diff --git a/include/potfile.h b/include/potfile.h index fcc8407c6..de97a312a 100644 --- a/include/potfile.h +++ b/include/potfile.h @@ -30,5 +30,6 @@ void potfile_update_hashes (hashcat_ctx_t *hashcat_ctx, hash_t *hash_buf, cha void pot_tree_destroy (pot_tree_entry_t *tree); int sort_pot_tree_by_hash (const void *v1, const void *v2); +int sort_pot_orig_line (const void *v1, const void *v2); #endif // _POTFILE_H diff --git a/include/types.h b/include/types.h index 7955690de..3169a989f 100644 --- a/include/types.h +++ b/include/types.h @@ -834,6 +834,7 @@ typedef struct hash hashinfo_t *hash_info; char *pw_buf; int pw_len; + u64 orig_line_pos; } hash_t; @@ -1695,6 +1696,14 @@ typedef struct pot_tree_entry } pot_tree_entry_t; +typedef struct pot_orig_line_entry +{ + u8 *hash_buf; + int hash_len; + int line_pos; + +} pot_orig_line_entry_t; + typedef struct restore_data { int version; diff --git a/src/hashes.c b/src/hashes.c index 2c0107ba5..159ae47ac 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -822,6 +822,12 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx) for (u64 hash_pos = 0; hash_pos < hashes_avail; hash_pos++) { + /** + * Initialize some values for later use + */ + + hashes_buf[hash_pos].orig_line_pos = hash_pos; + hashes_buf[hash_pos].digest = ((char *) digests_buf) + (hash_pos * hashconfig->dgst_size); if (hashconfig->is_salted == true) diff --git a/src/potfile.c b/src/potfile.c index a7df3b804..784df9373 100644 --- a/src/potfile.c +++ b/src/potfile.c @@ -74,6 +74,16 @@ int sort_pot_tree_by_hash (const void *v1, const void *v2) return sort_by_hash (h1, h2, hc); } +// this function is used to reproduce the hash ordering based on the original input hash file + +int sort_pot_orig_line (const void *v1, const void *v2) +{ + const pot_orig_line_entry_t *t1 = (const pot_orig_line_entry_t *) v1; + const pot_orig_line_entry_t *t2 = (const pot_orig_line_entry_t *) v2; + + return t1->line_pos > t2->line_pos; +} + // the problem with the GNU tdestroy () function is that it doesn't work with mingw etc // there are 2 alternatives: // 1. recursively delete the entries with entry->left and entry->right @@ -648,6 +658,9 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) u32 salts_cnt = hashes->salts_cnt; salt_t *salts_buf = hashes->salts_buf; + pot_orig_line_entry_t *final_buf = (pot_orig_line_entry_t *) hccalloc (hashes->hashes_cnt, sizeof (pot_orig_line_entry_t)); + u32 final_cnt = 0; + if (hashconfig->opts_type & OPTS_TYPE_HASH_SPLIT) { // this implementation will work for LM only @@ -757,7 +770,17 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, (u8 *) mixed_buf, mixed_len, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash1->orig_line_pos; + + final_cnt++; } } } @@ -808,7 +831,6 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) tmp_buf[0] = 0; - // special case for collider modes: we do not use the $HEX[] format within the hash itself // therefore we need to convert the $HEX[] password into hexadecimal (without "$HEX[" and "]") @@ -837,11 +859,32 @@ int potfile_handle_show (hashcat_ctx_t *hashcat_ctx) tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, (u8 *) hash->pw_buf, hash->pw_len, 0, username, user_len, (char *) tmp_buf); } - EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_SHOW, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash->orig_line_pos; + + final_cnt++; } } } + qsort (final_buf, final_cnt, sizeof (pot_orig_line_entry_t), sort_pot_orig_line); + + for (u32 final_pos = 0; final_pos < final_cnt; final_pos++) + { + EVENT_DATA (EVENT_POTFILE_HASH_SHOW, final_buf[final_pos].hash_buf, final_buf[final_pos].hash_len); + + hcfree (final_buf[final_pos].hash_buf); + } + + hcfree (final_buf); + return 0; } @@ -857,6 +900,9 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) u32 salts_cnt = hashes->salts_cnt; salt_t *salts_buf = hashes->salts_buf; + pot_orig_line_entry_t *final_buf = (pot_orig_line_entry_t *) hccalloc (hashes->hashes_cnt, sizeof (pot_orig_line_entry_t)); + u32 final_cnt = 0; + if (hashconfig->opts_type & OPTS_TYPE_HASH_SPLIT) { // this implementation will work for LM only @@ -933,7 +979,17 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, NULL, 0, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash1->orig_line_pos; + + final_cnt++; } } } @@ -1008,10 +1064,31 @@ int potfile_handle_left (hashcat_ctx_t *hashcat_ctx) const int tmp_len = outfile_write (hashcat_ctx, (char *) out_buf, out_len, NULL, 0, 0, username, user_len, (char *) tmp_buf); - EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + //EVENT_DATA (EVENT_POTFILE_HASH_LEFT, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_buf = (u8 *) hcmalloc (tmp_len); + + memcpy (final_buf[final_cnt].hash_buf, tmp_buf, tmp_len); + + final_buf[final_cnt].hash_len = tmp_len; + + final_buf[final_cnt].line_pos = hash->orig_line_pos; + + final_cnt++; } } } + qsort (final_buf, final_cnt, sizeof (pot_orig_line_entry_t), sort_pot_orig_line); + + for (u32 final_pos = 0; final_pos < final_cnt; final_pos++) + { + EVENT_DATA (EVENT_POTFILE_HASH_LEFT, final_buf[final_pos].hash_buf, final_buf[final_pos].hash_len); + + hcfree (final_buf[final_pos].hash_buf); + } + + hcfree (final_buf); + return 0; }