diff --git a/OpenCL/inc_types.cl b/OpenCL/inc_types.cl index ee5cf31b6..29b5ecc2d 100644 --- a/OpenCL/inc_types.cl +++ b/OpenCL/inc_types.cl @@ -1191,7 +1191,7 @@ typedef struct pdf typedef struct wpa { - u32 pke[25]; + u32 pke[32]; u32 eapol[64 + 16]; u16 eapol_len; u8 message_pair; @@ -1556,16 +1556,6 @@ typedef struct wpapmk_tmp } wpapmk_tmp_t; -typedef struct wpaaes_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[8]; - u32 out[8]; - -} wpaaes_tmp_t; - typedef struct bitcoin_wallet_tmp { u64 dgst[8]; diff --git a/OpenCL/m02500.cl b/OpenCL/m02500.cl index b264b4737..afcf645fe 100644 --- a/OpenCL/m02500.cl +++ b/OpenCL/m02500.cl @@ -262,13 +262,13 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul pke[22] = wpa->pke[22]; pke[23] = wpa->pke[23]; pke[24] = wpa->pke[24]; - pke[25] = 0; - pke[26] = 0; - pke[27] = 0; - pke[28] = 0; - pke[29] = 0; - pke[30] = 0; - pke[31] = 0; + pke[25] = wpa->pke[25]; + pke[26] = wpa->pke[26]; + pke[27] = wpa->pke[27]; + pke[28] = wpa->pke[28]; + pke[29] = wpa->pke[29]; + pke[30] = wpa->pke[30]; + pke[31] = wpa->pke[31]; u32 to; diff --git a/OpenCL/m15800.cl b/OpenCL/m15800.cl deleted file mode 100644 index 60b2bf661..000000000 --- a/OpenCL/m15800.cl +++ /dev/null @@ -1,270 +0,0 @@ -/** - * Author......: See docs/credits.txt - * License.....: MIT - */ - -#define NEW_SIMD_CODE - -#include "inc_vendor.cl" -#include "inc_hash_constants.h" -#include "inc_hash_functions.cl" -#include "inc_types.cl" -#include "inc_common.cl" -#include "inc_simd.cl" -#include "inc_hash_sha256.cl" - -#define COMPARE_S "inc_comp_single.cl" -#define COMPARE_M "inc_comp_multi.cl" - -void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8]) -{ - digest[0] = ipad[0]; - digest[1] = ipad[1]; - digest[2] = ipad[2]; - digest[3] = ipad[3]; - digest[4] = ipad[4]; - digest[5] = ipad[5]; - digest[6] = ipad[6]; - digest[7] = ipad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - digest[0] = opad[0]; - digest[1] = opad[1]; - digest[2] = opad[2]; - digest[3] = opad[3]; - digest[4] = opad[4]; - digest[5] = opad[5]; - digest[6] = opad[6]; - digest[7] = opad[7]; - - sha256_transform_vector (w0, w1, w2, w3, digest); -} - -__kernel void m15800_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max) -{ - /** - * base - */ - - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - sha256_hmac_ctx_t sha256_hmac_ctx; - - sha256_hmac_init_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); - - tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; - tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; - tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; - tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; - tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; - tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; - tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; - tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; - - tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; - tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; - tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; - tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; - tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; - tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; - tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; - tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; - - sha256_hmac_update_global_swap (&sha256_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); - - for (u32 i = 0, j = 1; i < 8; i += 8, j += 1) - { - sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; - - u32 w0[4]; - u32 w1[4]; - u32 w2[4]; - u32 w3[4]; - - w0[0] = j; - w0[1] = 0; - w0[2] = 0; - w0[3] = 0; - w1[0] = 0; - w1[1] = 0; - w1[2] = 0; - w1[3] = 0; - w2[0] = 0; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = 0; - - sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); - - sha256_hmac_final (&sha256_hmac_ctx2); - - tmps[gid].dgst[i + 0] = sha256_hmac_ctx2.opad.h[0]; - tmps[gid].dgst[i + 1] = sha256_hmac_ctx2.opad.h[1]; - tmps[gid].dgst[i + 2] = sha256_hmac_ctx2.opad.h[2]; - tmps[gid].dgst[i + 3] = sha256_hmac_ctx2.opad.h[3]; - tmps[gid].dgst[i + 4] = sha256_hmac_ctx2.opad.h[4]; - tmps[gid].dgst[i + 5] = sha256_hmac_ctx2.opad.h[5]; - tmps[gid].dgst[i + 6] = sha256_hmac_ctx2.opad.h[6]; - tmps[gid].dgst[i + 7] = sha256_hmac_ctx2.opad.h[7]; - - tmps[gid].out[i + 0] = tmps[gid].dgst[i + 0]; - tmps[gid].out[i + 1] = tmps[gid].dgst[i + 1]; - tmps[gid].out[i + 2] = tmps[gid].dgst[i + 2]; - tmps[gid].out[i + 3] = tmps[gid].dgst[i + 3]; - tmps[gid].out[i + 4] = tmps[gid].dgst[i + 4]; - tmps[gid].out[i + 5] = tmps[gid].dgst[i + 5]; - tmps[gid].out[i + 6] = tmps[gid].dgst[i + 6]; - tmps[gid].out[i + 7] = tmps[gid].dgst[i + 7]; - } -} - -__kernel void m15800_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max) -{ - const u64 gid = get_global_id (0); - - if ((gid * VECT_SIZE) >= gid_max) return; - - u32x ipad[8]; - u32x opad[8]; - - ipad[0] = packv (tmps, ipad, gid, 0); - ipad[1] = packv (tmps, ipad, gid, 1); - ipad[2] = packv (tmps, ipad, gid, 2); - ipad[3] = packv (tmps, ipad, gid, 3); - ipad[4] = packv (tmps, ipad, gid, 4); - ipad[5] = packv (tmps, ipad, gid, 5); - ipad[6] = packv (tmps, ipad, gid, 6); - ipad[7] = packv (tmps, ipad, gid, 7); - - opad[0] = packv (tmps, opad, gid, 0); - opad[1] = packv (tmps, opad, gid, 1); - opad[2] = packv (tmps, opad, gid, 2); - opad[3] = packv (tmps, opad, gid, 3); - opad[4] = packv (tmps, opad, gid, 4); - opad[5] = packv (tmps, opad, gid, 5); - opad[6] = packv (tmps, opad, gid, 6); - opad[7] = packv (tmps, opad, gid, 7); - - for (u32 i = 0; i < 8; i += 8) - { - u32x dgst[8]; - u32x out[8]; - - dgst[0] = packv (tmps, dgst, gid, i + 0); - dgst[1] = packv (tmps, dgst, gid, i + 1); - dgst[2] = packv (tmps, dgst, gid, i + 2); - dgst[3] = packv (tmps, dgst, gid, i + 3); - dgst[4] = packv (tmps, dgst, gid, i + 4); - dgst[5] = packv (tmps, dgst, gid, i + 5); - dgst[6] = packv (tmps, dgst, gid, i + 6); - dgst[7] = packv (tmps, dgst, gid, i + 7); - - out[0] = packv (tmps, out, gid, i + 0); - out[1] = packv (tmps, out, gid, i + 1); - out[2] = packv (tmps, out, gid, i + 2); - out[3] = packv (tmps, out, gid, i + 3); - out[4] = packv (tmps, out, gid, i + 4); - out[5] = packv (tmps, out, gid, i + 5); - out[6] = packv (tmps, out, gid, i + 6); - out[7] = packv (tmps, out, gid, i + 7); - - for (u32 j = 0; j < loop_cnt; j++) - { - u32x w0[4]; - u32x w1[4]; - u32x w2[4]; - u32x w3[4]; - - w0[0] = dgst[0]; - w0[1] = dgst[1]; - w0[2] = dgst[2]; - w0[3] = dgst[3]; - w1[0] = dgst[4]; - w1[1] = dgst[5]; - w1[2] = dgst[6]; - w1[3] = dgst[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); - - out[0] ^= dgst[0]; - out[1] ^= dgst[1]; - out[2] ^= dgst[2]; - out[3] ^= dgst[3]; - out[4] ^= dgst[4]; - out[5] ^= dgst[5]; - out[6] ^= dgst[6]; - out[7] ^= dgst[7]; - } - - unpackv (tmps, dgst, gid, i + 0, dgst[0]); - unpackv (tmps, dgst, gid, i + 1, dgst[1]); - unpackv (tmps, dgst, gid, i + 2, dgst[2]); - unpackv (tmps, dgst, gid, i + 3, dgst[3]); - unpackv (tmps, dgst, gid, i + 4, dgst[4]); - unpackv (tmps, dgst, gid, i + 5, dgst[5]); - unpackv (tmps, dgst, gid, i + 6, dgst[6]); - unpackv (tmps, dgst, gid, i + 7, dgst[7]); - - unpackv (tmps, out, gid, i + 0, out[0]); - unpackv (tmps, out, gid, i + 1, out[1]); - unpackv (tmps, out, gid, i + 2, out[2]); - unpackv (tmps, out, gid, i + 3, out[3]); - unpackv (tmps, out, gid, i + 4, out[4]); - unpackv (tmps, out, gid, i + 5, out[5]); - unpackv (tmps, out, gid, i + 6, out[6]); - unpackv (tmps, out, gid, i + 7, out[7]); - } -} - -__kernel void m15800_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpaaes_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u64 gid_max) -{ - const u64 gid = get_global_id (0); - - if (gid >= gid_max) return; - - u32 out[8]; - - out[0] = tmps[gid].out[0]; - out[1] = tmps[gid].out[1]; - out[2] = tmps[gid].out[2]; - out[3] = tmps[gid].out[3]; - out[4] = tmps[gid].out[4]; - out[5] = tmps[gid].out[5]; - out[6] = tmps[gid].out[6]; - out[7] = tmps[gid].out[7]; - - const u64 lid = get_local_id (0); - -} diff --git a/extra/tab_completion/hashcat.sh b/extra/tab_completion/hashcat.sh index 636eb9b44..e321fafb8 100644 --- a/extra/tab_completion/hashcat.sh +++ b/extra/tab_completion/hashcat.sh @@ -176,7 +176,7 @@ _hashcat () { local VERSION=3.6.0 - local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15800" + local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700" local ATTACK_MODES="0 1 3 6 7" local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5" local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15" diff --git a/include/interface.h b/include/interface.h index ed91ea899..6a4038d65 100644 --- a/include/interface.h +++ b/include/interface.h @@ -178,7 +178,7 @@ typedef struct pdf typedef struct wpa { - u32 pke[25]; + u32 pke[32]; u32 eapol[64 + 16]; u16 eapol_len; u8 message_pair; @@ -558,16 +558,6 @@ typedef struct wpapmk_tmp } wpapmk_tmp_t; -typedef struct wpaaes_tmp -{ - u32 ipad[8]; - u32 opad[8]; - - u32 dgst[8]; - u32 out[8]; - -} wpaaes_tmp_t; - typedef struct bitcoin_wallet_tmp { u64 dgst[8]; @@ -1609,7 +1599,6 @@ typedef enum kern_type KERN_TYPE_JKS_SHA1 = 15500, KERN_TYPE_ETHEREUM_PBKDF2 = 15600, KERN_TYPE_ETHEREUM_SCRYPT = 15700, - KERN_TYPE_WPAAES = 15800, KERN_TYPE_PLAINTEXT = 99999, } kern_type_t; diff --git a/src/hashes.c b/src/hashes.c index c83b81ae9..7d6a3673c 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -164,7 +164,7 @@ int save_hash (hashcat_ctx_t *hashcat_ctx) if (hashconfig->opts_type & OPTS_TYPE_BINARY_HASHFILE) { - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hccapx_t hccapx; @@ -466,7 +466,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) if (hashlist_mode == HL_MODE_ARG) { - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hc_stat_t st; @@ -736,7 +736,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) int parser_status = PARSER_OK; - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { hashlist_mode = HL_MODE_FILE; @@ -775,7 +775,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) { memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size); - if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501)) { wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt; @@ -1559,7 +1559,7 @@ int hashes_init_selftest (hashcat_ctx_t *hashcat_ctx) int parser_status; - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t)); diff --git a/src/interface.c b/src/interface.c index 569514dc7..9a2dc5cd9 100644 --- a/src/interface.c +++ b/src/interface.c @@ -29,7 +29,6 @@ static char ST_PASS_HASHCAT_EXCL3[] = "hashcat!!!"; static char ST_PASS_HASHCAT_ONE[] = "hashcat1"; static char ST_PASS_HASHCAT_ONET3[] = "hashcat1hashcat1hashcat1"; static char ST_PASS_HEX_02501[] = "d57c2900bd83d5098003bf803ad7e204260a84ac164f12e03552d92280a6943e"; -static char ST_PASS_BOSSPW_PLAIN[] = "bo$$password"; static char ST_PASS_BIN_09710[] = "\x91\xb2\xe0\x62\xb9"; static char ST_PASS_BIN_09810[] = "\xb8\xf6\x36\x19\xca"; static char ST_PASS_BIN_10410[] = "\x6a\x8a\xed\xcc\xb7"; @@ -265,7 +264,6 @@ static char ST_HASH_15400[] = "$chacha20$*0400000000000003*35*0200000000000001*3 static char ST_HASH_15500[] = "$jksprivk$*338BD2FBEBA7B3EF198A4CBFC6E18AFF1E229367*5225850113575146134463704406336350011656*D5253EB151EB92DC73E542D8C0A4D7A848A5B0C0E370E625E6547D4E6F23416FC85A27BC295731B8021CDFBD003551C66C434FFBC87DACAD1FDF39022320034A2F86E779F2B1B3325428A666518FA89507AD63E15FD9C57B9E36EF5B642A2F448A9A3F09B79AD93D65F46B8692CD07539FD140146F8F219DC262971AF019E18EDC16C3C240569E1673F4D98BC818CCF28298D5A7BFF038A663DD10FE5E48643C3217C237D342164E2D41EF15075431FBD5B34800E5AE7EB80FAA5AE9982A55F35379AA7B31217E7F1C5F1964A15024A305AE4B3981FE1C80C163BC38ECA5581F11867E5C34C5D124D0367B3737E5E5BB14D2CAB26A698C8DAAB755C82BA6B823BCAECDD4A89C831651ACE5A6029FD0D3515C5D1D53AD8B9062CE8C445373862035CBBF60D490CA2E4975EE6E0358EC32E871FAB15347E3032E21F30F543BAAB01D779BA833CA0B8C7591B42C7C59A8FDD46D7DECEC0E91ADBF331177605E7830ABED62FAD7D5D806D8EFD01C38765940B7F97168FC72C39BF4C98F944FFC310CA8F4EB1D0F960F352CC5E2BB23A1EB221072A5471EDA2CE81C04595B8D37088CFB5C14F6A4A881AD12125DEFBB8154EB4C130AB7FD9933FD36DF1A6A26B51AB169866788678FCED988C8E017CA84354F487A5508210181AFB8B3AD0753E3E28BE674DFBD4E4FBDFD1E30D592F4EA3A77A2F0F5CF9A175DBC590EF5D42971A39918F12B92DCD8BFD56BE9A3459856B5587603C7B53062663A4C8894BBC9894FB1663BF30F32D907664328138B7A50EAC7F8E3183D74562A5C90FE1889AC4C5FE43EBEB8974563B6682F92591ECA4FA0DA72236C3851DA102DB6BA0CC07BFD32F7E962AB0EDCF4A8DEA6525174F5BB5C021E2A9A3F7F761E9CA90B6E27FB7E55CD91DA184FAC5E534E8AD25314C56CE5796506A0CA70881782F9C5147D87705065D68BD67D2B0344205BA6445D562273690004CA5A303274FB283A75F49BA968D7947943AA98F2AF9CB8253B425B86225E7395A331AC4CB1B1700C64D4F458D5D642C54148AE6DA41D9E26657D331B157D76042C2CF3057B83997C23D8BF68FB3C7337CAFB8B324AD0DF7A80B554B4D7F9AD6ED527E7932F1741A573C152A41610F6517E3F4A3BC6B66685871A7CE3795C559BD47CDB8E34CB2C1DFE980518D79E2078C258C54F312EB38609F640E7DC013E0F2A16A25BB5971882B4308D27930CA99FEC231AE927B62215A1B56098C362B7F20593953B29428681875070E84BF5B60BEA3948127151634123DA77C814AAD54CE10905763C8C19BC191C0C40458C809402E1957C4C05C4EAE27576B2D30593F7FDCC9A248DB5DB23CF2FA22A92C016090F611690BF0AB5B8B2866ED25F345EFE85DF3311C9E91C37CEE709CF16E7CB09D01BECD2961D094C02D42EC85BF47FAB1B67A13B9A1741C15F7156D57A71BFFABB03B71E69707913A5C136B3D69CE3F71ABFE376F0A21D723FFA2E60AC180689D3E8AF4348C9F555CD897387327FC8BA2B9C51A7298547E556A11A60441EF5331A1BFB847A3D23DD9F7C50E636A2C6309BC82E1A8852F5A8569B6D93*14*78D6A2424484CF5149932B7EA8BF*test"; static char ST_HASH_15600[] = "$ethereum$p*1024*38353131353831333338313138363430*a8b4dfe92687dbc0afeb5dae7863f18964241e96b264f09959903c8c924583fc*0a9252861d1e235994ce33dbca91c98231764d8ecb4950015a8ae20d6415b986"; static char ST_HASH_15700[] = "$ethereum$s*1024*1*1*3033363133373132373638333437323331383637383437333631373038323434*69eaf081695cf971ef7ee5a49997c1a3922e7efef59068109e83853755ee31c3*64a1adec1750ee4416b22b81111dd2a3c2fede820d6da8bf788dca2641d5b181"; -static char ST_HASH_15800[] = "484350580400000000054e65686562000000000000000000000000000000000000000000000000000000032e13c40ca1c2e4e2037f99a2da18a46bb0b98a568dea0218c7b64ecef40c4f15915fbceb19c8d62608387eb6b986d9599a8bd70dc85d2cf0a2ddbcd06467233e730767c33e1df875c3ad0eb58a51ad704a3fae06b818c0c5fcebf3af79000203007502010b001000000000000000036467233e730767c33e1df875c3ad0eb58a51ad704a3fae06b818c0c5fcebf3af000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac068c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; static char ST_HASH_99999[] = "hashcat"; static const char OPTI_STR_OPTIMIZED_KERNEL[] = "Optimized-Kernel"; @@ -497,7 +495,6 @@ static const char HT_15400[] = "ChaCha20"; static const char HT_15500[] = "JKS Java Key Store Private Keys (SHA1)"; static const char HT_15600[] = "Ethereum Wallet, PBKDF2-HMAC-SHA256"; static const char HT_15700[] = "Ethereum Wallet, SCRYPT"; -static const char HT_15800[] = "WPA/WPA2 AES-CMAC"; static const char HT_99999[] = "Plaintext"; static const char HT_00011[] = "Joomla < 2.5.18"; @@ -3271,6 +3268,8 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED wpa_t *wpa = (wpa_t *) hash_buf->esalt; + memset (wpa, 0, sizeof (wpa_t)); + hccapx_t in; memcpy (&in, input_buf, input_len); @@ -3306,35 +3305,74 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED wpa->essid_len = in.essid_len; - u8 *pke_ptr = (u8 *) wpa->pke; + wpa->keyver = in.keyver; - memcpy (pke_ptr, "Pairwise key expansion", 23); + u8 *pke_ptr = (u8 *) wpa->pke; - if (memcmp (in.mac_ap, in.mac_sta, 6) < 0) + if ((wpa->keyver == 1) || (wpa->keyver == 2)) { - memcpy (pke_ptr + 23, in.mac_ap, 6); - memcpy (pke_ptr + 29, in.mac_sta, 6); - } - else - { - memcpy (pke_ptr + 23, in.mac_sta, 6); - memcpy (pke_ptr + 29, in.mac_ap, 6); - } + memcpy (pke_ptr, "Pairwise key expansion", 23); - wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32); + if (memcmp (in.mac_ap, in.mac_sta, 6) < 0) + { + memcpy (pke_ptr + 23, in.mac_ap, 6); + memcpy (pke_ptr + 29, in.mac_sta, 6); + } + else + { + memcpy (pke_ptr + 23, in.mac_sta, 6); + memcpy (pke_ptr + 29, in.mac_ap, 6); + } - if (wpa->nonce_compare < 0) - { - memcpy (pke_ptr + 35, in.nonce_ap, 32); - memcpy (pke_ptr + 67, in.nonce_sta, 32); + wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 35, in.nonce_ap, 32); + memcpy (pke_ptr + 67, in.nonce_sta, 32); + } + else + { + memcpy (pke_ptr + 35, in.nonce_sta, 32); + memcpy (pke_ptr + 67, in.nonce_ap, 32); + } } - else + else if (wpa->keyver == 3) { - memcpy (pke_ptr + 35, in.nonce_sta, 32); - memcpy (pke_ptr + 67, in.nonce_ap, 32); + pke_ptr[0] = 1; + pke_ptr[1] = 0; + + memcpy (pke_ptr + 2, "Pairwise key expansion", 22); + + if (memcmp (in.mac_ap, in.mac_sta, 6) < 0) + { + memcpy (pke_ptr + 24, in.mac_ap, 6); + memcpy (pke_ptr + 30, in.mac_sta, 6); + } + else + { + memcpy (pke_ptr + 24, in.mac_sta, 6); + memcpy (pke_ptr + 30, in.mac_ap, 6); + } + + wpa->nonce_compare = memcmp (in.nonce_ap, in.nonce_sta, 32); + + if (wpa->nonce_compare < 0) + { + memcpy (pke_ptr + 36, in.nonce_ap, 32); + memcpy (pke_ptr + 68, in.nonce_sta, 32); + } + else + { + memcpy (pke_ptr + 36, in.nonce_sta, 32); + memcpy (pke_ptr + 68, in.nonce_ap, 32); + } + + pke_ptr[100] = 0x80; + pke_ptr[101] = 1; } - for (int i = 0; i < 25; i++) + for (int i = 0; i < 32; i++) { wpa->pke[i] = byte_swap_32 (wpa->pke[i]); } @@ -3355,16 +3393,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED wpa->message_pair = message_pair_orig; - wpa->keyver = in.keyver; - - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) - { - if ((wpa->keyver != 1) && (wpa->keyver != 2)) return (PARSER_SALT_VALUE); - } - else if (hashconfig->hash_mode == 15800) - { - if (wpa->keyver != 3) return (PARSER_SALT_VALUE); - } + if ((wpa->keyver != 1) && (wpa->keyver != 2) && (wpa->keyver != 3)) return (PARSER_SALT_VALUE); wpa->eapol_len = in.eapol_len; @@ -3372,15 +3401,13 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED memcpy (eapol_ptr, in.eapol, wpa->eapol_len); - memset (eapol_ptr + wpa->eapol_len, 0, (256 + 64) - wpa->eapol_len); - eapol_ptr[wpa->eapol_len] = 0x80; if (wpa->keyver == 1) { // nothing to do } - else + else if (wpa->keyver == 2) { wpa->keymic[0] = byte_swap_32 (wpa->keymic[0]); wpa->keymic[1] = byte_swap_32 (wpa->keymic[1]); @@ -3392,6 +3419,10 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED wpa->eapol[i] = byte_swap_32 (wpa->eapol[i]); } } + else if (wpa->keyver == 3) + { + // nothing to do + } // Create a hash of the nonce as ESSID is not unique enough // Not a regular MD5 but good enough @@ -3418,7 +3449,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED md5_64 (block, hash); - for (int i = 0; i < 9; i++) block[i] = wpa->pke[i + 16]; + for (int i = 0; i < 16; i++) block[i] = wpa->pke[i + 16]; md5_64 (block, hash); @@ -16074,7 +16105,6 @@ char *strhashtype (const u32 hash_mode) case 15500: return ((char *) HT_15500); case 15600: return ((char *) HT_15600); case 15700: return ((char *) HT_15700); - case 15800: return ((char *) HT_15800); case 99999: return ((char *) HT_99999); } @@ -16960,7 +16990,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le out_buf[16] = 0; } - else if ((hash_mode == 2500) || (hash_mode == 2501) || (hash_mode == 15800)) + else if ((hash_mode == 2500) || (hash_mode == 2501)) { wpa_t *wpas = (wpa_t *) esalts_buf; @@ -24316,24 +24346,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 15800: hashconfig->hash_type = HASH_TYPE_WPA; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE - | OPTS_TYPE_BINARY_HASHFILE; - hashconfig->kern_type = KERN_TYPE_WPAAES; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = wpa_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_15800; - hashconfig->st_pass = ST_PASS_BOSSPW_PLAIN; - break; - case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT; hashconfig->salt_type = SALT_TYPE_NONE; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -24541,7 +24553,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 15500: hashconfig->esalt_size = sizeof (jks_sha1_t); break; case 15600: hashconfig->esalt_size = sizeof (ethereum_pbkdf2_t); break; case 15700: hashconfig->esalt_size = sizeof (ethereum_scrypt_t); break; - case 15800: hashconfig->esalt_size = sizeof (wpa_t); break; } // hook_salt_size @@ -24648,7 +24659,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 15200: hashconfig->tmp_size = sizeof (mywallet_tmp_t); break; case 15300: hashconfig->tmp_size = sizeof (dpapimk_tmp_t); break; case 15600: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break; - case 15800: hashconfig->tmp_size = sizeof (wpaaes_tmp_t); break; }; // hook_size @@ -24680,7 +24690,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 14100: hashconfig->pw_min = 24; break; // 3DES fixed case 14900: hashconfig->pw_min = 10; break; // Skip32 fixed case 15400: hashconfig->pw_min = 32; break; // ChaCha20 fixed - case 15800: hashconfig->pw_min = 8; break; // WPA min RFC } // pw_max : some algo suffer from support for long passwords, @@ -24887,7 +24896,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 15400: hashconfig->pw_max = 32; break; // Underlaying ChaCha20 fixed case 15600: hashconfig->pw_max = PW_MAX; break; case 15700: hashconfig->pw_max = PW_MAX; break; - case 15800: hashconfig->pw_max = 63; break; // WPA/WPA2 limits itself to 63 by RFC } // salt_min and salt_max : this limit is only interessting for generic hash types that support a salt @@ -25257,8 +25265,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo salt->scrypt_r = 1; salt->scrypt_p = 8; break; - case 15800: memcpy (salt->salt_buf, "hashcat.net", 11); - break; } // special esalt handling @@ -25328,8 +25334,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 15300: ((dpapimk_t *) esalt)->version = 1; break; - case 15800: ((wpa_t *) esalt)->eapol_len = 128; - break; } // special hook salt handling @@ -25532,8 +25536,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo break; case 15700: salt->salt_iter = 1; break; - case 15800: salt->salt_iter = ROUNDS_WPA; - break; } } @@ -25563,8 +25565,6 @@ const char *hashconfig_benchmark_mask (hashcat_ctx_t *hashcat_ctx) break; case 14900: mask = "?b?b?b?b?bxxxxx"; break; - case 15800: mask = "?a?a?a?a?a?a?a?a"; - break; default: mask = "?b?b?b?b?b?b?b"; break; } diff --git a/src/opencl.c b/src/opencl.c index 4f4beadf9..a10d34de5 100644 --- a/src/opencl.c +++ b/src/opencl.c @@ -1351,7 +1351,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, { u32 loops_cnt = 1; - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { loops_cnt = hashes->salts_buf[salt_pos].digests_cnt; } diff --git a/src/outfile_check.c b/src/outfile_check.c index f57b298ca..c342891aa 100644 --- a/src/outfile_check.c +++ b/src/outfile_check.c @@ -179,7 +179,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx) int parser_status = PARSER_OK; - if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800) && (hash_mode != 15800)) + if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800)) { parser_status = hashconfig->parse_func ((u8 *) line_buf, line_len - 1, &hash_buf, hashconfig); } @@ -209,7 +209,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx) cracked = (memcmp (line_buf, salt_buf->salt_buf, salt_buf->salt_len) == 0); } } - else if ((hash_mode == 2500) || (hash_mode == 2501) || (hash_mode == 15800)) + else if ((hash_mode == 2500) || (hash_mode == 2501)) { // this comparison is a bit inaccurate as we compare only ESSID // call it a bug, but it's good enough for a special case used in a special case diff --git a/src/potfile.c b/src/potfile.c index 1ab0b9512..6a33971f0 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -450,7 +450,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx) found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt); } } - else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { // here we have in line_hash_buf: hash:macap:macsta:essid:password diff --git a/src/selftest.c b/src/selftest.c index 1314069ec..54464106f 100644 --- a/src/selftest.c +++ b/src/selftest.c @@ -411,7 +411,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param if (CL_rc == -1) return -1; } - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { device_param->kernel_params_buf32[28] = 0; device_param->kernel_params_buf32[29] = 1; diff --git a/src/status.c b/src/status.c index 406ab2314..d407d2f30 100644 --- a/src/status.c +++ b/src/status.c @@ -253,7 +253,7 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx) if (hashes->digests_cnt == 1) { - if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501) || (hashconfig->hash_mode == 15800)) + if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501)) { char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY); diff --git a/src/usage.c b/src/usage.c index 5fc35b3a1..96d0b5991 100644 --- a/src/usage.c +++ b/src/usage.c @@ -188,7 +188,6 @@ static const char *USAGE_BIG[] = " 23 | Skype | Network Protocols", " 2500 | WPA/WPA2 | Network Protocols", " 2501 | WPA/WPA2 PMK | Network Protocols", - " 15800 | WPA/WPA2 AES-CMAC | Network Protocols", " 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols", " 5300 | IKE-PSK MD5 | Network Protocols", " 5400 | IKE-PSK SHA1 | Network Protocols", diff --git a/src/user_options.c b/src/user_options.c index 2361265af..50eddecc0 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -509,7 +509,6 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx) { if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501) - || (user_options->hash_mode == 15800) || (user_options->hash_mode == 5200) || ((user_options->hash_mode >= 6200) && (user_options->hash_mode <= 6299)) || ((user_options->hash_mode >= 13700) && (user_options->hash_mode <= 13799)) diff --git a/tools/test.pl b/tools/test.pl index 5009c1856..628cb3c72 100755 --- a/tools/test.pl +++ b/tools/test.pl @@ -49,11 +49,11 @@ my $hashcat = "./hashcat"; my $MAX_LEN = 55; -my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15800, 99999); +my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 99999); my %is_utf16le = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800); my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 3200 6300 7400 10500 10700); -my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000 15800); +my %allow_long_salt = map { $_ => 1 } qw (2500 4520 4521 5500 5600 7100 7200 7300 9400 9500 9600 9700 9800 10400 10500 10600 10700 1100 11000 11200 11300 11400 11600 12600 13500 13800 15000); my @lotus_magic_table = ( @@ -1668,7 +1668,7 @@ sub verify next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in}))); } # WPA/WPA2 - elsif (($mode == 2500) || ($mode == 15800)) + elsif ($mode == 2500) { print "ERROR: verify currently not supported for WPA/WPA2 (because of hashcat's output format)\n"; @@ -3356,7 +3356,7 @@ sub passthrough $tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, $salt_len)); } - elsif (($mode == 2500) || ($mode == 15800)) + elsif ($mode == 2500) { next if length ($word_buf) < 8; @@ -3941,7 +3941,7 @@ sub single } } } - elsif (($mode == 2500) || ($mode == 15800)) + elsif ($mode == 2500) { my $salt_len = get_random_num (0, 32); @@ -5338,7 +5338,7 @@ sub gen_hash $snonce = randbytes (32); $anonce = randbytes (32); - $keyver = get_random_num (1, 3); # 1 or 2 + $keyver = get_random_num (1, 4); # 1, 2 or 3 # eapol: # should be "validly" generated, but in theory could be anything for us also: @@ -5379,7 +5379,7 @@ sub gen_hash # Pairwise Transient Key (PTK) transformation - my $ptk = wpa_prf_512 ($pmk, $stmac, $bssid, $snonce, $anonce); + my $ptk = wpa_prf_512 ($keyver, $pmk, $stmac, $bssid, $snonce, $anonce); # generate the Message Integrity Code (MIC) @@ -5393,6 +5393,14 @@ sub gen_hash { $mic = hmac ($eapol, $ptk, \&sha1); } + elsif ($keyver == 3) # WPA2 => SHA256 + AES-CMAC + { + my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael'); + + $omac1->add ($eapol); + + $mic = $omac1->digest; + } $mic = substr ($mic, 0, 16); @@ -8884,130 +8892,6 @@ END_CODE $tmp_hash = sprintf ("\$ethereum\$s*%i*%i*%i*%s*%s*%s", $scrypt_N, $scrypt_r, $scrypt_p, unpack ("H*", $salt_buf), unpack ("H*", $ciphertext), $hash_buf); } - elsif ($mode == 15800) - { - my ($bssid, $stmac, $snonce, $anonce, $eapol, $keyver, $eapol_len, $essid_len); - - if (! defined ($additional_param)) - { - # random stuff - - $bssid = randbytes (6); - $stmac = randbytes (6); - $snonce = randbytes (32); - $anonce = randbytes (32); - - $keyver = 3; - - # eapol: - # should be "validly" generated, but in theory could be anything for us also: - # $eapol = "\x00" x 121; # works too, but let's generate it correctly - - $eapol = gen_random_wpa_eapol ($keyver, $snonce); - } - else - { - $bssid = $additional_param; - $stmac = $additional_param2; - $snonce = $additional_param3; - $anonce = $additional_param4; - $keyver = $additional_param5; - $eapol = $additional_param6; - } - - $eapol_len = length ($eapol); - - # constants - - my $iterations = 4096; - - # - # START - # - - # generate the Pairwise Master Key (PMK) - - my $pbkdf2 = Crypt::PBKDF2->new - ( - hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), - iterations => $iterations, - output_len => 32 - ); - - my $pmk = $pbkdf2->PBKDF2 ($salt_buf, $word_buf); - - # Pairwise Transient Key (PTK) transformation - - my $ptk = wpa_prf_512 ($pmk, $stmac, $bssid, $snonce, $anonce); - - # generate the Message Integrity Code (MIC) - - my $mic = ""; - - if ($keyver == 3) - { - ## untested - - my $omac1 = Digest::CMAC->new ($ptk, 'Crypt::Rijndael'); - - $omac1->add ($eapol); - - $mic = $omac1->digest; - } - - $mic = substr ($mic, 0, 16); - - # - # format the binary output - # - - my $HCCAPX_VERSION = 4; - - # signature - $hash_buf = "HCPX"; - - # format version - $hash_buf .= pack ("L<", $HCCAPX_VERSION); - - # authenticated - $hash_buf .= pack ("C", 0); - - # essid length - $essid_len = length ($salt_buf); - $hash_buf .= pack ("C", $essid_len); - - # essid (NULL-padded up to the first 32 bytes) - $hash_buf .= $salt_buf; - $hash_buf .= "\x00" x (32 - $essid_len); - - # key version - $hash_buf .= pack ("C", $keyver); - - # key mic - $hash_buf .= $mic; - - # access point MAC - $hash_buf .= $bssid; - - # access point nonce - $hash_buf .= $snonce; - - # client MAC - $hash_buf .= $stmac; - - # client nonce - $hash_buf .= $anonce; - - # eapol length - $hash_buf .= pack ("S<", $eapol_len); - - # eapol - $hash_buf .= $eapol; - $hash_buf .= "\x00" x (256 - $eapol_len); - - # base64 encode the output - $tmp_hash = encode_base64 ($hash_buf, ""); - } elsif ($mode == 99999) { $tmp_hash = sprintf ("%s", $word_buf); @@ -11313,6 +11197,7 @@ sub gen_random_wpa_eapol sub wpa_prf_512 { + my $keyver = shift; my $pmk = shift; my $stmac = shift; my $bssid = shift; @@ -11321,7 +11206,10 @@ sub wpa_prf_512 my $data = "Pairwise key expansion"; - $data .= "\x00"; + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + } # # Min(AA, SPA) || Max(AA, SPA) @@ -11357,9 +11245,20 @@ sub wpa_prf_512 $data .= $snonce; } - $data .= "\x00"; + my $prf_buf; + + if (($keyver == 1) || ($keyver == 2)) + { + $data .= "\x00"; + + $prf_buf = hmac ($data, $pmk, \&sha1); + } + else + { + my $data3 = "\x01\x00" . $data . "\x80\x01"; - my $prf_buf = hmac ($data, $pmk, \&sha1); + $prf_buf = hmac ($data3, $pmk, \&sha256); + } $prf_buf = substr ($prf_buf, 0, 16); diff --git a/tools/test.sh b/tools/test.sh index d9acd227b..4061ac87d 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -9,20 +9,20 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # missing hash types: 5200,6251,6261,6271,6281 -HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 15800 99999" +HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 600 900 1000 1100 1300 1400 1410 1411 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12001 12100 12200 12300 12400 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14400 14600 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700 99999" #ATTACK_MODES="0 1 3 6 7" ATTACK_MODES="0 1 3 7" VECTOR_WIDTHS="1 2 4 8 16" -MATCH_PASS_ONLY="2500 5300 5400 6600 6800 8200 15800" +MATCH_PASS_ONLY="2500 5300 5400 6600 6800 8200" -HASHFILE_ONLY="2500 15800" +HASHFILE_ONLY="2500" NEVER_CRACK="11600 14900" -SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300 15600 15700 15800" +SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12001 12100 12200 12300 12400 12500 12700 12800 12900 13000 13200 13400 13600 14600 14700 14800 15100 15200 15300 15600 15700" OPTS="--quiet --force --potfile-disable --runtime 400 --gpu-temp-disable --weak-hash-threshold=0" @@ -256,8 +256,6 @@ function init() elif [ "${hash_type}" -eq 15400 ]; then min=0 min_offset=3 - elif [ "${hash_type}" -eq 15800 ]; then - min_len=7 fi # foreach password entry split password in 2 (skip first entry, is len 1) @@ -312,8 +310,6 @@ function init() min_len=9 elif [ "${hash_type}" -eq 15400 ]; then min_len=31 - elif [ "${hash_type}" -eq 15800 ]; then - min_len=7 fi # generate multiple pass/hash foreach len (2 to 8) @@ -728,8 +724,6 @@ function attack_1() offset=7 elif [ ${hash_type} -eq 8500 ]; then offset=7 - elif [ ${hash_type} -eq 15800 ]; then - offset=7 fi hash_file=${OUTD}/${hash_type}_multihash_combi.txt @@ -859,9 +853,6 @@ function attack_3() elif [ "${hash_type}" -eq 15400 ]; then mask_offset=3 max=1 - elif [ "${hash_type}" -eq 15800 ]; then - mask_offset=7 - max=7 fi # special case: we need to split the first line @@ -921,7 +912,7 @@ function attack_3() # modify "default" mask if needed (and set custom charset to reduce keyspace) - if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then + if [ "${hash_type}" -eq 2500 ]; then pass=$(sed -n ${i}p ${dict}) @@ -1034,9 +1025,6 @@ function attack_3() if [ "${hash_type}" -eq 2500 ]; then increment_min=8 increment_max=9 - elif [ "${hash_type}" -eq 15800 ]; then - increment_min=8 - increment_max=9 fi hash_file=${OUTD}/${hash_type}_multihash_bruteforce.txt @@ -1071,7 +1059,7 @@ function attack_3() # modify "default" mask if needed (and set custom charset to reduce keyspace) - if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then + if [ "${hash_type}" -eq 2500 ]; then mask="?d?d?d?d?d?1?2?3?4" @@ -1257,8 +1245,6 @@ function attack_6() min=0 max=1 mask_offset=29 - elif [ "${hash_type}" -eq 15800 ]; then - max=6 fi # special case: we need to split the first line @@ -1430,8 +1416,6 @@ function attack_6() max=8 elif [ ${hash_type} -eq 8500 ]; then max=8 - elif [ ${hash_type} -eq 15800 ]; then - max=5 fi if ! contains ${hash_type} ${TIMEOUT_ALGOS}; then @@ -1574,8 +1558,6 @@ function attack_7() mask_offset=3 min=0 max=1 - elif [ "${hash_type}" -eq 15800 ]; then - max=5 fi # special case: we need to split the first line @@ -1632,7 +1614,7 @@ function attack_7() # adjust mask if needed - if [ "${hash_type}" -eq 2500 ] || [ "${hash_type}" -eq 15800 ]; then + if [ "${hash_type}" -eq 2500 ]; then line_nr=1 @@ -1772,8 +1754,6 @@ function attack_7() max=5 elif [ ${hash_type} -eq 15400 ]; then max=5 - elif [ ${hash_type} -eq 15800 ]; then - max=5 fi if ! contains ${hash_type} ${TIMEOUT_ALGOS}; then