From 5d5d1a5843660ab1ee815bf40f06f6a15e047a20 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 19 May 2016 22:37:43 +0200 Subject: [PATCH] More VeraCrypt stuff; SHA256 kernels missing and --veracrypt-pim missing --- docs/changes.txt | 3 + docs/readme.txt | 3 +- include/shared.h | 59 ++++-- include/types.h | 2 + src/hashcat.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++- src/shared.c | 218 ++++++++++++++++++++++ 6 files changed, 731 insertions(+), 22 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index b19ecadd1..206a9fb2d 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -27,6 +27,8 @@ It combines all features of all hashcat projects in one project. - Added command prompt to quit at next restore checkpoint - Added human-readable error message for the OpenCL error codes - Added option --potfile-path to override potfile path +- Added option --veracrypt-keyfile to set Keyfiles used, can be multiple +- Added option --veracrypt-pim to set the VeraCrypt personal iterations multiplier ## ## Algorithms @@ -41,6 +43,7 @@ It combines all features of all hashcat projects in one project. - Added new hash-mode 13400 = Keepass 1 (AES/Twofish) and Keepass 2 (AES) - Added new hash-mode 13500 = PeopleSoft PS_TOKEN - Added new hash-mode 13600 = WinZip +- Added new hash-mode 137** = VeraCrypt ## ## Performance diff --git a/docs/readme.txt b/docs/readme.txt index c5c4c0110..1e4a031d2 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -201,7 +201,8 @@ NVidia users require NVidia drivers 346.59 or later (recommended 361.x or later) - eCryptfs - Android FDE <= 4.3 - Android FDE (Samsung DEK) -- TrueCrypt 5.0+ +- TrueCrypt +- VeraCrypt ## ## Attack-Modes diff --git a/include/shared.h b/include/shared.h index 8805d6e38..d5b00abe8 100644 --- a/include/shared.h +++ b/include/shared.h @@ -382,18 +382,36 @@ extern hc_thread_mutex_t mux_display; #define HT_02612 "PHPS" #define HT_02711 "vBulletin > v3.8.5" #define HT_02811 "IPB2+, MyBB1.2+" -#define HT_06211 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 512 bit" -#define HT_06212 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 1024 bit" -#define HT_06213 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 1536 bit" -#define HT_06221 "TrueCrypt 5.0+ PBKDF2-HMAC-SHA512 + XTS 512 bit" -#define HT_06222 "TrueCrypt 5.0+ PBKDF2-HMAC-SHA512 + XTS 1024 bit" -#define HT_06223 "TrueCrypt 5.0+ PBKDF2-HMAC-SHA512 + XTS 1536 bit" -#define HT_06231 "TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool + XTS 512 bit" -#define HT_06232 "TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool + XTS 1024 bit" -#define HT_06233 "TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool + XTS 1536 bit" -#define HT_06241 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode" -#define HT_06242 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 1024 bit + boot-mode" -#define HT_06243 "TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + XTS 1536 bit + boot-mode" +#define HT_06211 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit" +#define HT_06212 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 1024 bit" +#define HT_06213 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 1536 bit" +#define HT_06221 "TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit" +#define HT_06222 "TrueCrypt PBKDF2-HMAC-SHA512 + XTS 1024 bit" +#define HT_06223 "TrueCrypt PBKDF2-HMAC-SHA512 + XTS 1536 bit" +#define HT_06231 "TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit" +#define HT_06232 "TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 1024 bit" +#define HT_06233 "TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 1536 bit" +#define HT_06241 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode" +#define HT_06242 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 1024 bit + boot-mode" +#define HT_06243 "TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 1536 bit + boot-mode" +#define HT_13711 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit" +#define HT_13712 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 1024 bit" +#define HT_13713 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 1536 bit" +#define HT_13721 "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit" +#define HT_13722 "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1024 bit" +#define HT_13723 "VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1536 bit" +#define HT_13731 "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit" +#define HT_13732 "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1024 bit" +#define HT_13733 "VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 1536 bit" +#define HT_13741 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode" +#define HT_13742 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 1024 bit + boot-mode" +#define HT_13743 "VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 1536 bit + boot-mode" +#define HT_13751 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit" +#define HT_13752 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1024 bit" +#define HT_13753 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1536 bit" +#define HT_13761 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode" +#define HT_13762 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1024 bit + boot-mode" +#define HT_13763 "VeraCrypt PBKDF2-HMAC-SHA256 + XTS 1536 bit + boot-mode" /** * Outfile formats @@ -897,6 +915,9 @@ extern hc_thread_mutex_t mux_display; #define KERN_TYPE_TCWHIRLPOOL_XTS512 6231 #define KERN_TYPE_TCWHIRLPOOL_XTS1024 6232 #define KERN_TYPE_TCWHIRLPOOL_XTS1536 6233 +#define KERN_TYPE_VCSHA256_XTS512 13751 +#define KERN_TYPE_VCSHA256_XTS1024 13752 +#define KERN_TYPE_VCSHA256_XTS1536 13753 #define KERN_TYPE_MD5AIX 6300 #define KERN_TYPE_SHA256AIX 6400 #define KERN_TYPE_SHA512AIX 6500 @@ -1057,6 +1078,10 @@ extern hc_thread_mutex_t mux_display; #define ROUNDS_ANDROIDPIN 1024 #define ROUNDS_TRUECRYPT_1K 1000 #define ROUNDS_TRUECRYPT_2K 2000 +#define ROUNDS_VERACRYPT_200000 200000 +#define ROUNDS_VERACRYPT_500000 500000 +#define ROUNDS_VERACRYPT_327661 327661 +#define ROUNDS_VERACRYPT_655331 655331 #define ROUNDS_SHA1AIX (1 << 6) #define ROUNDS_SHA256AIX (1 << 6) #define ROUNDS_SHA512AIX (1 << 6) @@ -1222,7 +1247,8 @@ extern hc_thread_mutex_t mux_display; #define PARSER_PSAFE2_FILE_SIZE -13 #define PARSER_PSAFE3_FILE_SIZE -14 #define PARSER_TC_FILE_SIZE -15 -#define PARSER_SIP_AUTH_DIRECTIVE -16 +#define PARSER_VC_FILE_SIZE -16 +#define PARSER_SIP_AUTH_DIRECTIVE -17 #define PARSER_UNKNOWN_ERROR -255 #define PA_000 "OK" @@ -1241,7 +1267,8 @@ extern hc_thread_mutex_t mux_display; #define PA_013 "Invalid psafe2 filesize" #define PA_014 "Invalid psafe3 filesize" #define PA_015 "Invalid truecrypt filesize" -#define PA_016 "Invalid SIP directive, only MD5 is supported" +#define PA_016 "Invalid veracrypt filesize" +#define PA_017 "Invalid SIP directive, only MD5 is supported" #define PA_255 "Unknown error" /** @@ -1615,6 +1642,10 @@ int sha1axcrypt_parse_hash (char *input_buf, uint input_len, hash_t *hash int keepass_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf); int pstoken_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf); int zip2_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf); +int veracrypt_parse_hash_200000 (char *input_buf, uint input_len, hash_t *hash_buf); +int veracrypt_parse_hash_500000 (char *input_buf, uint input_len, hash_t *hash_buf); +int veracrypt_parse_hash_327661 (char *input_buf, uint input_len, hash_t *hash_buf); +int veracrypt_parse_hash_655331 (char *input_buf, uint input_len, hash_t *hash_buf); void load_kernel (const char *kernel_file, int num_devices, size_t *kernel_lengths, const u8 **kernel_sources); void writeProgramBin (char *dst, u8 *binary, size_t binary_size); diff --git a/include/types.h b/include/types.h index 08bbb669f..95f83b2ea 100644 --- a/include/types.h +++ b/include/types.h @@ -1258,6 +1258,8 @@ typedef struct uint scrypt_tmto; uint segment_size; char *truecrypt_keyfiles; + char *veracrypt_keyfiles; + uint veracrypt_pim; uint workload_profile; uint hash_mode; diff --git a/src/hashcat.c b/src/hashcat.c index a8d87a618..8d222b440 100644 --- a/src/hashcat.c +++ b/src/hashcat.c @@ -148,7 +148,7 @@ double TARGET_MS_PROFILE[3] = { 8, 16, 96 }; #define MAX_DICTSTAT 10000 -#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 137 +#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 143 #define global_free(attr) \ { \ @@ -279,6 +279,12 @@ static uint default_benchmark_algorithms[NUM_DEFAULT_BENCHMARK_ALGORITHMS] = 6221, 6231, 6241, + 13711, + 13721, + 13731, + 13741, + 13751, + 13761, 8800, 12900, 12200, @@ -401,6 +407,8 @@ const char *USAGE_BIG[] = " --outfile-check-dir=FOLDER Specify the outfile directory which should be monitored, default is $session.outfiles", " --logfile-disable Disable the logfile", " --truecrypt-keyfiles=FILE Keyfiles used, separate with comma", + " --veracrypt-keyfiles=FILE Keyfiles used, separate with comma", + " --veracrypt-pim=NUM VeraCrypt personal iterations multiplier", "", "* Resources:", "", @@ -711,7 +719,7 @@ const char *USAGE_BIG[] = "", "[[ Full-Disk encryptions (FDE) ]]", "", - " 62XY = TrueCrypt 5.0+", + " 62XY = TrueCrypt", " X = 1 = PBKDF2-HMAC-RipeMD160", " X = 2 = PBKDF2-HMAC-SHA512", " X = 3 = PBKDF2-HMAC-Whirlpool", @@ -722,6 +730,16 @@ const char *USAGE_BIG[] = " 8800 = Android FDE < v4.3", " 12900 = Android FDE (Samsung DEK)", " 12200 = eCryptfs", + " 137XY = VeraCrypt", + " X = 1 = PBKDF2-HMAC-RipeMD160", + " X = 2 = PBKDF2-HMAC-SHA512", + " X = 3 = PBKDF2-HMAC-Whirlpool", + " X = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode", + " X = 5 = PBKDF2-HMAC-SHA256", + " X = 6 = PBKDF2-HMAC-SHA256 + boot-mode", + " Y = 1 = XTS 512 bit (Ciphers: AES or Serpent or Twofish)", + " Y = 2 = XTS 1024 bit (Ciphers: AES or Serpent or Twofish or AES-Twofish or Serpent-AES or Twofish-Serpent)", + " Y = 3 = XTS 1536 bit (Ciphers: All)", "", "[[ Documents ]]", "", @@ -1096,6 +1114,10 @@ void status_display () { log_info ("Hash.Target....: File (%s)", data.hashfile); } + else if ((data.hash_mode >= 13700) && (data.hash_mode <= 13799)) + { + log_info ("Hash.Target....: File (%s)", data.hashfile); + } else { char out_buf[HCBUFSIZ] = { 0 }; @@ -5344,6 +5366,8 @@ int main (int argc, char **argv) char *opencl_device_types = NULL; uint opencl_vector_width = OPENCL_VECTOR_WIDTH; char *truecrypt_keyfiles = NULL; + char *veracrypt_keyfiles = NULL; + uint veracrypt_pim = 0; uint workload_profile = WORKLOAD_PROFILE; uint kernel_accel = KERNEL_ACCEL; uint kernel_loops = KERNEL_LOOPS; @@ -5432,6 +5456,8 @@ int main (int argc, char **argv) #define IDX_POWERTUNE_ENABLE 0xff41 #define IDX_LOGFILE_DISABLE 0xff51 #define IDX_TRUECRYPT_KEYFILES 0xff52 + #define IDX_VERACRYPT_KEYFILES 0xff53 + #define IDX_VERACRYPT_PIM 0xff54 #define IDX_SCRYPT_TMTO 0xff61 #define IDX_SEGMENT_SIZE 'c' #define IDX_SEPARATOR 'p' @@ -5518,6 +5544,8 @@ int main (int argc, char **argv) #endif // HAVE_HWMON {"logfile-disable", no_argument, 0, IDX_LOGFILE_DISABLE}, {"truecrypt-keyfiles", required_argument, 0, IDX_TRUECRYPT_KEYFILES}, + {"veracrypt-keyfiles", required_argument, 0, IDX_VERACRYPT_KEYFILES}, + {"veracrypt-pim", required_argument, 0, IDX_VERACRYPT_PIM}, {"segment-size", required_argument, 0, IDX_SEGMENT_SIZE}, {"scrypt-tmto", required_argument, 0, IDX_SCRYPT_TMTO}, // deprecated @@ -5844,6 +5872,8 @@ int main (int argc, char **argv) #endif // HAVE_HWMON case IDX_LOGFILE_DISABLE: logfile_disable = 1; break; case IDX_TRUECRYPT_KEYFILES: truecrypt_keyfiles = optarg; break; + case IDX_VERACRYPT_KEYFILES: veracrypt_keyfiles = optarg; break; + case IDX_VERACRYPT_PIM: veracrypt_pim = atoi (optarg); break; case IDX_SEGMENT_SIZE: segment_size = atoi (optarg); break; case IDX_SCRYPT_TMTO: scrypt_tmto = atoi (optarg); break; case IDX_SEPARATOR: separator = optarg[0]; break; @@ -5922,7 +5952,7 @@ int main (int argc, char **argv) return (-1); } - if (hash_mode_chgd && hash_mode > 13600) // just added to remove compiler warnings for hash_mode_chgd + if (hash_mode_chgd && hash_mode > 13799) // just added to remove compiler warnings for hash_mode_chgd { log_error ("ERROR: Invalid hash-type specified"); @@ -5951,7 +5981,7 @@ int main (int argc, char **argv) if (username == 1) { - if ((hash_mode == 2500) || (hash_mode == 5200) || ((hash_mode >= 6200) && (hash_mode <= 6299))) + if ((hash_mode == 2500) || (hash_mode == 5200) || ((hash_mode >= 6200) && (hash_mode <= 6299)) || ((hash_mode >= 13700) && (hash_mode <= 13799))) { log_error ("ERROR: Mixing support for user names and hashes of type %s is not supported", strhashtype (hash_mode)); @@ -6527,6 +6557,8 @@ int main (int argc, char **argv) #endif data.logfile_disable = logfile_disable; data.truecrypt_keyfiles = truecrypt_keyfiles; + data.veracrypt_keyfiles = veracrypt_keyfiles; + data.veracrypt_pim = veracrypt_pim; data.scrypt_tmto = scrypt_tmto; data.workload_profile = workload_profile; @@ -6670,6 +6702,8 @@ int main (int argc, char **argv) logfile_top_string (rule_buf_r); logfile_top_string (session); logfile_top_string (truecrypt_keyfiles); + logfile_top_string (veracrypt_keyfiles); + logfile_top_uint (veracrypt_pim); /** * Init OpenCL library loader @@ -10294,6 +10328,280 @@ int main (int argc, char **argv) dgst_pos3 = 3; break; + case 13711: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS512; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_655331; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13712: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS1024; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_655331; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13713: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS1536; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_655331; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13721: hash_type = HASH_TYPE_SHA512; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_TCSHA512_XTS512; + dgst_size = DGST_SIZE_8_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_8_8; + opti_type = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13722: hash_type = HASH_TYPE_SHA512; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_TCSHA512_XTS1024; + dgst_size = DGST_SIZE_8_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_8_8; + opti_type = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13723: hash_type = HASH_TYPE_SHA512; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_TCSHA512_XTS1536; + dgst_size = DGST_SIZE_8_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_8_8; + opti_type = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_USES_BITS_64; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13731: hash_type = HASH_TYPE_WHIRLPOOL; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCWHIRLPOOL_XTS512; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13732: hash_type = HASH_TYPE_WHIRLPOOL; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCWHIRLPOOL_XTS1024; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13733: hash_type = HASH_TYPE_WHIRLPOOL; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCWHIRLPOOL_XTS1536; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13741: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS512; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_327661; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13742: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS1024; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_327661; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13743: hash_type = HASH_TYPE_RIPEMD160; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = KERN_TYPE_TCRIPEMD160_XTS1536; + dgst_size = DGST_SIZE_4_5; + parse_func = veracrypt_parse_hash_327661; + sort_by_digest = sort_by_digest_4_5; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13751: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS512; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13752: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS1024; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13753: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS1536; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_500000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13761: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS512; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_200000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13762: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS1024; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_200000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + case 13763: hash_type = HASH_TYPE_SHA256; + salt_type = SALT_TYPE_EMBEDDED; + attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; // should be OPTS_TYPE_PT_GENERATE_BE + kern_type = KERN_TYPE_VCSHA256_XTS1536; + dgst_size = DGST_SIZE_4_8; + parse_func = veracrypt_parse_hash_200000; + sort_by_digest = sort_by_digest_4_8; + opti_type = OPTI_TYPE_ZERO_BYTE; + dgst_pos0 = 0; + dgst_pos1 = 1; + dgst_pos2 = 2; + dgst_pos3 = 3; + break; + + default: usage_mini_print (PROGNAME); return (-1); } @@ -10401,6 +10709,24 @@ int main (int argc, char **argv) case 13400: esalt_size = sizeof (keepass_t); break; case 13500: esalt_size = sizeof (pstoken_t); break; case 13600: esalt_size = sizeof (zip2_t); break; + case 13711: esalt_size = sizeof (tc_t); break; + case 13712: esalt_size = sizeof (tc_t); break; + case 13713: esalt_size = sizeof (tc_t); break; + case 13721: esalt_size = sizeof (tc_t); break; + case 13722: esalt_size = sizeof (tc_t); break; + case 13723: esalt_size = sizeof (tc_t); break; + case 13731: esalt_size = sizeof (tc_t); break; + case 13732: esalt_size = sizeof (tc_t); break; + case 13733: esalt_size = sizeof (tc_t); break; + case 13741: esalt_size = sizeof (tc_t); break; + case 13742: esalt_size = sizeof (tc_t); break; + case 13743: esalt_size = sizeof (tc_t); break; + case 13751: esalt_size = sizeof (tc_t); break; + case 13752: esalt_size = sizeof (tc_t); break; + case 13753: esalt_size = sizeof (tc_t); break; + case 13761: esalt_size = sizeof (tc_t); break; + case 13762: esalt_size = sizeof (tc_t); break; + case 13763: esalt_size = sizeof (tc_t); break; } data.esalt_size = esalt_size; @@ -10809,7 +11135,8 @@ int main (int argc, char **argv) if ((hash_mode == 2500) || (hash_mode == 5200) || - ((hash_mode >= 6200) && (hash_mode <= 6299)) || + ((hash_mode >= 6200) && (hash_mode <= 6299)) || + ((hash_mode >= 13700) && (hash_mode <= 13799)) || (hash_mode == 9000)) { hashlist_mode = HL_MODE_ARG; @@ -11557,6 +11884,42 @@ int main (int argc, char **argv) break; case 9000: data.hashfile = mystrdup ("hashcat.psafe2"); break; + case 13711: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13712: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13713: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13721: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13722: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13723: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13731: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13732: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13733: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13741: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13742: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13743: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13751: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13752: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13753: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13761: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13762: data.hashfile = mystrdup ("hashcat.vc"); + break; + case 13763: data.hashfile = mystrdup ("hashcat.vc"); + break; } // set default iterations @@ -11691,6 +12054,42 @@ int main (int argc, char **argv) break; case 13600: hashes_buf[0].salt->salt_iter = ROUNDS_ZIP2; break; + case 13711: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_655331; + break; + case 13712: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_655331; + break; + case 13713: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_655331; + break; + case 13721: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13722: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13723: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13731: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13732: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13733: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13741: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_327661; + break; + case 13742: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_327661; + break; + case 13743: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_327661; + break; + case 13751: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13752: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13753: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_500000; + break; + case 13761: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_200000; + break; + case 13762: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_200000; + break; + case 13763: hashes_buf[0].salt->salt_iter = ROUNDS_VERACRYPT_200000; + break; } hashes_cnt = 1; @@ -11893,7 +12292,8 @@ int main (int argc, char **argv) // no solution for these special hash types (for instane because they use hashfile in output etc) if ((hash_mode != 5200) && - !((hash_mode >= 6200) && (hash_mode <= 6299)) && + !((hash_mode >= 6200) && (hash_mode <= 6299)) && + !((hash_mode >= 13700) && (hash_mode <= 13799)) && (hash_mode != 9000)) { FILE *fp = fopen (potfile, "rb"); @@ -12243,6 +12643,24 @@ int main (int argc, char **argv) case 6241: salts_buf->truecrypt_mdlen = 1 * 512; break; case 6242: salts_buf->truecrypt_mdlen = 2 * 512; break; case 6243: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13711: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13712: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13713: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13721: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13722: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13723: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13731: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13732: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13733: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13741: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13742: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13743: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13751: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13752: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13753: salts_buf->truecrypt_mdlen = 3 * 512; break; + case 13761: salts_buf->truecrypt_mdlen = 1 * 512; break; + case 13762: salts_buf->truecrypt_mdlen = 2 * 512; break; + case 13763: salts_buf->truecrypt_mdlen = 3 * 512; break; } if (truecrypt_keyfiles) @@ -12262,6 +12680,23 @@ int main (int argc, char **argv) free (keyfiles); } + if (veracrypt_keyfiles) + { + uint *keyfile_buf = ((tc_t *) esalts_buf)->keyfile_buf; + + char *keyfiles = strdup (veracrypt_keyfiles); + + char *keyfile = strtok (keyfiles, ","); + + do + { + truecrypt_crc32 (keyfile, (u8 *) keyfile_buf); + + } while ((keyfile = strtok (NULL, ",")) != NULL); + + free (keyfiles); + } + data.digests_cnt = digests_cnt; data.digests_done = digests_done; data.digests_buf = digests_buf; @@ -13984,6 +14419,24 @@ int main (int argc, char **argv) case 13200: size_tmps = kernel_power_max * sizeof (axcrypt_tmp_t); break; case 13400: size_tmps = kernel_power_max * sizeof (keepass_tmp_t); break; case 13600: size_tmps = kernel_power_max * sizeof (pbkdf2_sha1_tmp_t); break; + case 13711: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13712: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13713: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13721: size_tmps = kernel_power_max * sizeof (tc64_tmp_t); break; + case 13722: size_tmps = kernel_power_max * sizeof (tc64_tmp_t); break; + case 13723: size_tmps = kernel_power_max * sizeof (tc64_tmp_t); break; + case 13731: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13732: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13733: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13741: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13742: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13743: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13751: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13752: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13753: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13761: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13762: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; + case 13763: size_tmps = kernel_power_max * sizeof (tc_tmp_t); break; }; // size_hooks @@ -15956,7 +16409,8 @@ int main (int argc, char **argv) if (data.outfile_check_directory != NULL) { if ((hash_mode != 5200) && - !((hash_mode >= 6200) && (hash_mode <= 6299)) && + !((hash_mode >= 6200) && (hash_mode <= 6299)) && + !((hash_mode >= 13700) && (hash_mode <= 13799)) && (hash_mode != 9000)) { hc_thread_create (ni_threads[ni_threads_cnt], thread_outfile_remove, NULL); diff --git a/src/shared.c b/src/shared.c index 59d834113..f660f8593 100644 --- a/src/shared.c +++ b/src/shared.c @@ -5857,6 +5857,24 @@ char *strhashtype (const uint hash_mode) case 13400: return ((char *) HT_13400); break; case 13500: return ((char *) HT_13500); break; case 13600: return ((char *) HT_13600); break; + case 13711: return ((char *) HT_13711); break; + case 13712: return ((char *) HT_13712); break; + case 13713: return ((char *) HT_13713); break; + case 13721: return ((char *) HT_13721); break; + case 13722: return ((char *) HT_13722); break; + case 13723: return ((char *) HT_13723); break; + case 13731: return ((char *) HT_13731); break; + case 13732: return ((char *) HT_13732); break; + case 13733: return ((char *) HT_13733); break; + case 13741: return ((char *) HT_13741); break; + case 13742: return ((char *) HT_13742); break; + case 13743: return ((char *) HT_13743); break; + case 13751: return ((char *) HT_13751); break; + case 13752: return ((char *) HT_13752); break; + case 13753: return ((char *) HT_13753); break; + case 13761: return ((char *) HT_13761); break; + case 13762: return ((char *) HT_13762); break; + case 13763: return ((char *) HT_13763); break; } return ((char *) "Unknown"); @@ -8559,6 +8577,10 @@ void ascii_digest (char *out_buf, uint salt_pos, uint digest_pos) auth_tmp, SIGNATURE_ZIP2_STOP); } + else if ((hash_mode >= 13700) && (hash_mode <= 13799)) + { + snprintf (out_buf, len-1, "%s", hashfile); + } else { if (hash_type == HASH_TYPE_MD4) @@ -12846,6 +12868,202 @@ int truecrypt_parse_hash_2k (char *input_buf, uint input_len, hash_t *hash_buf) return (PARSER_OK); } +int veracrypt_parse_hash_200000 (char *input_buf, uint input_len, hash_t *hash_buf) +{ + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + tc_t *tc = (tc_t *) hash_buf->esalt; + + if (input_len == 0) + { + log_error ("VeraCrypt container not specified"); + + exit (-1); + } + + FILE *fp = fopen (input_buf, "rb"); + + if (fp == NULL) + { + log_error ("%s: %s", input_buf, strerror (errno)); + + exit (-1); + } + + char buf[512] = { 0 }; + + int n = fread (buf, 1, sizeof (buf), fp); + + fclose (fp); + + if (n != 512) return (PARSER_VC_FILE_SIZE); + + memcpy (tc->salt_buf, buf, 64); + + memcpy (tc->data_buf, buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_200000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int veracrypt_parse_hash_500000 (char *input_buf, uint input_len, hash_t *hash_buf) +{ + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + tc_t *tc = (tc_t *) hash_buf->esalt; + + if (input_len == 0) + { + log_error ("VeraCrypt container not specified"); + + exit (-1); + } + + FILE *fp = fopen (input_buf, "rb"); + + if (fp == NULL) + { + log_error ("%s: %s", input_buf, strerror (errno)); + + exit (-1); + } + + char buf[512] = { 0 }; + + int n = fread (buf, 1, sizeof (buf), fp); + + fclose (fp); + + if (n != 512) return (PARSER_VC_FILE_SIZE); + + memcpy (tc->salt_buf, buf, 64); + + memcpy (tc->data_buf, buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_500000 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int veracrypt_parse_hash_327661 (char *input_buf, uint input_len, hash_t *hash_buf) +{ + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + tc_t *tc = (tc_t *) hash_buf->esalt; + + if (input_len == 0) + { + log_error ("VeraCrypt container not specified"); + + exit (-1); + } + + FILE *fp = fopen (input_buf, "rb"); + + if (fp == NULL) + { + log_error ("%s: %s", input_buf, strerror (errno)); + + exit (-1); + } + + char buf[512] = { 0 }; + + int n = fread (buf, 1, sizeof (buf), fp); + + fclose (fp); + + if (n != 512) return (PARSER_VC_FILE_SIZE); + + memcpy (tc->salt_buf, buf, 64); + + memcpy (tc->data_buf, buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_327661 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + +int veracrypt_parse_hash_655331 (char *input_buf, uint input_len, hash_t *hash_buf) +{ + u32 *digest = (u32 *) hash_buf->digest; + + salt_t *salt = hash_buf->salt; + + tc_t *tc = (tc_t *) hash_buf->esalt; + + if (input_len == 0) + { + log_error ("VeraCrypt container not specified"); + + exit (-1); + } + + FILE *fp = fopen (input_buf, "rb"); + + if (fp == NULL) + { + log_error ("%s: %s", input_buf, strerror (errno)); + + exit (-1); + } + + char buf[512] = { 0 }; + + int n = fread (buf, 1, sizeof (buf), fp); + + fclose (fp); + + if (n != 512) return (PARSER_VC_FILE_SIZE); + + memcpy (tc->salt_buf, buf, 64); + + memcpy (tc->data_buf, buf + 64, 512 - 64); + + salt->salt_buf[0] = tc->salt_buf[0]; + + salt->salt_len = 4; + + salt->salt_iter = ROUNDS_VERACRYPT_655331 - 1; + + tc->signature = 0x41524556; // "VERA" + + digest[0] = tc->data_buf[0]; + + return (PARSER_OK); +} + int md5aix_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf) { if ((input_len < DISPLAY_LEN_MIN_6300) || (input_len > DISPLAY_LEN_MAX_6300)) return (PARSER_GLOBAL_LENGTH);