|
|
|
@ -50,7 +50,7 @@ my $hashcat = "./hashcat";
|
|
|
|
|
|
|
|
|
|
my $MAX_LEN = 55;
|
|
|
|
|
|
|
|
|
|
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15900, 16000, 16100, 99999);
|
|
|
|
|
my @modes = (0, 10, 11, 12, 20, 21, 22, 23, 30, 40, 50, 60, 100, 101, 110, 111, 112, 120, 121, 122, 125, 130, 131, 132, 133, 140, 141, 150, 160, 200, 300, 400, 500, 600, 900, 1000, 1100, 1300, 1400, 1410, 1411, 1420, 1430, 1440, 1441, 1450, 1460, 1500, 1600, 1700, 1710, 1711, 1720, 1730, 1740, 1722, 1731, 1750, 1760, 1800, 2100, 2400, 2410, 2500, 2600, 2611, 2612, 2711, 2811, 3000, 3100, 3200, 3710, 3711, 3300, 3500, 3610, 3720, 3800, 3910, 4010, 4110, 4210, 4300, 4400, 4500, 4520, 4521, 4522, 4600, 4700, 4800, 4900, 5000, 5100, 5300, 5400, 5500, 5600, 5700, 5800, 6000, 6100, 6300, 6400, 6500, 6600, 6700, 6800, 6900, 7000, 7100, 7200, 7300, 7400, 7500, 7700, 7800, 7900, 8000, 8100, 8200, 8300, 8400, 8500, 8600, 8700, 8900, 9100, 9200, 9300, 9400, 9500, 9600, 9700, 9800, 9900, 10000, 10100, 10200, 10300, 10400, 10500, 10600, 10700, 10800, 10900, 11000, 11100, 11200, 11300, 11400, 11500, 11600, 11900, 12000, 12001, 12100, 12200, 12300, 12400, 12600, 12700, 12800, 12900, 13000, 13100, 13200, 13300, 13400, 13500, 13600, 13800, 13900, 14000, 14100, 14400, 14700, 14800, 14900, 15000, 15100, 15200, 15300, 15400, 15500, 15600, 15700, 15900, 16000, 16100, 16200, 99999);
|
|
|
|
|
|
|
|
|
|
my %is_utf16le = map { $_ => 1 } qw (30 40 130 131 132 133 140 141 1000 1100 1430 1440 1441 1730 1740 1731 5500 5600 8000 9400 9500 9600 9700 9800 11600 13500 13800);
|
|
|
|
|
my %less_fifteen = map { $_ => 1 } qw (500 1600 1800 3200 6300 7400 10500 10700);
|
|
|
|
@ -2817,6 +2817,32 @@ sub verify
|
|
|
|
|
|
|
|
|
|
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
|
|
|
|
|
}
|
|
|
|
|
# apple secure notes
|
|
|
|
|
elsif ($mode == 16200)
|
|
|
|
|
{
|
|
|
|
|
($hash_in, $word) = split ":", $line;
|
|
|
|
|
|
|
|
|
|
next unless defined $hash_in;
|
|
|
|
|
next unless defined $word;
|
|
|
|
|
|
|
|
|
|
my @data = split ('\*', $hash_in);
|
|
|
|
|
|
|
|
|
|
next unless scalar @data == 5;
|
|
|
|
|
|
|
|
|
|
my $signature = shift @data;
|
|
|
|
|
|
|
|
|
|
next unless ($signature eq '$SN$');
|
|
|
|
|
|
|
|
|
|
my ($Z_PK, $ZCRYPTOITERATIONCOUNT, $ZCRYPTOSALT, $ZCRYPTOWRAPPEDKEY) = @data;
|
|
|
|
|
|
|
|
|
|
$salt = $ZCRYPTOSALT;
|
|
|
|
|
$iter = $ZCRYPTOITERATIONCOUNT;
|
|
|
|
|
|
|
|
|
|
$param = $Z_PK;
|
|
|
|
|
$param2 = $ZCRYPTOWRAPPEDKEY;
|
|
|
|
|
|
|
|
|
|
next unless (exists ($db->{$hash_in}) and (! defined ($db->{$hash_in})));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
print "ERROR: hash mode is not supported\n";
|
|
|
|
@ -3240,6 +3266,14 @@ sub verify
|
|
|
|
|
|
|
|
|
|
return unless (substr ($line, 0, $len) eq $hash_out);
|
|
|
|
|
}
|
|
|
|
|
elsif ($mode == 16200)
|
|
|
|
|
{
|
|
|
|
|
$hash_out = gen_hash ($mode, $word, $salt, $iter, $param, $param2);
|
|
|
|
|
|
|
|
|
|
$len = length $hash_out;
|
|
|
|
|
|
|
|
|
|
return unless (substr ($line, 0, $len) eq $hash_out);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$hash_out = gen_hash ($mode, $word, $salt, $iter);
|
|
|
|
@ -3799,6 +3833,10 @@ sub passthrough
|
|
|
|
|
{
|
|
|
|
|
$tmp_hash = gen_hash ($mode, $word_buf, undef);
|
|
|
|
|
}
|
|
|
|
|
elsif ($mode == 16200)
|
|
|
|
|
{
|
|
|
|
|
$tmp_hash = gen_hash ($mode, $word_buf, substr ($salt_buf, 0, 16));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
print "ERROR: Unsupported hash type\n";
|
|
|
|
@ -4854,6 +4892,20 @@ sub single
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
elsif ($mode == 16200)
|
|
|
|
|
{
|
|
|
|
|
for (my $i = 1; $i < 32; $i++)
|
|
|
|
|
{
|
|
|
|
|
if ($len != 0)
|
|
|
|
|
{
|
|
|
|
|
rnd ($mode, $len, 16);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
rnd ($mode, $i, 16);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -9061,6 +9113,133 @@ END_CODE
|
|
|
|
|
|
|
|
|
|
$tmp_hash = sprintf ('$tacacs-plus$0$%s$%s$%s', unpack ("H*", $session_id), unpack ("H*", $encrypted_data), unpack ("H*", $sequence));
|
|
|
|
|
}
|
|
|
|
|
elsif ($mode == 16200)
|
|
|
|
|
{
|
|
|
|
|
my $salt_bin = pack ("H*", $salt_buf);
|
|
|
|
|
|
|
|
|
|
my $iterations = 20000;
|
|
|
|
|
|
|
|
|
|
if (defined ($iter))
|
|
|
|
|
{
|
|
|
|
|
$iterations = $iter;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $Z_PK = 1;
|
|
|
|
|
|
|
|
|
|
if (defined $additional_param)
|
|
|
|
|
{
|
|
|
|
|
$Z_PK = $additional_param;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $pbkdf2 = Crypt::PBKDF2->new
|
|
|
|
|
(
|
|
|
|
|
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
|
|
|
|
|
iterations => $iterations,
|
|
|
|
|
output_len => 16,
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
my $KEK = $pbkdf2->PBKDF2 ($salt_bin, $word_buf);
|
|
|
|
|
|
|
|
|
|
my $aes = Crypt::Mode::ECB->new ('AES', 0);
|
|
|
|
|
|
|
|
|
|
my $blob_bin;
|
|
|
|
|
|
|
|
|
|
my $A;
|
|
|
|
|
my $B;
|
|
|
|
|
my $P1;
|
|
|
|
|
my $P2;
|
|
|
|
|
|
|
|
|
|
if (defined $additional_param2)
|
|
|
|
|
{
|
|
|
|
|
$blob_bin = pack ("H*", $additional_param2);
|
|
|
|
|
|
|
|
|
|
$A = substr ($blob_bin, 0, 8);
|
|
|
|
|
$P1 = substr ($blob_bin, 8, 8);
|
|
|
|
|
$P2 = substr ($blob_bin, 16, 8);
|
|
|
|
|
|
|
|
|
|
for (my $j = 5; $j >= 0; $j--)
|
|
|
|
|
{
|
|
|
|
|
# N = 2
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B ^= pack ("Q>", (2 * $j + 2));
|
|
|
|
|
$B .= $P2;
|
|
|
|
|
$B = $aes->decrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$P2 = substr ($B, 8, 8);
|
|
|
|
|
|
|
|
|
|
# N = 1
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B ^= pack ("Q>", (2 * $j + 1));
|
|
|
|
|
$B .= $P1;
|
|
|
|
|
$B = $aes->decrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$P1 = substr ($B, 8, 8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($A eq "\xa6" x 8)
|
|
|
|
|
{
|
|
|
|
|
for (my $j = 0; $j <= 5; $j++)
|
|
|
|
|
{
|
|
|
|
|
# N = 1
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B .= $P1;
|
|
|
|
|
$B = $aes->encrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$A ^= pack ("Q>", (2 * $j + 1));
|
|
|
|
|
$P1 = substr ($B, 8, 8);
|
|
|
|
|
|
|
|
|
|
# N = 2
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B .= $P2;
|
|
|
|
|
$B = $aes->encrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$A ^= pack ("Q>", (2 * $j + 2));
|
|
|
|
|
$P2 = substr ($B, 8, 8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$blob_bin = $A . $P1 . $P2;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$blob_bin = "\xff" x 24;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$A = "\xa6" x 8;
|
|
|
|
|
$P1 = "\xff" x 8;
|
|
|
|
|
$P2 = "\xff" x 8;
|
|
|
|
|
|
|
|
|
|
for (my $j = 0; $j <= 5; $j++)
|
|
|
|
|
{
|
|
|
|
|
# N = 1
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B .= $P1;
|
|
|
|
|
$B = $aes->encrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$A ^= pack ("Q>", (2 * $j + 1));
|
|
|
|
|
$P1 = substr ($B, 8, 8);
|
|
|
|
|
|
|
|
|
|
# N = 2
|
|
|
|
|
|
|
|
|
|
$B = $A;
|
|
|
|
|
$B .= $P2;
|
|
|
|
|
$B = $aes->encrypt ($B, $KEK);
|
|
|
|
|
$A = substr ($B, 0, 8);
|
|
|
|
|
$A ^= pack ("Q>", (2 * $j + 2));
|
|
|
|
|
$P2 = substr ($B, 8, 8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$blob_bin = $A . $P1 . $P2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$tmp_hash = sprintf ('$SN$*%d*%d*%s*%s', $Z_PK, $iterations, unpack ("H*", $salt_bin), unpack ("H*", $blob_bin));
|
|
|
|
|
}
|
|
|
|
|
elsif ($mode == 99999)
|
|
|
|
|
{
|
|
|
|
|
$tmp_hash = sprintf ("%s", $word_buf);
|
|
|
|
|