arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Prepare migration -m 15800 into -m 2500

Browse Source
pull/1364/head
jsteube 7 years ago
parent dc9117f1b3
commit 617dbb97ba
16 changed files with 130 additions and 544 deletions
Show Stats Download Patch File Download Diff File

12
OpenCL/inc_types.cl
Unescape View File

@ -1191,7 +1191,7 @@ typedef struct pdf
typedef struct wpa
{
u32 pke[25];
u32 pke[32];
u32 eapol[64 + 16];
u16 eapol_len;
u8 message_pair;
@ -1556,16 +1556,6 @@ typedef struct wpapmk_tmp
} wpapmk_tmp_t;
typedef struct wpaaes_tmp
{
u32 ipad[8];
u32 opad[8];
u32 dgst[8];
u32 out[8];
} wpaaes_tmp_t;
typedef struct bitcoin_wallet_tmp
{
u64 dgst[8];

14
OpenCL/m02500.cl
Unescape View File

@ -262,13 +262,13 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
pke[22] = wpa->pke[22];
pke[23] = wpa->pke[23];
pke[24] = wpa->pke[24];
pke[25] = 0;
pke[26] = 0;
pke[27] = 0;
pke[28] = 0;
pke[29] = 0;
pke[30] = 0;
pke[31] = 0;
pke[25] = wpa->pke[25];
pke[26] = wpa->pke[26];
pke[27] = wpa->pke[27];
pke[28] = wpa->pke[28];
pke[29] = wpa->pke[29];
pke[30] = wpa->pke[30];
pke[31] = wpa->pke[31];
u32 to;

270
OpenCL/m15800.cl
Unescape View File

@ -1,270 +0,0 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_hash_sha256.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_vector (w0, w1, w2, w3, digest);
}
__kernel void m15800_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
/**
* base
*/
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
sha256_hmac_ctx_t sha256_hmac_ctx;
sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len);
tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0];
tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1];
tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2];
tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3];
tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4];
tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5];
tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6];
tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7];
tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0];
tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1];
tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2];
tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3];
tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4];
tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5];
tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6];
tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7];
sha256_hmac_update_global_swap (&sha256_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len);
for (u32 i = 0, j = 1; i < 8; i += 8, j += 1)
{
sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = j;
w0[1] = 0;
w0[2] = 0;
w0[3] = 0;
w1[0] = 0;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4);
sha256_hmac_final (&sha256_hmac_ctx2);
tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0];
tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1];
tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2];
tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3];
tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4];
tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5];
tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6];
tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7];
tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0];
tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1];
tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2];
tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3];
tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4];
tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5];
tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6];
tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7];
}
}
__kernel void m15800_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
const u64 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad, gid, 0);
ipad[1] = packv (tmps, ipad, gid, 1);
ipad[2] = packv (tmps, ipad, gid, 2);
ipad[3] = packv (tmps, ipad, gid, 3);
ipad[4] = packv (tmps, ipad, gid, 4);
ipad[5] = packv (tmps, ipad, gid, 5);
ipad[6] = packv (tmps, ipad, gid, 6);
ipad[7] = packv (tmps, ipad, gid, 7);
opad[0] = packv (tmps, opad, gid, 0);
opad[1] = packv (tmps, opad, gid, 1);
opad[2] = packv (tmps, opad, gid, 2);
opad[3] = packv (tmps, opad, gid, 3);
opad[4] = packv (tmps, opad, gid, 4);
opad[5] = packv (tmps, opad, gid, 5);
opad[6] = packv (tmps, opad, gid, 6);
opad[7] = packv (tmps, opad, gid, 7);
for (u32 i = 0; i < 8; i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst, gid, i + 0);
dgst[1] = packv (tmps, dgst, gid, i + 1);
dgst[2] = packv (tmps, dgst, gid, i + 2);
dgst[3] = packv (tmps, dgst, gid, i + 3);
dgst[4] = packv (tmps, dgst, gid, i + 4);
dgst[5] = packv (tmps, dgst, gid, i + 5);
dgst[6] = packv (tmps, dgst, gid, i + 6);
dgst[7] = packv (tmps, dgst, gid, i + 7);
out[0] = packv (tmps, out, gid, i + 0);
out[1] = packv (tmps, out, gid, i + 1);
out[2] = packv (tmps, out, gid, i + 2);
out[3] = packv (tmps, out, gid, i + 3);
out[4] = packv (tmps, out, gid, i + 4);
out[5] = packv (tmps, out, gid, i + 5);
out[6] = packv (tmps, out, gid, i + 6);
out[7] = packv (tmps, out, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst, gid, i + 0, dgst[0]);
unpackv (tmps, dgst, gid, i + 1, dgst[1]);
unpackv (tmps, dgst, gid, i + 2, dgst[2]);
unpackv (tmps, dgst, gid, i + 3, dgst[3]);
unpackv (tmps, dgst, gid, i + 4, dgst[4]);
unpackv (tmps, dgst, gid, i + 5, dgst[5]);
unpackv (tmps, dgst, gid, i + 6, dgst[6]);
unpackv (tmps, dgst, gid, i + 7, dgst[7]);
unpackv (tmps, out, gid, i + 0, out[0]);
unpackv (tmps, out, gid, i + 1, out[1]);
unpackv (tmps, out, gid, i + 2, out[2]);
unpackv (tmps, out, gid, i + 3, out[3]);
unpackv (tmps, out, gid, i + 4, out[4]);
unpackv (tmps, out, gid, i + 5, out[5]);
unpackv (tmps, out, gid, i + 6, out[6]);
unpackv (tmps, out, gid, i + 7, out[7]);
}
}
__kernel void m15800_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max)
{
const u64 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 out[8];
out[0] = tmps[gid].out[0];
out[1] = tmps[gid].out[1];
out[2] = tmps[gid].out[2];
out[3] = tmps[gid].out[3];
out[4] = tmps[gid].out[4];
out[5] = tmps[gid].out[5];
out[6] = tmps[gid].out[6];
out[7] = tmps[gid].out[7];
const u64 lid = get_local_id (0);
}

2
extra/tab_completion/hashcat.sh
Unescape View File

@ -176,7 +176,7 @@ _hashcat ()
{
local VERSION=3.6.0
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15800"
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700"
local ATTACK_MODES="0 1 3 6 7"
local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5"
local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"

13
include/interface.h
Unescape View File

@ -178,7 +178,7 @@ typedef struct pdf
typedef struct wpa
{
u32 pke[25];
u32 pke[32];
u32 eapol[64 + 16];
u16 eapol_len;
u8 message_pair;
@ -558,16 +558,6 @@ typedef struct wpapmk_tmp
} wpapmk_tmp_t;
typedef struct wpaaes_tmp
{
u32 ipad[8];
u32 opad[8];
u32 dgst[8];
u32 out[8];
} wpaaes_tmp_t;
typedef struct bitcoin_wallet_tmp
{
u64 dgst[8];
@ -1609,7 +1599,6 @@ typedef enum kern_type
KERN_TYPE_JKS_SHA1 = 15500,
KERN_TYPE_ETHEREUM_PBKDF2 = 15600,
KERN_TYPE_ETHEREUM_SCRYPT = 15700,
KERN_TYPE_WPAAES = 15800,
KERN_TYPE_PLAINTEXT = 99999,
} kern_type_t;

10
src/hashes.c
Unescape View File

@ -164,7 +164,7 @@ int save_hash (hashcat_ctx_t *hashcat_ctx)
if (hashconfig->opts_type & OPTS_TYPE_BINARY_HASHFILE)
{
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hccapx_t hccapx;
@ -466,7 +466,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
if (hashlist_mode == HL_MODE_ARG)
{
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hc_stat_t st;
@ -736,7 +736,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
int parser_status = PARSER_OK;
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hashlist_mode = HL_MODE_FILE;
@ -775,7 +775,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
{
memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501))
{
wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
@ -1559,7 +1559,7 @@ int hashes_init_selftest (hashcat_ctx_t *hashcat_ctx)
int parser_status;
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t));

138
src/interface.c
Unescape View File

@ -29,7 +29,6 @@ static char ST_PASS_HASHCAT_EXCL3[] = "hashcat!!!";
static char ST_PASS_HASHCAT_ONE[] = "hashcat1";
static char ST_PASS_HASHCAT_ONET3[] = "hashcat1hashcat1hashcat1";
static char ST_PASS_HEX_02501[] = "d57c2900bd83d5098003bf803ad7e204260a84ac164f12e03552d92280a6943e";
static char ST_PASS_BOSSPW_PLAIN[] = "bo$$password";
static char ST_PASS_BIN_09710[] = "\x91\xb2\xe0\x62\xb9";
static char ST_PASS_BIN_09810[] = "\xb8\xf6\x36\x19\xca";
static char ST_PASS_BIN_10410[] = "\x6a\x8a\xed\xcc\xb7";
@ -265,7 +264,6 @@ static char ST_HASH_15400[] = "$chacha20$*0400000000000003*35*0200000000000001*3
static char ST_HASH_15500[] = "$jksprivk$*338BD2FBEBA7B3EF198A4CBFC6E18AFF1E229367*5225850113575146134463704406336350011656*D5253EB151EB92DC73E542D8C0A4D7A848A5B0C0E370E625E6547D4E6F23416FC85A27BC295731B8021CDFBD003551C66C434FFBC87DACAD1FDF39022320034A2F86E779F2B1B3325428A666518FA89507AD63E15FD9C57B9E36EF5B642A2F448A9A3F09B79AD93D65F46B8692CD07539FD140146F8F219DC262971AF019E18EDC16C3C240569E1673F4D98BC818CCF28298D5A7BFF038A663DD10FE5E48643C3217C237D342164E2D41EF15075431FBD5B34800E5AE7EB80FAA5AE9982A55F35379AA7B31217E7F1C5F1964A15024A305AE4B3981FE1C80C163BC38ECA5581F11867E5C34C5D124D0367B3737E5E5BB14D2CAB26A698C8DAAB755C82BA6B823BCAECDD4A89C831651ACE5A6029FD0D3515C5D1D53AD8B9062CE8C445373862035CBBF60D490CA2E4975EE6E0358EC32E871FAB15347E3032E21F30F543BAAB01D779BA833CA0B8C7591B42C7C59A8FDD46D7DECEC0E91ADBF331177605E7830ABED62FAD7D5D806D8EFD01C38765940B7F97168FC72C39BF4C98F944FFC310CA8F4EB1D0F960F352CC5E2BB23A1EB221072A5471EDA2CE81C04595B8D37088CFB5C14F6A4A881AD12125DEFBB8154EB4C130AB7FD9933FD36DF1A6A26B51AB169866788678FCED988C8E017CA84354F487A5508210181AFB8B3AD0753E3E28BE674DFBD4E4FBDFD1E30D592F4EA3A77A2F0F5CF9A175DBC590EF5D42971A39918F12B92DCD8BFD56BE9A3459856B5587603C7B53062663A4C8894BBC9894FB1663BF30F32D907664328138B7A50EAC7F8E3183D74562A5C90FE1889AC4C5FE43EBEB8974563B6682F92591ECA4FA0DA72236C3851DA102DB6BA0CC07BFD32F7E962AB0EDCF4A8DEA6525174F5BB5C021E2A9A3F7F761E9CA90B6E27FB7E55CD91DA184FAC5E534E8AD25314C56CE5796506A0CA70881782F9C5147D87705065D68BD67D2B0344205BA6445D562273690004CA5A303274FB283A75F49BA968D7947943AA98F2AF9CB8253B425B86225E7395A331AC4CB1B1700C64D4F458D5D642C54148AE6DA41D9E26657D331B157D76042C2CF3057B83997C23D8BF68FB3C7337CAFB8B324AD0DF7A80B554B4D7F9AD6ED527E7932F1741A573C152A41610F6517E3F4A3BC6B66685871A7CE3795C559BD47CDB8E34CB2C1DFE980518D79E2078C258C54F312EB38609F640E7DC013E0F2A16A25BB5971882B4308D27930CA99FEC231AE927B62215A1B56098C362B7F20593953B29428681875070E84BF5B60BEA3948127151634123DA77C814AAD54CE10905763C8C19BC191C0C40458C809402E1957C4C05C4EAE27576B2D30593F7FDCC9A248DB5DB23CF2FA22A92C016090F611690BF0AB5B8B2866ED25F345EFE85DF3311C9E91C37CEE709CF16E7CB09D01BECD2961D094C02D42EC85BF47FAB1B67A13B9A1741C15F7156D57A71BFFABB03B71E69707913A5C136B3D69CE3F71ABFE376F0A21D723FFA2E60AC180689D3E8AF4348C9F555CD897387327FC8BA2B9C51A7298547E556A11A60441EF5331A1BFB847A3D23DD9F7C50E636A2C6309BC82E1A8852F5A8569B6D93*14*78D6A2424484CF5149932B7EA8BF*test";
static char ST_HASH_15600[] = "$ethereum$p*1024*38353131353831333338313138363430*a8b4dfe92687dbc0afeb5dae7863f18964241e96b264f09959903c8c924583fc*0a9252861d1e235994ce33dbca91c98231764d8ecb4950015a8ae20d6415b986";
static char ST_HASH_15700[] = "$ethereum$s*1024*1*1*3033363133373132373638333437323331383637383437333631373038323434*69eaf081695cf971ef7ee5a49997c1a3922e7efef59068109e83853755ee31c3*64a1adec1750ee4416b22b81111dd2a3c2fede820d6da8bf788dca2641d5b181";
static char ST_HASH_15800[] = "484350580400000000054e65686562000000000000000000000000000000000000000000000000000000032e13c40ca1c2e4e2037f99a2da18a46bb0b98a568dea0218c7b64ecef40c4f15915fbceb19c8d62608387eb6b986d9599a8bd70dc85d2cf0a2ddbcd06467233e730767c33e1df875c3ad0eb58a51ad704a3fae06b818c0c5fcebf3af79000203007502010b001000000000000000036467233e730767c33e1df875c3ad0eb58a51ad704a3fae06b818c0c5fcebf3af000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac068c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
static char ST_HASH_99999[] = "hashcat";
static const char OPTI_STR_OPTIMIZED_KERNEL[] = "Optimized-Kernel";
@ -497,7 +495,6 @@ static const char HT_15400[] = "ChaCha20";
static const char HT_15500[] = "JKS Java Key Store Private Keys (SHA1)";
static const char HT_15600[] = "Ethereum Wallet, PBKDF2-HMAC-SHA256";
static const char HT_15700[] = "Ethereum Wallet, SCRYPT";
static const char HT_15800[] = "WPA/WPA2 AES-CMAC";
static const char HT_99999[] = "Plaintext";
static const char HT_00011[] = "Joomla < 2.5.18";
@ -3271,6 +3268,8 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa_t *wpa = (wpa_t *) hash_buf->esalt;
memset (wpa, 0, sizeof (wpa_t));
hccapx_t in;
memcpy (&in, input_buf, input_len);
@ -3306,35 +3305,74 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa->essid_len = in.essid_len;
u8 *pke_ptr = (u8 *) wpa->pke;
wpa->keyver = in.keyver;
memcpy (pke_ptr, "Pairwise key expansion", 23);
u8 *pke_ptr = (u8 *) wpa->pke;
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
if ((wpa->keyver == 1) || (wpa->keyver == 2))
{
memcpy (pke_ptr + 23, in.mac_ap, 6);
memcpy (pke_ptr + 29, in.mac_sta, 6);
}
else
{
memcpy (pke_ptr + 23, in.mac_sta, 6);
memcpy (pke_ptr + 29, in.mac_ap, 6);
}
memcpy (pke_ptr, "Pairwise key expansion", 23);
wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
{
memcpy (pke_ptr + 23, in.mac_ap, 6);
memcpy (pke_ptr + 29, in.mac_sta, 6);
}
else
{
memcpy (pke_ptr + 23, in.mac_sta, 6);
memcpy (pke_ptr + 29, in.mac_ap, 6);
}
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 35, in.nonce_ap, 32);
memcpy (pke_ptr + 67, in.nonce_sta, 32);
wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 35, in.nonce_ap, 32);
memcpy (pke_ptr + 67, in.nonce_sta, 32);
}
else
{
memcpy (pke_ptr + 35, in.nonce_sta, 32);
memcpy (pke_ptr + 67, in.nonce_ap, 32);
}
}
else
else if (wpa->keyver == 3)
{
memcpy (pke_ptr + 35, in.nonce_sta, 32);
memcpy (pke_ptr + 67, in.nonce_ap, 32);
pke_ptr[0] = 1;
pke_ptr[1] = 0;
memcpy (pke_ptr + 2, "Pairwise key expansion", 22);
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
{
memcpy (pke_ptr + 24, in.mac_ap, 6);
memcpy (pke_ptr + 30, in.mac_sta, 6);
}
else
{
memcpy (pke_ptr + 24, in.mac_sta, 6);
memcpy (pke_ptr + 30, in.mac_ap, 6);
}
wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32);
if (wpa->nonce_compare < 0)
{
memcpy (pke_ptr + 36, in.nonce_ap, 32);
memcpy (pke_ptr + 68, in.nonce_sta, 32);
}
else
{
memcpy (pke_ptr + 36, in.nonce_sta, 32);
memcpy (pke_ptr + 68, in.nonce_ap, 32);
}
pke_ptr[100] = 0x80;
pke_ptr[101] = 1;
}
for (int i = 0; i < 25; i++)
for (int i = 0; i < 32; i++)
{
wpa->pke[i] = byte_swap_32 (wpa->pke[i]);
}
@ -3355,16 +3393,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa->message_pair = message_pair_orig;
wpa->keyver = in.keyver;
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
if ((wpa->keyver != 1) && (wpa->keyver != 2)) return (PARSER_SALT_VALUE);
}
else if (hashconfig->hash_mode == 15800)
{
if (wpa->keyver != 3) return (PARSER_SALT_VALUE);
}
if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE);
wpa->eapol_len = in.eapol_len;
@ -3372,15 +3401,13 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
memcpy (eapol_ptr, in.eapol, wpa->eapol_len);
memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len);
eapol_ptr[wpa->eapol_len] = 0x80;
if (wpa->keyver == 1)
{
// nothing to do
}
else
else if (wpa->keyver == 2)
{
wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]);
wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]);
@ -3392,6 +3419,10 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]);
}
}
else if (wpa->keyver == 3)
{
// nothing to do
}
// Create a hash of the nonce as ESSID is not unique enough
// Not a regular MD5 but good enough
@ -3418,7 +3449,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
md5_64 (block, hash);
for (int i = 0; i < 9; i++) block[i] = wpa->pke[i + 16];
for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16];
md5_64 (block, hash);
@ -16074,7 +16105,6 @@ char *strhashtype (const u32 hash_mode)
case 15500: return ((char *) HT_15500);
case 15600: return ((char *) HT_15600);
case 15700: return ((char *) HT_15700);
case 15800: return ((char *) HT_15800);
case 99999: return ((char *) HT_99999);
}
@ -16960,7 +16990,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
out_buf[16] = 0;
}
else if ((hash_mode == 2500) || (hash_mode == 2501) || (hash_mode == 15800))
else if ((hash_mode == 2500) || (hash_mode == 2501))
{
wpa_t *wpas = (wpa_t *) esalts_buf;
@ -24316,24 +24346,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
break;
case 15800: hashconfig->hash_type = HASH_TYPE_WPA;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_BINARY_HASHFILE;
hashconfig->kern_type = KERN_TYPE_WPAAES;
hashconfig->dgst_size = DGST_SIZE_4_4;
hashconfig->parse_func = wpa_parse_hash;
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
hashconfig->dgst_pos0 = 0;
hashconfig->dgst_pos1 = 1;
hashconfig->dgst_pos2 = 2;
hashconfig->dgst_pos3 = 3;
hashconfig->st_hash = ST_HASH_15800;
hashconfig->st_pass = ST_PASS_BOSSPW_PLAIN;
break;
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
hashconfig->salt_type = SALT_TYPE_NONE;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
@ -24541,7 +24553,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 15500: hashconfig->esalt_size = sizeof (jks_sha1_t); break;
case 15600: hashconfig->esalt_size = sizeof (ethereum_pbkdf2_t); break;
case 15700: hashconfig->esalt_size = sizeof (ethereum_scrypt_t); break;
case 15800: hashconfig->esalt_size = sizeof (wpa_t); break;
}
// hook_salt_size
@ -24648,7 +24659,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 15200: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break;
case 15300: hashconfig->tmp_size = sizeof (dpapimk_tmp_t); break;
case 15600: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
case 15800: hashconfig->tmp_size = sizeof (wpaaes_tmp_t); break;
};
// hook_size
@ -24680,7 +24690,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 14100: hashconfig->pw_min = 24; break; // 3DES fixed
case 14900: hashconfig->pw_min = 10; break; // Skip32 fixed
case 15400: hashconfig->pw_min = 32; break; // ChaCha20 fixed
case 15800: hashconfig->pw_min = 8; break; // WPA min RFC
}
// pw_max : some algo suffer from support for long passwords,
@ -24887,7 +24896,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 15400: hashconfig->pw_max = 32; break; // Underlaying ChaCha20 fixed
case 15600: hashconfig->pw_max = PW_MAX; break;
case 15700: hashconfig->pw_max = PW_MAX; break;
case 15800: hashconfig->pw_max = 63; break; // WPA/WPA2 limits itself to 63 by RFC
}
// salt_min and salt_max : this limit is only interessting for generic hash types that support a salt
@ -25257,8 +25265,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
salt->scrypt_r = 1;
salt->scrypt_p = 8;
break;
case 15800: memcpy (salt->salt_buf, "hashcat.net", 11);
break;
}
// special esalt handling
@ -25328,8 +25334,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 15300: ((dpapimk_t *) esalt)->version = 1;
break;
case 15800: ((wpa_t *) esalt)->eapol_len = 128;
break;
}
// special hook salt handling
@ -25532,8 +25536,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 15700: salt->salt_iter = 1;
break;
case 15800: salt->salt_iter = ROUNDS_WPA;
break;
}
}
@ -25563,8 +25565,6 @@ const char *hashconfig_benchmark_mask (hashcat_ctx_t *hashcat_ctx)
break;
case 14900: mask = "?b?b?b?b?bxxxxx";
break;
case 15800: mask = "?a?a?a?a?a?a?a?a";
break;
default: mask = "?b?b?b?b?b?b?b";
break;
}

2
src/opencl.c
Unescape View File

@ -1351,7 +1351,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param,
{
u32 loops_cnt = 1;
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
loops_cnt = hashes->salts_buf[salt_pos].digests_cnt;
}

4
src/outfile_check.c
Unescape View File

@ -179,7 +179,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx)
int parser_status = PARSER_OK;
if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800) && (hash_mode != 15800))
if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800))
{
parser_status = hashconfig->parse_func ((u8 *) line_buf, line_len - 1, &hash_buf, hashconfig);
}
@ -209,7 +209,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx)
cracked = (memcmp (line_buf, salt_buf->salt_buf, salt_buf->salt_len) == 0);
}
}
else if ((hash_mode == 2500) || (hash_mode == 2501) || (hash_mode == 15800))
else if ((hash_mode == 2500) || (hash_mode == 2501))
{
// this comparison is a bit inaccurate as we compare only ESSID
// call it a bug, but it's good enough for a special case used in a special case

2
src/potfile.c
Unescape View File

@ -450,7 +450,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx)
found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt);
}
}
else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
// here we have in line_hash_buf: hash:macap:macsta:essid:password

2
src/selftest.c
Unescape View File

@ -411,7 +411,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param
if (CL_rc == -1) return -1;
}
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
device_param->kernel_params_buf32[28] = 0;
device_param->kernel_params_buf32[29] = 1;

2
src/status.c
Unescape View File

@ -253,7 +253,7 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
if (hashes->digests_cnt == 1)
{
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800))
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY);

1
src/usage.c
Unescape View File

@ -188,7 +188,6 @@ static const char *USAGE_BIG[] =
" 23 | Skype | Network Protocols",
" 2500 | WPA/WPA2 | Network Protocols",
" 2501 | WPA/WPA2 PMK | Network Protocols",
" 15800 | WPA/WPA2 AES-CMAC | Network Protocols",
" 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols",
" 5300 | IKE-PSK MD5 | Network Protocols",
" 5400 | IKE-PSK SHA1 | Network Protocols",

1
src/user_options.c
Unescape View File

@ -509,7 +509,6 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx)
{
if ((user_options->hash_mode == 2500)
|| (user_options->hash_mode == 2501)
|| (user_options->hash_mode == 15800)
|| (user_options->hash_mode == 5200)
|| ((user_options->hash_mode >= 6200) && (user_options->hash_mode <= 6299))
|| ((user_options->hash_mode >= 13700) && (user_options->hash_mode <= 13799))

167
tools/test.pl
Unescape View File

@ -49,11 +49,11 @@ my $hashcat = "./hashcat";
my $MAX_LEN = 55;
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15800, 99999);
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 99999);
my %is_utf16le = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800);
my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 3200 6300 7400 10500 10700);
my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000 15800);
my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000);
my @lotus_magic_table =
(
@ -1668,7 +1668,7 @@ sub verify
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
}
# WPA/WPA2
elsif (($mode == 2500) || ($mode == 15800))
elsif ($mode == 2500)
{
print "ERROR: verify currently not supported for WPA/WPA2 (because of hashcat's output format)\n";
@ -3356,7 +3356,7 @@ sub passthrough
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, $salt_len));
}
elsif (($mode == 2500) || ($mode == 15800))
elsif ($mode == 2500)
{
next if length ($word_buf) < 8;
@ -3941,7 +3941,7 @@ sub single
}
}
}
elsif (($mode == 2500) || ($mode == 15800))
elsif ($mode == 2500)
{
my $salt_len = get_random_num (0, 32);
@ -5338,7 +5338,7 @@ sub gen_hash
$snonce = randbytes (32);
$anonce = randbytes (32);
$keyver = get_random_num (1, 3); # 1 or 2
$keyver = get_random_num (1, 4); # 1, 2 or 3
# eapol:
# should be "validly" generated, but in theory could be anything for us also:
@ -5379,7 +5379,7 @@ sub gen_hash
# Pairwise Transient Key (PTK) transformation
my $ptk = wpa_prf_512 ($pmk, $stmac, $bssid, $snonce, $anonce);
my $ptk = wpa_prf_512 ($keyver, $pmk, $stmac, $bssid, $snonce, $anonce);
# generate the Message Integrity Code (MIC)
@ -5393,6 +5393,14 @@ sub gen_hash
{
$mic = hmac ($eapol, $ptk, \&sha1);
}
elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC
{
my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael');
$omac1->add ($eapol);
$mic = $omac1->digest;
}
$mic = substr ($mic, 0, 16);
@ -8884,130 +8892,6 @@ END_CODE
$tmp_hash = sprintf ("\$ethereum\$s*%i*%i*%i*%s*%s*%s", $scrypt_N, $scrypt_r, $scrypt_p, unpack ("H*", $salt_buf), unpack ("H*", $ciphertext), $hash_buf);
}
elsif ($mode == 15800)
{
my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_len, $essid_len);
if (! defined ($additional_param))
{
# random stuff
$bssid = randbytes (6);
$stmac = randbytes (6);
$snonce = randbytes (32);
$anonce = randbytes (32);
$keyver = 3;
# eapol:
# should be "validly" generated, but in theory could be anything for us also:
# $eapol = "\x00" x 121; # works too, but let's generate it correctly
$eapol = gen_random_wpa_eapol ($keyver, $snonce);
}
else
{
$bssid = $additional_param;
$stmac = $additional_param2;
$snonce = $additional_param3;
$anonce = $additional_param4;
$keyver = $additional_param5;
$eapol = $additional_param6;
}
$eapol_len = length ($eapol);
# constants
my $iterations = 4096;
#
# START
#
# generate the Pairwise Master Key (PMK)
my $pbkdf2 = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
iterations => $iterations,
output_len => 32
);
my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf);
# Pairwise Transient Key (PTK) transformation
my $ptk = wpa_prf_512 ($pmk, $stmac, $bssid, $snonce, $anonce);
# generate the Message Integrity Code (MIC)
my $mic = "";
if ($keyver == 3)
{
## untested
my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael');
$omac1->add ($eapol);
$mic = $omac1->digest;
}
$mic = substr ($mic, 0, 16);
#
# format the binary output
#
my $HCCAPX_VERSION = 4;
# signature
$hash_buf = "HCPX";
# format version
$hash_buf .= pack ("L<", $HCCAPX_VERSION);
# authenticated
$hash_buf .= pack ("C", 0);
# essid length
$essid_len = length ($salt_buf);
$hash_buf .= pack ("C", $essid_len);
# essid (NULL-padded up to the first 32 bytes)
$hash_buf .= $salt_buf;
$hash_buf .= "\x00" x (32 - $essid_len);
# key version
$hash_buf .= pack ("C", $keyver);
# key mic
$hash_buf .= $mic;
# access point MAC
$hash_buf .= $bssid;
# access point nonce
$hash_buf .= $snonce;
# client MAC
$hash_buf .= $stmac;
# client nonce
$hash_buf .= $anonce;
# eapol length
$hash_buf .= pack ("S<", $eapol_len);
# eapol
$hash_buf .= $eapol;
$hash_buf .= "\x00" x (256 - $eapol_len);
# base64 encode the output
$tmp_hash = encode_base64 ($hash_buf, "");
}
elsif ($mode == 99999)
{
$tmp_hash = sprintf ("%s", $word_buf);
@ -11313,6 +11197,7 @@ sub gen_random_wpa_eapol
sub wpa_prf_512
{
my $keyver = shift;
my $pmk = shift;
my $stmac = shift;
my $bssid = shift;
@ -11321,7 +11206,10 @@ sub wpa_prf_512
my $data = "Pairwise key expansion";
$data .= "\x00";
if (($keyver == 1) || ($keyver == 2))
{
$data .= "\x00";
}
#
# Min(AA, SPA) || Max(AA, SPA)
@ -11357,9 +11245,20 @@ sub wpa_prf_512
$data .= $snonce;
}
$data .= "\x00";
my $prf_buf;
if (($keyver == 1) || ($keyver == 2))
{
$data .= "\x00";
$prf_buf = hmac ($data, $pmk, \&sha1);
}
else
{
my $data3 = "\x01\x00" . $data . "\x80\x01";
my $prf_buf = hmac ($data, $pmk, \&sha1);
$prf_buf = hmac ($data3, $pmk, \&sha256);
}
$prf_buf = substr ($prf_buf, 0, 16);

34
tools/test.sh
Unescape View File

@ -9,20 +9,20 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# missing hash types: 5200,6251,6261,6271,6281
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15800 99999"
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 99999"
#ATTACK_MODES="0 1 3 6 7"
ATTACK_MODES="0 1 3 7"
VECTOR_WIDTHS="1 2 4 8 16"
MATCH_PASS_ONLY="2500 5300 5400 6600 6800 8200 15800"
MATCH_PASS_ONLY="2500 5300 5400 6600 6800 8200"
HASHFILE_ONLY="2500 15800"
HASHFILE_ONLY="2500"
NEVER_CRACK="11600 14900"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300 15600 15700 15800"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300 15600 15700"
OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable --weak-hash-threshold=0"
@ -256,8 +256,6 @@ function init()
elif [ "${hash_type}" -eq 15400 ]; then
min=0
min_offset=3
elif [ "${hash_type}" -eq 15800 ]; then
min_len=7
fi
# foreach password entry split password in 2 (skip first entry, is len 1)
@ -312,8 +310,6 @@ function init()
min_len=9
elif [ "${hash_type}" -eq 15400 ]; then
min_len=31
elif [ "${hash_type}" -eq 15800 ]; then
min_len=7
fi
# generate multiple pass/hash foreach len (2 to 8)
@ -728,8 +724,6 @@ function attack_1()
offset=7
elif [ ${hash_type} -eq 8500 ]; then
offset=7
elif [ ${hash_type} -eq 15800 ]; then
offset=7
fi
hash_file=${OUTD}/${hash_type}_multihash_combi.txt
@ -859,9 +853,6 @@ function attack_3()
elif [ "${hash_type}" -eq 15400 ]; then
mask_offset=3
max=1
elif [ "${hash_type}" -eq 15800 ]; then
mask_offset=7
max=7
fi
# special case: we need to split the first line
@ -921,7 +912,7 @@ function attack_3()
# modify "default" mask if needed (and set custom charset to reduce keyspace)
if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then
if [ "${hash_type}" -eq 2500 ]; then
pass=$(sed -n ${i}p ${dict})
@ -1034,9 +1025,6 @@ function attack_3()
if [ "${hash_type}" -eq 2500 ]; then
increment_min=8
increment_max=9
elif [ "${hash_type}" -eq 15800 ]; then
increment_min=8
increment_max=9
fi
hash_file=${OUTD}/${hash_type}_multihash_bruteforce.txt
@ -1071,7 +1059,7 @@ function attack_3()
# modify "default" mask if needed (and set custom charset to reduce keyspace)
if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then
if [ "${hash_type}" -eq 2500 ]; then
mask="?d?d?d?d?d?1?2?3?4"
@ -1257,8 +1245,6 @@ function attack_6()
min=0
max=1
mask_offset=29
elif [ "${hash_type}" -eq 15800 ]; then
max=6
fi
# special case: we need to split the first line
@ -1430,8 +1416,6 @@ function attack_6()
max=8
elif [ ${hash_type} -eq 8500 ]; then
max=8
elif [ ${hash_type} -eq 15800 ]; then
max=5
fi
if ! contains ${hash_type} ${TIMEOUT_ALGOS}; then
@ -1574,8 +1558,6 @@ function attack_7()
mask_offset=3
min=0
max=1
elif [ "${hash_type}" -eq 15800 ]; then
max=5
fi
# special case: we need to split the first line
@ -1632,7 +1614,7 @@ function attack_7()
# adjust mask if needed
if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then
if [ "${hash_type}" -eq 2500 ]; then
line_nr=1
@ -1772,8 +1754,6 @@ function attack_7()
max=5
elif [ ${hash_type} -eq 15400 ]; then
max=5
elif [ ${hash_type} -eq 15800 ]; then
max=5
fi
if ! contains ${hash_type} ${TIMEOUT_ALGOS}; then

Write Preview
Loading…
Cancel
Save