] = 600000; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + if (is_keyfile_present == true) + { + token.token_cnt = 14; + + token.sep[11] = '*'; + token.len_min[11] = 1; + token.len_max[11] = 1; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[12] = '*'; + token.len_min[12] = 2; + token.len_max[12] = 2; + token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[13] = '*'; + token.len_min[13] = 64; + token.len_max[13] = 64; + token.attr[13] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + } + } + else if (version == '2') + { + token.token_cnt = 9; + + token.sep[4] = '*'; + token.len_min[4] = 64; + token.len_max[4] = 64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 64; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '*'; + token.len_min[6] = 32; + token.len_max[6] = 32; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '*'; + token.len_min[7] = 64; + token.len_max[7] = 64; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '*'; + token.len_min[8] = 64; + token.len_max[8] = 64; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + if (is_keyfile_present == true) + { + token.token_cnt = 12; + + token.sep[9] = '*'; + token.len_min[9] = 1; + token.len_max[9] = 1; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[10] = '*'; + token.len_min[10] = 2; + token.len_max[10] = 2; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[11] = '*'; + token.len_min[11] = 64; + token.len_max[11] = 64; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + } + } + else + { + return (PARSER_SALT_VALUE); + } + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // version + + const u8 *version_pos = token.buf[1]; + + keepass->version = hc_strtoul ((const char *) version_pos, NULL, 10); + + // iter + + const u8 *rounds_pos = token.buf[2]; + + salt->salt_iter = hc_strtoul ((const char *) rounds_pos, NULL, 10); + + // algo + + const u8 *algorithm_pos = token.buf[3]; + + keepass->algorithm = hc_strtoul ((const char *) algorithm_pos, NULL, 10); + + // final_random_seed_pos + + const u8 *final_random_seed_pos = token.buf[4]; + + keepass->final_random_seed[0] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 0]); + keepass->final_random_seed[1] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 8]); + keepass->final_random_seed[2] = hex_to_u32 ((const u8 *) &final_random_seed_pos[16]); + keepass->final_random_seed[3] = hex_to_u32 ((const u8 *) &final_random_seed_pos[24]); + + keepass->final_random_seed[0] = byte_swap_32 (keepass->final_random_seed[0]); + keepass->final_random_seed[1] = byte_swap_32 (keepass->final_random_seed[1]); + keepass->final_random_seed[2] = byte_swap_32 (keepass->final_random_seed[2]); + keepass->final_random_seed[3] = byte_swap_32 (keepass->final_random_seed[3]); + + if (keepass->version == 2) + { + keepass->final_random_seed[4] = hex_to_u32 ((const u8 *) &final_random_seed_pos[32]); + keepass->final_random_seed[5] = hex_to_u32 ((const u8 *) &final_random_seed_pos[40]); + keepass->final_random_seed[6] = hex_to_u32 ((const u8 *) &final_random_seed_pos[48]); + keepass->final_random_seed[7] = hex_to_u32 ((const u8 *) &final_random_seed_pos[56]); + + keepass->final_random_seed[4] = byte_swap_32 (keepass->final_random_seed[4]); + keepass->final_random_seed[5] = byte_swap_32 (keepass->final_random_seed[5]); + keepass->final_random_seed[6] = byte_swap_32 (keepass->final_random_seed[6]); + keepass->final_random_seed[7] = byte_swap_32 (keepass->final_random_seed[7]); + } + + // transf_random_seed_pos + + const u8 *transf_random_seed_pos = token.buf[5]; + + keepass->transf_random_seed[0] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 0]); + keepass->transf_random_seed[1] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 8]); + keepass->transf_random_seed[2] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[16]); + keepass->transf_random_seed[3] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[24]); + keepass->transf_random_seed[4] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[32]); + keepass->transf_random_seed[5] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[40]); + keepass->transf_random_seed[6] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[48]); + keepass->transf_random_seed[7] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[56]); + + keepass->transf_random_seed[0] = byte_swap_32 (keepass->transf_random_seed[0]); + keepass->transf_random_seed[1] = byte_swap_32 (keepass->transf_random_seed[1]); + keepass->transf_random_seed[2] = byte_swap_32 (keepass->transf_random_seed[2]); + keepass->transf_random_seed[3] = byte_swap_32 (keepass->transf_random_seed[3]); + keepass->transf_random_seed[4] = byte_swap_32 (keepass->transf_random_seed[4]); + keepass->transf_random_seed[5] = byte_swap_32 (keepass->transf_random_seed[5]); + keepass->transf_random_seed[6] = byte_swap_32 (keepass->transf_random_seed[6]); + keepass->transf_random_seed[7] = byte_swap_32 (keepass->transf_random_seed[7]); + + // enc_iv_pos + + const u8 *enc_iv_pos = token.buf[6]; + + keepass->enc_iv[0] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 0]); + keepass->enc_iv[1] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 8]); + keepass->enc_iv[2] = hex_to_u32 ((const u8 *) &enc_iv_pos[16]); + keepass->enc_iv[3] = hex_to_u32 ((const u8 *) &enc_iv_pos[24]); + + keepass->enc_iv[0] = byte_swap_32 (keepass->enc_iv[0]); + keepass->enc_iv[1] = byte_swap_32 (keepass->enc_iv[1]); + keepass->enc_iv[2] = byte_swap_32 (keepass->enc_iv[2]); + keepass->enc_iv[3] = byte_swap_32 (keepass->enc_iv[3]); + + const u8 *keyfile_pos = NULL; + + if (keepass->version == 1) + { + // contents_hash + + const u8 *contents_hash_pos = token.buf[7]; + + keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]); + keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]); + keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]); + keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]); + keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]); + keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]); + keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]); + keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]); + + keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]); + keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]); + keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]); + keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]); + keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]); + keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]); + keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]); + keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]); + + // contents + + const u8 *contents_pos = token.buf[10]; + const int contents_len = token.len[10]; + + keepass->contents_len = contents_len / 2; + + for (int i = 0, j = 0; j < contents_len; i += 1, j += 8) + { + keepass->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[j]); + + keepass->contents[i] = byte_swap_32 (keepass->contents[i]); + } + + if (is_keyfile_present == true) + { + keyfile_pos = token.buf[13]; + } + } + else if (keepass->version == 2) + { + // expected_bytes + + const u8 *expected_bytes_pos = token.buf[7]; + + keepass->expected_bytes[0] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 0]); + keepass->expected_bytes[1] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 8]); + keepass->expected_bytes[2] = hex_to_u32 ((const u8 *) &expected_bytes_pos[16]); + keepass->expected_bytes[3] = hex_to_u32 ((const u8 *) &expected_bytes_pos[24]); + keepass->expected_bytes[4] = hex_to_u32 ((const u8 *) &expected_bytes_pos[32]); + keepass->expected_bytes[5] = hex_to_u32 ((const u8 *) &expected_bytes_pos[40]); + keepass->expected_bytes[6] = hex_to_u32 ((const u8 *) &expected_bytes_pos[48]); + keepass->expected_bytes[7] = hex_to_u32 ((const u8 *) &expected_bytes_pos[56]); + + keepass->expected_bytes[0] = byte_swap_32 (keepass->expected_bytes[0]); + keepass->expected_bytes[1] = byte_swap_32 (keepass->expected_bytes[1]); + keepass->expected_bytes[2] = byte_swap_32 (keepass->expected_bytes[2]); + keepass->expected_bytes[3] = byte_swap_32 (keepass->expected_bytes[3]); + keepass->expected_bytes[4] = byte_swap_32 (keepass->expected_bytes[4]); + keepass->expected_bytes[5] = byte_swap_32 (keepass->expected_bytes[5]); + keepass->expected_bytes[6] = byte_swap_32 (keepass->expected_bytes[6]); + keepass->expected_bytes[7] = byte_swap_32 (keepass->expected_bytes[7]); + + // contents_hash + + const u8 *contents_hash_pos = token.buf[8]; + + keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]); + keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]); + keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]); + keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]); + keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]); + keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]); + keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]); + keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]); + + keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]); + keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]); + keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]); + keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]); + keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]); + keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]); + keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]); + keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]); + + if (is_keyfile_present == true) + { + keyfile_pos = token.buf[11]; + } + } + + if (is_keyfile_present == true) + { + keepass->keyfile_len = 32; + + keepass->keyfile[0] = hex_to_u32 ((const u8 *) &keyfile_pos[ 0]); + keepass->keyfile[1] = hex_to_u32 ((const u8 *) &keyfile_pos[ 8]); + keepass->keyfile[2] = hex_to_u32 ((const u8 *) &keyfile_pos[16]); + keepass->keyfile[3] = hex_to_u32 ((const u8 *) &keyfile_pos[24]); + keepass->keyfile[4] = hex_to_u32 ((const u8 *) &keyfile_pos[32]); + keepass->keyfile[5] = hex_to_u32 ((const u8 *) &keyfile_pos[40]); + keepass->keyfile[6] = hex_to_u32 ((const u8 *) &keyfile_pos[48]); + keepass->keyfile[7] = hex_to_u32 ((const u8 *) &keyfile_pos[56]); + + keepass->keyfile[0] = byte_swap_32 (keepass->keyfile[0]); + keepass->keyfile[1] = byte_swap_32 (keepass->keyfile[1]); + keepass->keyfile[2] = byte_swap_32 (keepass->keyfile[2]); + keepass->keyfile[3] = byte_swap_32 (keepass->keyfile[3]); + keepass->keyfile[4] = byte_swap_32 (keepass->keyfile[4]); + keepass->keyfile[5] = byte_swap_32 (keepass->keyfile[5]); + keepass->keyfile[6] = byte_swap_32 (keepass->keyfile[6]); + keepass->keyfile[7] = byte_swap_32 (keepass->keyfile[7]); + } + + if (keepass->version == 1) + { + digest[0] = keepass->contents_hash[0]; + digest[1] = keepass->contents_hash[1]; + digest[2] = keepass->contents_hash[2]; + digest[3] = keepass->contents_hash[3]; + } + else + { + digest[0] = keepass->expected_bytes[0]; + digest[1] = keepass->expected_bytes[1]; + digest[2] = keepass->expected_bytes[2]; + digest[3] = keepass->expected_bytes[3]; + } + + salt->salt_buf[0] = keepass->transf_random_seed[0]; + salt->salt_buf[1] = keepass->transf_random_seed[1]; + salt->salt_buf[2] = keepass->transf_random_seed[2]; + salt->salt_buf[3] = keepass->transf_random_seed[3]; + salt->salt_buf[4] = keepass->transf_random_seed[4]; + salt->salt_buf[5] = keepass->transf_random_seed[5]; + salt->salt_buf[6] = keepass->transf_random_seed[6]; + salt->salt_buf[7] = keepass->transf_random_seed[7]; + + salt->salt_len = 32; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const keepass_t *keepass = (const keepass_t *) esalt_buf; + + u32 version = keepass->version; + u32 rounds = salt->salt_iter; + u32 algorithm = keepass->algorithm; + u32 keyfile_len = keepass->keyfile_len; + + u32 *ptr_final_random_seed = (u32 *) keepass->final_random_seed; + u32 *ptr_transf_random_seed = (u32 *) keepass->transf_random_seed; + u32 *ptr_enc_iv = (u32 *) keepass->enc_iv; + u32 *ptr_contents_hash = (u32 *) keepass->contents_hash; + u32 *ptr_keyfile = (u32 *) keepass->keyfile; + + // specific to version 2 + u32 expected_bytes_len; + u32 *ptr_expected_bytes; + + u32 final_random_seed_len; + u32 transf_random_seed_len; + u32 enc_iv_len; + u32 contents_hash_len; + + transf_random_seed_len = 8; + enc_iv_len = 4; + contents_hash_len = 8; + final_random_seed_len = 8; + + if (version == 1) + final_random_seed_len = 4; + + snprintf (line_buf, line_size, "%s*%u*%u*%u", + SIGNATURE_KEEPASS, + version, + rounds, + algorithm); + + char *ptr_data = line_buf; + + ptr_data += strlen(line_buf); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < final_random_seed_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_final_random_seed[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < transf_random_seed_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_transf_random_seed[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < enc_iv_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_enc_iv[i]); + + *ptr_data = '*'; + ptr_data++; + + if (version == 1) + { + u32 contents_len = keepass->contents_len; + u32 *ptr_contents = (u32 *) keepass->contents; + + for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents_hash[i]); + + *ptr_data = '*'; + ptr_data++; + + // inline flag + *ptr_data = '1'; + ptr_data++; + + *ptr_data = '*'; + ptr_data++; + + char ptr_contents_len[10] = { 0 }; + + sprintf ((char*) ptr_contents_len, "%u", contents_len); + + sprintf (ptr_data, "%u", contents_len); + + ptr_data += strlen(ptr_contents_len); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < contents_len / 4; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents[i]); + } + else if (version == 2) + { + expected_bytes_len = 8; + ptr_expected_bytes = (u32 *) keepass->expected_bytes; + + for (u32 i = 0; i < expected_bytes_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_expected_bytes[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents_hash[i]); + } + if (keyfile_len) + { + *ptr_data = '*'; + ptr_data++; + + // inline flag + *ptr_data = '1'; + ptr_data++; + + *ptr_data = '*'; + ptr_data++; + + sprintf (ptr_data, "%u", keyfile_len * 2); + + ptr_data += 2; + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < 8; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_keyfile[i]); + } + + return strlen (line_buf); +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_13500.c b/src/modules/module_13500.c new file mode 100644 index 000000000..94a8a7caf --- /dev/null +++ b/src/modules/module_13500.c @@ -0,0 +1,270 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "cpu_sha1.h" +#include "inc_hash_constants.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 3; +static const u32 DGST_POS1 = 4; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 1; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_EAS; +static const char *HASH_NAME = "PeopleSoft PS_TOKEN"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 13500; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_PRECOMPUTE_INIT + | OPTI_TYPE_NOT_ITERATED + | OPTI_TYPE_PREPENDED_SALT + | OPTI_TYPE_RAW_HASH; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_BE + | OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_PT_UTF16LE + | OPTS_TYPE_PT_ADD80; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "24eea51b53d02b4c5ff99bcb05a6847fdb2d9308:4f10a0de76e242040c28e9d3dd15c903343489c79765f9118c098c266b9ff505c95bd75bbe406ff3404849eea73930ad17937c0ba6fc3e7bb6d37362941318938b8af96d1292a310b3fd29a67e411ecb10d30247c99183a16951b3859054d4eba9dcd50709c7b21dee836d7ed195cc6b33317aeb557cc56392dc551faa8d5a0fb42212"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pstoken +{ + u32 salt_buf[128]; + u32 salt_len; + + u32 pc_digest[5]; + u32 pc_offset; + +} pstoken_t; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pstoken_t); + + return esalt_size; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pstoken_t *pstoken = (pstoken_t *) esalt_buf; + + token_t token; + + token.token_cnt = 2; + + token.sep[0] = hashconfig->separator; + token.len_min[0] = 40; + token.len_max[0] = 40; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[1] = 32; + token.len_max[1] = 1024; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *hash_pos = token.buf[0]; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + + const u8 *salt_pos = token.buf[1]; + const int salt_len = token.len[1]; + + u8 *pstoken_ptr = (u8 *) pstoken->salt_buf; + + for (int i = 0, j = 0; i < salt_len; i += 2, j += 1) + { + pstoken_ptr[j] = hex_to_u8 (salt_pos + i); + } + + pstoken->salt_len = salt_len / 2; + + /* some fake salt for the sorting mechanisms */ + + salt->salt_buf[0] = pstoken->salt_buf[0]; + salt->salt_buf[1] = pstoken->salt_buf[1]; + salt->salt_buf[2] = pstoken->salt_buf[2]; + salt->salt_buf[3] = pstoken->salt_buf[3]; + salt->salt_buf[4] = pstoken->salt_buf[4]; + salt->salt_buf[5] = pstoken->salt_buf[5]; + salt->salt_buf[6] = pstoken->salt_buf[6]; + salt->salt_buf[7] = pstoken->salt_buf[7]; + + salt->salt_len = 32; + + /* we need to check if we can precompute some of the data -- + this is possible since the scheme is badly designed */ + + pstoken->pc_digest[0] = SHA1M_A; + pstoken->pc_digest[1] = SHA1M_B; + pstoken->pc_digest[2] = SHA1M_C; + pstoken->pc_digest[3] = SHA1M_D; + pstoken->pc_digest[4] = SHA1M_E; + + pstoken->pc_offset = 0; + + for (int i = 0; i < (int) pstoken->salt_len - 63; i += 64) + { + u32 w[16]; + + w[ 0] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 0]); + w[ 1] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 1]); + w[ 2] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 2]); + w[ 3] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 3]); + w[ 4] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 4]); + w[ 5] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 5]); + w[ 6] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 6]); + w[ 7] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 7]); + w[ 8] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 8]); + w[ 9] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 9]); + w[10] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 10]); + w[11] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 11]); + w[12] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 12]); + w[13] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 13]); + w[14] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 14]); + w[15] = byte_swap_32 (pstoken->salt_buf[pstoken->pc_offset + 15]); + + sha1_64 (w, pstoken->pc_digest); + + pstoken->pc_offset += 16; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const pstoken_t *pstoken = (const pstoken_t *) esalt_buf; + + const u32 salt_len = (pstoken->salt_len > 512) ? 512 : pstoken->salt_len; + + char pstoken_tmp[1024 + 1] = { 0 }; + + for (u32 i = 0, j = 0; i < salt_len; i += 1, j += 2) + { + const u8 *ptr = (const u8 *) pstoken->salt_buf; + + sprintf (pstoken_tmp + j, "%02x", ptr[i]); + } + + const int line_len = snprintf (line_buf, line_size, "%08x%08x%08x%08x%08x:%s", + digest[0], + digest[1], + digest[2], + digest[3], + digest[4], + pstoken_tmp); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +}