diff --git a/OpenCL/m29700-pure.cl b/OpenCL/m29700-pure.cl new file mode 100644 index 000000000..8eaf8ae03 --- /dev/null +++ b/OpenCL/m29700-pure.cl @@ -0,0 +1,625 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) +#include M2S(INCLUDE_PATH/inc_cipher_twofish.cl) +#endif + +#define COMPARE_S M2S(INCLUDE_PATH/inc_comp_single.cl) +#define COMPARE_M M2S(INCLUDE_PATH/inc_comp_multi.cl) + +typedef struct keepass_tmp +{ + u32 tmp_digest[8]; + +} keepass_tmp_t; + +typedef struct keepass +{ + u32 version; + u32 algorithm; + + /* key-file handling */ + u32 keyfile_len; + u32 keyfile[8]; + + u32 final_random_seed[8]; + u32 transf_random_seed[8]; + u32 enc_iv[4]; + u32 contents_hash[8]; + + /* specific to version 1 */ + u32 contents_len; + u32 contents[0x200000]; + + /* specific to version 2 */ + u32 expected_bytes[8]; + +} keepass_t; + +KERNEL_FQ void m29700_init (KERN_ATTR_TMPS_ESALT (keepass_tmp_t, keepass_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + + sha256_update_global_swap (&ctx, pws[gid].i, pws[gid].pw_len); + + sha256_final (&ctx); + + u32 digest[8]; + + digest[0] = ctx.h[0]; + digest[1] = ctx.h[1]; + digest[2] = ctx.h[2]; + digest[3] = ctx.h[3]; + digest[4] = ctx.h[4]; + digest[5] = ctx.h[5]; + digest[6] = ctx.h[6]; + digest[7] = ctx.h[7]; + + tmps[gid].tmp_digest[0] = digest[0]; + tmps[gid].tmp_digest[1] = digest[1]; + tmps[gid].tmp_digest[2] = digest[2]; + tmps[gid].tmp_digest[3] = digest[3]; + tmps[gid].tmp_digest[4] = digest[4]; + tmps[gid].tmp_digest[5] = digest[5]; + tmps[gid].tmp_digest[6] = digest[6]; + tmps[gid].tmp_digest[7] = digest[7]; +} + +KERNEL_FQ void m29700_loop (KERN_ATTR_TMPS_ESALT (keepass_tmp_t, keepass_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + /* Construct AES key */ + + u32 ukey[8]; + + ukey[0] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[0]; + ukey[1] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[1]; + ukey[2] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[2]; + ukey[3] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[3]; + ukey[4] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[4]; + ukey[5] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[5]; + ukey[6] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[6]; + ukey[7] = esalt_bufs[DIGESTS_OFFSET_HOST].transf_random_seed[7]; + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + AES256_set_encrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3); + + u32 data0[4]; + u32 data1[4]; + + data0[0] = tmps[gid].tmp_digest[0]; + data0[1] = tmps[gid].tmp_digest[1]; + data0[2] = tmps[gid].tmp_digest[2]; + data0[3] = tmps[gid].tmp_digest[3]; + data1[0] = tmps[gid].tmp_digest[4]; + data1[1] = tmps[gid].tmp_digest[5]; + data1[2] = tmps[gid].tmp_digest[6]; + data1[3] = tmps[gid].tmp_digest[7]; + + for (u32 i = 0; i < LOOP_CNT; i++) + { + AES256_encrypt (ks, data0, data0, s_te0, s_te1, s_te2, s_te3, s_te4); + AES256_encrypt (ks, data1, data1, s_te0, s_te1, s_te2, s_te3, s_te4); + } + + tmps[gid].tmp_digest[0] = data0[0]; + tmps[gid].tmp_digest[1] = data0[1]; + tmps[gid].tmp_digest[2] = data0[2]; + tmps[gid].tmp_digest[3] = data0[3]; + tmps[gid].tmp_digest[4] = data1[0]; + tmps[gid].tmp_digest[5] = data1[1]; + tmps[gid].tmp_digest[6] = data1[2]; + tmps[gid].tmp_digest[7] = data1[3]; +} + +KERNEL_FQ void m29700_comp (KERN_ATTR_TMPS_ESALT (keepass_tmp_t, keepass_t)) +{ + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_td0[256]; + LOCAL_VK u32 s_td1[256]; + LOCAL_VK u32 s_td2[256]; + LOCAL_VK u32 s_td3[256]; + LOCAL_VK u32 s_td4[256]; + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_td0[i] = td0[i]; + s_td1[i] = td1[i]; + s_td2[i] = td2[i]; + s_td3[i] = td3[i]; + s_td4[i] = td4[i]; + + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_td0 = td0; + CONSTANT_AS u32a *s_td1 = td1; + CONSTANT_AS u32a *s_td2 = td2; + CONSTANT_AS u32a *s_td3 = td3; + CONSTANT_AS u32a *s_td4 = td4; + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + /* hash output... */ + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + + w0[0] = tmps[gid].tmp_digest[0]; + w0[1] = tmps[gid].tmp_digest[1]; + w0[2] = tmps[gid].tmp_digest[2]; + w0[3] = tmps[gid].tmp_digest[3]; + w1[0] = tmps[gid].tmp_digest[4]; + w1[1] = tmps[gid].tmp_digest[5]; + w1[2] = tmps[gid].tmp_digest[6]; + w1[3] = tmps[gid].tmp_digest[7]; + w2[0] = 0; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + + sha256_update_64 (&ctx, w0, w1, w2, w3, 32); + + sha256_final (&ctx); + + u32 digest[8]; + + digest[0] = ctx.h[0]; + digest[1] = ctx.h[1]; + digest[2] = ctx.h[2]; + digest[3] = ctx.h[3]; + digest[4] = ctx.h[4]; + digest[5] = ctx.h[5]; + digest[6] = ctx.h[6]; + digest[7] = ctx.h[7]; + + /* ...then hash final_random_seed | output */ + + if (esalt_bufs[DIGESTS_OFFSET_HOST].version == 1) + { + w0[0] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[0]; + w0[1] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[1]; + w0[2] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[2]; + w0[3] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[3]; + w1[0] = digest[0]; + w1[1] = digest[1]; + w1[2] = digest[2]; + w1[3] = digest[3]; + w2[0] = digest[4]; + w2[1] = digest[5]; + w2[2] = digest[6]; + w2[3] = digest[7]; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = 0; + + sha256_init (&ctx); + + sha256_update_64 (&ctx, w0, w1, w2, w3, 48); + + sha256_final (&ctx); + + digest[0] = ctx.h[0]; + digest[1] = ctx.h[1]; + digest[2] = ctx.h[2]; + digest[3] = ctx.h[3]; + digest[4] = ctx.h[4]; + digest[5] = ctx.h[5]; + digest[6] = ctx.h[6]; + digest[7] = ctx.h[7]; + } + else + { + w0[0] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[0]; + w0[1] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[1]; + w0[2] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[2]; + w0[3] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[3]; + w1[0] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[4]; + w1[1] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[5]; + w1[2] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[6]; + w1[3] = esalt_bufs[DIGESTS_OFFSET_HOST].final_random_seed[7]; + w2[0] = digest[0]; + w2[1] = digest[1]; + w2[2] = digest[2]; + w2[3] = digest[3]; + w3[0] = digest[4]; + w3[1] = digest[5]; + w3[2] = digest[6]; + w3[3] = digest[7]; + + sha256_init (&ctx); + + sha256_update_64 (&ctx, w0, w1, w2, w3, 64); + + sha256_final (&ctx); + + digest[0] = ctx.h[0]; + digest[1] = ctx.h[1]; + digest[2] = ctx.h[2]; + digest[3] = ctx.h[3]; + digest[4] = ctx.h[4]; + digest[5] = ctx.h[5]; + digest[6] = ctx.h[6]; + digest[7] = ctx.h[7]; + } + + // at this point we have to distinguish between the different keypass versions + + u32 iv[4]; + + iv[0] = esalt_bufs[DIGESTS_OFFSET_HOST].enc_iv[0]; + iv[1] = esalt_bufs[DIGESTS_OFFSET_HOST].enc_iv[1]; + iv[2] = esalt_bufs[DIGESTS_OFFSET_HOST].enc_iv[2]; + iv[3] = esalt_bufs[DIGESTS_OFFSET_HOST].enc_iv[3]; + + u32 r0 = 0; + u32 r1 = 0; + u32 r2 = 0; + u32 r3 = 0; + + if (esalt_bufs[DIGESTS_OFFSET_HOST].version == 1) + { + sha256_ctx_t ctx; + + sha256_init (&ctx); + + if (esalt_bufs[DIGESTS_OFFSET_HOST].algorithm == 1) + { + /* Construct final Twofish key */ + u32 sk[4]; + u32 lk[40]; + + digest[0] = hc_swap32_S (digest[0]); + digest[1] = hc_swap32_S (digest[1]); + digest[2] = hc_swap32_S (digest[2]); + digest[3] = hc_swap32_S (digest[3]); + digest[4] = hc_swap32_S (digest[4]); + digest[5] = hc_swap32_S (digest[5]); + digest[6] = hc_swap32_S (digest[6]); + digest[7] = hc_swap32_S (digest[7]); + + twofish256_set_key (sk, lk, digest); + + iv[0] = hc_swap32_S (iv[0]); + iv[1] = hc_swap32_S (iv[1]); + iv[2] = hc_swap32_S (iv[2]); + iv[3] = hc_swap32_S (iv[3]); + + u32 contents_len = esalt_bufs[DIGESTS_OFFSET_HOST].contents_len; + + u32 contents_pos; + u32 contents_off; + + // process (decrypt and hash) the buffer with the biggest steps possible. + + for (contents_pos = 0, contents_off = 0; contents_pos < contents_len - 16; contents_pos += 16, contents_off += 4) + { + u32 data[4]; + + data[0] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 0]; + data[1] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 1]; + data[2] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 2]; + data[3] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 3]; + + data[0] = hc_swap32_S (data[0]); + data[1] = hc_swap32_S (data[1]); + data[2] = hc_swap32_S (data[2]); + data[3] = hc_swap32_S (data[3]); + + u32 out[4]; + + twofish256_decrypt (sk, lk, data, out); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + out[0] = hc_swap32_S (out[0]); + out[1] = hc_swap32_S (out[1]); + out[2] = hc_swap32_S (out[2]); + out[3] = hc_swap32_S (out[3]); + + u32 w0[4] = { 0 }; + u32 w1[4] = { 0 }; + u32 w2[4] = { 0 }; + u32 w3[4] = { 0 }; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + + sha256_update_64 (&ctx, w0, w1, w2, w3, 16); + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + } + + // we've reached the final block for decrypt, it will contain the padding bytes we're looking for + + u32 data[4]; + + data[0] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 0]; + data[1] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 1]; + data[2] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 2]; + data[3] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 3]; + + data[0] = hc_swap32_S (data[0]); + data[1] = hc_swap32_S (data[1]); + data[2] = hc_swap32_S (data[2]); + data[3] = hc_swap32_S (data[3]); + + u32 out[4]; + + twofish256_decrypt (sk, lk, data, out); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + out[0] = hc_swap32_S (out[0]); + out[1] = hc_swap32_S (out[1]); + out[2] = hc_swap32_S (out[2]); + out[3] = hc_swap32_S (out[3]); + + // now we can access the pad byte + + const u32 pad_byte = out[3] & 0xff; + + // we need to clear the buffer of the padding data + + truncate_block_4x4_be_S (out, 16 - pad_byte); + + u32 w0[4] = { 0 }; + u32 w1[4] = { 0 }; + u32 w2[4] = { 0 }; + u32 w3[4] = { 0 }; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + + sha256_update_64 (&ctx, w0, w1, w2, w3, 16 - pad_byte); + } + else + { + /* Construct final AES key */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + AES256_set_decrypt_key (ks, digest, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 contents_len = esalt_bufs[DIGESTS_OFFSET_HOST].contents_len; + + u32 contents_pos; + u32 contents_off; + + for (contents_pos = 0, contents_off = 0; contents_pos < contents_len - 16; contents_pos += 16, contents_off += 4) + { + u32 data[4]; + + data[0] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 0]; + data[1] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 1]; + data[2] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 2]; + data[3] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 3]; + + u32 out[4]; + + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + u32 w0[4] = { 0 }; + u32 w1[4] = { 0 }; + u32 w2[4] = { 0 }; + u32 w3[4] = { 0 }; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + + sha256_update_64 (&ctx, w0, w1, w2, w3, 16); + + iv[0] = data[0]; + iv[1] = data[1]; + iv[2] = data[2]; + iv[3] = data[3]; + } + + // we've reached the final block for decrypt, it will contain the padding bytes we're looking for + + u32 data[4]; + + data[0] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 0]; + data[1] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 1]; + data[2] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 2]; + data[3] = esalt_bufs[DIGESTS_OFFSET_HOST].contents[contents_off + 3]; + + u32 out[4]; + + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + // now we can access the pad byte + + const u32 pad_byte = out[3] & 0xff; + + // we need to clear the buffer of the padding data + + truncate_block_4x4_be_S (out, 16 - pad_byte); + + u32 w0[4] = { 0 }; + u32 w1[4] = { 0 }; + u32 w2[4] = { 0 }; + u32 w3[4] = { 0 }; + + w0[0] = out[0]; + w0[1] = out[1]; + w0[2] = out[2]; + w0[3] = out[3]; + + sha256_update_64 (&ctx, w0, w1, w2, w3, 16 - pad_byte); + } + + sha256_final (&ctx); + + r0 = ctx.h[0]; + r1 = ctx.h[1]; + r2 = ctx.h[2]; + r3 = ctx.h[3]; + } + else + { + /* Construct final AES key */ + + #define KEYLEN 60 + + u32 ks[KEYLEN]; + + AES256_set_decrypt_key (ks, digest, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); + + u32 data[4]; + + data[0] = esalt_bufs[DIGESTS_OFFSET_HOST].contents_hash[0]; + data[1] = esalt_bufs[DIGESTS_OFFSET_HOST].contents_hash[1]; + data[2] = esalt_bufs[DIGESTS_OFFSET_HOST].contents_hash[2]; + data[3] = esalt_bufs[DIGESTS_OFFSET_HOST].contents_hash[3]; + + u32 out[4]; + + AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4); + + out[0] ^= iv[0]; + out[1] ^= iv[1]; + out[2] ^= iv[2]; + out[3] ^= iv[3]; + + r0 = out[0]; + r1 = out[1]; + r2 = out[2]; + r3 = out[3]; + } + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/docs/changes.txt b/docs/changes.txt index f68c5ebe0..88c69a7c7 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -15,6 +15,7 @@ - Added hash-mode: DPAPI masterkey file v2 (context 3) - Added hash-mode: Exodus Desktop Wallet (scrypt) - Added hash-mode: Flask session cookie +- Added hash-mode: KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode - Added hash-mode: Kerberos 5, etype 17, DB - Added hash-mode: Kerberos 5, etype 18, DB - Added hash-mode: PostgreSQL SCRAM-SHA-256 diff --git a/docs/readme.txt b/docs/readme.txt index c31c7c2cd..df48a4d75 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -328,6 +328,7 @@ NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or - Password Safe v3 - LastPass + LastPass sniffed - KeePass 1 (AES/Twofish) and KeePass 2 (AES) +- KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode - Bitwarden - Ansible Vault - Mozilla key3.db diff --git a/src/modules/module_29700.c b/src/modules/module_29700.c new file mode 100644 index 000000000..479ebba59 --- /dev/null +++ b/src/modules/module_29700.c @@ -0,0 +1,743 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_PASSWORD_MANAGER; +static const char *HASH_NAME = "KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode"; +static const u64 KERN_TYPE = 29700; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_PT_HEX + | OPTS_TYPE_MAXIMUM_THREADS; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935"; +static const char *ST_HASH = "$keepass$*2*60000*0*02078d460c3c837003f22ee2ba42b3ac2a9ad9e913efb61349b3f91aacd0b004*c901781373cb6806df4b4c7b427ba698440f9e9dd68101e6a198e4a95cb10098*c602f182f8b03671c944a5af357eede7*135443633e6d2b6dba314dee0a1e2b5d0c025ca5fcaf692a20d77fb62cc44f63*51b0b2d19d82c88a0d1a646151be0b68c5e3c841a7a21b4abb2e9be14f298ed1"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct keepass +{ + u32 version; + u32 algorithm; + + /* key-file handling */ + u32 keyfile_len; + u32 keyfile[8]; + + u32 final_random_seed[8]; + u32 transf_random_seed[8]; + u32 enc_iv[4]; + u32 contents_hash[8]; + + /* specific to version 1 */ + u32 contents_len; + u32 contents[0x200000]; + + /* specific to version 2 */ + u32 expected_bytes[8]; + +} keepass_t; + +typedef struct keepass_tmp +{ + u32 tmp_digest[8]; + +} keepass_tmp_t; + +static const char *SIGNATURE_KEEPASS = "$keepass$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (keepass_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (keepass_tmp_t); + + return tmp_size; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // we only accept hex encoded sha256 + + const u32 pw_min = 32; + + return pw_min; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + // we only accept hex encoded sha256 + + const u32 pw_max = 32; + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + keepass_t *keepass = (keepass_t *) esalt_buf; + + bool is_keyfile_present = false; + + if (line_len < 128) return (PARSER_SALT_LENGTH); + + if ((line_buf[line_len - (64 + 1 + 2 + 1 + 2)] == '*') + && (line_buf[line_len - (64 + 1 + 2 + 1 + 1)] == '1') + && (line_buf[line_len - (64 + 1 + 2 + 1 + 0)] == '*')) is_keyfile_present = true; + + hc_token_t token; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_KEEPASS; + + token.sep[0] = '*'; + token.len_min[0] = 9; + token.len_max[0] = 9; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.sep[1] = '*'; + token.len_min[1] = 1; + token.len_max[1] = 1; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[2] = '*'; + token.len_min[2] = 1; + token.len_max[2] = 10; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[3] = '*'; + token.len_min[3] = 1; + token.len_max[3] = 3; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + if (line_len < 16) return (PARSER_SALT_LENGTH); + + const u8 version = line_buf[10]; + + if (version == '1') + { + token.token_cnt = 11; + + token.sep[4] = '*'; + token.len_min[4] = 32; + token.len_max[4] = 32; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 64; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '*'; + token.len_min[6] = 32; + token.len_max[6] = 32; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '*'; + token.len_min[7] = 64; + token.len_max[7] = 64; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '*'; + token.len_min[8] = 1; + token.len_max[8] = 1; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[9] = '*'; + token.len_min[9] = 1; + token.len_max[9] = 8; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[10] = '*'; + token.len_min[10] = 2; + token.len_max[10] = 0x1000000; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + if (is_keyfile_present == true) + { + token.token_cnt = 14; + + token.sep[11] = '*'; + token.len_min[11] = 1; + token.len_max[11] = 1; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[12] = '*'; + token.len_min[12] = 2; + token.len_max[12] = 2; + token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[13] = '*'; + token.len_min[13] = 64; + token.len_max[13] = 64; + token.attr[13] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + } + } + else if (version == '2') + { + token.token_cnt = 9; + + token.sep[4] = '*'; + token.len_min[4] = 64; + token.len_max[4] = 64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[5] = '*'; + token.len_min[5] = 64; + token.len_max[5] = 64; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[6] = '*'; + token.len_min[6] = 32; + token.len_max[6] = 32; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[7] = '*'; + token.len_min[7] = 64; + token.len_max[7] = 64; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.sep[8] = '*'; + token.len_min[8] = 64; + token.len_max[8] = 64; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + if (is_keyfile_present == true) + { + token.token_cnt = 12; + + token.sep[9] = '*'; + token.len_min[9] = 1; + token.len_max[9] = 1; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[10] = '*'; + token.len_min[10] = 2; + token.len_max[10] = 2; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.sep[11] = '*'; + token.len_min[11] = 64; + token.len_max[11] = 64; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + } + } + else + { + return (PARSER_SALT_VALUE); + } + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // version + + const u8 *version_pos = token.buf[1]; + + keepass->version = hc_strtoul ((const char *) version_pos, NULL, 10); + + // iter + + const u8 *rounds_pos = token.buf[2]; + + salt->salt_iter = hc_strtoul ((const char *) rounds_pos, NULL, 10); + + // algo + + const u8 *algorithm_pos = token.buf[3]; + + keepass->algorithm = hc_strtoul ((const char *) algorithm_pos, NULL, 10); + + // final_random_seed_pos + + const u8 *final_random_seed_pos = token.buf[4]; + + keepass->final_random_seed[0] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 0]); + keepass->final_random_seed[1] = hex_to_u32 ((const u8 *) &final_random_seed_pos[ 8]); + keepass->final_random_seed[2] = hex_to_u32 ((const u8 *) &final_random_seed_pos[16]); + keepass->final_random_seed[3] = hex_to_u32 ((const u8 *) &final_random_seed_pos[24]); + + keepass->final_random_seed[0] = byte_swap_32 (keepass->final_random_seed[0]); + keepass->final_random_seed[1] = byte_swap_32 (keepass->final_random_seed[1]); + keepass->final_random_seed[2] = byte_swap_32 (keepass->final_random_seed[2]); + keepass->final_random_seed[3] = byte_swap_32 (keepass->final_random_seed[3]); + + if (keepass->version == 2) + { + keepass->final_random_seed[4] = hex_to_u32 ((const u8 *) &final_random_seed_pos[32]); + keepass->final_random_seed[5] = hex_to_u32 ((const u8 *) &final_random_seed_pos[40]); + keepass->final_random_seed[6] = hex_to_u32 ((const u8 *) &final_random_seed_pos[48]); + keepass->final_random_seed[7] = hex_to_u32 ((const u8 *) &final_random_seed_pos[56]); + + keepass->final_random_seed[4] = byte_swap_32 (keepass->final_random_seed[4]); + keepass->final_random_seed[5] = byte_swap_32 (keepass->final_random_seed[5]); + keepass->final_random_seed[6] = byte_swap_32 (keepass->final_random_seed[6]); + keepass->final_random_seed[7] = byte_swap_32 (keepass->final_random_seed[7]); + } + + // transf_random_seed_pos + + const u8 *transf_random_seed_pos = token.buf[5]; + + keepass->transf_random_seed[0] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 0]); + keepass->transf_random_seed[1] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[ 8]); + keepass->transf_random_seed[2] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[16]); + keepass->transf_random_seed[3] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[24]); + keepass->transf_random_seed[4] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[32]); + keepass->transf_random_seed[5] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[40]); + keepass->transf_random_seed[6] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[48]); + keepass->transf_random_seed[7] = hex_to_u32 ((const u8 *) &transf_random_seed_pos[56]); + + keepass->transf_random_seed[0] = byte_swap_32 (keepass->transf_random_seed[0]); + keepass->transf_random_seed[1] = byte_swap_32 (keepass->transf_random_seed[1]); + keepass->transf_random_seed[2] = byte_swap_32 (keepass->transf_random_seed[2]); + keepass->transf_random_seed[3] = byte_swap_32 (keepass->transf_random_seed[3]); + keepass->transf_random_seed[4] = byte_swap_32 (keepass->transf_random_seed[4]); + keepass->transf_random_seed[5] = byte_swap_32 (keepass->transf_random_seed[5]); + keepass->transf_random_seed[6] = byte_swap_32 (keepass->transf_random_seed[6]); + keepass->transf_random_seed[7] = byte_swap_32 (keepass->transf_random_seed[7]); + + // enc_iv_pos + + const u8 *enc_iv_pos = token.buf[6]; + + keepass->enc_iv[0] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 0]); + keepass->enc_iv[1] = hex_to_u32 ((const u8 *) &enc_iv_pos[ 8]); + keepass->enc_iv[2] = hex_to_u32 ((const u8 *) &enc_iv_pos[16]); + keepass->enc_iv[3] = hex_to_u32 ((const u8 *) &enc_iv_pos[24]); + + keepass->enc_iv[0] = byte_swap_32 (keepass->enc_iv[0]); + keepass->enc_iv[1] = byte_swap_32 (keepass->enc_iv[1]); + keepass->enc_iv[2] = byte_swap_32 (keepass->enc_iv[2]); + keepass->enc_iv[3] = byte_swap_32 (keepass->enc_iv[3]); + + const u8 *keyfile_pos = NULL; + + if (keepass->version == 1) + { + // contents_hash + + const u8 *contents_hash_pos = token.buf[7]; + + keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]); + keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]); + keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]); + keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]); + keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]); + keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]); + keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]); + keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]); + + keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]); + keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]); + keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]); + keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]); + keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]); + keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]); + keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]); + keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]); + + // contents + + const u8 *contents_pos = token.buf[10]; + const int contents_len = token.len[10]; + + keepass->contents_len = contents_len / 2; + + for (int i = 0, j = 0; j < contents_len; i += 1, j += 8) + { + keepass->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[j]); + + keepass->contents[i] = byte_swap_32 (keepass->contents[i]); + } + + if (is_keyfile_present == true) + { + keyfile_pos = token.buf[13]; + } + } + else if (keepass->version == 2) + { + // expected_bytes + + const u8 *expected_bytes_pos = token.buf[7]; + + keepass->expected_bytes[0] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 0]); + keepass->expected_bytes[1] = hex_to_u32 ((const u8 *) &expected_bytes_pos[ 8]); + keepass->expected_bytes[2] = hex_to_u32 ((const u8 *) &expected_bytes_pos[16]); + keepass->expected_bytes[3] = hex_to_u32 ((const u8 *) &expected_bytes_pos[24]); + keepass->expected_bytes[4] = hex_to_u32 ((const u8 *) &expected_bytes_pos[32]); + keepass->expected_bytes[5] = hex_to_u32 ((const u8 *) &expected_bytes_pos[40]); + keepass->expected_bytes[6] = hex_to_u32 ((const u8 *) &expected_bytes_pos[48]); + keepass->expected_bytes[7] = hex_to_u32 ((const u8 *) &expected_bytes_pos[56]); + + keepass->expected_bytes[0] = byte_swap_32 (keepass->expected_bytes[0]); + keepass->expected_bytes[1] = byte_swap_32 (keepass->expected_bytes[1]); + keepass->expected_bytes[2] = byte_swap_32 (keepass->expected_bytes[2]); + keepass->expected_bytes[3] = byte_swap_32 (keepass->expected_bytes[3]); + keepass->expected_bytes[4] = byte_swap_32 (keepass->expected_bytes[4]); + keepass->expected_bytes[5] = byte_swap_32 (keepass->expected_bytes[5]); + keepass->expected_bytes[6] = byte_swap_32 (keepass->expected_bytes[6]); + keepass->expected_bytes[7] = byte_swap_32 (keepass->expected_bytes[7]); + + // contents_hash + + const u8 *contents_hash_pos = token.buf[8]; + + keepass->contents_hash[0] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 0]); + keepass->contents_hash[1] = hex_to_u32 ((const u8 *) &contents_hash_pos[ 8]); + keepass->contents_hash[2] = hex_to_u32 ((const u8 *) &contents_hash_pos[16]); + keepass->contents_hash[3] = hex_to_u32 ((const u8 *) &contents_hash_pos[24]); + keepass->contents_hash[4] = hex_to_u32 ((const u8 *) &contents_hash_pos[32]); + keepass->contents_hash[5] = hex_to_u32 ((const u8 *) &contents_hash_pos[40]); + keepass->contents_hash[6] = hex_to_u32 ((const u8 *) &contents_hash_pos[48]); + keepass->contents_hash[7] = hex_to_u32 ((const u8 *) &contents_hash_pos[56]); + + keepass->contents_hash[0] = byte_swap_32 (keepass->contents_hash[0]); + keepass->contents_hash[1] = byte_swap_32 (keepass->contents_hash[1]); + keepass->contents_hash[2] = byte_swap_32 (keepass->contents_hash[2]); + keepass->contents_hash[3] = byte_swap_32 (keepass->contents_hash[3]); + keepass->contents_hash[4] = byte_swap_32 (keepass->contents_hash[4]); + keepass->contents_hash[5] = byte_swap_32 (keepass->contents_hash[5]); + keepass->contents_hash[6] = byte_swap_32 (keepass->contents_hash[6]); + keepass->contents_hash[7] = byte_swap_32 (keepass->contents_hash[7]); + + if (is_keyfile_present == true) + { + keyfile_pos = token.buf[11]; + } + } + + if (is_keyfile_present == true) + { + keepass->keyfile_len = 32; + + keepass->keyfile[0] = hex_to_u32 ((const u8 *) &keyfile_pos[ 0]); + keepass->keyfile[1] = hex_to_u32 ((const u8 *) &keyfile_pos[ 8]); + keepass->keyfile[2] = hex_to_u32 ((const u8 *) &keyfile_pos[16]); + keepass->keyfile[3] = hex_to_u32 ((const u8 *) &keyfile_pos[24]); + keepass->keyfile[4] = hex_to_u32 ((const u8 *) &keyfile_pos[32]); + keepass->keyfile[5] = hex_to_u32 ((const u8 *) &keyfile_pos[40]); + keepass->keyfile[6] = hex_to_u32 ((const u8 *) &keyfile_pos[48]); + keepass->keyfile[7] = hex_to_u32 ((const u8 *) &keyfile_pos[56]); + + keepass->keyfile[0] = byte_swap_32 (keepass->keyfile[0]); + keepass->keyfile[1] = byte_swap_32 (keepass->keyfile[1]); + keepass->keyfile[2] = byte_swap_32 (keepass->keyfile[2]); + keepass->keyfile[3] = byte_swap_32 (keepass->keyfile[3]); + keepass->keyfile[4] = byte_swap_32 (keepass->keyfile[4]); + keepass->keyfile[5] = byte_swap_32 (keepass->keyfile[5]); + keepass->keyfile[6] = byte_swap_32 (keepass->keyfile[6]); + keepass->keyfile[7] = byte_swap_32 (keepass->keyfile[7]); + } + + if (keepass->version == 1) + { + digest[0] = keepass->contents_hash[0]; + digest[1] = keepass->contents_hash[1]; + digest[2] = keepass->contents_hash[2]; + digest[3] = keepass->contents_hash[3]; + } + else + { + digest[0] = keepass->expected_bytes[0]; + digest[1] = keepass->expected_bytes[1]; + digest[2] = keepass->expected_bytes[2]; + digest[3] = keepass->expected_bytes[3]; + } + + salt->salt_buf[ 0] = keepass->transf_random_seed[0]; + salt->salt_buf[ 1] = keepass->transf_random_seed[1]; + salt->salt_buf[ 2] = keepass->transf_random_seed[2]; + salt->salt_buf[ 3] = keepass->transf_random_seed[3]; + salt->salt_buf[ 4] = keepass->transf_random_seed[4]; + salt->salt_buf[ 5] = keepass->transf_random_seed[5]; + salt->salt_buf[ 6] = keepass->transf_random_seed[6]; + salt->salt_buf[ 7] = keepass->transf_random_seed[7]; + salt->salt_buf[ 8] = keepass->keyfile[0]; + salt->salt_buf[ 9] = keepass->keyfile[1]; + salt->salt_buf[10] = keepass->keyfile[2]; + salt->salt_buf[11] = keepass->keyfile[3]; + salt->salt_buf[12] = keepass->keyfile[4]; + salt->salt_buf[13] = keepass->keyfile[5]; + salt->salt_buf[14] = keepass->keyfile[6]; + salt->salt_buf[15] = keepass->keyfile[7]; + + salt->salt_len = 64; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const keepass_t *keepass = (const keepass_t *) esalt_buf; + + u32 version = keepass->version; + u32 rounds = salt->salt_iter; + u32 algorithm = keepass->algorithm; + u32 keyfile_len = keepass->keyfile_len; + + u32 *ptr_final_random_seed = (u32 *) keepass->final_random_seed; + u32 *ptr_transf_random_seed = (u32 *) keepass->transf_random_seed; + u32 *ptr_enc_iv = (u32 *) keepass->enc_iv; + u32 *ptr_contents_hash = (u32 *) keepass->contents_hash; + u32 *ptr_keyfile = (u32 *) keepass->keyfile; + + // specific to version 2 + u32 expected_bytes_len; + u32 *ptr_expected_bytes; + + u32 final_random_seed_len; + u32 transf_random_seed_len; + u32 enc_iv_len; + u32 contents_hash_len; + + transf_random_seed_len = 8; + enc_iv_len = 4; + contents_hash_len = 8; + final_random_seed_len = 8; + + if (version == 1) + final_random_seed_len = 4; + + snprintf (line_buf, line_size, "%s*%u*%u*%u", + SIGNATURE_KEEPASS, + version, + rounds, + algorithm); + + char *ptr_data = line_buf; + + ptr_data += strlen (line_buf); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < final_random_seed_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_final_random_seed[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < transf_random_seed_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_transf_random_seed[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < enc_iv_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_enc_iv[i]); + + *ptr_data = '*'; + ptr_data++; + + if (version == 1) + { + u32 contents_len = keepass->contents_len; + u32 *ptr_contents = (u32 *) keepass->contents; + + for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents_hash[i]); + + *ptr_data = '*'; + ptr_data++; + + // inline flag + *ptr_data = '1'; + ptr_data++; + + *ptr_data = '*'; + ptr_data++; + + char ptr_contents_len[10] = { 0 }; + + sprintf ((char*) ptr_contents_len, "%u", contents_len); + + sprintf (ptr_data, "%u", contents_len); + + ptr_data += strlen (ptr_contents_len); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < contents_len / 4; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents[i]); + } + else if (version == 2) + { + expected_bytes_len = 8; + ptr_expected_bytes = (u32 *) keepass->expected_bytes; + + for (u32 i = 0; i < expected_bytes_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_expected_bytes[i]); + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < contents_hash_len; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_contents_hash[i]); + } + + if (keyfile_len) + { + *ptr_data = '*'; + ptr_data++; + + // inline flag + *ptr_data = '1'; + ptr_data++; + + *ptr_data = '*'; + ptr_data++; + + sprintf (ptr_data, "%u", keyfile_len * 2); + + ptr_data += 2; + + *ptr_data = '*'; + ptr_data++; + + for (u32 i = 0; i < 8; i++, ptr_data += 8) + sprintf (ptr_data, "%08x", ptr_keyfile[i]); + } + + return strlen (line_buf); +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_charset = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +}