1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-26 16:38:35 +00:00

Added support for loading hccapx files

This commit is contained in:
jsteube 2017-02-06 17:03:42 +01:00
parent cc991ee106
commit 717da7f4f2
9 changed files with 132 additions and 118 deletions

View File

@ -784,17 +784,18 @@ typedef struct
} pdf_t;
typedef struct
typedef struct wpa
{
u32 pke[25];
u32 eapol[64];
int eapol_size;
int keyver;
u8 orig_mac1[6];
u8 orig_mac2[6];
u8 orig_nonce1[32];
u8 orig_nonce2[32];
int essid_reuse;
u32 pke[25];
u32 eapol[64];
u16 eapol_len;
u8 authenticated;
u8 keyver;
u8 orig_mac_ap[6];
u8 orig_mac_sta[6];
u8 orig_nonce_ap[32];
u8 orig_nonce_sta[32];
int essid_reuse;
} wpa_t;

View File

@ -916,12 +916,12 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
hmac_md5_pad_S (w0, w1, w2, w3, ipad, opad);
int eapol_size = wpa_bufs[salt_pos].eapol_size;
int eapol_len = wpa_bufs[salt_pos].eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_size, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
{
w0[0] = wpa_bufs[salt_pos].eapol[eapol_off + 0];
w0[1] = wpa_bufs[salt_pos].eapol[eapol_off + 1];
@ -957,7 +957,7 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
w2[3] = wpa_bufs[salt_pos].eapol[eapol_off + 11];
w3[0] = wpa_bufs[salt_pos].eapol[eapol_off + 12];
w3[1] = wpa_bufs[salt_pos].eapol[eapol_off + 13];
w3[2] = (64 + eapol_size) * 8;
w3[2] = (64 + eapol_len) * 8;
w3[3] = 0;
u32 digest1[4];
@ -998,12 +998,12 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
int eapol_size = wpa_bufs[salt_pos].eapol_size;
int eapol_len = wpa_bufs[salt_pos].eapol_len;
int eapol_left;
int eapol_off;
for (eapol_left = eapol_size, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
for (eapol_left = eapol_len, eapol_off = 0; eapol_left >= 56; eapol_left -= 64, eapol_off += 16)
{
w0[0] = wpa_bufs[salt_pos].eapol[eapol_off + 0];
w0[1] = wpa_bufs[salt_pos].eapol[eapol_off + 1];
@ -1040,7 +1040,7 @@ __kernel void m02500_comp (__global pw_t *pws, __global const kernel_rule_t *rul
w3[0] = wpa_bufs[salt_pos].eapol[eapol_off + 12];
w3[1] = wpa_bufs[salt_pos].eapol[eapol_off + 13];
w3[2] = 0;
w3[3] = (64 + eapol_size) * 8;
w3[3] = (64 + eapol_len) * 8;
u32 digest2[5];

View File

@ -7,6 +7,7 @@
- Added support for parsing 7-Zip hashes with LZMA/LZMA2 compression indicator set to a non-zero value
- Added support for decompressing LZMA1/LZMA2 data for -m 11600 = 7-Zip to validate the CRC
- Added support for showing all user names with --show and --left if --username was specified
- Added support for loading hccapx files
##
## Algorithms

View File

@ -176,12 +176,13 @@ typedef struct wpa
{
u32 pke[25];
u32 eapol[64];
int eapol_size;
int keyver;
u8 orig_mac1[6];
u8 orig_mac2[6];
u8 orig_nonce1[32];
u8 orig_nonce2[32];
u16 eapol_len;
u8 authenticated;
u8 keyver;
u8 orig_mac_ap[6];
u8 orig_mac_sta[6];
u8 orig_nonce_ap[32];
u8 orig_nonce_sta[32];
int essid_reuse;
} wpa_t;
@ -809,22 +810,27 @@ typedef struct struct_psafe2_hdr
} psafe2_hdr;
typedef struct hccap
#define HCCAPX_SIGNATURE 0x58504348 // HCPX
struct hccapx
{
char essid[36];
u32 signature;
u32 version;
u8 authenticated;
u8 essid_len;
u8 essid[32];
u8 keyver;
u8 keymic[16];
u8 mac_ap[6];
u8 nonce_ap[32];
u8 mac_sta[6];
u8 nonce_sta[32];
u16 eapol_len;
u8 eapol[256];
u8 mac1[6];
u8 mac2[6];
u8 nonce1[32];
u8 nonce2[32];
} __attribute__((packed));
u8 eapol[256];
int eapol_size;
int keyver;
u8 keymic[16];
} hccap_t;
typedef struct hccapx hccapx_t;
/**
* hashtypes enums
@ -1722,7 +1728,7 @@ char *stroptitype (const u32 opti_type);
char *strhashtype (const u32 hash_mode);
char *strparser (const u32 parser_status);
void to_hccap_t (hashcat_ctx_t *hashcat_ctx, hccap_t *hccap, const u32 salt_pos, const u32 digest_pos);
void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos);
void wpa_essid_reuse (hashcat_ctx_t *hashcat_ctx);

View File

@ -433,8 +433,8 @@ typedef enum parser_rc
PARSER_SALT_ITERATION = -8,
PARSER_SEPARATOR_UNMATCHED = -9,
PARSER_SIGNATURE_UNMATCHED = -10,
PARSER_HCCAP_FILE_SIZE = -11,
PARSER_HCCAP_EAPOL_SIZE = -12,
PARSER_HCCAPX_FILE_SIZE = -11,
PARSER_HCCAPX_EAPOL_LEN = -12,
PARSER_PSAFE2_FILE_SIZE = -13,
PARSER_PSAFE3_FILE_SIZE = -14,
PARSER_TC_FILE_SIZE = -15,
@ -453,6 +453,8 @@ typedef enum parser_rc
PARSER_LUKS_KEY_DISABLED = -28,
PARSER_LUKS_KEY_STRIPES = -29,
PARSER_LUKS_HASH_CIPHER = -30,
PARSER_HCCAPX_SIGNATURE = -31,
PARSER_HCCAPX_VERSION = -32,
PARSER_UNKNOWN_ERROR = -255
} parser_rc_t;

View File

@ -166,11 +166,11 @@ int save_hash (hashcat_ctx_t *hashcat_ctx)
{
if (hashconfig->hash_mode == 2500)
{
hccap_t hccap;
hccapx_t hccapx;
to_hccap_t (hashcat_ctx, &hccap, salt_pos, digest_pos);
to_hccapx_t (hashcat_ctx, &hccapx, salt_pos, digest_pos);
fwrite (&hccap, sizeof (hccap_t), 1, fp);
fwrite (&hccapx, sizeof (hccapx_t), 1, fp);
}
else
{
@ -477,7 +477,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
return -1;
}
hashes_avail = st.st_size / sizeof (hccap_t);
hashes_avail = st.st_size / sizeof (hccapx_t);
}
else if (hashconfig->hash_mode == 14600)
{
@ -713,7 +713,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
{
if (hash_len == 0)
{
event_log_error (hashcat_ctx, "hccap file not specified");
event_log_error (hashcat_ctx, "hccapx file not specified");
return -1;
}
@ -733,18 +733,18 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
if (hashes_avail < 1)
{
event_log_error (hashcat_ctx, "hccap file is empty or corrupt");
event_log_error (hashcat_ctx, "hccapx file is empty or corrupt");
fclose (fp);
return -1;
}
char *in = (char *) hcmalloc (sizeof (hccap_t));
char *in = (char *) hcmalloc (sizeof (hccapx_t));
while (!feof (fp))
{
const int nread = fread (in, sizeof (hccap_t), 1, fp);
const int nread = fread (in, sizeof (hccapx_t), 1, fp);
if (nread == 0) break;
@ -755,7 +755,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
break;
}
parser_status = hashconfig->parse_func ((u8 *) in, sizeof (hccap_t), &hashes_buf[hashes_cnt], hashconfig);
parser_status = hashconfig->parse_func ((u8 *) in, sizeof (hccapx_t), &hashes_buf[hashes_cnt], hashconfig);
if (parser_status != PARSER_OK)
{

View File

@ -51,8 +51,8 @@ static const char PA_007[] = "Salt-value exception";
static const char PA_008[] = "Salt-iteration count exception";
static const char PA_009[] = "Separator unmatched";
static const char PA_010[] = "Signature unmatched";
static const char PA_011[] = "Invalid hccap filesize";
static const char PA_012[] = "Invalid eapol size";
static const char PA_011[] = "Invalid hccapx file size";
static const char PA_012[] = "Invalid hccapx eapol size";
static const char PA_013[] = "Invalid psafe2 filesize";
static const char PA_014[] = "Invalid psafe3 filesize";
static const char PA_015[] = "Invalid truecrypt filesize";
@ -71,6 +71,8 @@ static const char PA_027[] = "Invalid LUKS key size";
static const char PA_028[] = "Disabled LUKS key detected";
static const char PA_029[] = "Invalid LUKS key AF stripes count";
static const char PA_030[] = "Invalid combination of LUKS hash type and cipher type";
static const char PA_031[] = "Invalid hccapx signature";
static const char PA_032[] = "Invalid hccapx version";
static const char PA_255[] = "Unknown error";
static const char HT_00000[] = "MD5";
@ -2678,11 +2680,15 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa_t *wpa = (wpa_t *) hash_buf->esalt;
hccap_t in;
hccapx_t in;
memcpy (&in, input_buf, input_len);
if (in.eapol_size < 1 || in.eapol_size > 255) return (PARSER_HCCAP_EAPOL_SIZE);
if (in.signature != HCCAPX_SIGNATURE) return (PARSER_HCCAPX_SIGNATURE);
if (in.version != 3) return (PARSER_HCCAPX_VERSION);
if (in.eapol_len < 1 || in.eapol_len > 255) return (PARSER_HCCAPX_EAPOL_LEN);
memcpy (digest, in.keymic, 16);
@ -2695,11 +2701,11 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
Wireless Device Nonce (referred to as Supplicant Nonce Snonce)
*/
u32 salt_len = strlen ((const char *) in.essid);
u32 salt_len = in.essid_len;
if (salt_len > 36) return (PARSER_SALT_LENGTH);
if (salt_len > 32) return (PARSER_SALT_LENGTH);
memcpy (salt->salt_buf, in.essid, salt_len);
memcpy (salt->salt_buf, in.essid, in.essid_len);
salt->salt_len = salt_len;
@ -2709,26 +2715,26 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
memcpy (pke_ptr, "Pairwise key expansion", 23);
if (memcmp (in.mac1, in.mac2, 6) < 0)
if (memcmp (in.mac_ap, in.mac_sta, 6) < 0)
{
memcpy (pke_ptr + 23, in.mac1, 6);
memcpy (pke_ptr + 29, in.mac2, 6);
memcpy (pke_ptr + 23, in.mac_ap, 6);
memcpy (pke_ptr + 29, in.mac_sta, 6);
}
else
{
memcpy (pke_ptr + 23, in.mac2, 6);
memcpy (pke_ptr + 29, in.mac1, 6);
memcpy (pke_ptr + 23, in.mac_sta, 6);
memcpy (pke_ptr + 29, in.mac_ap, 6);
}
if (memcmp (in.nonce1, in.nonce2, 32) < 0)
if (memcmp (in.nonce_ap, in.nonce_sta, 32) < 0)
{
memcpy (pke_ptr + 35, in.nonce1, 32);
memcpy (pke_ptr + 67, in.nonce2, 32);
memcpy (pke_ptr + 35, in.nonce_ap, 32);
memcpy (pke_ptr + 67, in.nonce_sta, 32);
}
else
{
memcpy (pke_ptr + 35, in.nonce2, 32);
memcpy (pke_ptr + 67, in.nonce1, 32);
memcpy (pke_ptr + 35, in.nonce_sta, 32);
memcpy (pke_ptr + 67, in.nonce_ap, 32);
}
for (int i = 0; i < 25; i++)
@ -2736,34 +2742,26 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
wpa->pke[i] = byte_swap_32 (wpa->pke[i]);
}
memcpy (wpa->orig_mac1, in.mac1, 6);
memcpy (wpa->orig_mac2, in.mac2, 6);
memcpy (wpa->orig_nonce1, in.nonce1, 32);
memcpy (wpa->orig_nonce2, in.nonce2, 32);
memcpy (wpa->orig_mac_ap, in.mac_ap, 6);
memcpy (wpa->orig_mac_sta, in.mac_sta, 6);
memcpy (wpa->orig_nonce_ap, in.nonce_ap, 32);
memcpy (wpa->orig_nonce_sta, in.nonce_sta, 32);
wpa->authenticated = in.authenticated;
wpa->keyver = in.keyver;
if (wpa->keyver > 255)
{
// not sure yet how to transport this message
//event_log_warning (hashcat_ctx, "ATTENTION!");
//event_log_warning (hashcat_ctx, " The WPA/WPA2 key version in your .hccap file is invalid!");
//event_log_warning (hashcat_ctx, " This could be due to a recent aircrack-ng bug.");
//event_log_warning (hashcat_ctx, " The key version was automatically reset to a reasonable value.");
//event_log_warning (hashcat_ctx, "");
if (wpa->keyver & ~7) return (PARSER_SALT_VALUE);
wpa->keyver &= 0xff;
}
wpa->eapol_size = in.eapol_size;
wpa->eapol_len = in.eapol_len;
u8 *eapol_ptr = (u8 *) wpa->eapol;
memcpy (eapol_ptr, in.eapol, wpa->eapol_size);
memcpy (eapol_ptr, in.eapol, wpa->eapol_len);
memset (eapol_ptr + wpa->eapol_size, 0, 256 - wpa->eapol_size);
memset (eapol_ptr + wpa->eapol_len, 0, 256 - wpa->eapol_len);
eapol_ptr[wpa->eapol_size] = 0x80;
eapol_ptr[wpa->eapol_len] = 0x80;
if (wpa->keyver == 1)
{
@ -2825,13 +2823,13 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
md5_64 (block, hash);
for (int i = 0; i < 6; i++) block_ptr[i + 0] = wpa->orig_mac1[i];
for (int i = 0; i < 6; i++) block_ptr[i + 6] = wpa->orig_mac2[i];
for (int i = 0; i < 6; i++) block_ptr[i + 0] = wpa->orig_mac_ap[i];
for (int i = 0; i < 6; i++) block_ptr[i + 6] = wpa->orig_mac_sta[i];
md5_64 (block, hash);
for (int i = 0; i < 32; i++) block_ptr[i + 0] = wpa->orig_nonce1[i];
for (int i = 0; i < 32; i++) block_ptr[i + 32] = wpa->orig_nonce2[i];
for (int i = 0; i < 32; i++) block_ptr[i + 0] = wpa->orig_nonce_ap[i];
for (int i = 0; i < 32; i++) block_ptr[i + 32] = wpa->orig_nonce_sta[i];
md5_64 (block, hash);
@ -14695,8 +14693,8 @@ char *strparser (const u32 parser_status)
case PARSER_SALT_ITERATION: return ((char *) PA_008);
case PARSER_SEPARATOR_UNMATCHED: return ((char *) PA_009);
case PARSER_SIGNATURE_UNMATCHED: return ((char *) PA_010);
case PARSER_HCCAP_FILE_SIZE: return ((char *) PA_011);
case PARSER_HCCAP_EAPOL_SIZE: return ((char *) PA_012);
case PARSER_HCCAPX_FILE_SIZE: return ((char *) PA_011);
case PARSER_HCCAPX_EAPOL_LEN: return ((char *) PA_012);
case PARSER_PSAFE2_FILE_SIZE: return ((char *) PA_013);
case PARSER_PSAFE3_FILE_SIZE: return ((char *) PA_014);
case PARSER_TC_FILE_SIZE: return ((char *) PA_015);
@ -14715,12 +14713,14 @@ char *strparser (const u32 parser_status)
case PARSER_LUKS_KEY_DISABLED: return ((char *) PA_028);
case PARSER_LUKS_KEY_STRIPES: return ((char *) PA_029);
case PARSER_LUKS_HASH_CIPHER: return ((char *) PA_030);
case PARSER_HCCAPX_SIGNATURE: return ((char *) PA_031);
case PARSER_HCCAPX_VERSION: return ((char *) PA_032);
}
return ((char *) PA_255);
}
void to_hccap_t (hashcat_ctx_t *hashcat_ctx, hccap_t *hccap, const u32 salt_pos, const u32 digest_pos)
void to_hccapx_t (hashcat_ctx_t *hashcat_ctx, hccapx_t *hccapx, const u32 salt_pos, const u32 digest_pos)
{
const hashconfig_t *hashconfig = hashcat_ctx->hashconfig;
const hashes_t *hashes = hashcat_ctx->hashes;
@ -14729,18 +14729,22 @@ void to_hccap_t (hashcat_ctx_t *hashcat_ctx, hccap_t *hccap, const u32 salt_pos,
const salt_t *salts_buf = hashes->salts_buf;
const void *esalts_buf = hashes->esalts_buf;
memset (hccap, 0, sizeof (hccap_t));
memset (hccapx, 0, sizeof (hccapx_t));
hccapx->signature = HCCAPX_SIGNATURE;
hccapx->version = 3;
const salt_t *salt = &salts_buf[salt_pos];
memcpy (hccap->essid, salt->salt_buf, salt->salt_len);
memcpy (hccapx->essid, salt->salt_buf, salt->salt_len);
wpa_t *wpas = (wpa_t *) esalts_buf;
wpa_t *wpa = &wpas[salt_pos];
hccap->keyver = wpa->keyver;
hccapx->authenticated = wpa->authenticated;
hccapx->keyver = wpa->keyver;
hccap->eapol_size = wpa->eapol_size;
hccapx->eapol_len = wpa->eapol_len;
if (wpa->keyver != 1)
{
@ -14751,17 +14755,17 @@ void to_hccap_t (hashcat_ctx_t *hashcat_ctx, hccap_t *hccap, const u32 salt_pos,
eapol_tmp[i] = byte_swap_32 (wpa->eapol[i]);
}
memcpy (hccap->eapol, eapol_tmp, wpa->eapol_size);
memcpy (hccapx->eapol, eapol_tmp, wpa->eapol_len);
}
else
{
memcpy (hccap->eapol, wpa->eapol, wpa->eapol_size);
memcpy (hccapx->eapol, wpa->eapol, wpa->eapol_len);
}
memcpy (hccap->mac1, wpa->orig_mac1, 6);
memcpy (hccap->mac2, wpa->orig_mac2, 6);
memcpy (hccap->nonce1, wpa->orig_nonce1, 32);
memcpy (hccap->nonce2, wpa->orig_nonce2, 32);
memcpy (hccapx->mac_ap, wpa->orig_mac_ap, 6);
memcpy (hccapx->mac_sta, wpa->orig_mac_sta, 6);
memcpy (hccapx->nonce_ap, wpa->orig_nonce_ap, 32);
memcpy (hccapx->nonce_sta, wpa->orig_nonce_sta, 32);
char *digests_buf_ptr = (char *) digests_buf;
@ -14778,11 +14782,11 @@ void to_hccap_t (hashcat_ctx_t *hashcat_ctx, hccap_t *hccap, const u32 salt_pos,
digest_tmp[2] = byte_swap_32 (digest_ptr[2]);
digest_tmp[3] = byte_swap_32 (digest_ptr[3]);
memcpy (hccap->keymic, digest_tmp, 16);
memcpy (hccapx->keymic, digest_tmp, 16);
}
else
{
memcpy (hccap->keymic, digest_ptr, 16);
memcpy (hccapx->keymic, digest_ptr, 16);
}
}
@ -22486,7 +22490,7 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
switch (hashconfig->hash_mode)
{
case 2500: ((wpa_t *) esalt)->eapol_size = 128;
case 2500: ((wpa_t *) esalt)->eapol_len = 128;
break;
case 5300: ((ikepsk_t *) esalt)->nr_len = 1;
((ikepsk_t *) esalt)->msg_len = 1;

View File

@ -241,20 +241,20 @@ char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
wpa_t *wpa = (wpa_t *) hashes->esalts_buf;
snprintf (tmp_buf, HCBUFSIZ_TINY - 1, "%s (%02x:%02x:%02x:%02x:%02x:%02x <-> %02x:%02x:%02x:%02x:%02x:%02x)",
snprintf (tmp_buf, HCBUFSIZ_TINY - 1, "%s (AP:%02x:%02x:%02x:%02x:%02x:%02x STA:%02x:%02x:%02x:%02x:%02x:%02x)",
(char *) hashes->salts_buf[0].salt_buf,
wpa->orig_mac1[0],
wpa->orig_mac1[1],
wpa->orig_mac1[2],
wpa->orig_mac1[3],
wpa->orig_mac1[4],
wpa->orig_mac1[5],
wpa->orig_mac2[0],
wpa->orig_mac2[1],
wpa->orig_mac2[2],
wpa->orig_mac2[3],
wpa->orig_mac2[4],
wpa->orig_mac2[5]);
wpa->orig_mac_ap[0],
wpa->orig_mac_ap[1],
wpa->orig_mac_ap[2],
wpa->orig_mac_ap[3],
wpa->orig_mac_ap[4],
wpa->orig_mac_ap[5],
wpa->orig_mac_sta[0],
wpa->orig_mac_sta[1],
wpa->orig_mac_sta[2],
wpa->orig_mac_sta[3],
wpa->orig_mac_sta[4],
wpa->orig_mac_sta[5]);
return tmp_buf;
}

View File

@ -8,7 +8,7 @@
static const char *USAGE_MINI[] =
{
"Usage: %s [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...",
"Usage: %s [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...",
"",
"Try --help for more help.",
NULL
@ -18,7 +18,7 @@ static const char *USAGE_BIG[] =
{
"%s, advanced password recovery",
"",
"Usage: %s [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...",
"Usage: %s [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...",
"",
"- [ Options ] -",
"",