arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add min/max data length limits to MetaMask Wallet

Browse Source
pull/2863/head
Gabriele Gristina 3 years ago
parent 1a34eba9f4
commit 7371cbebe7
4 changed files with 47 additions and 240 deletions
Show Stats Download Patch File Download Diff File

2
OpenCL/inc_cipher_aes-gcm.cl
Unescape View File

@ -219,7 +219,7 @@ DECLSPEC void AES_GCM_gctr (const u32 *key, const u32 *iv, const u32 *in, int in
iv_buf[2] = iv[2];
iv_buf[3] = iv[3];
const int n = in_len / 16;
const u32 n = in_len / 16;
for (u32 i = 0; i < n; i++)
{

214
OpenCL/m26600-pure.cl
Unescape View File

@ -34,7 +34,7 @@ typedef struct pbkdf2_sha256_aes_gcm
u32 salt_buf[64];
u32 iv_buf[4];
u32 iv_len;
u32 ct_buf[192];
u32 ct_buf[196];
u32 ct_len;
} pbkdf2_sha256_aes_gcm_t;
@ -349,34 +349,6 @@ KERNEL_FQ void m26600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sh
// ct
/*
u32 enc[14] = { 0 };
enc[ 0] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 0];
enc[ 1] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 1];
enc[ 2] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 2];
enc[ 3] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 3];
enc[ 4] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 4];
enc[ 5] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 5];
enc[ 6] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 6];
enc[ 7] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 7];
enc[ 8] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 8];
enc[ 9] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 9];
enc[10] = esalt_bufs[DIGESTS_OFFSET].ct_buf[10];
enc[11] = esalt_bufs[DIGESTS_OFFSET].ct_buf[11];
enc[12] = esalt_bufs[DIGESTS_OFFSET].ct_buf[12];
enc[13] = esalt_bufs[DIGESTS_OFFSET].ct_buf[13];
u32 enc_len = esalt_bufs[DIGESTS_OFFSET].ct_len;
*/
/*
// decrypt buffer is not usefull here, skip
u32 dec[14] = { 0 };
AES_GCM_GCTR (key, J0, enc, enc_len, dec, s_te0, s_te1, s_te2, s_te3, s_te4);
*/
u32 T[4] = { 0 };
u32 S[4] = { 0 };
@ -384,8 +356,6 @@ KERNEL_FQ void m26600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sh
u32 aad_buf[4] = { 0 };
u32 aad_len = 0;
//AES_GCM_GHASH (subKey, aad_buf, aad_len, enc, enc_len, S);
AES_GCM_GHASH_GLOBAL (subKey, aad_buf, aad_len, esalt_bufs[DIGESTS_OFFSET].ct_buf, esalt_bufs[DIGESTS_OFFSET].ct_len, S);
AES_GCM_GCTR (key, J0, S, S_len, T, s_te0, s_te1, s_te2, s_te3, s_te4);
@ -403,185 +373,3 @@ KERNEL_FQ void m26600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sh
#include COMPARE_M
#endif
}
/*
Optimized GCM: No real speed benefit. For documentation purpose
KERNEL_FQ void m26600_comp (KERN_ATTR_TMPS_ESALT (pbkdf2_sha256_tmp_t, pbkdf2_sha256_aes_gcm_t))
{
const u64 gid = get_global_id (0);
const u64 lid = get_local_id (0);
const u64 lsz = get_local_size (0);
#ifdef REAL_SHM
LOCAL_VK u32 s_te0[256];
LOCAL_VK u32 s_te1[256];
LOCAL_VK u32 s_te2[256];
LOCAL_VK u32 s_te3[256];
LOCAL_VK u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
SYNC_THREADS ();
#else
CONSTANT_AS u32a *s_te0 = te0;
CONSTANT_AS u32a *s_te1 = te1;
CONSTANT_AS u32a *s_te2 = te2;
CONSTANT_AS u32a *s_te3 = te3;
CONSTANT_AS u32a *s_te4 = te4;
#endif
if (gid >= gid_max) return;
// keys
u32 ukey[8];
ukey[0] = tmps[gid].out[0];
ukey[1] = tmps[gid].out[1];
ukey[2] = tmps[gid].out[2];
ukey[3] = tmps[gid].out[3];
ukey[4] = tmps[gid].out[4];
ukey[5] = tmps[gid].out[5];
ukey[6] = tmps[gid].out[6];
ukey[7] = tmps[gid].out[7];
u32 key[60] = { 0 };
u32 subKey[4] = { 0 };
AES256_set_encrypt_key (key, ukey, s_te0, s_te1, s_te2, s_te3);
AES256_encrypt (key, subKey, subKey, s_te0, s_te1, s_te2, s_te3, s_te4);
// iv
const u32 iv[4] = {
esalt_bufs[DIGESTS_OFFSET].iv_buf[0],
esalt_bufs[DIGESTS_OFFSET].iv_buf[1],
esalt_bufs[DIGESTS_OFFSET].iv_buf[2],
esalt_bufs[DIGESTS_OFFSET].iv_buf[3]
};
u32 J0[4] = {
iv[0],
iv[1],
iv[2],
0x00000001
};
// ct
u32 enc[14] = { 0 };
enc[ 0] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 0];
enc[ 1] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 1];
enc[ 2] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 2];
enc[ 3] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 3];
enc[ 4] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 4];
enc[ 5] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 5];
enc[ 6] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 6];
enc[ 7] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 7];
enc[ 8] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 8];
enc[ 9] = esalt_bufs[DIGESTS_OFFSET].ct_buf[ 9];
enc[10] = esalt_bufs[DIGESTS_OFFSET].ct_buf[10];
enc[11] = esalt_bufs[DIGESTS_OFFSET].ct_buf[11];
enc[12] = esalt_bufs[DIGESTS_OFFSET].ct_buf[12];
enc[13] = esalt_bufs[DIGESTS_OFFSET].ct_buf[13];
u32 enc_len = esalt_bufs[DIGESTS_OFFSET].ct_len;
u32 S[4] = { 0 };
u32 t[4] = { 0 };
S[0] ^= enc[0];
S[1] ^= enc[1];
S[2] ^= enc[2];
S[3] ^= enc[3];
AES_GCM_gf_mult (S, subKey, t);
S[0] = t[0] ^ enc[4];
S[1] = t[1] ^ enc[5];
S[2] = t[2] ^ enc[6];
S[3] = t[3] ^ enc[7];
AES_GCM_gf_mult (S, subKey, t);
S[0] = t[0] ^ enc[8];
S[1] = t[1] ^ enc[9];
S[2] = t[2] ^ enc[10];
S[3] = t[3] ^ enc[11];
AES_GCM_gf_mult (S, subKey, t);
S[0] = t[0];
S[1] = t[1];
S[2] = t[2];
S[3] = t[3];
t[0] = enc[12];
t[1] = enc[13];
t[2] = 0;
t[3] = 0;
S[0] ^= t[0];
S[1] ^= t[1];
S[2] ^= t[2];
S[3] ^= t[3];
AES_GCM_gf_mult (S, subKey, t);
S[0] = t[0];
S[1] = t[1];
S[2] = t[2];
S[3] = t[3];
u32 len_buf[4] = { 0 };
len_buf[0] = 0;
len_buf[3] = enc_len * 8;
S[0] ^= len_buf[0];
S[1] ^= len_buf[1];
S[2] ^= len_buf[2];
S[3] ^= len_buf[3];
AES_GCM_gf_mult (S, subKey, t);
S[0] = t[0];
S[1] = t[1];
S[2] = t[2];
S[3] = t[3];
J0[3] = 0x00000001;
u32 T[4] = { 0 };
AES256_encrypt (key, J0, T, s_te0, s_te1, s_te2, s_te3, s_te4);
const u32 r0 = T[0] ^ S[0];
const u32 r1 = T[1] ^ S[1];
const u32 r2 = T[2] ^ S[2];
const u32 r3 = T[3] ^ S[3];
#define il_pos 0
#ifdef KERNEL_STATIC
#include COMPARE_M
#endif
}
*/

57
src/modules/module_26600.c
Unescape View File

@ -57,7 +57,7 @@ typedef struct pbkdf2_sha256_aes_gcm
u32 salt_buf[64];
u32 iv_buf[4];
u32 iv_len;
u32 ct_buf[192];
u32 ct_buf[196];
u32 ct_len;
} pbkdf2_sha256_aes_gcm_t;
@ -113,6 +113,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
pbkdf2_sha256_aes_gcm_t *metamask = (pbkdf2_sha256_aes_gcm_t *) esalt_buf;
#define CT_MAX_LEN_BASE64 ((768 * 8) / 6) + 3
token_t token;
token.token_cnt = 4;
@ -137,8 +139,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
| TOKEN_ATTR_VERIFY_BASE64A;
token.sep[3] = '$';
token.len_min[3] = 248;
token.len_max[3] = 248;
token.len_min[3] = 64;
token.len_max[3] = CT_MAX_LEN_BASE64;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_BASE64A;
@ -146,7 +148,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
u8 tmp_buf[512] = { 0 };
u8 tmp_buf[CT_MAX_LEN_BASE64] = { 0 };
size_t tmp_len = 0;
@ -189,7 +191,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
if (tmp_len != 16) return (PARSER_IV_LENGTH);
memcpy ((u8 *)metamask->iv_buf, tmp_buf, tmp_len);
memcpy ((u8 *) metamask->iv_buf, tmp_buf, tmp_len);
metamask->iv_buf[0] = byte_swap_32 (metamask->iv_buf[0]);
metamask->iv_buf[1] = byte_swap_32 (metamask->iv_buf[1]);
@ -207,24 +209,27 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
tmp_len = base64_decode (base64_to_int, ct_pos, ct_len, tmp_buf);
if (tmp_len != 185) return (PARSER_CT_LENGTH);
if (tmp_len <= 16) return (PARSER_CT_LENGTH);
memcpy ((u8 *)metamask->ct_buf, tmp_buf, tmp_len - 16);
tmp_len -= 16;
for (u32 i = 0; i < 43; i++)
{
metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]);
}
if (tmp_len < 30 || tmp_len > 768) return (PARSER_CT_LENGTH);
metamask->ct_len = tmp_len - 16;
memcpy ((u8 *) metamask->ct_buf, tmp_buf, tmp_len);
// tag
u32 j = tmp_len / 4;
if ((tmp_len % 4) > 0) j++;
u32 tag_buf[4];
for (u32 i = 0; i < j; i++) metamask->ct_buf[i] = byte_swap_32 (metamask->ct_buf[i]);
memset (tag_buf, 0, sizeof (tag_buf));
metamask->ct_len = tmp_len;
memcpy ((u8 *)tag_buf, tmp_buf+metamask->ct_len, 16);
// tag
u32 tag_buf[4] = { 0 };
memcpy ((u8 *) tag_buf, tmp_buf+metamask->ct_len, 16);
digest[0] = byte_swap_32 (tag_buf[0]);
digest[1] = byte_swap_32 (tag_buf[1]);
@ -242,9 +247,9 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
// salt
#define SALT_LEN_BASE64 ((32 * 8) / 6) + 3
#define IV_LEN_BASE64 ((16 * 8) / 6) + 3
#define CT_LEN_BASE64 ((185 * 8) / 6) + 3
#define SALT_LEN_BASE64 ((32 * 8) / 6) + 3
#define IV_LEN_BASE64 ((16 * 8) / 6) + 3
#define CT_MAX_LEN_BASE64 ((768 * 8) / 6) + 3
u8 salt_buf[SALT_LEN_BASE64] = { 0 };
@ -259,15 +264,21 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
tmp_iv_buf[2] = byte_swap_32 (metamask->iv_buf[2]);
tmp_iv_buf[3] = byte_swap_32 (metamask->iv_buf[3]);
u8 iv_buf[IV_LEN_BASE64] = { 0 };
u8 iv_buf[IV_LEN_BASE64+1] = { 0 };
base64_encode (int_to_base64, (const u8 *) tmp_iv_buf, (const int) metamask->iv_len, iv_buf);
// ct
u32 tmp_buf[47] = { 0 };
u32 ct_len = metamask->ct_len;
u32 j = ct_len / 4;
if ((ct_len % 4) > 0) j++;
u32 tmp_buf[196] = { 0 };
for (int i = 0; i < 43; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]);
for (u32 i = 0; i < j; i++) tmp_buf[i] = byte_swap_32 (metamask->ct_buf[i]);
u32 tmp_tag[4] = { 0 };
@ -281,7 +292,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
memcpy (tmp_buf_str+metamask->ct_len, tmp_tag_str, 16);
u8 ct_buf[CT_LEN_BASE64] = { 0 };
u8 ct_buf[CT_MAX_LEN_BASE64] = { 0 };
base64_encode (int_to_base64, (const u8 *) tmp_buf, (const int) metamask->ct_len+16, ct_buf);

14
tools/test_modules/m26600.pm
Unescape View File

@ -21,6 +21,9 @@ sub module_generate_hash
my $iv = shift // random_hex_string (32);
my $ct = shift;
my $ct_min_len = 30;
my $ct_max_len = 768;
my $kdf = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
@ -55,12 +58,12 @@ sub module_generate_hash
}
else
{
$pt = "\xff" x 169;
$pt = "\xff" x ($ct_min_len + int(rand($ct_max_len - $ct_min_len)) + 1);
}
}
else
{
$pt = "\xff" x 169;
$pt = "\xff" x ($ct_min_len + int(rand($ct_max_len - $ct_min_len)) + 1);
}
my $aes = Crypt::AuthEnc::GCM->new ("AES", $key, $iv_bin);
@ -100,7 +103,12 @@ sub module_verify_hash
return unless length $salt_bin == 32;
return unless length $iv_bin == 16;
return unless length $ct_bin == 185;
my $ct_len = length ($ct_bin);
my $ct_min_len = 30;
my $ct_max_len = 768;
return unless ($ct_len >= $ct_min_len && $ct_len <= $ct_max_len);
my $word_packed = pack_if_HEX_notation ($word);

Write Preview
Loading…
Cancel
Save