arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

NetNTLM bypass NT

Browse Source
pull/2607/head
Michael Kruger 4 years ago
parent 15bf8b7302
commit 611c73d294
6 changed files with 3240 additions and 0 deletions
Show Stats Download Patch File Download Diff File

779
OpenCL/m05510_a0-optimized.cl
Unescape View File

@ -0,0 +1,779 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_rp_optimized.h"
#include "inc_rp_optimized.cl"
#include "inc_simd.cl"
#include "inc_hash_md4.cl"
#endif
typedef struct netntlm
{
u32 user_len;
u32 domain_len;
u32 srvchall_len;
u32 clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
#define PERM_OP(a,b,tt,n,m) \
{ \
tt = a >> n; \
tt = tt ^ b; \
tt = tt & m; \
b = b ^ tt; \
tt = tt << n; \
a = a ^ tt; \
}
#define HPERM_OP(a,tt,n,m) \
{ \
tt = a << (16 + n); \
tt = tt ^ a; \
tt = tt & m; \
a = a ^ tt; \
tt = tt >> (16 + n); \
a = a ^ tt; \
}
CONSTANT_VK u32a c_SPtrans[8][64] =
{
{
0x02080800, 0x00080000, 0x02000002, 0x02080802,
0x02000000, 0x00080802, 0x00080002, 0x02000002,
0x00080802, 0x02080800, 0x02080000, 0x00000802,
0x02000802, 0x02000000, 0x00000000, 0x00080002,
0x00080000, 0x00000002, 0x02000800, 0x00080800,
0x02080802, 0x02080000, 0x00000802, 0x02000800,
0x00000002, 0x00000800, 0x00080800, 0x02080002,
0x00000800, 0x02000802, 0x02080002, 0x00000000,
0x00000000, 0x02080802, 0x02000800, 0x00080002,
0x02080800, 0x00080000, 0x00000802, 0x02000800,
0x02080002, 0x00000800, 0x00080800, 0x02000002,
0x00080802, 0x00000002, 0x02000002, 0x02080000,
0x02080802, 0x00080800, 0x02080000, 0x02000802,
0x02000000, 0x00000802, 0x00080002, 0x00000000,
0x00080000, 0x02000000, 0x02000802, 0x02080800,
0x00000002, 0x02080002, 0x00000800, 0x00080802,
},
{
0x40108010, 0x00000000, 0x00108000, 0x40100000,
0x40000010, 0x00008010, 0x40008000, 0x00108000,
0x00008000, 0x40100010, 0x00000010, 0x40008000,
0x00100010, 0x40108000, 0x40100000, 0x00000010,
0x00100000, 0x40008010, 0x40100010, 0x00008000,
0x00108010, 0x40000000, 0x00000000, 0x00100010,
0x40008010, 0x00108010, 0x40108000, 0x40000010,
0x40000000, 0x00100000, 0x00008010, 0x40108010,
0x00100010, 0x40108000, 0x40008000, 0x00108010,
0x40108010, 0x00100010, 0x40000010, 0x00000000,
0x40000000, 0x00008010, 0x00100000, 0x40100010,
0x00008000, 0x40000000, 0x00108010, 0x40008010,
0x40108000, 0x00008000, 0x00000000, 0x40000010,
0x00000010, 0x40108010, 0x00108000, 0x40100000,
0x40100010, 0x00100000, 0x00008010, 0x40008000,
0x40008010, 0x00000010, 0x40100000, 0x00108000,
},
{
0x04000001, 0x04040100, 0x00000100, 0x04000101,
0x00040001, 0x04000000, 0x04000101, 0x00040100,
0x04000100, 0x00040000, 0x04040000, 0x00000001,
0x04040101, 0x00000101, 0x00000001, 0x04040001,
0x00000000, 0x00040001, 0x04040100, 0x00000100,
0x00000101, 0x04040101, 0x00040000, 0x04000001,
0x04040001, 0x04000100, 0x00040101, 0x04040000,
0x00040100, 0x00000000, 0x04000000, 0x00040101,
0x04040100, 0x00000100, 0x00000001, 0x00040000,
0x00000101, 0x00040001, 0x04040000, 0x04000101,
0x00000000, 0x04040100, 0x00040100, 0x04040001,
0x00040001, 0x04000000, 0x04040101, 0x00000001,
0x00040101, 0x04000001, 0x04000000, 0x04040101,
0x00040000, 0x04000100, 0x04000101, 0x00040100,
0x04000100, 0x00000000, 0x04040001, 0x00000101,
0x04000001, 0x00040101, 0x00000100, 0x04040000,
},
{
0x00401008, 0x10001000, 0x00000008, 0x10401008,
0x00000000, 0x10400000, 0x10001008, 0x00400008,
0x10401000, 0x10000008, 0x10000000, 0x00001008,
0x10000008, 0x00401008, 0x00400000, 0x10000000,
0x10400008, 0x00401000, 0x00001000, 0x00000008,
0x00401000, 0x10001008, 0x10400000, 0x00001000,
0x00001008, 0x00000000, 0x00400008, 0x10401000,
0x10001000, 0x10400008, 0x10401008, 0x00400000,
0x10400008, 0x00001008, 0x00400000, 0x10000008,
0x00401000, 0x10001000, 0x00000008, 0x10400000,
0x10001008, 0x00000000, 0x00001000, 0x00400008,
0x00000000, 0x10400008, 0x10401000, 0x00001000,
0x10000000, 0x10401008, 0x00401008, 0x00400000,
0x10401008, 0x00000008, 0x10001000, 0x00401008,
0x00400008, 0x00401000, 0x10400000, 0x10001008,
0x00001008, 0x10000000, 0x10000008, 0x10401000,
},
{
0x08000000, 0x00010000, 0x00000400, 0x08010420,
0x08010020, 0x08000400, 0x00010420, 0x08010000,
0x00010000, 0x00000020, 0x08000020, 0x00010400,
0x08000420, 0x08010020, 0x08010400, 0x00000000,
0x00010400, 0x08000000, 0x00010020, 0x00000420,
0x08000400, 0x00010420, 0x00000000, 0x08000020,
0x00000020, 0x08000420, 0x08010420, 0x00010020,
0x08010000, 0x00000400, 0x00000420, 0x08010400,
0x08010400, 0x08000420, 0x00010020, 0x08010000,
0x00010000, 0x00000020, 0x08000020, 0x08000400,
0x08000000, 0x00010400, 0x08010420, 0x00000000,
0x00010420, 0x08000000, 0x00000400, 0x00010020,
0x08000420, 0x00000400, 0x00000000, 0x08010420,
0x08010020, 0x08010400, 0x00000420, 0x00010000,
0x00010400, 0x08010020, 0x08000400, 0x00000420,
0x00000020, 0x00010420, 0x08010000, 0x08000020,
},
{
0x80000040, 0x00200040, 0x00000000, 0x80202000,
0x00200040, 0x00002000, 0x80002040, 0x00200000,
0x00002040, 0x80202040, 0x00202000, 0x80000000,
0x80002000, 0x80000040, 0x80200000, 0x00202040,
0x00200000, 0x80002040, 0x80200040, 0x00000000,
0x00002000, 0x00000040, 0x80202000, 0x80200040,
0x80202040, 0x80200000, 0x80000000, 0x00002040,
0x00000040, 0x00202000, 0x00202040, 0x80002000,
0x00002040, 0x80000000, 0x80002000, 0x00202040,
0x80202000, 0x00200040, 0x00000000, 0x80002000,
0x80000000, 0x00002000, 0x80200040, 0x00200000,
0x00200040, 0x80202040, 0x00202000, 0x00000040,
0x80202040, 0x00202000, 0x00200000, 0x80002040,
0x80000040, 0x80200000, 0x00202040, 0x00000000,
0x00002000, 0x80000040, 0x80002040, 0x80202000,
0x80200000, 0x00002040, 0x00000040, 0x80200040,
},
{
0x00004000, 0x00000200, 0x01000200, 0x01000004,
0x01004204, 0x00004004, 0x00004200, 0x00000000,
0x01000000, 0x01000204, 0x00000204, 0x01004000,
0x00000004, 0x01004200, 0x01004000, 0x00000204,
0x01000204, 0x00004000, 0x00004004, 0x01004204,
0x00000000, 0x01000200, 0x01000004, 0x00004200,
0x01004004, 0x00004204, 0x01004200, 0x00000004,
0x00004204, 0x01004004, 0x00000200, 0x01000000,
0x00004204, 0x01004000, 0x01004004, 0x00000204,
0x00004000, 0x00000200, 0x01000000, 0x01004004,
0x01000204, 0x00004204, 0x00004200, 0x00000000,
0x00000200, 0x01000004, 0x00000004, 0x01000200,
0x00000000, 0x01000204, 0x01000200, 0x00004200,
0x00000204, 0x00004000, 0x01004204, 0x01000000,
0x01004200, 0x00000004, 0x00004004, 0x01004204,
0x01000004, 0x01004200, 0x01004000, 0x00004004,
},
{
0x20800080, 0x20820000, 0x00020080, 0x00000000,
0x20020000, 0x00800080, 0x20800000, 0x20820080,
0x00000080, 0x20000000, 0x00820000, 0x00020080,
0x00820080, 0x20020080, 0x20000080, 0x20800000,
0x00020000, 0x00820080, 0x00800080, 0x20020000,
0x20820080, 0x20000080, 0x00000000, 0x00820000,
0x20000000, 0x00800000, 0x20020080, 0x20800080,
0x00800000, 0x00020000, 0x20820000, 0x00000080,
0x00800000, 0x00020000, 0x20000080, 0x20820080,
0x00020080, 0x20000000, 0x00000000, 0x00820000,
0x20800080, 0x20020080, 0x20020000, 0x00800080,
0x20820000, 0x00000080, 0x00800080, 0x20020000,
0x20820080, 0x00800000, 0x20800000, 0x20000080,
0x00820000, 0x00020080, 0x20020080, 0x20800000,
0x00000080, 0x20820000, 0x00820080, 0x00000000,
0x20000000, 0x20800080, 0x00020000, 0x00820080,
}
};
CONSTANT_VK u32a c_skb[8][64] =
{
{
0x00000000, 0x00000010, 0x20000000, 0x20000010,
0x00010000, 0x00010010, 0x20010000, 0x20010010,
0x00000800, 0x00000810, 0x20000800, 0x20000810,
0x00010800, 0x00010810, 0x20010800, 0x20010810,
0x00000020, 0x00000030, 0x20000020, 0x20000030,
0x00010020, 0x00010030, 0x20010020, 0x20010030,
0x00000820, 0x00000830, 0x20000820, 0x20000830,
0x00010820, 0x00010830, 0x20010820, 0x20010830,
0x00080000, 0x00080010, 0x20080000, 0x20080010,
0x00090000, 0x00090010, 0x20090000, 0x20090010,
0x00080800, 0x00080810, 0x20080800, 0x20080810,
0x00090800, 0x00090810, 0x20090800, 0x20090810,
0x00080020, 0x00080030, 0x20080020, 0x20080030,
0x00090020, 0x00090030, 0x20090020, 0x20090030,
0x00080820, 0x00080830, 0x20080820, 0x20080830,
0x00090820, 0x00090830, 0x20090820, 0x20090830,
},
{
0x00000000, 0x02000000, 0x00002000, 0x02002000,
0x00200000, 0x02200000, 0x00202000, 0x02202000,
0x00000004, 0x02000004, 0x00002004, 0x02002004,
0x00200004, 0x02200004, 0x00202004, 0x02202004,
0x00000400, 0x02000400, 0x00002400, 0x02002400,
0x00200400, 0x02200400, 0x00202400, 0x02202400,
0x00000404, 0x02000404, 0x00002404, 0x02002404,
0x00200404, 0x02200404, 0x00202404, 0x02202404,
0x10000000, 0x12000000, 0x10002000, 0x12002000,
0x10200000, 0x12200000, 0x10202000, 0x12202000,
0x10000004, 0x12000004, 0x10002004, 0x12002004,
0x10200004, 0x12200004, 0x10202004, 0x12202004,
0x10000400, 0x12000400, 0x10002400, 0x12002400,
0x10200400, 0x12200400, 0x10202400, 0x12202400,
0x10000404, 0x12000404, 0x10002404, 0x12002404,
0x10200404, 0x12200404, 0x10202404, 0x12202404,
},
{
0x00000000, 0x00000001, 0x00040000, 0x00040001,
0x01000000, 0x01000001, 0x01040000, 0x01040001,
0x00000002, 0x00000003, 0x00040002, 0x00040003,
0x01000002, 0x01000003, 0x01040002, 0x01040003,
0x00000200, 0x00000201, 0x00040200, 0x00040201,
0x01000200, 0x01000201, 0x01040200, 0x01040201,
0x00000202, 0x00000203, 0x00040202, 0x00040203,
0x01000202, 0x01000203, 0x01040202, 0x01040203,
0x08000000, 0x08000001, 0x08040000, 0x08040001,
0x09000000, 0x09000001, 0x09040000, 0x09040001,
0x08000002, 0x08000003, 0x08040002, 0x08040003,
0x09000002, 0x09000003, 0x09040002, 0x09040003,
0x08000200, 0x08000201, 0x08040200, 0x08040201,
0x09000200, 0x09000201, 0x09040200, 0x09040201,
0x08000202, 0x08000203, 0x08040202, 0x08040203,
0x09000202, 0x09000203, 0x09040202, 0x09040203,
},
{
0x00000000, 0x00100000, 0x00000100, 0x00100100,
0x00000008, 0x00100008, 0x00000108, 0x00100108,
0x00001000, 0x00101000, 0x00001100, 0x00101100,
0x00001008, 0x00101008, 0x00001108, 0x00101108,
0x04000000, 0x04100000, 0x04000100, 0x04100100,
0x04000008, 0x04100008, 0x04000108, 0x04100108,
0x04001000, 0x04101000, 0x04001100, 0x04101100,
0x04001008, 0x04101008, 0x04001108, 0x04101108,
0x00020000, 0x00120000, 0x00020100, 0x00120100,
0x00020008, 0x00120008, 0x00020108, 0x00120108,
0x00021000, 0x00121000, 0x00021100, 0x00121100,
0x00021008, 0x00121008, 0x00021108, 0x00121108,
0x04020000, 0x04120000, 0x04020100, 0x04120100,
0x04020008, 0x04120008, 0x04020108, 0x04120108,
0x04021000, 0x04121000, 0x04021100, 0x04121100,
0x04021008, 0x04121008, 0x04021108, 0x04121108,
},
{
0x00000000, 0x10000000, 0x00010000, 0x10010000,
0x00000004, 0x10000004, 0x00010004, 0x10010004,
0x20000000, 0x30000000, 0x20010000, 0x30010000,
0x20000004, 0x30000004, 0x20010004, 0x30010004,
0x00100000, 0x10100000, 0x00110000, 0x10110000,
0x00100004, 0x10100004, 0x00110004, 0x10110004,
0x20100000, 0x30100000, 0x20110000, 0x30110000,
0x20100004, 0x30100004, 0x20110004, 0x30110004,
0x00001000, 0x10001000, 0x00011000, 0x10011000,
0x00001004, 0x10001004, 0x00011004, 0x10011004,
0x20001000, 0x30001000, 0x20011000, 0x30011000,
0x20001004, 0x30001004, 0x20011004, 0x30011004,
0x00101000, 0x10101000, 0x00111000, 0x10111000,
0x00101004, 0x10101004, 0x00111004, 0x10111004,
0x20101000, 0x30101000, 0x20111000, 0x30111000,
0x20101004, 0x30101004, 0x20111004, 0x30111004,
},
{
0x00000000, 0x08000000, 0x00000008, 0x08000008,
0x00000400, 0x08000400, 0x00000408, 0x08000408,
0x00020000, 0x08020000, 0x00020008, 0x08020008,
0x00020400, 0x08020400, 0x00020408, 0x08020408,
0x00000001, 0x08000001, 0x00000009, 0x08000009,
0x00000401, 0x08000401, 0x00000409, 0x08000409,
0x00020001, 0x08020001, 0x00020009, 0x08020009,
0x00020401, 0x08020401, 0x00020409, 0x08020409,
0x02000000, 0x0A000000, 0x02000008, 0x0A000008,
0x02000400, 0x0A000400, 0x02000408, 0x0A000408,
0x02020000, 0x0A020000, 0x02020008, 0x0A020008,
0x02020400, 0x0A020400, 0x02020408, 0x0A020408,
0x02000001, 0x0A000001, 0x02000009, 0x0A000009,
0x02000401, 0x0A000401, 0x02000409, 0x0A000409,
0x02020001, 0x0A020001, 0x02020009, 0x0A020009,
0x02020401, 0x0A020401, 0x02020409, 0x0A020409,
},
{
0x00000000, 0x00000100, 0x00080000, 0x00080100,
0x01000000, 0x01000100, 0x01080000, 0x01080100,
0x00000010, 0x00000110, 0x00080010, 0x00080110,
0x01000010, 0x01000110, 0x01080010, 0x01080110,
0x00200000, 0x00200100, 0x00280000, 0x00280100,
0x01200000, 0x01200100, 0x01280000, 0x01280100,
0x00200010, 0x00200110, 0x00280010, 0x00280110,
0x01200010, 0x01200110, 0x01280010, 0x01280110,
0x00000200, 0x00000300, 0x00080200, 0x00080300,
0x01000200, 0x01000300, 0x01080200, 0x01080300,
0x00000210, 0x00000310, 0x00080210, 0x00080310,
0x01000210, 0x01000310, 0x01080210, 0x01080310,
0x00200200, 0x00200300, 0x00280200, 0x00280300,
0x01200200, 0x01200300, 0x01280200, 0x01280300,
0x00200210, 0x00200310, 0x00280210, 0x00280310,
0x01200210, 0x01200310, 0x01280210, 0x01280310,
},
{
0x00000000, 0x04000000, 0x00040000, 0x04040000,
0x00000002, 0x04000002, 0x00040002, 0x04040002,
0x00002000, 0x04002000, 0x00042000, 0x04042000,
0x00002002, 0x04002002, 0x00042002, 0x04042002,
0x00000020, 0x04000020, 0x00040020, 0x04040020,
0x00000022, 0x04000022, 0x00040022, 0x04040022,
0x00002020, 0x04002020, 0x00042020, 0x04042020,
0x00002022, 0x04002022, 0x00042022, 0x04042022,
0x00000800, 0x04000800, 0x00040800, 0x04040800,
0x00000802, 0x04000802, 0x00040802, 0x04040802,
0x00002800, 0x04002800, 0x00042800, 0x04042800,
0x00002802, 0x04002802, 0x00042802, 0x04042802,
0x00000820, 0x04000820, 0x00040820, 0x04040820,
0x00000822, 0x04000822, 0x00040822, 0x04040822,
0x00002820, 0x04002820, 0x00042820, 0x04042820,
0x00002822, 0x04002822, 0x00042822, 0x04042822
}
};
#if VECT_SIZE == 1
#define BOX(i,n,S) (S)[(n)][(i)]
#elif VECT_SIZE == 2
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1])
#elif VECT_SIZE == 4
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3])
#elif VECT_SIZE == 8
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7])
#elif VECT_SIZE == 16
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf])
#endif
DECLSPEC void _des_crypt_encrypt (u32x *iv, u32x *data, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_SPtrans)[64])
{
u32x r = data[0];
u32x l = data[1];
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 16; i += 2)
{
u32x u;
u32x t;
u = Kc[i + 0] ^ hc_rotl32 (r, 30u);
t = Kd[i + 0] ^ hc_rotl32 (r, 26u);
l ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans)
| BOX (((u >> 8) & 0x3f), 2, s_SPtrans)
| BOX (((u >> 16) & 0x3f), 4, s_SPtrans)
| BOX (((u >> 24) & 0x3f), 6, s_SPtrans)
| BOX (((t >> 0) & 0x3f), 1, s_SPtrans)
| BOX (((t >> 8) & 0x3f), 3, s_SPtrans)
| BOX (((t >> 16) & 0x3f), 5, s_SPtrans)
| BOX (((t >> 24) & 0x3f), 7, s_SPtrans);
u = Kc[i + 1] ^ hc_rotl32 (l, 30u);
t = Kd[i + 1] ^ hc_rotl32 (l, 26u);
r ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans)
| BOX (((u >> 8) & 0x3f), 2, s_SPtrans)
| BOX (((u >> 16) & 0x3f), 4, s_SPtrans)
| BOX (((u >> 24) & 0x3f), 6, s_SPtrans)
| BOX (((t >> 0) & 0x3f), 1, s_SPtrans)
| BOX (((t >> 8) & 0x3f), 3, s_SPtrans)
| BOX (((t >> 16) & 0x3f), 5, s_SPtrans)
| BOX (((t >> 24) & 0x3f), 7, s_SPtrans);
}
iv[0] = l;
iv[1] = r;
}
DECLSPEC void _des_crypt_keysetup (u32x c, u32x d, u32x *Kc, u32x *Kd, SHM_TYPE u32 (*s_skb)[64])
{
u32x tt;
PERM_OP (d, c, tt, 4, 0x0f0f0f0f);
HPERM_OP (c, tt, 2, 0xcccc0000);
HPERM_OP (d, tt, 2, 0xcccc0000);
PERM_OP (d, c, tt, 1, 0x55555555);
PERM_OP (c, d, tt, 8, 0x00ff00ff);
PERM_OP (d, c, tt, 1, 0x55555555);
d = ((d & 0x000000ff) << 16)
| ((d & 0x0000ff00) << 0)
| ((d & 0x00ff0000) >> 16)
| ((c & 0xf0000000) >> 4);
c = c & 0x0fffffff;
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 16; i++)
{
if ((i < 2) || (i == 8) || (i == 15))
{
c = ((c >> 1) | (c << 27));
d = ((d >> 1) | (d << 27));
}
else
{
c = ((c >> 2) | (c << 26));
d = ((d >> 2) | (d << 26));
}
c = c & 0x0fffffff;
d = d & 0x0fffffff;
const u32x c00 = (c >> 0) & 0x0000003f;
const u32x c06 = (c >> 6) & 0x00383003;
const u32x c07 = (c >> 7) & 0x0000003c;
const u32x c13 = (c >> 13) & 0x0000060f;
const u32x c20 = (c >> 20) & 0x00000001;
u32x s = BOX (((c00 >> 0) & 0xff), 0, s_skb)
| BOX (((c06 >> 0) & 0xff)
|((c07 >> 0) & 0xff), 1, s_skb)
| BOX (((c13 >> 0) & 0xff)
|((c06 >> 8) & 0xff), 2, s_skb)
| BOX (((c20 >> 0) & 0xff)
|((c13 >> 8) & 0xff)
|((c06 >> 16) & 0xff), 3, s_skb);
const u32x d00 = (d >> 0) & 0x00003c3f;
const u32x d07 = (d >> 7) & 0x00003f03;
const u32x d21 = (d >> 21) & 0x0000000f;
const u32x d22 = (d >> 22) & 0x00000030;
u32x t = BOX (((d00 >> 0) & 0xff), 4, s_skb)
| BOX (((d07 >> 0) & 0xff)
|((d00 >> 8) & 0xff), 5, s_skb)
| BOX (((d07 >> 8) & 0xff), 6, s_skb)
| BOX (((d21 >> 0) & 0xff)
|((d22 >> 0) & 0xff), 7, s_skb);
Kc[i] = ((t << 16) | (s & 0x0000ffff));
Kd[i] = ((s >> 16) | (t & 0xffff0000));
}
}
DECLSPEC void transform_netntlmv1_key (const u32x w0, const u32x w1, u32x *out)
{
u32x t[8];
t[0] = (w0 >> 0) & 0xff;
t[1] = (w0 >> 8) & 0xff;
t[2] = (w0 >> 16) & 0xff;
t[3] = (w0 >> 24) & 0xff;
t[4] = (w1 >> 0) & 0xff;
t[5] = (w1 >> 8) & 0xff;
t[6] = (w1 >> 16) & 0xff;
t[7] = (w1 >> 24) & 0xff;
u32x k[8];
k[0] = (t[0] >> 0);
k[1] = (t[0] << 7) | (t[1] >> 1);
k[2] = (t[1] << 6) | (t[2] >> 2);
k[3] = (t[2] << 5) | (t[3] >> 3);
k[4] = (t[3] << 4) | (t[4] >> 4);
k[5] = (t[4] << 3) | (t[5] >> 5);
k[6] = (t[5] << 2) | (t[6] >> 6);
k[7] = (t[6] << 1);
out[0] = ((k[0] & 0xff) << 0)
| ((k[1] & 0xff) << 8)
| ((k[2] & 0xff) << 16)
| ((k[3] & 0xff) << 24);
out[1] = ((k[4] & 0xff) << 0)
| ((k[5] & 0xff) << 8)
| ((k[6] & 0xff) << 16)
| ((k[7] & 0xff) << 24);
}
KERNEL_FQ void m05510_m04 (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* sbox, kbox
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
/**
* base
*/
/**
* salt
*/
const u32 s0 = salt_bufs[SALT_POS].salt_buf[0];
const u32 s1 = salt_bufs[SALT_POS].salt_buf[1];
const u32 s2 = salt_bufs[SALT_POS].salt_buf[2];
u32 data[2];
data[0] = s0;
data[1] = s1;
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
{
u32x a = pws[gid].i[ 0];
u32x b = pws[gid].i[ 1];
u32x c = pws[gid].i[ 2];
u32x d = pws[gid].i[ 3];
/**
* DES1
*/
u32x key[2];
transform_netntlmv1_key (a, b, key);
u32x Kc[16];
u32x Kd[16];
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32x data[2];
data[0] = s0;
data[1] = s1;
u32x iv1[2];
_des_crypt_encrypt (iv1, data, Kc, Kd, s_SPtrans);
/**
* DES2
*/
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32x iv2[2];
_des_crypt_encrypt (iv2, data, Kc, Kd, s_SPtrans);
/**
* compare
*/
COMPARE_M_SIMD (iv1[0], iv1[1], iv2[0], iv2[1]);
}
}
KERNEL_FQ void m05510_m08 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m05510_m16 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m05510_s04 (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* sbox, kbox
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
/**
* base
*/
/**
* salt
*/
const u32 s0 = salt_bufs[SALT_POS].salt_buf[0];
const u32 s1 = salt_bufs[SALT_POS].salt_buf[1];
const u32 s2 = salt_bufs[SALT_POS].salt_buf[2];
/**
* digest
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R3]
};
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
{
u32x a = pws[gid].i[ 0];
u32x b = pws[gid].i[ 1];
u32x c = pws[gid].i[ 2];
u32x d = pws[gid].i[ 3];
/**
* DES1
*/
u32x key[2];
transform_netntlmv1_key (a, b, key);
u32x Kc[16];
u32x Kd[16];
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32x data[2];
data[0] = s0;
data[1] = s1;
u32x iv1[2];
_des_crypt_encrypt (iv1, data, Kc, Kd, s_SPtrans);
/**
* DES2
*/
/*
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32x iv2[2];
_des_crypt_encrypt (iv2, data, Kc, Kd, s_SPtrans);
*/
u32x iv2[2];
iv2[0] = search[2];
iv2[1] = search[3];
/**
* compare
*/
COMPARE_S_SIMD (iv1[0], iv1[1], iv2[0], iv2[1]);
}
}
KERNEL_FQ void m05510_s08 (KERN_ATTR_RULES ())
{
}
KERNEL_FQ void m05510_s16 (KERN_ATTR_RULES ())
{
}

757
OpenCL/m05510_a0-pure.cl
Unescape View File

@ -0,0 +1,757 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
//#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_rp.h"
#include "inc_rp.cl"
#include "inc_scalar.cl"
#include "inc_hash_md4.cl"
#endif
typedef struct netntlm
{
u32 user_len;
u32 domain_len;
u32 srvchall_len;
u32 clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
#define PERM_OP(a,b,tt,n,m) \
{ \
tt = a >> n; \
tt = tt ^ b; \
tt = tt & m; \
b = b ^ tt; \
tt = tt << n; \
a = a ^ tt; \
}
#define HPERM_OP(a,tt,n,m) \
{ \
tt = a << (16 + n); \
tt = tt ^ a; \
tt = tt & m; \
a = a ^ tt; \
tt = tt >> (16 + n); \
a = a ^ tt; \
}
CONSTANT_VK u32a c_SPtrans[8][64] =
{
{
0x02080800, 0x00080000, 0x02000002, 0x02080802,
0x02000000, 0x00080802, 0x00080002, 0x02000002,
0x00080802, 0x02080800, 0x02080000, 0x00000802,
0x02000802, 0x02000000, 0x00000000, 0x00080002,
0x00080000, 0x00000002, 0x02000800, 0x00080800,
0x02080802, 0x02080000, 0x00000802, 0x02000800,
0x00000002, 0x00000800, 0x00080800, 0x02080002,
0x00000800, 0x02000802, 0x02080002, 0x00000000,
0x00000000, 0x02080802, 0x02000800, 0x00080002,
0x02080800, 0x00080000, 0x00000802, 0x02000800,
0x02080002, 0x00000800, 0x00080800, 0x02000002,
0x00080802, 0x00000002, 0x02000002, 0x02080000,
0x02080802, 0x00080800, 0x02080000, 0x02000802,
0x02000000, 0x00000802, 0x00080002, 0x00000000,
0x00080000, 0x02000000, 0x02000802, 0x02080800,
0x00000002, 0x02080002, 0x00000800, 0x00080802,
},
{
0x40108010, 0x00000000, 0x00108000, 0x40100000,
0x40000010, 0x00008010, 0x40008000, 0x00108000,
0x00008000, 0x40100010, 0x00000010, 0x40008000,
0x00100010, 0x40108000, 0x40100000, 0x00000010,
0x00100000, 0x40008010, 0x40100010, 0x00008000,
0x00108010, 0x40000000, 0x00000000, 0x00100010,
0x40008010, 0x00108010, 0x40108000, 0x40000010,
0x40000000, 0x00100000, 0x00008010, 0x40108010,
0x00100010, 0x40108000, 0x40008000, 0x00108010,
0x40108010, 0x00100010, 0x40000010, 0x00000000,
0x40000000, 0x00008010, 0x00100000, 0x40100010,
0x00008000, 0x40000000, 0x00108010, 0x40008010,
0x40108000, 0x00008000, 0x00000000, 0x40000010,
0x00000010, 0x40108010, 0x00108000, 0x40100000,
0x40100010, 0x00100000, 0x00008010, 0x40008000,
0x40008010, 0x00000010, 0x40100000, 0x00108000,
},
{
0x04000001, 0x04040100, 0x00000100, 0x04000101,
0x00040001, 0x04000000, 0x04000101, 0x00040100,
0x04000100, 0x00040000, 0x04040000, 0x00000001,
0x04040101, 0x00000101, 0x00000001, 0x04040001,
0x00000000, 0x00040001, 0x04040100, 0x00000100,
0x00000101, 0x04040101, 0x00040000, 0x04000001,
0x04040001, 0x04000100, 0x00040101, 0x04040000,
0x00040100, 0x00000000, 0x04000000, 0x00040101,
0x04040100, 0x00000100, 0x00000001, 0x00040000,
0x00000101, 0x00040001, 0x04040000, 0x04000101,
0x00000000, 0x04040100, 0x00040100, 0x04040001,
0x00040001, 0x04000000, 0x04040101, 0x00000001,
0x00040101, 0x04000001, 0x04000000, 0x04040101,
0x00040000, 0x04000100, 0x04000101, 0x00040100,
0x04000100, 0x00000000, 0x04040001, 0x00000101,
0x04000001, 0x00040101, 0x00000100, 0x04040000,
},
{
0x00401008, 0x10001000, 0x00000008, 0x10401008,
0x00000000, 0x10400000, 0x10001008, 0x00400008,
0x10401000, 0x10000008, 0x10000000, 0x00001008,
0x10000008, 0x00401008, 0x00400000, 0x10000000,
0x10400008, 0x00401000, 0x00001000, 0x00000008,
0x00401000, 0x10001008, 0x10400000, 0x00001000,
0x00001008, 0x00000000, 0x00400008, 0x10401000,
0x10001000, 0x10400008, 0x10401008, 0x00400000,
0x10400008, 0x00001008, 0x00400000, 0x10000008,
0x00401000, 0x10001000, 0x00000008, 0x10400000,
0x10001008, 0x00000000, 0x00001000, 0x00400008,
0x00000000, 0x10400008, 0x10401000, 0x00001000,
0x10000000, 0x10401008, 0x00401008, 0x00400000,
0x10401008, 0x00000008, 0x10001000, 0x00401008,
0x00400008, 0x00401000, 0x10400000, 0x10001008,
0x00001008, 0x10000000, 0x10000008, 0x10401000,
},
{
0x08000000, 0x00010000, 0x00000400, 0x08010420,
0x08010020, 0x08000400, 0x00010420, 0x08010000,
0x00010000, 0x00000020, 0x08000020, 0x00010400,
0x08000420, 0x08010020, 0x08010400, 0x00000000,
0x00010400, 0x08000000, 0x00010020, 0x00000420,
0x08000400, 0x00010420, 0x00000000, 0x08000020,
0x00000020, 0x08000420, 0x08010420, 0x00010020,
0x08010000, 0x00000400, 0x00000420, 0x08010400,
0x08010400, 0x08000420, 0x00010020, 0x08010000,
0x00010000, 0x00000020, 0x08000020, 0x08000400,
0x08000000, 0x00010400, 0x08010420, 0x00000000,
0x00010420, 0x08000000, 0x00000400, 0x00010020,
0x08000420, 0x00000400, 0x00000000, 0x08010420,
0x08010020, 0x08010400, 0x00000420, 0x00010000,
0x00010400, 0x08010020, 0x08000400, 0x00000420,
0x00000020, 0x00010420, 0x08010000, 0x08000020,
},
{
0x80000040, 0x00200040, 0x00000000, 0x80202000,
0x00200040, 0x00002000, 0x80002040, 0x00200000,
0x00002040, 0x80202040, 0x00202000, 0x80000000,
0x80002000, 0x80000040, 0x80200000, 0x00202040,
0x00200000, 0x80002040, 0x80200040, 0x00000000,
0x00002000, 0x00000040, 0x80202000, 0x80200040,
0x80202040, 0x80200000, 0x80000000, 0x00002040,
0x00000040, 0x00202000, 0x00202040, 0x80002000,
0x00002040, 0x80000000, 0x80002000, 0x00202040,
0x80202000, 0x00200040, 0x00000000, 0x80002000,
0x80000000, 0x00002000, 0x80200040, 0x00200000,
0x00200040, 0x80202040, 0x00202000, 0x00000040,
0x80202040, 0x00202000, 0x00200000, 0x80002040,
0x80000040, 0x80200000, 0x00202040, 0x00000000,
0x00002000, 0x80000040, 0x80002040, 0x80202000,
0x80200000, 0x00002040, 0x00000040, 0x80200040,
},
{
0x00004000, 0x00000200, 0x01000200, 0x01000004,
0x01004204, 0x00004004, 0x00004200, 0x00000000,
0x01000000, 0x01000204, 0x00000204, 0x01004000,
0x00000004, 0x01004200, 0x01004000, 0x00000204,
0x01000204, 0x00004000, 0x00004004, 0x01004204,
0x00000000, 0x01000200, 0x01000004, 0x00004200,
0x01004004, 0x00004204, 0x01004200, 0x00000004,
0x00004204, 0x01004004, 0x00000200, 0x01000000,
0x00004204, 0x01004000, 0x01004004, 0x00000204,
0x00004000, 0x00000200, 0x01000000, 0x01004004,
0x01000204, 0x00004204, 0x00004200, 0x00000000,
0x00000200, 0x01000004, 0x00000004, 0x01000200,
0x00000000, 0x01000204, 0x01000200, 0x00004200,
0x00000204, 0x00004000, 0x01004204, 0x01000000,
0x01004200, 0x00000004, 0x00004004, 0x01004204,
0x01000004, 0x01004200, 0x01004000, 0x00004004,
},
{
0x20800080, 0x20820000, 0x00020080, 0x00000000,
0x20020000, 0x00800080, 0x20800000, 0x20820080,
0x00000080, 0x20000000, 0x00820000, 0x00020080,
0x00820080, 0x20020080, 0x20000080, 0x20800000,
0x00020000, 0x00820080, 0x00800080, 0x20020000,
0x20820080, 0x20000080, 0x00000000, 0x00820000,
0x20000000, 0x00800000, 0x20020080, 0x20800080,
0x00800000, 0x00020000, 0x20820000, 0x00000080,
0x00800000, 0x00020000, 0x20000080, 0x20820080,
0x00020080, 0x20000000, 0x00000000, 0x00820000,
0x20800080, 0x20020080, 0x20020000, 0x00800080,
0x20820000, 0x00000080, 0x00800080, 0x20020000,
0x20820080, 0x00800000, 0x20800000, 0x20000080,
0x00820000, 0x00020080, 0x20020080, 0x20800000,
0x00000080, 0x20820000, 0x00820080, 0x00000000,
0x20000000, 0x20800080, 0x00020000, 0x00820080,
}
};
CONSTANT_VK u32a c_skb[8][64] =
{
{
0x00000000, 0x00000010, 0x20000000, 0x20000010,
0x00010000, 0x00010010, 0x20010000, 0x20010010,
0x00000800, 0x00000810, 0x20000800, 0x20000810,
0x00010800, 0x00010810, 0x20010800, 0x20010810,
0x00000020, 0x00000030, 0x20000020, 0x20000030,
0x00010020, 0x00010030, 0x20010020, 0x20010030,
0x00000820, 0x00000830, 0x20000820, 0x20000830,
0x00010820, 0x00010830, 0x20010820, 0x20010830,
0x00080000, 0x00080010, 0x20080000, 0x20080010,
0x00090000, 0x00090010, 0x20090000, 0x20090010,
0x00080800, 0x00080810, 0x20080800, 0x20080810,
0x00090800, 0x00090810, 0x20090800, 0x20090810,
0x00080020, 0x00080030, 0x20080020, 0x20080030,
0x00090020, 0x00090030, 0x20090020, 0x20090030,
0x00080820, 0x00080830, 0x20080820, 0x20080830,
0x00090820, 0x00090830, 0x20090820, 0x20090830,
},
{
0x00000000, 0x02000000, 0x00002000, 0x02002000,
0x00200000, 0x02200000, 0x00202000, 0x02202000,
0x00000004, 0x02000004, 0x00002004, 0x02002004,
0x00200004, 0x02200004, 0x00202004, 0x02202004,
0x00000400, 0x02000400, 0x00002400, 0x02002400,
0x00200400, 0x02200400, 0x00202400, 0x02202400,
0x00000404, 0x02000404, 0x00002404, 0x02002404,
0x00200404, 0x02200404, 0x00202404, 0x02202404,
0x10000000, 0x12000000, 0x10002000, 0x12002000,
0x10200000, 0x12200000, 0x10202000, 0x12202000,
0x10000004, 0x12000004, 0x10002004, 0x12002004,
0x10200004, 0x12200004, 0x10202004, 0x12202004,
0x10000400, 0x12000400, 0x10002400, 0x12002400,
0x10200400, 0x12200400, 0x10202400, 0x12202400,
0x10000404, 0x12000404, 0x10002404, 0x12002404,
0x10200404, 0x12200404, 0x10202404, 0x12202404,
},
{
0x00000000, 0x00000001, 0x00040000, 0x00040001,
0x01000000, 0x01000001, 0x01040000, 0x01040001,
0x00000002, 0x00000003, 0x00040002, 0x00040003,
0x01000002, 0x01000003, 0x01040002, 0x01040003,
0x00000200, 0x00000201, 0x00040200, 0x00040201,
0x01000200, 0x01000201, 0x01040200, 0x01040201,
0x00000202, 0x00000203, 0x00040202, 0x00040203,
0x01000202, 0x01000203, 0x01040202, 0x01040203,
0x08000000, 0x08000001, 0x08040000, 0x08040001,
0x09000000, 0x09000001, 0x09040000, 0x09040001,
0x08000002, 0x08000003, 0x08040002, 0x08040003,
0x09000002, 0x09000003, 0x09040002, 0x09040003,
0x08000200, 0x08000201, 0x08040200, 0x08040201,
0x09000200, 0x09000201, 0x09040200, 0x09040201,
0x08000202, 0x08000203, 0x08040202, 0x08040203,
0x09000202, 0x09000203, 0x09040202, 0x09040203,
},
{
0x00000000, 0x00100000, 0x00000100, 0x00100100,
0x00000008, 0x00100008, 0x00000108, 0x00100108,
0x00001000, 0x00101000, 0x00001100, 0x00101100,
0x00001008, 0x00101008, 0x00001108, 0x00101108,
0x04000000, 0x04100000, 0x04000100, 0x04100100,
0x04000008, 0x04100008, 0x04000108, 0x04100108,
0x04001000, 0x04101000, 0x04001100, 0x04101100,
0x04001008, 0x04101008, 0x04001108, 0x04101108,
0x00020000, 0x00120000, 0x00020100, 0x00120100,
0x00020008, 0x00120008, 0x00020108, 0x00120108,
0x00021000, 0x00121000, 0x00021100, 0x00121100,
0x00021008, 0x00121008, 0x00021108, 0x00121108,
0x04020000, 0x04120000, 0x04020100, 0x04120100,
0x04020008, 0x04120008, 0x04020108, 0x04120108,
0x04021000, 0x04121000, 0x04021100, 0x04121100,
0x04021008, 0x04121008, 0x04021108, 0x04121108,
},
{
0x00000000, 0x10000000, 0x00010000, 0x10010000,
0x00000004, 0x10000004, 0x00010004, 0x10010004,
0x20000000, 0x30000000, 0x20010000, 0x30010000,
0x20000004, 0x30000004, 0x20010004, 0x30010004,
0x00100000, 0x10100000, 0x00110000, 0x10110000,
0x00100004, 0x10100004, 0x00110004, 0x10110004,
0x20100000, 0x30100000, 0x20110000, 0x30110000,
0x20100004, 0x30100004, 0x20110004, 0x30110004,
0x00001000, 0x10001000, 0x00011000, 0x10011000,
0x00001004, 0x10001004, 0x00011004, 0x10011004,
0x20001000, 0x30001000, 0x20011000, 0x30011000,
0x20001004, 0x30001004, 0x20011004, 0x30011004,
0x00101000, 0x10101000, 0x00111000, 0x10111000,
0x00101004, 0x10101004, 0x00111004, 0x10111004,
0x20101000, 0x30101000, 0x20111000, 0x30111000,
0x20101004, 0x30101004, 0x20111004, 0x30111004,
},
{
0x00000000, 0x08000000, 0x00000008, 0x08000008,
0x00000400, 0x08000400, 0x00000408, 0x08000408,
0x00020000, 0x08020000, 0x00020008, 0x08020008,
0x00020400, 0x08020400, 0x00020408, 0x08020408,
0x00000001, 0x08000001, 0x00000009, 0x08000009,
0x00000401, 0x08000401, 0x00000409, 0x08000409,
0x00020001, 0x08020001, 0x00020009, 0x08020009,
0x00020401, 0x08020401, 0x00020409, 0x08020409,
0x02000000, 0x0A000000, 0x02000008, 0x0A000008,
0x02000400, 0x0A000400, 0x02000408, 0x0A000408,
0x02020000, 0x0A020000, 0x02020008, 0x0A020008,
0x02020400, 0x0A020400, 0x02020408, 0x0A020408,
0x02000001, 0x0A000001, 0x02000009, 0x0A000009,
0x02000401, 0x0A000401, 0x02000409, 0x0A000409,
0x02020001, 0x0A020001, 0x02020009, 0x0A020009,
0x02020401, 0x0A020401, 0x02020409, 0x0A020409,
},
{
0x00000000, 0x00000100, 0x00080000, 0x00080100,
0x01000000, 0x01000100, 0x01080000, 0x01080100,
0x00000010, 0x00000110, 0x00080010, 0x00080110,
0x01000010, 0x01000110, 0x01080010, 0x01080110,
0x00200000, 0x00200100, 0x00280000, 0x00280100,
0x01200000, 0x01200100, 0x01280000, 0x01280100,
0x00200010, 0x00200110, 0x00280010, 0x00280110,
0x01200010, 0x01200110, 0x01280010, 0x01280110,
0x00000200, 0x00000300, 0x00080200, 0x00080300,
0x01000200, 0x01000300, 0x01080200, 0x01080300,
0x00000210, 0x00000310, 0x00080210, 0x00080310,
0x01000210, 0x01000310, 0x01080210, 0x01080310,
0x00200200, 0x00200300, 0x00280200, 0x00280300,
0x01200200, 0x01200300, 0x01280200, 0x01280300,
0x00200210, 0x00200310, 0x00280210, 0x00280310,
0x01200210, 0x01200310, 0x01280210, 0x01280310,
},
{
0x00000000, 0x04000000, 0x00040000, 0x04040000,
0x00000002, 0x04000002, 0x00040002, 0x04040002,
0x00002000, 0x04002000, 0x00042000, 0x04042000,
0x00002002, 0x04002002, 0x00042002, 0x04042002,
0x00000020, 0x04000020, 0x00040020, 0x04040020,
0x00000022, 0x04000022, 0x00040022, 0x04040022,
0x00002020, 0x04002020, 0x00042020, 0x04042020,
0x00002022, 0x04002022, 0x00042022, 0x04042022,
0x00000800, 0x04000800, 0x00040800, 0x04040800,
0x00000802, 0x04000802, 0x00040802, 0x04040802,
0x00002800, 0x04002800, 0x00042800, 0x04042800,
0x00002802, 0x04002802, 0x00042802, 0x04042802,
0x00000820, 0x04000820, 0x00040820, 0x04040820,
0x00000822, 0x04000822, 0x00040822, 0x04040822,
0x00002820, 0x04002820, 0x00042820, 0x04042820,
0x00002822, 0x04002822, 0x00042822, 0x04042822
}
};
#if VECT_SIZE == 1
#define BOX(i,n,S) (S)[(n)][(i)]
#elif VECT_SIZE == 2
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1])
#elif VECT_SIZE == 4
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3])
#elif VECT_SIZE == 8
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7])
#elif VECT_SIZE == 16
#define BOX(i,n,S) make_u32x ((S)[(n)][(i).s0], (S)[(n)][(i).s1], (S)[(n)][(i).s2], (S)[(n)][(i).s3], (S)[(n)][(i).s4], (S)[(n)][(i).s5], (S)[(n)][(i).s6], (S)[(n)][(i).s7], (S)[(n)][(i).s8], (S)[(n)][(i).s9], (S)[(n)][(i).sa], (S)[(n)][(i).sb], (S)[(n)][(i).sc], (S)[(n)][(i).sd], (S)[(n)][(i).se], (S)[(n)][(i).sf])
#endif
DECLSPEC void _des_crypt_encrypt (u32 *iv, u32 *data, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_SPtrans)[64])
{
u32 r = data[0];
u32 l = data[1];
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 16; i += 2)
{
u32 u;
u32 t;
u = Kc[i + 0] ^ hc_rotl32 (r, 30u);
t = Kd[i + 0] ^ hc_rotl32 (r, 26u);
l ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans)
| BOX (((u >> 8) & 0x3f), 2, s_SPtrans)
| BOX (((u >> 16) & 0x3f), 4, s_SPtrans)
| BOX (((u >> 24) & 0x3f), 6, s_SPtrans)
| BOX (((t >> 0) & 0x3f), 1, s_SPtrans)
| BOX (((t >> 8) & 0x3f), 3, s_SPtrans)
| BOX (((t >> 16) & 0x3f), 5, s_SPtrans)
| BOX (((t >> 24) & 0x3f), 7, s_SPtrans);
u = Kc[i + 1] ^ hc_rotl32 (l, 30u);
t = Kd[i + 1] ^ hc_rotl32 (l, 26u);
r ^= BOX (((u >> 0) & 0x3f), 0, s_SPtrans)
| BOX (((u >> 8) & 0x3f), 2, s_SPtrans)
| BOX (((u >> 16) & 0x3f), 4, s_SPtrans)
| BOX (((u >> 24) & 0x3f), 6, s_SPtrans)
| BOX (((t >> 0) & 0x3f), 1, s_SPtrans)
| BOX (((t >> 8) & 0x3f), 3, s_SPtrans)
| BOX (((t >> 16) & 0x3f), 5, s_SPtrans)
| BOX (((t >> 24) & 0x3f), 7, s_SPtrans);
}
iv[0] = l;
iv[1] = r;
}
DECLSPEC void _des_crypt_keysetup (u32 c, u32 d, u32 *Kc, u32 *Kd, SHM_TYPE u32 (*s_skb)[64])
{
u32 tt;
PERM_OP (d, c, tt, 4, 0x0f0f0f0f);
HPERM_OP (c, tt, 2, 0xcccc0000);
HPERM_OP (d, tt, 2, 0xcccc0000);
PERM_OP (d, c, tt, 1, 0x55555555);
PERM_OP (c, d, tt, 8, 0x00ff00ff);
PERM_OP (d, c, tt, 1, 0x55555555);
d = ((d & 0x000000ff) << 16)
| ((d & 0x0000ff00) << 0)
| ((d & 0x00ff0000) >> 16)
| ((c & 0xf0000000) >> 4);
c = c & 0x0fffffff;
#ifdef _unroll
#pragma unroll
#endif
for (u32 i = 0; i < 16; i++)
{
if ((i < 2) || (i == 8) || (i == 15))
{
c = ((c >> 1) | (c << 27));
d = ((d >> 1) | (d << 27));
}
else
{
c = ((c >> 2) | (c << 26));
d = ((d >> 2) | (d << 26));
}
c = c & 0x0fffffff;
d = d & 0x0fffffff;
const u32 c00 = (c >> 0) & 0x0000003f;
const u32 c06 = (c >> 6) & 0x00383003;
const u32 c07 = (c >> 7) & 0x0000003c;
const u32 c13 = (c >> 13) & 0x0000060f;
const u32 c20 = (c >> 20) & 0x00000001;
u32 s = BOX (((c00 >> 0) & 0xff), 0, s_skb)
| BOX (((c06 >> 0) & 0xff)
|((c07 >> 0) & 0xff), 1, s_skb)
| BOX (((c13 >> 0) & 0xff)
|((c06 >> 8) & 0xff), 2, s_skb)
| BOX (((c20 >> 0) & 0xff)
|((c13 >> 8) & 0xff)
|((c06 >> 16) & 0xff), 3, s_skb);
const u32 d00 = (d >> 0) & 0x00003c3f;
const u32 d07 = (d >> 7) & 0x00003f03;
const u32 d21 = (d >> 21) & 0x0000000f;
const u32 d22 = (d >> 22) & 0x00000030;
u32 t = BOX (((d00 >> 0) & 0xff), 4, s_skb)
| BOX (((d07 >> 0) & 0xff)
|((d00 >> 8) & 0xff), 5, s_skb)
| BOX (((d07 >> 8) & 0xff), 6, s_skb)
| BOX (((d21 >> 0) & 0xff)
|((d22 >> 0) & 0xff), 7, s_skb);
Kc[i] = ((t << 16) | (s & 0x0000ffff));
Kd[i] = ((s >> 16) | (t & 0xffff0000));
}
}
DECLSPEC void transform_netntlmv1_key (const u32 w0, const u32 w1, u32 *out)
{
u32 t[8];
t[0] = (w0 >> 0) & 0xff;
t[1] = (w0 >> 8) & 0xff;
t[2] = (w0 >> 16) & 0xff;
t[3] = (w0 >> 24) & 0xff;
t[4] = (w1 >> 0) & 0xff;
t[5] = (w1 >> 8) & 0xff;
t[6] = (w1 >> 16) & 0xff;
t[7] = (w1 >> 24) & 0xff;
u32 k[8];
k[0] = (t[0] >> 0);
k[1] = (t[0] << 7) | (t[1] >> 1);
k[2] = (t[1] << 6) | (t[2] >> 2);
k[3] = (t[2] << 5) | (t[3] >> 3);
k[4] = (t[3] << 4) | (t[4] >> 4);
k[5] = (t[4] << 3) | (t[5] >> 5);
k[6] = (t[5] << 2) | (t[6] >> 6);
k[7] = (t[6] << 1);
out[0] = ((k[0] & 0xff) << 0)
| ((k[1] & 0xff) << 8)
| ((k[2] & 0xff) << 16)
| ((k[3] & 0xff) << 24);
out[1] = ((k[4] & 0xff) << 0)
| ((k[5] & 0xff) << 8)
| ((k[6] & 0xff) << 16)
| ((k[7] & 0xff) << 24);
}
KERNEL_FQ void m05510_mxx (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* sbox, kbox
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
/**
* salt
*/
const u32 s0 = salt_bufs[SALT_POS].salt_buf[0];
const u32 s1 = salt_bufs[SALT_POS].salt_buf[1];
const u32 s2 = salt_bufs[SALT_POS].salt_buf[2];
/**
* base
*/
const u32 a = pws[gid].i[ 0];
const u32 b = pws[gid].i[ 1];
const u32 c = pws[gid].i[ 2];
const u32 d = pws[gid].i[ 3];
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos++)
{
if ((d >> 16) != s2) continue;
/**
* DES1
*/
u32 key[2];
transform_netntlmv1_key (a, b, key);
u32 Kc[16];
u32 Kd[16];
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 data[2];
data[0] = s0;
data[1] = s1;
u32 out1[2];
_des_crypt_encrypt (out1, data, Kc, Kd, s_SPtrans);
/**
* DES2
*/
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 out2[2];
_des_crypt_encrypt (out2, data, Kc, Kd, s_SPtrans);
const u32 r0 = out1[0];
const u32 r1 = out1[1];
const u32 r2 = out2[0];
const u32 r3 = out2[1];
COMPARE_M_SCALAR (r0, r1, r2, r3);
}
}
KERNEL_FQ void m05510_sxx (KERN_ATTR_RULES ())
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* sbox, kbox
*/
#ifdef REAL_SHM
LOCAL_VK u32 s_SPtrans[8][64];
LOCAL_VK u32 s_skb[8][64];
for (u32 i = lid; i < 64; i += lsz)
{
s_SPtrans[0][i] = c_SPtrans[0][i];
s_SPtrans[1][i] = c_SPtrans[1][i];
s_SPtrans[2][i] = c_SPtrans[2][i];
s_SPtrans[3][i] = c_SPtrans[3][i];
s_SPtrans[4][i] = c_SPtrans[4][i];
s_SPtrans[5][i] = c_SPtrans[5][i];
s_SPtrans[6][i] = c_SPtrans[6][i];
s_SPtrans[7][i] = c_SPtrans[7][i];
s_skb[0][i] = c_skb[0][i];
s_skb[1][i] = c_skb[1][i];
s_skb[2][i] = c_skb[2][i];
s_skb[3][i] = c_skb[3][i];
s_skb[4][i] = c_skb[4][i];
s_skb[5][i] = c_skb[5][i];
s_skb[6][i] = c_skb[6][i];
s_skb[7][i] = c_skb[7][i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a (*s_SPtrans)[64] = c_SPtrans;
CONSTANT_AS u32a (*s_skb)[64] = c_skb;
#endif
if (gid >= gid_max) return;
/**
* digest
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R3]
};
/**
* salt
*/
const u32 s0 = salt_bufs[SALT_POS].salt_buf[0];
const u32 s1 = salt_bufs[SALT_POS].salt_buf[1];
const u32 s2 = salt_bufs[SALT_POS].salt_buf[2];
/**
* base
*/
const u32 a = pws[gid].i[ 0];
const u32 b = pws[gid].i[ 1];
const u32 c = pws[gid].i[ 2];
const u32 d = pws[gid].i[ 3];
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos++)
{
if ((d >> 16) != s2) continue;
/**
* DES1
*/
u32 key[2];
transform_netntlmv1_key (a, b, key);
u32 Kc[16];
u32 Kd[16];
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 data[2];
data[0] = s0;
data[1] = s1;
u32 out1[2];
_des_crypt_encrypt (out1, data, Kc, Kd, s_SPtrans);
/**
* DES2
*/
/*
transform_netntlmv1_key (((b >> 24) | (c << 8)), ((c >> 24) | (d << 8)), key);
_des_crypt_keysetup (key[0], key[1], Kc, Kd, s_skb);
u32 out2[2];
_des_crypt_encrypt (out2, data, Kc, Kd, s_SPtrans);
*/
const u32 r0 = out1[0];
const u32 r1 = out1[1];
const u32 r2 = search[2];
const u32 r3 = search[3];
COMPARE_S_SCALAR (r0, r1, r2, r3);
}
}

610
OpenCL/m05610_a0-optimized.cl
Unescape View File

@ -0,0 +1,610 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_rp_optimized.h"
#include "inc_rp_optimized.cl"
#include "inc_simd.cl"
#include "inc_hash_md4.cl"
#include "inc_hash_md5.cl"
#endif
typedef struct netntlm
{
u32 user_len;
u32 domain_len;
u32 srvchall_len;
u32 clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
DECLSPEC void hmac_md5_pad (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad)
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = MD5M_A;
ipad[1] = MD5M_B;
ipad[2] = MD5M_C;
ipad[3] = MD5M_D;
md5_transform_vector (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = MD5M_A;
opad[1] = MD5M_B;
opad[2] = MD5M_C;
opad[3] = MD5M_D;
md5_transform_vector (w0, w1, w2, w3, opad);
}
DECLSPEC void hmac_md5_run (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
md5_transform_vector (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = 0x80;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 16) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
md5_transform_vector (w0, w1, w2, w3, digest);
}
KERNEL_FQ void m05610_m04 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* salt
*/
LOCAL_VK u32 s_userdomain_buf[64];
for (u32 i = lid; i < 64; i += lsz)
{
s_userdomain_buf[i] = esalt_bufs[DIGESTS_OFFSET].userdomain_buf[i];
}
LOCAL_VK u32 s_chall_buf[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_chall_buf[i] = esalt_bufs[DIGESTS_OFFSET].chall_buf[i];
}
SYNC_THREADS ();
if (gid >= gid_max) return;
const u32 userdomain_len = esalt_bufs[DIGESTS_OFFSET].user_len
+ esalt_bufs[DIGESTS_OFFSET].domain_len;
const u32 chall_len = esalt_bufs[DIGESTS_OFFSET].srvchall_len
+ esalt_bufs[DIGESTS_OFFSET].clichall_len;
/**
* base
*/
// u32 pw_buf0[4];
// u32 pw_buf1[4];
// pw_buf0[0] = pws[gid].i[0];
// pw_buf0[1] = pws[gid].i[1];
// pw_buf0[2] = pws[gid].i[2];
// pw_buf0[3] = pws[gid].i[3];
// pw_buf1[0] = pws[gid].i[4];
// pw_buf1[1] = pws[gid].i[5];
// pw_buf1[2] = pws[gid].i[6];
// pw_buf1[3] = pws[gid].i[7];
// const u32 pw_len = pws[gid].pw_len & 63;
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
{
// u32x w0[4] = { 0 };
// u32x w1[4] = { 0 };
// u32x w2[4] = { 0 };
// u32x w3[4] = { 0 };
// const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
// append_0x80_2x4_VV (w0, w1, out_len);
u32x w0_t[4];
u32x w1_t[4];
u32x w2_t[4];
u32x w3_t[4];
// make_utf16le (w0, w0_t, w1_t);
// make_utf16le (w1, w2_t, w3_t);
// w3_t[2] = out_len * 8 * 2;
// w3_t[3] = 0;
// digest[0] = pws[gid].i[ 0];
// digest[1] = pws[gid].i[ 1];;
// digest[2] = pws[gid].i[ 2];;
// digest[3] = pws[gid].i[ 3];;
// md4_transform_vector (w0_t, w1_t, w2_t, w3_t, digest);
w0_t[0] = pws[gid].i[ 0];
w0_t[1] = pws[gid].i[ 1];
w0_t[2] = pws[gid].i[ 2];
w0_t[3] = pws[gid].i[ 3];
w1_t[0] = 0;
w1_t[1] = 0;
w1_t[2] = 0;
w1_t[3] = 0;
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 0;
w3_t[3] = 0;
u32x digest[4];
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
u32x ipad[4];
u32x opad[4];
hmac_md5_pad (w0_t, w1_t, w2_t, w3_t, ipad, opad);
int left;
int off;
for (left = userdomain_len, off = 0; left >= 56; left -= 64, off += 16)
{
w0_t[0] = s_userdomain_buf[off + 0];
w0_t[1] = s_userdomain_buf[off + 1];
w0_t[2] = s_userdomain_buf[off + 2];
w0_t[3] = s_userdomain_buf[off + 3];
w1_t[0] = s_userdomain_buf[off + 4];
w1_t[1] = s_userdomain_buf[off + 5];
w1_t[2] = s_userdomain_buf[off + 6];
w1_t[3] = s_userdomain_buf[off + 7];
w2_t[0] = s_userdomain_buf[off + 8];
w2_t[1] = s_userdomain_buf[off + 9];
w2_t[2] = s_userdomain_buf[off + 10];
w2_t[3] = s_userdomain_buf[off + 11];
w3_t[0] = s_userdomain_buf[off + 12];
w3_t[1] = s_userdomain_buf[off + 13];
w3_t[2] = s_userdomain_buf[off + 14];
w3_t[3] = s_userdomain_buf[off + 15];
md5_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad);
}
w0_t[0] = s_userdomain_buf[off + 0];
w0_t[1] = s_userdomain_buf[off + 1];
w0_t[2] = s_userdomain_buf[off + 2];
w0_t[3] = s_userdomain_buf[off + 3];
w1_t[0] = s_userdomain_buf[off + 4];
w1_t[1] = s_userdomain_buf[off + 5];
w1_t[2] = s_userdomain_buf[off + 6];
w1_t[3] = s_userdomain_buf[off + 7];
w2_t[0] = s_userdomain_buf[off + 8];
w2_t[1] = s_userdomain_buf[off + 9];
w2_t[2] = s_userdomain_buf[off + 10];
w2_t[3] = s_userdomain_buf[off + 11];
w3_t[0] = s_userdomain_buf[off + 12];
w3_t[1] = s_userdomain_buf[off + 13];
w3_t[2] = (64 + userdomain_len) * 8;
w3_t[3] = 0;
hmac_md5_run (w0_t, w1_t, w2_t, w3_t, ipad, opad, digest);
w0_t[0] = digest[0];
w0_t[1] = digest[1];
w0_t[2] = digest[2];
w0_t[3] = digest[3];
w1_t[0] = 0;
w1_t[1] = 0;
w1_t[2] = 0;
w1_t[3] = 0;
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 0;
w3_t[3] = 0;
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
hmac_md5_pad (w0_t, w1_t, w2_t, w3_t, ipad, opad);
for (left = chall_len, off = 0; left >= 56; left -= 64, off += 16)
{
w0_t[0] = s_chall_buf[off + 0];
w0_t[1] = s_chall_buf[off + 1];
w0_t[2] = s_chall_buf[off + 2];
w0_t[3] = s_chall_buf[off + 3];
w1_t[0] = s_chall_buf[off + 4];
w1_t[1] = s_chall_buf[off + 5];
w1_t[2] = s_chall_buf[off + 6];
w1_t[3] = s_chall_buf[off + 7];
w2_t[0] = s_chall_buf[off + 8];
w2_t[1] = s_chall_buf[off + 9];
w2_t[2] = s_chall_buf[off + 10];
w2_t[3] = s_chall_buf[off + 11];
w3_t[0] = s_chall_buf[off + 12];
w3_t[1] = s_chall_buf[off + 13];
w3_t[2] = s_chall_buf[off + 14];
w3_t[3] = s_chall_buf[off + 15];
md5_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad);
}
w0_t[0] = s_chall_buf[off + 0];
w0_t[1] = s_chall_buf[off + 1];
w0_t[2] = s_chall_buf[off + 2];
w0_t[3] = s_chall_buf[off + 3];
w1_t[0] = s_chall_buf[off + 4];
w1_t[1] = s_chall_buf[off + 5];
w1_t[2] = s_chall_buf[off + 6];
w1_t[3] = s_chall_buf[off + 7];
w2_t[0] = s_chall_buf[off + 8];
w2_t[1] = s_chall_buf[off + 9];
w2_t[2] = s_chall_buf[off + 10];
w2_t[3] = s_chall_buf[off + 11];
w3_t[0] = s_chall_buf[off + 12];
w3_t[1] = s_chall_buf[off + 13];
w3_t[2] = (64 + chall_len) * 8;
w3_t[3] = 0;
hmac_md5_run (w0_t, w1_t, w2_t, w3_t, ipad, opad, digest);
COMPARE_M_SIMD (digest[0], digest[3], digest[2], digest[1]);
}
}
KERNEL_FQ void m05610_m08 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
}
KERNEL_FQ void m05610_m16 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
}
KERNEL_FQ void m05610_s04 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
/**
* modifier
*/
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
/**
* salt
*/
LOCAL_VK u32 s_userdomain_buf[64];
for (u32 i = lid; i < 64; i += lsz)
{
s_userdomain_buf[i] = esalt_bufs[DIGESTS_OFFSET].userdomain_buf[i];
}
LOCAL_VK u32 s_chall_buf[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_chall_buf[i] = esalt_bufs[DIGESTS_OFFSET].chall_buf[i];
}
SYNC_THREADS ();
if (gid >= gid_max) return;
const u32 userdomain_len = esalt_bufs[DIGESTS_OFFSET].user_len
+ esalt_bufs[DIGESTS_OFFSET].domain_len;
const u32 chall_len = esalt_bufs[DIGESTS_OFFSET].srvchall_len
+ esalt_bufs[DIGESTS_OFFSET].clichall_len;
/**
* base
*/
// u32 pw_buf0[4];
// u32 pw_buf1[4];
// pw_buf0[0] = pws[gid].i[0];
// pw_buf0[1] = pws[gid].i[1];
// pw_buf0[2] = pws[gid].i[2];
// pw_buf0[3] = pws[gid].i[3];
// pw_buf1[0] = pws[gid].i[4];
// pw_buf1[1] = pws[gid].i[5];
// pw_buf1[2] = pws[gid].i[6];
// pw_buf1[3] = pws[gid].i[7];
// const u32 pw_len = pws[gid].pw_len & 63;
/**
* digest
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R3]
};
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos += VECT_SIZE)
{
// u32x w0[4] = { 0 };
// u32x w1[4] = { 0 };
// u32x w2[4] = { 0 };
// u32x w3[4] = { 0 };
// const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
// append_0x80_2x4_VV (w0, w1, out_len);
u32x w0_t[4];
u32x w1_t[4];
u32x w2_t[4];
u32x w3_t[4];
// make_utf16le (w0, w0_t, w1_t);
// make_utf16le (w1, w2_t, w3_t);
// w3_t[2] = out_len * 8 * 2;
// w3_t[3] = 0;
// u32x digest[4];
// digest[0] = pws[gid].i[ 0];
// digest[1] = pws[gid].i[ 1];
// digest[2] = pws[gid].i[ 2];
// digest[3] = pws[gid].i[ 3];
// md4_transform_vector (w0_t, w1_t, w2_t, w3_t, digest);
w0_t[0] = pws[gid].i[ 0];
w0_t[1] = pws[gid].i[ 1];
w0_t[2] = pws[gid].i[ 2];
w0_t[3] = pws[gid].i[ 3];
w1_t[0] = 0;
w1_t[1] = 0;
w1_t[2] = 0;
w1_t[3] = 0;
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 0;
w3_t[3] = 0;
u32x digest[4];
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
u32x ipad[4];
u32x opad[4];
hmac_md5_pad (w0_t, w1_t, w2_t, w3_t, ipad, opad);
int left;
int off;
for (left = userdomain_len, off = 0; left >= 56; left -= 64, off += 16)
{
w0_t[0] = s_userdomain_buf[off + 0];
w0_t[1] = s_userdomain_buf[off + 1];
w0_t[2] = s_userdomain_buf[off + 2];
w0_t[3] = s_userdomain_buf[off + 3];
w1_t[0] = s_userdomain_buf[off + 4];
w1_t[1] = s_userdomain_buf[off + 5];
w1_t[2] = s_userdomain_buf[off + 6];
w1_t[3] = s_userdomain_buf[off + 7];
w2_t[0] = s_userdomain_buf[off + 8];
w2_t[1] = s_userdomain_buf[off + 9];
w2_t[2] = s_userdomain_buf[off + 10];
w2_t[3] = s_userdomain_buf[off + 11];
w3_t[0] = s_userdomain_buf[off + 12];
w3_t[1] = s_userdomain_buf[off + 13];
w3_t[2] = s_userdomain_buf[off + 14];
w3_t[3] = s_userdomain_buf[off + 15];
md5_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad);
}
w0_t[0] = s_userdomain_buf[off + 0];
w0_t[1] = s_userdomain_buf[off + 1];
w0_t[2] = s_userdomain_buf[off + 2];
w0_t[3] = s_userdomain_buf[off + 3];
w1_t[0] = s_userdomain_buf[off + 4];
w1_t[1] = s_userdomain_buf[off + 5];
w1_t[2] = s_userdomain_buf[off + 6];
w1_t[3] = s_userdomain_buf[off + 7];
w2_t[0] = s_userdomain_buf[off + 8];
w2_t[1] = s_userdomain_buf[off + 9];
w2_t[2] = s_userdomain_buf[off + 10];
w2_t[3] = s_userdomain_buf[off + 11];
w3_t[0] = s_userdomain_buf[off + 12];
w3_t[1] = s_userdomain_buf[off + 13];
w3_t[2] = (64 + userdomain_len) * 8;
w3_t[3] = 0;
hmac_md5_run (w0_t, w1_t, w2_t, w3_t, ipad, opad, digest);
w0_t[0] = digest[0];
w0_t[1] = digest[1];
w0_t[2] = digest[2];
w0_t[3] = digest[3];
w1_t[0] = 0;
w1_t[1] = 0;
w1_t[2] = 0;
w1_t[3] = 0;
w2_t[0] = 0;
w2_t[1] = 0;
w2_t[2] = 0;
w2_t[3] = 0;
w3_t[0] = 0;
w3_t[1] = 0;
w3_t[2] = 0;
w3_t[3] = 0;
digest[0] = MD5M_A;
digest[1] = MD5M_B;
digest[2] = MD5M_C;
digest[3] = MD5M_D;
hmac_md5_pad (w0_t, w1_t, w2_t, w3_t, ipad, opad);
for (left = chall_len, off = 0; left >= 56; left -= 64, off += 16)
{
w0_t[0] = s_chall_buf[off + 0];
w0_t[1] = s_chall_buf[off + 1];
w0_t[2] = s_chall_buf[off + 2];
w0_t[3] = s_chall_buf[off + 3];
w1_t[0] = s_chall_buf[off + 4];
w1_t[1] = s_chall_buf[off + 5];
w1_t[2] = s_chall_buf[off + 6];
w1_t[3] = s_chall_buf[off + 7];
w2_t[0] = s_chall_buf[off + 8];
w2_t[1] = s_chall_buf[off + 9];
w2_t[2] = s_chall_buf[off + 10];
w2_t[3] = s_chall_buf[off + 11];
w3_t[0] = s_chall_buf[off + 12];
w3_t[1] = s_chall_buf[off + 13];
w3_t[2] = s_chall_buf[off + 14];
w3_t[3] = s_chall_buf[off + 15];
md5_transform_vector (w0_t, w1_t, w2_t, w3_t, ipad);
}
w0_t[0] = s_chall_buf[off + 0];
w0_t[1] = s_chall_buf[off + 1];
w0_t[2] = s_chall_buf[off + 2];
w0_t[3] = s_chall_buf[off + 3];
w1_t[0] = s_chall_buf[off + 4];
w1_t[1] = s_chall_buf[off + 5];
w1_t[2] = s_chall_buf[off + 6];
w1_t[3] = s_chall_buf[off + 7];
w2_t[0] = s_chall_buf[off + 8];
w2_t[1] = s_chall_buf[off + 9];
w2_t[2] = s_chall_buf[off + 10];
w2_t[3] = s_chall_buf[off + 11];
w3_t[0] = s_chall_buf[off + 12];
w3_t[1] = s_chall_buf[off + 13];
w3_t[2] = (64 + chall_len) * 8;
w3_t[3] = 0;
hmac_md5_run (w0_t, w1_t, w2_t, w3_t, ipad, opad, digest);
COMPARE_S_SIMD (digest[0], digest[3], digest[2], digest[1]);
}
}
KERNEL_FQ void m05610_s08 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
}
KERNEL_FQ void m05610_s16 (KERN_ATTR_RULES_ESALT (netntlm_t))
{
}

214
OpenCL/m05610_a0-pure.cl
Unescape View File

@ -0,0 +1,214 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
//#define NEW_SIMD_CODE
#ifdef KERNEL_STATIC
#include "inc_vendor.h"
#include "inc_types.h"
#include "inc_platform.cl"
#include "inc_common.cl"
#include "inc_rp.h"
#include "inc_rp.cl"
#include "inc_scalar.cl"
#include "inc_hash_md4.cl"
#include "inc_hash_md5.cl"
#endif
typedef struct netntlm
{
u32 user_len;
u32 domain_len;
u32 srvchall_len;
u32 clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
KERNEL_FQ void m05610_mxx (KERN_ATTR_RULES_ESALT (netntlm_t))
{
/**
* modifier
*/
const u64 lid = get_local_id (0);
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
/**
* base
*/
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos++)
{
md5_hmac_ctx_t ctx0;
md5_hmac_init_64 (&ctx0, w0, w1, w2, w3);
md5_hmac_update_global (&ctx0, esalt_bufs[DIGESTS_OFFSET].userdomain_buf, esalt_bufs[DIGESTS_OFFSET].user_len + esalt_bufs[DIGESTS_OFFSET].domain_len);
md5_hmac_final (&ctx0);
w0[0] = ctx0.opad.h[0];
w0[1] = ctx0.opad.h[1];
w0[2] = ctx0.opad.h[2];
w0[3] = ctx0.opad.h[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
md5_hmac_ctx_t ctx;
md5_hmac_init_64 (&ctx, w0, w1, w2, w3);
md5_hmac_update_global (&ctx, esalt_bufs[DIGESTS_OFFSET].chall_buf, esalt_bufs[DIGESTS_OFFSET].srvchall_len + esalt_bufs[DIGESTS_OFFSET].clichall_len);
md5_hmac_final (&ctx);
const u32 r0 = ctx.opad.h[DGST_R0];
const u32 r1 = ctx.opad.h[DGST_R1];
const u32 r2 = ctx.opad.h[DGST_R2];
const u32 r3 = ctx.opad.h[DGST_R3];
COMPARE_M_SCALAR (r0, r1, r2, r3);
}
}
KERNEL_FQ void m05610_sxx (KERN_ATTR_RULES_ESALT (netntlm_t))
{
/**
* modifier
*/
const u64 lid = get_local_id (0);
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
/**
* digest
*/
const u32 search[4] =
{
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R0],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R1],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R2],
digests_buf[DIGESTS_OFFSET].digest_buf[DGST_R3]
};
/**
* base
*/
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
/**
* loop
*/
for (u32 il_pos = 0; il_pos < il_cnt; il_pos++)
{
md5_hmac_ctx_t ctx0;
md5_hmac_init_64 (&ctx0, w0, w1, w2, w3);
md5_hmac_update_global (&ctx0, esalt_bufs[DIGESTS_OFFSET].userdomain_buf, esalt_bufs[DIGESTS_OFFSET].user_len + esalt_bufs[DIGESTS_OFFSET].domain_len);
md5_hmac_final (&ctx0);
w0[0] = ctx0.opad.h[0];
w0[1] = ctx0.opad.h[1];
w0[2] = ctx0.opad.h[2];
w0[3] = ctx0.opad.h[3];
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
md5_hmac_ctx_t ctx;
md5_hmac_init_64 (&ctx, w0, w1, w2, w3);
md5_hmac_update_global (&ctx, esalt_bufs[DIGESTS_OFFSET].chall_buf, esalt_bufs[DIGESTS_OFFSET].srvchall_len + esalt_bufs[DIGESTS_OFFSET].clichall_len);
md5_hmac_final (&ctx);
const u32 r0 = ctx.opad.h[DGST_R0];
const u32 r1 = ctx.opad.h[DGST_R1];
const u32 r2 = ctx.opad.h[DGST_R2];
const u32 r3 = ctx.opad.h[DGST_R3];
COMPARE_S_SCALAR (r0, r1, r2, r3);
}
}

492
src/modules/module_05510.c
Unescape View File

@ -0,0 +1,492 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "emu_inc_cipher_des.h"
#include "emu_inc_hash_md5.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
static const char *HASH_NAME = "NetNTLMv1 / NetNTLMv1+ESS (NT)";
static const u64 KERN_TYPE = 5510;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_PT_ADD80
| OPTS_TYPE_PT_ADDBITS14
| OPTS_TYPE_PT_UTF16LE
| OPTS_TYPE_ST_HEX;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "\xb4\xb9\xb0\x2e\x6f\x09\xa9\xbd\x76\x0f\x38\x8b\x67\x35\x1e\x2b";
static const char *ST_HASH = "::5V4T:ada06359242920a500000000000000000000000000000000:0556d5297b5daa70eaffde82ef99293a3f3bb59b7c9704ea:9c23f6c094853920";
typedef struct netntlm
{
int user_len;
int domain_len;
int srvchall_len;
int clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
static void transform_netntlmv1_key (const u8 *nthash, u8 *key)
{
key[0] = (nthash[0] >> 0);
key[1] = (nthash[0] << 7) | (nthash[1] >> 1);
key[2] = (nthash[1] << 6) | (nthash[2] >> 2);
key[3] = (nthash[2] << 5) | (nthash[3] >> 3);
key[4] = (nthash[3] << 4) | (nthash[4] >> 4);
key[5] = (nthash[4] << 3) | (nthash[5] >> 5);
key[6] = (nthash[5] << 2) | (nthash[6] >> 6);
key[7] = (nthash[6] << 1);
key[0] |= 0x01;
key[1] |= 0x01;
key[2] |= 0x01;
key[3] |= 0x01;
key[4] |= 0x01;
key[5] |= 0x01;
key[6] |= 0x01;
key[7] |= 0x01;
}
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
{
char *jit_build_options = NULL;
// Extra treatment for Apple systems
if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
{
return jit_build_options;
}
// Intel CPU
if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU))
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
return jit_build_options;
}
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (netntlm_t);
return esalt_size;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
netntlm_t *netntlm = (netntlm_t *) esalt_buf;
token_t token;
token.token_cnt = 6;
// username
token.len_min[0] = 0;
token.len_max[0] = 60;
token.sep[0] = ':';
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH;
// unused
token.len_min[1] = 0;
token.len_max[1] = 0;
token.sep[1] = ':';
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
// domain
token.len_min[2] = 0;
token.len_max[2] = 45;
token.sep[2] = ':';
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH;
// lm response
token.len_min[3] = 0;
token.len_max[3] = 48;
token.sep[3] = ':';
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// ntlm response
token.len_min[4] = 48;
token.len_max[4] = 48;
token.sep[4] = ':';
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// challenge
token.len_min[5] = 16;
token.len_max[5] = 16;
token.sep[5] = ':';
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
const u8 *user_pos = token.buf[0];
const u8 *domain_pos = token.buf[2];
const u8 *srvchall_pos = token.buf[3];
const u8 *hash_pos = token.buf[4];
const u8 *clichall_pos = token.buf[5];
const int user_len = token.len[0];
const int domain_len = token.len[2];
const int srvchall_len = token.len[3];
const int clichall_len = token.len[5];
/**
* store some data for later use
*/
netntlm->user_len = user_len * 2;
netntlm->domain_len = domain_len * 2;
netntlm->srvchall_len = srvchall_len / 2;
netntlm->clichall_len = clichall_len / 2;
u8 *userdomain_ptr = (u8 *) netntlm->userdomain_buf;
u8 *chall_ptr = (u8 *) netntlm->chall_buf;
/**
* handle username and domainname
*/
for (int i = 0; i < user_len; i++)
{
*userdomain_ptr++ = user_pos[i];
*userdomain_ptr++ = 0;
}
for (int i = 0; i < domain_len; i++)
{
*userdomain_ptr++ = domain_pos[i];
*userdomain_ptr++ = 0;
}
/**
* handle server challenge encoding
*/
for (int i = 0; i < srvchall_len; i += 2)
{
const u8 p0 = srvchall_pos[i + 0];
const u8 p1 = srvchall_pos[i + 1];
*chall_ptr++ = hex_convert (p1) << 0
| hex_convert (p0) << 4;
}
/**
* handle client challenge encoding
*/
for (int i = 0; i < clichall_len; i += 2)
{
const u8 p0 = clichall_pos[i + 0];
const u8 p1 = clichall_pos[i + 1];
*chall_ptr++ = hex_convert (p1) << 0
| hex_convert (p0) << 4;
}
/**
* store data
*/
const bool parse_rc = generic_salt_decode (hashconfig, clichall_pos, clichall_len, (u8 *) salt->salt_buf, (int *) &salt->salt_len);
if (parse_rc == false) return (PARSER_SALT_LENGTH);
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
digest[2] = hex_to_u32 (hash_pos + 16);
digest[3] = hex_to_u32 (hash_pos + 24);
/* special case, last 8 byte do not need to be checked since they are brute-forced next */
u32 digest_tmp[2];
digest_tmp[0] = hex_to_u32 (hash_pos + 32);
digest_tmp[1] = hex_to_u32 (hash_pos + 40);
/* special case 2: ESS */
if (srvchall_len == 48)
{
if ((netntlm->chall_buf[2] == 0) && (netntlm->chall_buf[3] == 0) && (netntlm->chall_buf[4] == 0) && (netntlm->chall_buf[5] == 0))
{
u32 w[16] = { 0 };
w[ 0] = salt->salt_buf[0];
w[ 1] = salt->salt_buf[1];
w[ 2] = netntlm->chall_buf[0];
w[ 3] = netntlm->chall_buf[1];
w[ 4] = 0x80;
w[14] = 16 * 8;
u32 dgst[4] = { 0 };
dgst[0] = MD5M_A;
dgst[1] = MD5M_B;
dgst[2] = MD5M_C;
dgst[3] = MD5M_D;
md5_transform (w + 0, w + 4, w + 8, w + 12, dgst);
salt->salt_buf[0] = dgst[0];
salt->salt_buf[1] = dgst[1];
}
}
/* precompute netntlmv1 exploit start */
for (u32 i = 0; i < 0x10000; i++)
{
u32 key_md4[2] = { 0 };
u32 key_des[2] = { 0 };
key_md4[0] = i;
transform_netntlmv1_key ((const u8 *) key_md4, (u8 *) key_des);
u32 Kc[16] = { 0 };
u32 Kd[16] = { 0 };
_des_crypt_keysetup (key_des[0], key_des[1], Kc, Kd, (u32 (*)[64]) c_skb);
u32 data3[2] = { salt->salt_buf[0], salt->salt_buf[1] };
_des_crypt_encrypt (data3, data3, Kc, Kd, (u32 (*)[64]) c_SPtrans);
if (data3[0] != digest_tmp[0]) continue;
if (data3[1] != digest_tmp[1]) continue;
salt->salt_buf[2] = i;
salt->salt_len = 24;
break;
}
salt->salt_buf_pc[0] = digest_tmp[0];
salt->salt_buf_pc[1] = digest_tmp[1];
/* precompute netntlmv1 exploit stop */
DES_IP (digest[0], digest[1]);
DES_IP (digest[2], digest[3]);
digest[0] = rotr32 (digest[0], 29);
digest[1] = rotr32 (digest[1], 29);
digest[2] = rotr32 (digest[2], 29);
digest[3] = rotr32 (digest[3], 29);
DES_IP (salt->salt_buf[0], salt->salt_buf[1]);
salt->salt_buf[0] = rotl32 (salt->salt_buf[0], 3);
salt->salt_buf[1] = rotl32 (salt->salt_buf[1], 3);
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const u32 *digest = (const u32 *) digest_buf;
const netntlm_t *netntlm = (const netntlm_t *) esalt_buf;
// we can not change anything in the original buffer, otherwise destroying sorting
// therefore create some local buffer
u32 tmp[4];
tmp[0] = digest[0];
tmp[1] = digest[1];
tmp[2] = digest[2];
tmp[3] = digest[3];
tmp[0] = rotl32 (tmp[0], 29);
tmp[1] = rotl32 (tmp[1], 29);
tmp[2] = rotl32 (tmp[2], 29);
tmp[3] = rotl32 (tmp[3], 29);
DES_FP (tmp[1], tmp[0]);
DES_FP (tmp[3], tmp[2]);
u8 *out_buf = (u8 *) line_buf;
int out_len = 0;
u8 *ptr;
ptr = (u8 *) netntlm->userdomain_buf;
for (int i = 0; i < netntlm->user_len; i += 2)
{
out_buf[out_len++] = ptr[i];
}
out_buf[out_len++] = ':';
out_buf[out_len++] = ':';
ptr += netntlm->user_len;
for (int i = 0; i < netntlm->domain_len; i += 2)
{
out_buf[out_len++] = ptr[i];
}
out_buf[out_len++] = ':';
ptr = (u8 *) netntlm->chall_buf;
for (int i = 0; i < netntlm->srvchall_len; i++)
{
u8_to_hex (ptr[i], out_buf + out_len); out_len += 2;
}
out_buf[out_len++] = ':';
u32_to_hex (tmp[0], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[1], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[2], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[3], out_buf + out_len); out_len += 8;
u32_to_hex (salt->salt_buf_pc[0], out_buf + out_len); out_len += 8;
u32_to_hex (salt->salt_buf_pc[1], out_buf + out_len); out_len += 8;
out_buf[out_len++] = ':';
ptr += netntlm->srvchall_len;
for (int i = 0; i < netntlm->clichall_len; i++)
{
u8_to_hex (ptr[i], out_buf + out_len); out_len += 2;
}
return out_len;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 16; // Length of a NT hash
return pw_max;
}
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 16; // Length of a NT hash
return pw_min;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = module_jit_build_options;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = module_pw_min;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = MODULE_DEFAULT;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

388
src/modules/module_05610.c
Unescape View File

@ -0,0 +1,388 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "emu_inc_cipher_des.h"
#include "emu_inc_hash_md5.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 3;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 1;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
static const char *HASH_NAME = "NetNTLMv2 (NT)";
static const u64 KERN_TYPE = 5610;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_PT_ADD80
| OPTS_TYPE_PT_ADDBITS14
| OPTS_TYPE_PT_UTF16LE
| OPTS_TYPE_ST_HEX;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "\xb4\xb9\xb0\x2e\x6f\x09\xa9\xbd\x76\x0f\x38\x8b\x67\x35\x1e\x2b";
static const char *ST_HASH = "0UL5G37JOI0SX::6VB1IS0KA74:ebe1afa18b7fbfa6:aab8bf8675658dd2a939458a1077ba08:010100000000000031c8aa092510945398b9f7b7dde1a9fb00000000f7876f2b04b700";
typedef struct netntlm
{
int user_len;
int domain_len;
int srvchall_len;
int clichall_len;
u32 userdomain_buf[64];
u32 chall_buf[256];
} netntlm_t;
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (netntlm_t);
return esalt_size;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
netntlm_t *netntlm = (netntlm_t *) esalt_buf;
token_t token;
token.token_cnt = 6;
// username
token.len_min[0] = 0;
token.len_max[0] = 60;
token.sep[0] = ':';
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH;
// unused
token.len_min[1] = 0;
token.len_max[1] = 0;
token.sep[1] = ':';
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
// domain
token.len_min[2] = 0;
token.len_max[2] = 45;
token.sep[2] = ':';
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH;
// lm response
token.len_min[3] = 16;
token.len_max[3] = 16;
token.sep[3] = ':';
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// ntlm response
token.len_min[4] = 32;
token.len_max[4] = 32;
token.sep[4] = ':';
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// challenge
token.len_min[5] = 2;
token.len_max[5] = 1024;
token.sep[5] = ':';
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
const u8 *user_pos = token.buf[0];
const u8 *domain_pos = token.buf[2];
const u8 *srvchall_pos = token.buf[3];
const u8 *hash_pos = token.buf[4];
const u8 *clichall_pos = token.buf[5];
const int user_len = token.len[0];
const int domain_len = token.len[2];
const int srvchall_len = token.len[3];
const int clichall_len = token.len[5];
/**
* store some data for later use
*/
netntlm->user_len = user_len * 2;
netntlm->domain_len = domain_len * 2;
netntlm->srvchall_len = srvchall_len / 2;
netntlm->clichall_len = clichall_len / 2;
u8 *userdomain_ptr = (u8 *) netntlm->userdomain_buf;
u8 *chall_ptr = (u8 *) netntlm->chall_buf;
/**
* handle username and domainname
*/
for (int i = 0; i < user_len; i++)
{
*userdomain_ptr++ = toupper (user_pos[i]);
*userdomain_ptr++ = 0;
}
for (int i = 0; i < domain_len; i++)
{
*userdomain_ptr++ = domain_pos[i];
*userdomain_ptr++ = 0;
}
*userdomain_ptr++ = 0x80;
/**
* handle server challenge encoding
*/
for (int i = 0; i < srvchall_len; i += 2)
{
const u8 p0 = srvchall_pos[i + 0];
const u8 p1 = srvchall_pos[i + 1];
*chall_ptr++ = hex_convert (p1) << 0
| hex_convert (p0) << 4;
}
/**
* handle client challenge encoding
*/
for (int i = 0; i < clichall_len; i += 2)
{
const u8 p0 = clichall_pos[i + 0];
const u8 p1 = clichall_pos[i + 1];
*chall_ptr++ = hex_convert (p1) << 0
| hex_convert (p0) << 4;
}
*chall_ptr++ = 0x80;
/**
* handle hash itself
*/
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
digest[2] = hex_to_u32 (hash_pos + 16);
digest[3] = hex_to_u32 (hash_pos + 24);
/**
* reuse challange data as salt_buf, its the buffer that is most likely unique
*/
salt->salt_buf[0] = 0;
salt->salt_buf[1] = 0;
salt->salt_buf[2] = 0;
salt->salt_buf[3] = 0;
salt->salt_buf[4] = 0;
salt->salt_buf[5] = 0;
salt->salt_buf[6] = 0;
salt->salt_buf[7] = 0;
u32 *uptr;
uptr = (u32 *) netntlm->userdomain_buf;
for (u32 i = 0; i < 64; i += 16, uptr += 16)
{
md5_transform (uptr + 0, uptr + 4, uptr + 8, uptr + 12, salt->salt_buf);
}
uptr = (u32 *) netntlm->chall_buf;
for (u32 i = 0; i < 256; i += 16, uptr += 16)
{
md5_transform (uptr + 0, uptr + 4, uptr + 8, uptr + 12, salt->salt_buf);
}
salt->salt_len = 16;
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const u32 *digest = (const u32 *) digest_buf;
const netntlm_t *netntlm = (const netntlm_t *) esalt_buf;
// we can not change anything in the original buffer, otherwise destroying sorting
// therefore create some local buffer
u32 tmp[4];
tmp[0] = digest[0];
tmp[1] = digest[1];
tmp[2] = digest[2];
tmp[3] = digest[3];
u8 *out_buf = (u8 *) line_buf;
int out_len = 0;
u8 *ptr;
ptr = (u8 *) netntlm->userdomain_buf;
for (int i = 0; i < netntlm->user_len; i += 2)
{
out_buf[out_len++] = ptr[i];
}
out_buf[out_len++] = ':';
out_buf[out_len++] = ':';
ptr += netntlm->user_len;
for (int i = 0; i < netntlm->domain_len; i += 2)
{
out_buf[out_len++] = ptr[i];
}
out_buf[out_len++] = ':';
ptr = (u8 *) netntlm->chall_buf;
for (int i = 0; i < netntlm->srvchall_len; i++)
{
u8_to_hex (ptr[i], out_buf + out_len); out_len += 2;
}
out_buf[out_len++] = ':';
u32_to_hex (tmp[0], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[1], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[2], out_buf + out_len); out_len += 8;
u32_to_hex (tmp[3], out_buf + out_len); out_len += 8;
out_buf[out_len++] = ':';
ptr += netntlm->srvchall_len;
for (int i = 0; i < netntlm->clichall_len; i++)
{
u8_to_hex (ptr[i], out_buf + out_len); out_len += 2;
}
return out_len;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 16; // Length of a NT hash
return pw_max;
}
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 16; // Length of a NT hash
return pw_min;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = MODULE_DEFAULT;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = module_pw_min;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = MODULE_DEFAULT;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}
Write Preview
Loading…
Cancel
Save