Merge pull request #3197 from matrix/13100_format

Added support to use "John the Ripper" hash format with hash-type 13100

OpenCL/m13100_a0-optimized.cl

@@ -25,6 +25,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

OpenCL/m13100_a0-pure.cl

@@ -24,6 +24,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

OpenCL/m13100_a1-optimized.cl

@@ -23,6 +23,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

OpenCL/m13100_a1-pure.cl

@@ -22,6 +22,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

OpenCL/m13100_a3-optimized.cl

@@ -23,6 +23,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

OpenCL/m13100_a3-pure.cl

@@ -22,6 +22,7 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 

docs/changes.txt

@@ -15,11 +15,12 @@
 ##
 
 - Added new backend support for Metal, the OpenCL replacement API on Apple
+- Added support to use 'John the Ripper' hash format with hash-type 13100
+- Added support to use 'John the Ripper' hash format with hash-type 18200
 - Added support to use --debug-mode in attack-mode 9 (Association Attack)
 - Added support to building universal macOS binary on Apple Silicon
 - Added hex encoding format for --separator option
 - Added password candidates range to --status-json output
-- Added support to use 'John the Ripper' hash format with hash-type 18200
 
 ##
 ## Bugs

src/modules/module_13100.c

@@ -47,10 +47,11 @@ typedef struct krb5tgs
   u32 checksum[4];
   u32 edata2[5120];
   u32 edata2_len;
+  u32 format;
 
 } krb5tgs_t;
 
-static const char *SIGNATURE_KRB5TGS = "$krb5tgs$23$";
+static const char *SIGNATURE_KRB5TGS = "$krb5tgs$";
 
 char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
 {
@@ -117,33 +118,111 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   token.signatures_cnt    = 1;
   token.signatures_buf[0] = SIGNATURE_KRB5TGS;
 
-  token.len[0]  = 12;
+  token.len[0]  = 9;
   token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
                 | TOKEN_ATTR_VERIFY_SIGNATURE;
 
   /**
-   * $krb5tgs$23$checksum$edata2
-   * $krb5tgs$23$*user*realm*spn*$checksum$edata2
+   * hc
+   * format 1: $krb5tgs$23$*user$realm$spn*$checksum$edata2
+   * format 2: $krb5tgs$23$checksum$edata2
+   *
+   * jtr
+   * format 3: $krb5tgs$spn:checksum$edata2
    */
 
-  if (line_len < 16) return (PARSER_SALT_LENGTH);
+  if (line_len < (int) strlen (SIGNATURE_KRB5TGS)) return (PARSER_SALT_LENGTH);
 
-  if (line_buf[12] == '*')
+  memset (krb5tgs, 0, sizeof (krb5tgs_t));
+
+  token.token_cnt = 4;
+
+  if (line_buf[token.len[0]] == '2' && line_buf[token.len[0] + 1] == '3' && line_buf[token.len[0] + 2] == '$')
   {
-    char *account_info_start = (char *) line_buf + 12; // we want the * char included
-    char *account_info_stop  = strchr ((const char *) account_info_start + 1, '*');
+    if (line_buf[token.len[0] + 3] == '*')
+    {
+      char *account_info_start = (char *) line_buf + 12; // we want the * char included
+      char *account_info_stop  = strchr ((const char *) account_info_start + 1, '*');
 
-    if (account_info_stop == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+      if (account_info_stop == NULL) return (PARSER_SEPARATOR_UNMATCHED);
 
-    account_info_stop++; // we want the * char included
-    account_info_stop++; // we want the $ char included
+      account_info_stop++; // we want the * char included
+      account_info_stop++; // we want the $ char included
 
-    const int account_info_len = account_info_stop - account_info_start;
+      const int account_info_len = account_info_stop - account_info_start;
 
-    token.token_cnt  = 4;
+      token.token_cnt++;
 
-    token.len[1]     = account_info_len;
-    token.attr[1]    = TOKEN_ATTR_FIXED_LENGTH;
+      // etype
+
+      token.sep[1]     = '$';
+      token.len_min[1] = 2;
+      token.len_max[1] = 2;
+      token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_DIGIT;
+
+      // user$realm$spn
+
+      token.len[2]     = account_info_len;
+      token.attr[2]    = TOKEN_ATTR_FIXED_LENGTH;
+
+      // checksum
+
+      token.sep[3]     = '$';
+      token.len_min[3] = 32;
+      token.len_max[3] = 32;
+      token.attr[3]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_HEX;
+
+      // edata2
+
+      token.sep[4]     = '$';
+      token.len_min[4] = 64;
+      token.len_max[4] = 40960;
+      token.attr[4]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_HEX;
+
+      krb5tgs->format = 1;
+    }
+    else
+    {
+      // etype
+
+      token.sep[1]     = '$';
+      token.len_min[1] = 2;
+      token.len_max[1] = 2;
+      token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_DIGIT;
+
+      // checksum
+
+      token.sep[2]     = '$';
+      token.len_min[2] = 32;
+      token.len_max[2] = 32;
+      token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_HEX;
+
+      // edata2
+
+      token.sep[3]     = '$';
+      token.len_min[3] = 64;
+      token.len_max[3] = 40960;
+      token.attr[3]    = TOKEN_ATTR_VERIFY_LENGTH
+                       | TOKEN_ATTR_VERIFY_HEX;
+
+      krb5tgs->format = 2;
+    }
+  }
+  else
+  {
+    // spn
+
+    token.sep[1]     = ':';
+    token.len_min[1] = 0;
+    token.len_max[1] = 2048;
+    token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH;
+
+    // checksum
 
     token.sep[2]     = '$';
     token.len_min[2] = 32;
@@ -151,39 +230,45 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
     token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
                      | TOKEN_ATTR_VERIFY_HEX;
 
+    // edata2
+
     token.sep[3]     = '$';
     token.len_min[3] = 64;
     token.len_max[3] = 40960;
     token.attr[3]    = TOKEN_ATTR_VERIFY_LENGTH
                      | TOKEN_ATTR_VERIFY_HEX;
-  }
-  else
-  {
-    token.token_cnt  = 3;
 
-    token.sep[1]     = '$';
-    token.len_min[1] = 32;
-    token.len_max[1] = 32;
-    token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
-                     | TOKEN_ATTR_VERIFY_HEX;
-
-    token.sep[2]     = '$';
-    token.len_min[2] = 64;
-    token.len_max[2] = 40960;
-    token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
-                     | TOKEN_ATTR_VERIFY_HEX;
+    krb5tgs->format = 3;
   }
 
   const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
 
   if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
 
-  const u8 *checksum_pos;
-  const u8 *data_pos;
+  const u8 *checksum_pos = NULL;
+  const u8 *data_pos = NULL;
 
-  int data_len;
+  int data_len = 0;
 
-  if (line_buf[12] == '*')
+  if (krb5tgs->format == 1)
+  {
+    checksum_pos = token.buf[3];
+
+    data_pos = token.buf[4];
+    data_len = token.len[4];
+
+    memcpy (krb5tgs->account_info, token.buf[2], token.len[2]);
+  }
+  else if (krb5tgs->format == 2)
+  {
+    checksum_pos = token.buf[2];
+
+    data_pos = token.buf[3];
+    data_len = token.len[3];
+
+    krb5tgs->account_info[0] = 0;
+  }
+  else if (krb5tgs->format == 3)
   {
     checksum_pos = token.buf[2];
 
@@ -192,15 +277,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 
     memcpy (krb5tgs->account_info, token.buf[1], token.len[1]);
   }
-  else
-  {
-    checksum_pos = token.buf[1];
 
-    data_pos = token.buf[2];
-    data_len = token.len[2];
-
-    krb5tgs->account_info[0] = 0;
-  }
+  if (checksum_pos == NULL || data_pos == NULL) return (PARSER_SALT_VALUE);
 
   krb5tgs->checksum[0] = hex_to_u32 (checksum_pos +  0);
   krb5tgs->checksum[1] = hex_to_u32 (checksum_pos +  8);
@@ -251,14 +329,32 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
     sprintf (data + j, "%02x", ptr_edata2[i]);
   }
 
-  const int line_len = snprintf (line_buf, line_size, "%s%s%08x%08x%08x%08x$%s",
-    SIGNATURE_KRB5TGS,
-    (char *) krb5tgs->account_info,
-    byte_swap_32 (krb5tgs->checksum[0]),
-    byte_swap_32 (krb5tgs->checksum[1]),
-    byte_swap_32 (krb5tgs->checksum[2]),
-    byte_swap_32 (krb5tgs->checksum[3]),
-    data);
+  int line_len;
+
+  // preserve the input hash format
+
+  if (krb5tgs->format != 3) // hc
+  {
+    line_len = snprintf (line_buf, line_size, "%s23$%s%08x%08x%08x%08x$%s",
+      SIGNATURE_KRB5TGS,
+      (char *) krb5tgs->account_info,
+      byte_swap_32 (krb5tgs->checksum[0]),
+      byte_swap_32 (krb5tgs->checksum[1]),
+      byte_swap_32 (krb5tgs->checksum[2]),
+      byte_swap_32 (krb5tgs->checksum[3]),
+      data);
+  }
+  else // jtr
+  {
+    line_len = snprintf (line_buf, line_size, "%s%s:%08x%08x%08x%08x$%s",
+      SIGNATURE_KRB5TGS,
+      (char *) krb5tgs->account_info,
+      byte_swap_32 (krb5tgs->checksum[0]),
+      byte_swap_32 (krb5tgs->checksum[1]),
+      byte_swap_32 (krb5tgs->checksum[2]),
+      byte_swap_32 (krb5tgs->checksum[3]),
+      data);
+  }
 
   return line_len;
 }