diff --git a/OpenCL/m25400-pure.cl b/OpenCL/m25400-pure.cl new file mode 100644 index 000000000..0a0aba524 --- /dev/null +++ b/OpenCL/m25400-pure.cl @@ -0,0 +1,444 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +// TODO use user password as input for md5 of o_digest if no owner password is set +// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value + +#ifdef KERNEL_STATIC +#include "inc_vendor.h" +#include "inc_types.h" +#include "inc_platform.cl" +#include "inc_common.cl" +#include "inc_hash_md5.cl" +#endif + +#define COMPARE_S "inc_comp_single.cl" +#define COMPARE_M "inc_comp_multi.cl" + +CONSTANT_VK u32a padding[8] = +{ + 0x5e4ebf28, + 0x418a754e, + 0x564e0064, + 0x0801faff, + 0xb6002e2e, + 0x803e68d0, + 0xfea90c2f, + 0x7a695364 +}; + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +typedef struct pdf14_tmp +{ + u32 digest[4]; + u32 out[4]; + +} pdf14_tmp_t; + +typedef struct +{ + u8 S[256]; + + u32 wtf_its_faster; + +} RC4_KEY; + +DECLSPEC void swap (LOCAL_AS RC4_KEY *rc4_key, const u8 i, const u8 j) +{ + u8 tmp; + + tmp = rc4_key->S[i]; + rc4_key->S[i] = rc4_key->S[j]; + rc4_key->S[j] = tmp; +} + +DECLSPEC void rc4_init_16 (LOCAL_AS RC4_KEY *rc4_key, const u32 *data) +{ + u32 v = 0x03020100; + u32 a = 0x04040404; + + LOCAL_AS u32 *ptr = (LOCAL_AS u32 *) rc4_key->S; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 64; i++) + { + *ptr++ = v; v += a; + } + + u32 j = 0; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 16; i++) + { + u32 idx = i * 16; + + u32 v; + + v = data[0]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[1]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[2]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + + v = data[3]; + + j += rc4_key->S[idx] + (v >> 0); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 8); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 16); swap (rc4_key, idx, j); idx++; + j += rc4_key->S[idx] + (v >> 24); swap (rc4_key, idx, j); idx++; + } +} + +DECLSPEC u8 rc4_next_16 (LOCAL_AS RC4_KEY *rc4_key, u8 i, u8 j, const u32 *in, u32 *out) +{ + #ifdef _unroll + #pragma unroll + #endif + for (u32 k = 0; k < 4; k++) + { + u32 xor4 = 0; + + u8 idx; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 0; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 8; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 16; + + i += 1; + j += rc4_key->S[i]; + + swap (rc4_key, i, j); + + idx = rc4_key->S[i] + rc4_key->S[j]; + + xor4 |= rc4_key->S[idx] << 24; + + out[k] = in[k] ^ xor4; + } + + return j; +} + +KERNEL_FQ void m25400_init (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + //const u64 lid = get_local_id (0); + + if (gid >= gid_max) return; + + u32 w0[4]; + + w0[0] = pws[gid].i[ 0]; + w0[1] = pws[gid].i[ 1]; + w0[2] = pws[gid].i[ 2]; + w0[3] = pws[gid].i[ 3]; + + u32 w1[4]; + + w1[0] = pws[gid].i[ 4]; + w1[1] = pws[gid].i[ 5]; + w1[2] = pws[gid].i[ 6]; + w1[3] = pws[gid].i[ 7]; + + const u32 pw_len = pws[gid].pw_len; + + /** + * shared + */ + + //LOCAL_AS RC4_KEY rc4_keys[64]; + //LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + + u32 P = esalt_bufs[DIGESTS_OFFSET].P; + + u32 id_buf[12]; + + id_buf[ 0] = esalt_bufs[DIGESTS_OFFSET].id_buf[0]; + id_buf[ 1] = esalt_bufs[DIGESTS_OFFSET].id_buf[1]; + id_buf[ 2] = esalt_bufs[DIGESTS_OFFSET].id_buf[2]; + id_buf[ 3] = esalt_bufs[DIGESTS_OFFSET].id_buf[3]; + + id_buf[ 4] = esalt_bufs[DIGESTS_OFFSET].id_buf[4]; + id_buf[ 5] = esalt_bufs[DIGESTS_OFFSET].id_buf[5]; + id_buf[ 6] = esalt_bufs[DIGESTS_OFFSET].id_buf[6]; + id_buf[ 7] = esalt_bufs[DIGESTS_OFFSET].id_buf[7]; + + id_buf[ 8] = 0; + id_buf[ 9] = 0; + id_buf[10] = 0; + id_buf[11] = 0; + + u32 rc4data[2]; + + rc4data[0] = padding[0]; + rc4data[1] = padding[1]; + + /** + * main init + */ + + u32 w0_t[4]; + u32 w1_t[4]; + u32 w2_t[4]; + u32 w3_t[4]; + + // max length supported by pdf11 is 32 + + w0_t[0] = padding[0]; + w0_t[1] = padding[1]; + w0_t[2] = padding[2]; + w0_t[3] = padding[3]; + w1_t[0] = padding[4]; + w1_t[1] = padding[5]; + w1_t[2] = padding[6]; + w1_t[3] = padding[7]; + w2_t[0] = 0; + w2_t[1] = 0; + w2_t[2] = 0; + w2_t[3] = 0; + w3_t[0] = 0; + w3_t[1] = 0; + w3_t[2] = 0; + w3_t[3] = 0; + + switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, pw_len); + + // add password + // truncate at 32 is wanted, not a bug! + // add padding + + w0_t[0] |= w0[0]; + w0_t[1] |= w0[1]; + w0_t[2] |= w0[2]; + w0_t[3] |= w0[3]; + w1_t[0] |= w1[0]; + w1_t[1] |= w1[1]; + w1_t[2] |= w1[2]; + w1_t[3] |= w1[3]; + w2_t[0] = 0x80; + w2_t[1] = 0; + w2_t[2] = 0; + w2_t[3] = 0; + w3_t[0] = 0; + w3_t[1] = 0; + w3_t[2] = 32 * 8; + w3_t[3] = 0; + + u32 digest[4]; + + digest[0] = MD5M_A; + digest[1] = MD5M_B; + digest[2] = MD5M_C; + digest[3] = MD5M_D; + + md5_transform (w0_t, w1_t, w2_t, w3_t, digest); + + tmps[gid].digest[0] = digest[0]; + tmps[gid].digest[1] = digest[1]; + tmps[gid].digest[2] = digest[2]; + tmps[gid].digest[3] = digest[3]; + + tmps[gid].out[0] = rc4data[0]; + tmps[gid].out[1] = rc4data[1]; + tmps[gid].out[2] = 0; + tmps[gid].out[3] = 0; +} + +KERNEL_FQ void m25400_loop (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + const u64 lid = get_local_id (0); + + if (gid >= gid_max) return; + + /** + * shared + */ + + LOCAL_VK RC4_KEY rc4_keys[64]; + + LOCAL_AS RC4_KEY *rc4_key = &rc4_keys[lid]; + + /** + * loop + */ + + u32 digest[4]; + + digest[0] = tmps[gid].digest[0]; + digest[1] = tmps[gid].digest[1]; + digest[2] = tmps[gid].digest[2]; + digest[3] = tmps[gid].digest[3]; + + u32 out[4]; + + out[0] = tmps[gid].out[0]; + out[1] = tmps[gid].out[1]; + out[2] = tmps[gid].out[2]; + out[3] = tmps[gid].out[3]; + + for (u32 i = 0, j = loop_pos; i < loop_cnt; i++, j++) + { + if (j < 50) + { + u32 w0_t[4]; + u32 w1_t[4]; + u32 w2_t[4]; + u32 w3_t[4]; + + w0_t[0] = digest[0]; + w0_t[1] = digest[1]; + w0_t[2] = digest[2]; + w0_t[3] = digest[3]; + w1_t[0] = 0x80; + w1_t[1] = 0; + w1_t[2] = 0; + w1_t[3] = 0; + w2_t[0] = 0; + w2_t[1] = 0; + w2_t[2] = 0; + w2_t[3] = 0; + w3_t[0] = 0; + w3_t[1] = 0; + w3_t[2] = 16 * 8; + w3_t[3] = 0; + + digest[0] = MD5M_A; + digest[1] = MD5M_B; + digest[2] = MD5M_C; + digest[3] = MD5M_D; + + md5_transform (w0_t, w1_t, w2_t, w3_t, digest); + } + else + { + const u32 x = j - 50; + + const u32 xv = x << 0 + | x << 8 + | x << 16 + | x << 24; + + u32 tmp[4]; + + tmp[0] = digest[0] ^ xv; + tmp[1] = digest[1] ^ xv; + tmp[2] = digest[2] ^ xv; + tmp[3] = digest[3] ^ xv; + + rc4_init_16 (rc4_key, tmp); + + rc4_next_16 (rc4_key, 0, 0, out, out); + } + } + + tmps[gid].digest[0] = digest[0]; + tmps[gid].digest[1] = digest[1]; + tmps[gid].digest[2] = digest[2]; + tmps[gid].digest[3] = digest[3]; + + tmps[gid].out[0] = out[0]; + tmps[gid].out[1] = out[1]; + tmps[gid].out[2] = out[2]; + tmps[gid].out[3] = out[3]; +} + +KERNEL_FQ void m25400_comp (KERN_ATTR_TMPS_ESALT (pdf14_tmp_t, pdf_t)) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= gid_max) return; + + const u64 lid = get_local_id (0); + + /** + * digest + */ + + const u32 r0 = tmps[gid].out[0]; + const u32 r1 = tmps[gid].out[1]; + const u32 r2 = 0; + const u32 r3 = 0; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif +} diff --git a/src/modules/module_25400.c b/src/modules/module_25400.c new file mode 100644 index 000000000..f5af76dde --- /dev/null +++ b/src/modules/module_25400.c @@ -0,0 +1,534 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +// TODO use user password as input for md5 of o_digest if no owner password is set +// TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "emu_inc_hash_md5.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_DOCUMENTS; +static const char *HASH_NAME = "PDF 1.4 - 1.6 (Acrobat 5 - 8) - edit password"; +static const u64 KERN_TYPE = 25400; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$pdf$2*3*128*-3904*1*16*631ed33746e50fba5caf56bcc39e09c6*32*5f9d0e4f0b39835dace0d306c40cd6b700000000000000000000000000000000*32*842103b0a0dc886db9223b94afe2d7cd63389079b61986a4fcf70095ad630c24"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct pdf +{ + int V; + int R; + int P; + + int enc_md; + + u32 id_buf[8]; + u32 u_buf[32]; + u32 o_buf[32]; + + int id_len; + int o_len; + int u_len; + + u32 rc4key[2]; + u32 rc4data[2]; + +} pdf_t; + +typedef struct pdf14_tmp +{ + u32 digest[4]; + u32 out[4]; + +} pdf14_tmp_t; + +static const char *SIGNATURE_PDF = "$pdf$"; + +static void md5_complete_no_limit (u32 digest[4], const u32 *plain, const u32 plain_len) +{ + // plain = u32 tmp_md5_buf[64] so this is compatible + + md5_ctx_t md5_ctx; + + md5_init (&md5_ctx); + md5_update (&md5_ctx, plain, plain_len); + md5_final (&md5_ctx); + + digest[0] = md5_ctx.h[0]; + digest[1] = md5_ctx.h[1]; + digest[2] = md5_ctx.h[2]; + digest[3] = md5_ctx.h[3]; +} + +char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param) +{ + char *jit_build_options = NULL; + + // Extra treatment for Apple systems + if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE) + { + return jit_build_options; + } + + // Intel CPU + if ((device_param->opencl_device_vendor_id == VENDOR_ID_INTEL_SDK) && (device_param->opencl_device_type & CL_DEVICE_TYPE_CPU)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + // ROCM + if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true)) + { + hc_asprintf (&jit_build_options, "-D _unroll"); + } + + return jit_build_options; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (pdf_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (pdf14_tmp_t); + + return tmp_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; // RC4 + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; // RC4 + + return kernel_threads_max; +} + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 pw_max = 32; // https://www.pdflib.com/knowledge-base/pdf-password-security/encryption/ + + return pw_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + pdf_t *pdf = (pdf_t *) esalt_buf; + + token_t token; + + token.token_cnt = 12; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_PDF; + + token.len[0] = 5; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[2] = 1; + token.len_max[2] = 1; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[3] = 3; + token.len_max[3] = 3; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[4] = 1; + token.len_max[4] = 6; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[6] = 2; + token.len_max[6] = 2; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[7] = 32; + token.len_max[7] = 64; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[8] = 2; + token.len_max[8] = 2; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[9] = 64; + token.len_max[9] = 64; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len_min[10] = 2; + token.len_max[10] = 2; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + token.len_min[11] = 64; + token.len_max[11] = 64; + token.sep[11] = '*'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *V_pos = token.buf[1]; + const u8 *R_pos = token.buf[2]; + const u8 *bits_pos = token.buf[3]; + const u8 *P_pos = token.buf[4]; + const u8 *enc_md_pos = token.buf[5]; + const u8 *id_len_pos = token.buf[6]; + const u8 *id_buf_pos = token.buf[7]; + const u8 *u_len_pos = token.buf[8]; + const u8 *u_buf_pos = token.buf[9]; // user hash + const u8 *o_len_pos = token.buf[10]; + const u8 *o_buf_pos = token.buf[11]; // owner hash + + // validate data + + const int V = strtol ((const char *) V_pos, NULL, 10); + const int R = strtol ((const char *) R_pos, NULL, 10); + const int P = strtol ((const char *) P_pos, NULL, 10); + + int vr_ok = 0; + + if ((V == 2) && (R == 3)) vr_ok = 1; + if ((V == 4) && (R == 4)) vr_ok = 1; + + if (vr_ok == 0) return (PARSER_SALT_VALUE); + + const int id_len = strtol ((const char *) id_len_pos, NULL, 10); + const int u_len = strtol ((const char *) u_len_pos, NULL, 10); + const int o_len = strtol ((const char *) o_len_pos, NULL, 10); + + if ((id_len != 16) && (id_len != 32)) return (PARSER_SALT_VALUE); + + if (u_len != 32) return (PARSER_SALT_VALUE); + if (o_len != 32) return (PARSER_SALT_VALUE); + + const int bits = strtol ((const char *) bits_pos, NULL, 10); + + if (bits != 128) return (PARSER_SALT_VALUE); + + int enc_md = 1; + + if (R >= 4) + { + enc_md = strtol ((const char *) enc_md_pos, NULL, 10); + } + + // copy data to esalt + + pdf->V = V; + pdf->R = R; + pdf->P = P; + + pdf->enc_md = enc_md; + + pdf->id_buf[0] = hex_to_u32 (id_buf_pos + 0); + pdf->id_buf[1] = hex_to_u32 (id_buf_pos + 8); + pdf->id_buf[2] = hex_to_u32 (id_buf_pos + 16); + pdf->id_buf[3] = hex_to_u32 (id_buf_pos + 24); + + if (id_len == 32) + { + pdf->id_buf[4] = hex_to_u32 (id_buf_pos + 32); + pdf->id_buf[5] = hex_to_u32 (id_buf_pos + 40); + pdf->id_buf[6] = hex_to_u32 (id_buf_pos + 48); + pdf->id_buf[7] = hex_to_u32 (id_buf_pos + 56); + } + + pdf->id_len = id_len; + + pdf->u_buf[0] = hex_to_u32 (u_buf_pos + 0); + pdf->u_buf[1] = hex_to_u32 (u_buf_pos + 8); + pdf->u_buf[2] = hex_to_u32 (u_buf_pos + 16); + pdf->u_buf[3] = hex_to_u32 (u_buf_pos + 24); + pdf->u_buf[4] = hex_to_u32 (u_buf_pos + 32); + pdf->u_buf[5] = hex_to_u32 (u_buf_pos + 40); + pdf->u_buf[6] = hex_to_u32 (u_buf_pos + 48); + pdf->u_buf[7] = hex_to_u32 (u_buf_pos + 56); + pdf->u_len = u_len; + + pdf->o_buf[0] = hex_to_u32 (o_buf_pos + 0); + pdf->o_buf[1] = hex_to_u32 (o_buf_pos + 8); + pdf->o_buf[2] = hex_to_u32 (o_buf_pos + 16); + pdf->o_buf[3] = hex_to_u32 (o_buf_pos + 24); + pdf->o_buf[4] = hex_to_u32 (o_buf_pos + 32); + pdf->o_buf[5] = hex_to_u32 (o_buf_pos + 40); + pdf->o_buf[6] = hex_to_u32 (o_buf_pos + 48); + pdf->o_buf[7] = hex_to_u32 (o_buf_pos + 56); + pdf->o_len = o_len; + + // precompute rc4 data for later use + + u32 padding[8] = + { + 0x5e4ebf28, + 0x418a754e, + 0x564e0064, + 0x0801faff, + 0xb6002e2e, + 0x803e68d0, + 0xfea90c2f, + 0x7a695364 + }; + + // md5 + + u32 salt_pc_block[32] = { 0 }; + + u8 *salt_pc_ptr = (u8 *) salt_pc_block; + + memcpy (salt_pc_ptr, padding, 32); + memcpy (salt_pc_ptr + 32, pdf->id_buf, pdf->id_len); + + u32 salt_pc_digest[4] = { 0 }; + + md5_complete_no_limit (salt_pc_digest, salt_pc_block, 32 + pdf->id_len); + + pdf->rc4data[0] = salt_pc_digest[0]; + pdf->rc4data[1] = salt_pc_digest[1]; + + // we use ID for salt, maybe needs to change, we will see... + + salt->salt_buf[0] = pdf->id_buf[0]; + salt->salt_buf[1] = pdf->id_buf[1]; + salt->salt_buf[2] = pdf->id_buf[2]; + salt->salt_buf[3] = pdf->id_buf[3]; + salt->salt_buf[4] = pdf->o_buf[0]; // switched u_buf with o_buf vs m10500 + salt->salt_buf[5] = pdf->o_buf[1]; + salt->salt_buf[6] = pdf->u_buf[0]; + salt->salt_buf[7] = pdf->u_buf[1]; + salt->salt_len = pdf->id_len + 16; + + salt->salt_iter = (50 + 20); + + digest[0] = pdf->o_buf[0]; // o_buf instead of u_buf vs m10500 + digest[1] = pdf->o_buf[1]; + digest[2] = 0; + digest[3] = 0; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const pdf_t *pdf = (const pdf_t *) esalt_buf; + + int line_len = 0; + + if (pdf->id_len == 32) + { + line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 128, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + byte_swap_32 (pdf->id_buf[4]), + byte_swap_32 (pdf->id_buf[5]), + byte_swap_32 (pdf->id_buf[6]), + byte_swap_32 (pdf->id_buf[7]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + } + else + { + line_len = snprintf (line_buf, line_size, "$pdf$%d*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x*%d*%08x%08x%08x%08x%08x%08x%08x%08x", + pdf->V, + pdf->R, + 128, + pdf->P, + pdf->enc_md, + pdf->id_len, + byte_swap_32 (pdf->id_buf[0]), + byte_swap_32 (pdf->id_buf[1]), + byte_swap_32 (pdf->id_buf[2]), + byte_swap_32 (pdf->id_buf[3]), + pdf->u_len, + byte_swap_32 (pdf->u_buf[0]), + byte_swap_32 (pdf->u_buf[1]), + byte_swap_32 (pdf->u_buf[2]), + byte_swap_32 (pdf->u_buf[3]), + byte_swap_32 (pdf->u_buf[4]), + byte_swap_32 (pdf->u_buf[5]), + byte_swap_32 (pdf->u_buf[6]), + byte_swap_32 (pdf->u_buf[7]), + pdf->o_len, + byte_swap_32 (pdf->o_buf[0]), + byte_swap_32 (pdf->o_buf[1]), + byte_swap_32 (pdf->o_buf[2]), + byte_swap_32 (pdf->o_buf[3]), + byte_swap_32 (pdf->o_buf[4]), + byte_swap_32 (pdf->o_buf[5]), + byte_swap_32 (pdf->o_buf[6]), + byte_swap_32 (pdf->o_buf[7]) + ); + } + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = module_jit_build_options; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m25400.pm b/tools/test_modules/m25400.pm new file mode 100644 index 000000000..4eb3da227 --- /dev/null +++ b/tools/test_modules/m25400.pm @@ -0,0 +1,277 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +# based off m10500 but added the owner password part ($o) to be able to test the edit password +# two TODOs still (now only works if no user password is set): +# 1. TODO use user password as input for md5 of o_digest if no owner password is set +# 2. TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value + +# easy test shortcut for debugging +# a=$(echo 1 | tools/test.pl passthrough 10500 | tail -n1); echo $a; echo 1 | ./hashcat --potfile-disable --runtime 400 --hwmon-disable -O -D 2 --backend-vector-width 4 -a 0 -m 10500 $a + +use strict; +use warnings; + +use Crypt::RC4; +use Digest::MD5 qw (md5); + +my $PDF_PADDING = +[ + 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, 0x64, 0x00, 0x4e, 0x56, + 0xff, 0xfa, 0x01, 0x08, 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80, + 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a +]; + +sub module_constraints { [[0, 15], [32, 32], [-1, -1], [-1, -1], [-1, -1]] } + +sub pdf_compute_encryption_key_user +{ + my $word = shift; + my $padding = shift; + my $id = shift; + my $u = shift; + my $o = shift; + my $P = shift; + my $V = shift; + my $R = shift; + my $enc = shift; + + ## start + + my $data; + + $data .= $word; + + $data .= substr ($padding, 0, 32 - length $word); + + $data .= pack ("H*", $o); + $data .= pack ("I", $P); + $data .= pack ("H*", $id); + + if ($R >= 4) + { + if (!$enc) + { + $data .= pack ("I", -1); + } + } + + my $res = md5 ($data); + + if ($R >= 3) + { + for (my $i = 0; $i < 50; $i++) + { + $res = md5 ($res); + } + } + + return $res; +} + + +sub pdf_compute_encryption_key_owner +{ + my $word = shift; + my $padding = shift; + my $id = shift; + my $u = shift; + my $o = shift; + my $P = shift; + my $V = shift; + my $R = shift; + my $enc = shift; + + # TODO use user password as input for md5 of o_digest if no owner password is set + my $data; + $data .= $word; + $data .= substr ($padding, 0, 32 - length $word); + my $o_digest = md5 ($data); + + if ($R >= 3) + { + for (my $i = 0; $i < 50; $i++) + { + $o_digest = md5 ($o_digest); + } + } + + #printf("\$o_digest = %s\n", unpack ("H*", $o_digest)); + + + my $o_key; + if ($R == 2) + { + $o_key = substr($o_digest, 0, 8); # rc4 key is always 5 for revision 2, but for 3 or greather is dependent on the value of the encryption dictionaries length entry + } + else + { + $o_key = substr($o_digest, 0, 16); #length is always 128 bits or 16 bytes + } + #printf("\$o_key = %s\n", unpack ("H*", $o_key)); + + return $o_key; +} + +sub module_generate_hash +{ + my $word = shift; + my $id = shift; + my $u = shift; + my $o = shift; + my $P = shift; + my $V = shift; + my $R = shift; + my $enc = shift; + + if (defined $u == 0) + { + $u = "0" x 64; + } + + my $u_save = $u; + + if (defined $o == 0) + { + $o = "0" x 64; + } + + my $o_save = $u; + + if (defined $R == 0) + { + $R = random_number (3, 4); + } + + if (defined $V == 0) + { + $V = ($R == 3) ? 2 : 4; + } + + if (defined $P == 0) + { + $P = ($R == 3) ? -4 : -1028; + } + + if (defined $enc == 0) + { + $enc = ($R == 3) ? 1 : random_number (0, 1); + } + + my $padding; + + for (my $i = 0; $i < 32; $i++) + { + $padding .= pack ("C", $PDF_PADDING->[$i]); + } + + + ################ USER PASSWORD ################# + my $res = pdf_compute_encryption_key_user($word, $padding, $id, $u, $o, $P, $V, $R, $enc); + + my $digest = md5 ($padding . pack ("H*", $id)); + + my $m = Crypt::RC4->new ($res); + $u = $m->RC4 ($digest); + + my @ress = split "", $res; + + #do xor of rc4 19 times + for (my $x = 1; $x <= 19; $x++) + { + my @xor; + + for (my $i = 0; $i < 16; $i++) + { + $xor[$i] = chr (ord ($ress[$i]) ^ $x); + } + + my $s = join ("", @xor); + + my $m2 = Crypt::RC4->new ($s); + + $u = $m2->RC4 ($u); + } + + + ################ OWNER PASSWORD ################# + my $o_key = pdf_compute_encryption_key_owner($word, $padding, $id, $u, $o, $P, $V, $R, $enc); + my $n = Crypt::RC4->new ($o_key); + $o = $n->RC4(substr ($padding, 0, 32 - length "")); # TODO dynamically add user password including padding to the RC4 input for the computation of the pdf o-value + + #printf("padding_empty_str = %s\n", unpack ("H*", substr ($padding, 0, 32 - length ""))); + + my @ress2 = split "", $o_key; + + if ($R >= 3) + { + #do xor of rc4 19 times + for (my $x = 1; $x <= 19; $x++) + { + my @xor; + + for (my $i = 0; $i < 16; $i++) + { + $xor[$i] = chr (ord ($ress2[$i]) ^ $x); + } + + my $s = join ("", @xor); + + my $n2 = Crypt::RC4->new ($s); + + $o = $n2->RC4 ($o); + } + } + + #printf("\$u = %s\n", unpack ("H*", $u)); + + $u .= substr (pack ("H*", $u_save), 16, 16); + + #printf("\$o = %s\n", unpack ("H*", $o)); + #printf("\$u = %s\n", unpack ("H*", $u)); + + my $hash = sprintf ('$pdf$%d*%d*128*%d*%d*16*%s*32*%s*32*%s', $V, $R, $P, $enc, $id, unpack ("H*", $u), unpack ("H*", $o)); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash_in, $word) = split ":", $line; + + return unless defined $hash_in; + return unless defined $word; + + my @data = split /\*/, $hash_in; + + return unless scalar @data == 11; + + my $V = shift @data; $V = substr ($V, 5, 1); + my $R = shift @data; + return unless (shift @data eq '128'); # length is always 128 here + my $P = shift @data; + my $enc = shift @data; + return unless (shift @data eq '16'); + my $id = shift @data; + return unless (shift @data eq '32'); + my $u = shift @data; + return unless (shift @data eq '32'); + my $o = shift @data; + + return unless defined $id; + return unless defined $word; + + $word = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word, $id, $u, $o, $P, $V, $R, $enc); + + return ($new_hash, $word); +} + +1;