From 5f44ce06f67aa74a9e524e912e07e38fde379568 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Tue, 6 Aug 2019 20:23:37 +0200 Subject: [PATCH] update SolarWinds Orion patch (2) --- OpenCL/inc_hash_sha512.h | 1 + OpenCL/m21500-pure.cl | 2 +- src/Makefile | 2 +- src/modules/module_21500.c | 25 +++++++-------------- tools/test_modules/m21500.pm | 43 ++++++++++++++---------------------- 5 files changed, 28 insertions(+), 45 deletions(-) diff --git a/OpenCL/inc_hash_sha512.h b/OpenCL/inc_hash_sha512.h index 923eae678..f30dc2b86 100644 --- a/OpenCL/inc_hash_sha512.h +++ b/OpenCL/inc_hash_sha512.h @@ -127,6 +127,7 @@ DECLSPEC void sha512_hmac_init (sha512_hmac_ctx_t *ctx, const u32 *w, const int DECLSPEC void sha512_hmac_init_swap (sha512_hmac_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void sha512_hmac_init_global (sha512_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void sha512_hmac_init_global_swap (sha512_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); +DECLSPEC void sha512_hmac_init_global_utf16le_swap (sha512_hmac_ctx_t *ctx, GLOBAL_AS const u32 *w, const int len); DECLSPEC void sha512_hmac_update_128 (sha512_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, u32 *w4, u32 *w5, u32 *w6, u32 *w7, const int len); DECLSPEC void sha512_hmac_update (sha512_hmac_ctx_t *ctx, const u32 *w, const int len); DECLSPEC void sha512_hmac_update_swap (sha512_hmac_ctx_t *ctx, const u32 *w, const int len); diff --git a/OpenCL/m21500-pure.cl b/OpenCL/m21500-pure.cl index f0614c07d..0a8cad2f4 100644 --- a/OpenCL/m21500-pure.cl +++ b/OpenCL/m21500-pure.cl @@ -30,7 +30,7 @@ typedef struct pbkdf2_sha1_tmp typedef struct pbkdf2_sha1 { - u32 salt_buf[4]; + u32 salt_buf[5]; } pbkdf2_sha1_t; diff --git a/src/Makefile b/src/Makefile index c61078a4a..a0fc8e842 100644 --- a/src/Makefile +++ b/src/Makefile @@ -4,7 +4,7 @@ ## SHARED := 0 -DEBUG := 0 +DEBUG := 1 PRODUCTION := 0 PRODUCTION_VERSION := v5.1.0 ENABLE_BRAIN := 1 diff --git a/src/modules/module_21500.c b/src/modules/module_21500.c index cd6bbec6d..4afb4d687 100644 --- a/src/modules/module_21500.c +++ b/src/modules/module_21500.c @@ -16,7 +16,7 @@ static const u32 DGST_POS1 = 15; static const u32 DGST_POS2 = 6; static const u32 DGST_POS3 = 7; static const u32 DGST_SIZE = DGST_SIZE_8_8; -static const u32 HASH_CATEGORY = HASH_CATEGORY_GENERIC_KDF; +static const u32 HASH_CATEGORY = HASH_CATEGORY_EAS; static const char *HASH_NAME = "SolarWinds Orion"; static const u64 KERN_TYPE = 21500; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE @@ -58,10 +58,12 @@ typedef struct pbkdf2_sha1_tmp typedef struct pbkdf2_sha1 { - u32 salt_buf[64]; + u32 salt_buf[5]; } pbkdf2_sha1_t; +static const u32 ROUNDS_SOLARWINDS_ORION = 1000; + static const char *SIGNATURE_SOLARWINDS_ORION = "$solarwinds$0$"; u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) @@ -134,16 +136,13 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // iter - const u32 iter = 1000; - - salt->salt_iter = iter - 1; + salt->salt_iter = ROUNDS_SOLARWINDS_ORION - 1; // salt - char *salt_pos = (char *) token.buf[1]; - int salt_len = token.len[1]; + const u8 *salt_pos = token.buf[1]; - if (salt_len > 16) return (PARSER_SALT_LENGTH); + int salt_len = token.len[1]; char custom_salt[17]; @@ -164,18 +163,10 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE salt_len = 8; } - salt_pos = custom_salt; - - memcpy (pbkdf2_sha1->salt_buf, salt_pos, salt_len); + memcpy (pbkdf2_sha1->salt_buf, custom_salt, salt_len); salt->salt_len = salt_len; - salt->salt_buf[0] = pbkdf2_sha1->salt_buf[0]; - salt->salt_buf[1] = pbkdf2_sha1->salt_buf[1]; - salt->salt_buf[2] = pbkdf2_sha1->salt_buf[2]; - salt->salt_buf[3] = pbkdf2_sha1->salt_buf[3]; - salt->salt_buf[4] = salt->salt_iter; - // hash const u8 *hash_pos = token.buf[2]; diff --git a/tools/test_modules/m21500.pm b/tools/test_modules/m21500.pm index 4579efa33..209a9c16b 100644 --- a/tools/test_modules/m21500.pm +++ b/tools/test_modules/m21500.pm @@ -32,9 +32,7 @@ sub module_generate_hash my $key_b64 = encode_base64 (sha512($key), ""); - my $salt_b64 = encode_base64 ($salt, ""); - - my $hash = sprintf ("sha1:%i:%s:%s", $iter, $salt_b64, $key_b64); + my $hash = sprintf ("\$solarwinds\$0\$%s\$%s", $salt, $key_b64); return $hash; } @@ -43,38 +41,31 @@ sub module_verify_hash { my $line = shift; - return unless (substr ($line, 0, 5) eq 'sha1:'); + my ($hash, $word) = split (':', $line); - # iterations - my $index1 = index ($line, ":", 5); + return unless defined $hash; + return unless defined $word; - return if $index1 < 1; + my @data = split ('\$', $hash); - my $iter = substr ($line, 5, $index1 - 5); + return unless scalar @data == 4; - # salt + shift @data; - my $index2 = index ($line, ":", $index1 + 1); + my $signature = shift @data; + my $sig_dec = shift @data; + my $salt = shift @data; + my $hash_b64 = shift @data; + my $hash_raw = decode_base64 ($hash_b64); - return if $index2 < 1; - - my $salt = substr ($line, $index1 + 1, $index2 - $index1 - 1); - - $salt = decode_base64 ($salt); - - # end of digest - - $index1 = index ($line, ":", $index2 + 1); - - return if $index1 < 1; - - # word / hash - - my $word = substr ($line, $index1 + 1); + return unless ($signature eq "solarwinds"); + return unless ($sig_dec eq "0"); + return unless (length ($salt) > 16); + return unless (length ($hash_raw) != 128); my $word_packed = pack_if_HEX_notation ($word); - my $new_hash = module_generate_hash ($word_packed, $salt, $iter); + my $new_hash = module_generate_hash ($word_packed, $salt); return ($new_hash, $word); }